Re: [lmi] No security updates yet for debian 'bullseye'

lmi

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lmi] No security updates yet for debian 'bullseye'

From:	Greg Chicares
Subject:	Re: [lmi] No security updates yet for debian 'bullseye'
Date:	Sat, 28 Sep 2019 20:50:13 +0000
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0

On 2019-09-28 12:33, Vadim Zeitlin wrote:
[...]
>  You should, of course, enable security updates even for "testing". The
> reason for the error is that you need to use "bullseye-testing" instead of
> just "bullseye" for it (for reasons I'd have trouble to explain, other than
> saying that "it was always like this"), i.e. the full line should be

[TL;DR: s/https/http/ (surprising though that may seem for "security")]

>       deb https://security.debian.org bullseye-security main

That doesn't seem to work for me. Testing it, in a chroot, as root:

/tmp[0]#ls -di /
1186757 /
/tmp[0]#whoami  
root

by overwriting /etc/apt/sources.list (this chroot is disposable):

/tmp[0]#echo "deb https://security.debian.org bullseye-security main" 
>/etc/apt/sources.list
/tmp[0]#cat /etc/apt/sources.list
deb https://security.debian.org bullseye-security main

and then updating, I see:

/tmp[0]#apt-get update                                                          

Ign:1 https://security.debian.org bullseye-security InRelease
Err:2 https://security.debian.org bullseye-security Release
  Certificate verification failed: The certificate is NOT trusted. The 
certificate issuer is unknown. The name in the certificate does not match the 
expected.  Could not handshake: Error in the certificate verification. [IP: 
128.101.240.215 443]
Reading package lists... Done
E: The repository 'https://security.debian.org bullseye-security Release' does 
not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore 
disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration 
details.
/tmp[100]#

After studying this:

  https://www.debian.org/security/
| You can use apt to easily get the latest security updates. This requires a 
line such as
|   deb http://security.debian.org/debian-security buster/updates main contrib 
non-free

I tried again, a little differently:
I commented out the 'deb' line above, and added the one debian.org
recommended (with s/buster/bullseye/ and without "contrib non-free"):

/tmp[0]#cat /etc/apt/sources.list   
#deb https://security.debian.org bullseye-security main
deb http://security.debian.org/debian-security bullseye/updates main
/tmp[0]#                         
/tmp[0]#apt-get update              
Ign:1 http://security.debian.org/debian-security bullseye/updates InRelease
Err:2 http://security.debian.org/debian-security bullseye/updates Release
  404  Not Found [IP: 151.101.248.204 80]
Reading package lists... Done
E: The repository 'http://security.debian.org/debian-security bullseye/updates 
Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore 
disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration 
details.

Similarly, I tried copying the 'deb' line here:
  https://wiki.debian.org/SourcesList
(with s/buster/bullseye/ again):

/tmp[0]#cat /etc/apt/sources.list   
#deb https://security.debian.org bullseye-security main
#deb http://security.debian.org/debian-security bullseye/updates main
deb http://deb.debian.org/debian-security/ bullseye/updates main

but the result was the same.

As for http vs. https:

  https://wiki.debian.org/SourcesList
| The security.debian.org hosts currently do not have publicly
| verifiable SSL certificates on HTTPS and hence cannot be used
| with HTTPS at the moment.

as shown above I tried all these ideas with plain HTTP, and
they all failed. No, wait...I didn't try plain HTTP with your
suggestion, and when I do, it succeeds:

/tmp[0]#cat /etc/apt/sources.list
deb http://deb.debian.org/debian/ bullseye main
deb http://deb.debian.org/debian/ bullseye-updates main
deb http://security.debian.org/ bullseye-security main
/tmp[0]#apt-get update           
Get:1 http://deb.debian.org/debian bullseye InRelease [109 kB]
Hit:2 http://security.debian.org bullseye-security InRelease
Get:3 http://deb.debian.org/debian bullseye-updates InRelease [38.8 kB]
Get:4 http://deb.debian.org/debian bullseye/main i386 Packages [7671 kB]
Get:5 http://deb.debian.org/debian bullseye/main amd64 Packages [7726 kB]       

Get:6 http://deb.debian.org/debian bullseye/main Translation-en [5858 kB]       

Fetched 21.4 MB in 25s (872 kB/s)                                               

Reading package lists... Done

Fixed in lmi commit 6ff936c3.

[Prev in Thread]

Current Thread

[Next in Thread]

[lmi] No security updates yet for debian 'bullseye', Greg Chicares, 2019/09/28
- Re: [lmi] No security updates yet for debian 'bullseye', Vadim Zeitlin, 2019/09/28
  - Re: [lmi] No security updates yet for debian 'bullseye', Greg Chicares <=
    - Re: [lmi] No security updates yet for debian 'bullseye', Vadim Zeitlin, 2019/09/28

Prev by Date: Re: [lmi] No security updates yet for debian 'bullseye'
Next by Date: Re: [lmi] [lmi-commits] master 5c461fb 1/2: Discuss schroot strategies to handle mounts
Previous by thread: Re: [lmi] No security updates yet for debian 'bullseye'
Next by thread: Re: [lmi] No security updates yet for debian 'bullseye'
Index(es):
- Date
- Thread