Hi, On 02/13/2016 12:12 PM, Brendan Simon wrote: > Is there a way to restrict apt to a **specific release** of Jessie. > e.g. 8.1, 8.2, 8.3, ... ?? > > I build root filesystems for embedded systems. The sources.list is set > to Jessie, but the contents of the generated rootfs can change from one > day to the next if there have been updates. I want to lock into a > specific release and be sure that the packages wont change if I build > now and 6 or 12 months later. > > What's the best way to do this?
So first of all: you shouldn't do this. Updates happen for a reason and you should note that point releases not only contain bugfixes but also security updates that are folded into them. If you construct images in that way, this will be problematic. Note that Debian's release team is very strict about what kind of updates are allowed in stable releases [1] and each non-security change is reviewed by them - and sometimes changes are rejected. Some people (myself included) have -proposed-updates in their sources.list to get these updates early and report any potential problems. Security updates (which are also folded into point releases) are checked by the security team before releasing them. If you *really*, *really* want to do that against better judgment, you can use the http://snapshot.debian.org/ service. See the instructions there, just pick the current date. And realize that you are using old versions of software with potential security problems. (Even worse, since at least for me snapshot.d.o doesn't support https, and you have to disable Valid-Until in APT to make it work, an attacker in your network with man-in-the-middle capabilities could serve you versions of Jessie that are even older than the ones you want, which have more security problems and you wouldn't really notice it, especially if you automate your process.) Regards, Christian [1] There are very few exceptions here. I don't think you're using e.g. Chromium on your embedded system, right? ;-)
signature.asc
Description: OpenPGP digital signature
