Feature #12309
Re-enable debian-security Stretch APT sources once they have packages we would pull
Start date:
2017-03-08
Due date:
% Done:
100%
Description
i.e. revert commit:10faf568f70d93b6ea1d240f72811a0c8fef1500
Subtasks
Related issues
|
Related to Tails - |
Resolved | 2017-03-08 |
History
#1 Updated by intrigeri 2017-03-08 17:27:16
- related to
Bug #12308: Unusable tagged APT snapshots are generated when no package is pulled from the corresponding APT repo added
#2 Updated by intrigeri 2017-05-28 16:09:12
- Target version changed from Tails_3.0 to Tails_3.1
This won’t happen before we release 3.0, as Debian Stretch won’t be released earlier.
#3 Updated by intrigeri 2017-06-13 05:49:00
- Category deleted (
Build system) - Status changed from Confirmed to In Progress
- % Done changed from 0 to 10
http://security.debian.org/dists/stretch/updates/main/binary-amd64/Packages.gz now has packages.
#4 Updated by intrigeri 2017-06-13 05:59:57
- Subject changed from Re-enable debian-security APT sources once they have packages for Stretch to Re-enable debian-security Stretch APT sources once they have packages we would pull
Actually, if I did that tomorrow and we had to put out a 3.0.1 emergency release on Thursday, then we would still be hit by Bug #12308: what we need to wait for before we merge this branch is better expressed by the new title.
#5 Updated by intrigeri 2017-06-13 06:01:28
- Feature Branch set to wip/feature/12309-re-enable-debian-security
(wip/ as this branch is based on the post-3.0-release stable branch, and would FTBFS right now.)
#6 Updated by intrigeri 2017-06-25 15:04:35
- % Done changed from 10 to 20
- Feature Branch changed from wip/feature/12309-re-enable-debian-security to feature/12309-re-enable-debian-security
There’s now a kernel update in jessie-security.
#7 Updated by intrigeri 2017-06-26 06:46:40
for ext in build-manifest packages ; do echo "### $ext" ; diff -Naur <(curl -s https://nightly.tails.boum.org/build_Tails_ISO_stable/builds/1595/archive/build-artifacts/tails-amd64-stable-3.1-20170625T1239Z-466e43c.iso.$ext) <(curl -s https://nightly.tails.boum.org/build_Tails_ISO_feature-12309-re-enable-debian-security/builds/2/archive/build-artifacts/tails-amd64-feature_12309-re-enable-debian-security-3.1-20170625T2002Z-efb804d%2Bstable%40466e43c.iso.$ext) ; done
### build-manifest
--- /proc/self/fd/11 2017-06-26 08:44:48.327896387 +0200
+++ /proc/self/fd/12 2017-06-26 08:44:48.327896387 +0200
@@ -3,7 +3,7 @@
debian:
reference: '2017060904'
debian-security:
- reference: '2017062502'
+ reference: '2017062504'
torproject:
reference: '2017060903'
packages:
@@ -417,6 +417,18 @@
package: exfat-utils
version: 1.2.5-2
- arch: amd64
+ package: exim4-base
+ version: 4.89-2+deb9u1
+ - arch: all
+ package: exim4-config
+ version: 4.89-2+deb9u1
+ - arch: amd64
+ package: exim4-daemon-light
+ version: 4.89-2+deb9u1
+ - arch: all
+ package: exim4
+ version: 4.89-2+deb9u1
+ - arch: amd64
package: exiv2
version: 0.25-3.1
- arch: amd64
@@ -1161,6 +1173,9 @@
package: gtkhash
version: 0.7.0-4
- arch: amd64
+ package: guile-2.0-libs
+ version: 2.0.13+1-4
+ - arch: amd64
package: gvfs-backends
version: 1.30.4-1
- arch: all
@@ -1579,19 +1594,25 @@
version: 1.0.6-8.1
- arch: amd64
package: libc-bin
+ version: 2.24-11+deb9u1
+ - arch: amd64
+ package: libc-bin
version: 2.24-11
- arch: amd64
package: libc-dev-bin
- version: 2.24-11
+ version: 2.24-11+deb9u1
- arch: all
