From 3f79c18a0df225de80fa607e4bd8e1dce60cb5fd Mon Sep 17 00:00:00 2001 From: Johannes Schauer Marin Rodrigues Date: Mon, 31 May 2021 11:17:39 +0200 Subject: [PATCH] since apt 2.1.16 we can use --error-on=any and do not anymore need to error out on all W: lines (closes: #6) --- mmdebstrap | 61 ++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 48 insertions(+), 13 deletions(-) diff --git a/mmdebstrap b/mmdebstrap index c368f70..9b80beb 100755 --- a/mmdebstrap +++ b/mmdebstrap @@ -857,7 +857,23 @@ sub run_apt_progress { $line_has_error = sub { # apt-get doesn't report a non-zero exit if the update failed. # Thus, we have to parse its output. See #778357, #776152, #696335 - # and #745735 + # and #745735 for the parsing bugs as well as #594813, #696335, + # #776152, #778357 and #953726 for non-zero exit on transient + # network errors. + # + # For example, we want to fail with the following warning: + # W: Some index files failed to download. They have been ignored, + # or old ones used instead. + # But since this message is meant for human consumption it is not + # guaranteed to be stable across different apt versions and may + # change arbitrarily in the future. Thus, we error out on any W: + # lines as well. The downside is, that apt also unconditionally + # and by design prints a warning for unsigned repositories, even + # if they were allowed with Acquire::AllowInsecureRepositories "1" + # or with trusted=yes. + # + # A workaround was introduced by apt 2.1.16 with the --error-on=any + # option to apt-get update. if ($_[0] =~ /^(W: |Err:)/) { return 1; } @@ -1956,12 +1972,30 @@ sub run_setup() { sub run_update() { my $options = shift; + my $aptversion = version->new(0); + { + my $pid = open my $fh, '-|', 'apt-get', + '--version' // error "failed to fork(): $!"; + chomp(my $firstline = <$fh>); + close $fh; + if ( $? == 0 + and $firstline =~ /^apt ([0-9]+\.[0-9]+\.[0-9]+) \([a-z0-9-]+\)$/) + { + $aptversion = version->new($1); + } + } + my $aptopts = { + ARGV => ['apt-get', 'update'], + CHDIR => $options->{root}, + }; + if ($aptversion < "2.1.16") { + $aptopts->{FIND_APT_WARNINGS} = 1; + } else { + push @{ $aptopts->{ARGV} }, '--error-on=any'; + } + info "running apt-get update..."; - run_apt_progress({ - ARGV => ['apt-get', 'update'], - CHDIR => $options->{root}, - FIND_APT_WARNINGS => 1 - }); + run_apt_progress($aptopts); # check if anything was downloaded at all { @@ -7022,7 +7056,7 @@ https://gitlab.mister-muffin.de/josch/mmdebstrap/issues https://bugs.debian.org/src:mmdebstrap -As of version 1.19.5, dpkg does not provide facilities preventing it from +As of version 1.20.9, dpkg does not provide facilities preventing it from reading the dpkg configuration of the machine running B. Therefore, until this dpkg limitation is fixed, a default dpkg configuration is recommended on machines running B. If you are using B @@ -7030,12 +7064,13 @@ as the non-root user, then as a workaround you could run C so that the config files are only accessible by the root user. -Setting [trusted=yes] to allow signed archives without a known public key will -fail because of a gpg warning in the apt output. Since apt does not -communicate its status via any other means than human readable strings, -B treats any warning from "apt-get update" as an error. Fixing -this will require apt to provide a machine readable status interface. See -Debian bugs #778357, #776152, #696335, and #745735. +With apt versions before 2.1.16, setting C<[trusted=yes]> or +C to allow signed archives without a +known public key or unsigned archives will fail because of a gpg warning in the +apt output. Since apt does not communicate its status via any other means than +human readable strings, and because B wants to treat transient +network errors as errors, B treats any warning from "apt-get +update" as an error. =head1 SEE ALSO