package: libc-l10n
- version: 2.24-11
+ version: 2.24-11+deb9u1
- arch: amd64
package: libc6-dev
- version: 2.24-11
+ version: 2.24-11+deb9u1
- arch: amd64
package: libc6-i386
- version: 2.24-11
+ version: 2.24-11+deb9u1
+ - arch: amd64
+ package: libc6
+ version: 2.24-11+deb9u1
- arch: amd64
package: libc6
version: 2.24-11
@@ -2071,7 +2092,7 @@
version: 0.25-3.1
- arch: amd64
package: libexpat1
- version: 2.2.0-2
+ version: 2.2.0-2+deb9u1
- arch: all
package: libexporter-tiny-perl
version: 0.042-1
@@ -2368,6 +2389,9 @@
version: 1.24.9-3.1
- arch: amd64
package: libgnutls30
+ version: 3.5.8-5+deb9u1
+ - arch: amd64
+ package: libgnutls30
version: 3.5.8-5
- arch: amd64
package: libgoa-1.0-0b
@@ -2780,6 +2804,9 @@
- arch: amd64
package: libksba8
version: 1.3.5-2
+ - arch: amd64
+ package: libkyotocabinet16v5
+ version: 1.2.76-4.2+b1
- arch: all
package: liblangtag-common
version: 0.6.2-1
@@ -2907,6 +2934,12 @@
package: libmagickwand-6.q16-3
version: 8:6.9.7.4+dfsg-11
- arch: amd64
+ package: libmailutils5
+ version: 1:3.1.1-1
+ - arch: amd64
+ package: libmariadbclient18
+ version: 10.1.23-8
+ - arch: amd64
package: libmbim-glib4
version: 1.14.0-1+b1
- arch: amd64
@@ -4486,22 +4519,22 @@
version: '4.5'
- arch: amd64
package: linux-compiler-gcc-6-x86
- version: 4.9.30-1
+ version: 4.9.30-2+deb9u1
- arch: amd64
package: linux-headers-4.9.0-3-amd64
- version: 4.9.30-1
+ version: 4.9.30-2+deb9u1
- arch: all
package: linux-headers-4.9.0-3-common
- version: 4.9.30-1
+ version: 4.9.30-2+deb9u1
- arch: amd64
package: linux-image-4.9.0-3-amd64
- version: 4.9.30-1
+ version: 4.9.30-2+deb9u1
- arch: amd64
package: linux-kbuild-4.9
- version: 4.9.30-1
+ version: 4.9.30-2+deb9u1
- arch: amd64
package: linux-libc-dev
- version: 4.9.30-1
+ version: 4.9.30-2+deb9u1
- arch: all
package: live-boot-initramfs-tools
version: 1:20170112
@@ -4522,10 +4555,10 @@
version: 1:20151214+nmu1
- arch: amd64
package: locales-all
- version: 2.24-11
+ version: 2.24-11+deb9u1
- arch: all
package: locales
- version: 2.24-11
+ version: 2.24-11+deb9u1
- arch: amd64
package: lockfile-progs
version: 0.1.17+b1
@@ -4571,6 +4604,12 @@
- arch: amd64
package: macchanger
version: 1.7.0-5.3+b1
+ - arch: all
+ package: mailutils-common
+ version: 1:3.1.1-1
+ - arch: amd64
+ package: mailutils
+ version: 1:3.1.1-1
- arch: amd64
package: make
version: 4.1-9.1
@@ -4621,6 +4660,9 @@
version: 4.0.18-2+b1
- arch: amd64
package: multiarch-support
+ version: 2.24-11+deb9u1
+ - arch: amd64
+ package: multiarch-support
version: 2.24-11
- arch: all
package: mutter-common
@@ -4631,6 +4673,9 @@
- arch: all
package: myspell-fa
version: 0.20070816-3
+ - arch: all
+ package: mysql-common
+ version: 5.8+1.0.2
- arch: amd64
package: nano
version: 2.7.4-1
@@ -5361,6 +5406,9 @@
package: tasksel
version: '3.39'
- arch: amd64
+ package: tcpd
+ version: 7.6.q-26
+ - arch: amd64
package: tcpdump
version: 4.9.0-2
- arch: amd64
zsh: exit 1 colordiff -Naur
### packages
--- /proc/self/fd/11 2017-06-26 08:44:52.075781065 +0200
+++ /proc/self/fd/12 2017-06-26 08:44:52.075781065 +0200
@@ -496,10 +496,10 @@
libbsd0:amd64 0.8.3-1
libburn4:amd64 1.4.6-1
libbz2-1.0:amd64 1.0.6-8.1
-libc-bin 2.24-11
-libc-l10n 2.24-11
-libc6:amd64 2.24-11
-libc6-i386 2.24-11
+libc-bin 2.24-11+deb9u1
+libc-l10n 2.24-11+deb9u1
+libc6:amd64 2.24-11+deb9u1
+libc6-i386 2.24-11+deb9u1
libcaca0:amd64 0.99.beta19-2+b2
libcairo-gobject-perl 1.004-2+b1
libcairo-gobject2:amd64 1.14.8-1
@@ -657,7 +657,7 @@
libexempi3:amd64 2.4.1-1
libexif12:amd64 0.6.21-2+b2
libexiv2-14:amd64 0.25-3.1
-libexpat1:amd64 2.2.0-2
+libexpat1:amd64 2.2.0-2+deb9u1
libexporter-tiny-perl 0.042-1
libexttextcat-2.0-0:amd64 3.4.4-2+b1
libexttextcat-data 3.4.4-2
@@ -753,7 +753,7 @@
libgnomevfs2-extra:amd64 1:2.24.4-6.1+b2
libgnupg-interface-perl 0.52-9
libgnustep-base1.24 1.24.9-3.1
-libgnutls30:amd64 3.5.8-5
+libgnutls30:amd64 3.5.8-5+deb9u1
libgoa-1.0-0b:amd64 3.22.5-1
libgoa-1.0-common 3.22.5-1
libgoa-backend-1.0-1:amd64 3.22.5-1
@@ -1449,13 +1449,13 @@
liferea 1.12~rc3-1
liferea-data 1.12~rc3-1
linux-base 4.5
-linux-image-4.9.0-3-amd64 4.9.30-1
+linux-image-4.9.0-3-amd64 4.9.30-2+deb9u1
live-boot 1:20170112
live-boot-initramfs-tools 1:20170112
live-config 5.20170112
live-config-systemd 5.20170112
live-tools 1:20151214+nmu1
-locales-all 2.24-11
+locales-all 2.24-11+deb9u1
lockfile-progs 0.1.17+b1
login 1:4.4-4.1
logrotate 3.11.0-0.1
@@ -1485,7 +1485,7 @@
mousetweaks 3.12.0-1+b1
msva-perl 0.9.2-1
mtools 4.0.18-2+b1
-multiarch-support 2.24-11
+multiarch-support 2.24-11+deb9u1
mutter 3.22.4-1+tail1
mutter-common 3.22.4-1+tail1
myspell-fa 0.20070816-3
@@ -1714,6 +1714,7 @@
tails-perl5lib 1.0-1
tails-persistence-setup 1.1.9-1
tar 1.29b-1.1
+tcpd 7.6.q-26
tcpdump 4.9.0-2
tcpflow 1.4.5+repack1-3+b1
thunderbird 1:45.8.0-3+tails2#8 Updated by intrigeri 2017-06-26 07:05:48
- % Done changed from 20 to 30
Only unexpected differences I could spot:
- We pull a few more packages during the “Begin installing tasks” phase. I think that’s caused by alternative dependencies (
pkgA | pkgB) being resolved somewhat randomly by APT, and “randomly” depends on the list of available packages, which is impacted by this branch, so let’s not bother. We remove them later anyway, except: tcpdis installed in the SquashFS. It wasn’t shipped in 3.0, so I’ll remove it explicitly.
No automated tests results so far since cucumber segfaults for some reason. Will file a ticket later today unless bertagaz beats me to it.
#9 Updated by intrigeri 2017-06-27 13:11:14
- % Done changed from 30 to 40
Now looks good to me, you can check yourself:
for ext in build-manifest packages ; do
echo "### $ext"
diff -Naur \
<(curl -s https://nightly.tails.boum.org/build_Tails_ISO_stable/builds/lastSuccessfulBuild/archive/latest.iso.$ext) \
<(curl -s https://nightly.tails.boum.org/build_Tails_ISO_feature-12309-re-enable-debian-security/lastSuccessful/archive/latest.iso.$ext)
doneI’ll now check what Jenkins thinks, mostly because I wonder if https://bugs.debian.org/865343 breaks anything in our ISO.
#10 Updated by intrigeri 2017-06-27 13:32:03
- Assignee changed from intrigeri to bertagaz
- % Done changed from 40 to 50
- QA Check set to Ready for QA
Te last test suite run on Jenkins passed entirely.
#11 Updated by intrigeri 2017-06-30 06:18:44
- Target version changed from Tails_3.1 to Tails_3.0.1
#12 Updated by bertagaz 2017-06-30 12:04:36
- Status changed from In Progress to Fix committed
- Assignee deleted (
bertagaz) - Target version changed from Tails_3.0.1 to Tails_3.1
- % Done changed from 50 to 100
- QA Check changed from Ready for QA to Pass
intrigeri wrote:
> Te last test suite run on Jenkins passed entirely.
Looks good, merged into stable and devel.
#13 Updated by bertagaz 2017-06-30 12:05:01
- Target version changed from Tails_3.1 to Tails_3.0.1
#14 Updated by intrigeri 2017-07-05 19:03:51
- Status changed from Fix committed to Resolved