Bug #12452: Offline build fails when the InRelease file gets too old

Bug #12452

Offline build fails when the InRelease file gets too old

Added by arnaud 2017-04-17 09:08:16 . Updated 2018-02-11 06:37:37 .

Status:

Confirmed

Priority:

Normal

Assignee:

anonym

Category:

Build system

Target version:

Start date:

2017-04-17

Due date:

% Done:

Feature Branch:

wip/12452-ignore-apt-valid-until-build-option

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

When doing offline builds, no downloads are performed, and instead files are taken from the cache of apt-cacher-ng.

Some of these files have an expiry date, as you can see in the VM with this command:

grep -rn Valid-Until /var/cache/apt-cacher-ng/

Different files have different expiry dates. As a consequence, offline builds fail after a few days, because ‘apt-get update’ returns this kind of errors:

E: Release file for http://ftp.us.debian.org/debian/dists/jessie-backports/InRelease is expired (invalid since 2d 0h 22min 54s). Updates for this repository will not be applied.

My first attempt to solve that is to tell apt to ignore the expiry date. I attach the patch so that you get the idea.

It worked for me, but I don’t think it works in every situation. Here I just patched the file ‘setup-tails-builder’, but the truth is that there are ‘apt-get update’ scattered all along the build process, and my patch doesn’t address them. So there will be situation where the build will fail even with this patch.

I’m not sure that it’s a good idea to modify every file where ‘apt-get update’ is involved. It seems a bit messy, and I have no idea if the environment variable ‘TAILS_OFFLINE_MODE’ is propagated into the chroot.

Files

0001-Do-not-check-apt-release-file-s-expiration-date-duri.patch (1468 B)

arnaud, 2017-04-17 08:57:36

Subtasks

History

#1 Updated by intrigeri 2017-04-17 09:31:31

Assignee set to anonym

> My first attempt to solve that is to tell apt to ignore the expiry date. I attach the patch so that you get the idea.

(Without looking at the actual patch) IMO this should require toggling an explicit and opt-in setting, and not done automatically when offline mode is enabled: I want to be able to use TAILS_OFFLINE_MODE in a safe way, and most of the time I’m fine if it tells me that it can’t be done.

#2 Updated by mercedes508 2017-11-25 18:11:45

Any news on this anonym?

#3 Updated by Anonymous 2018-01-15 09:26:31

QA Check set to Info Needed

ping?

#4 Updated by anonym 2018-02-10 18:15:02

Status changed from New to Confirmed

#5 Updated by anonym 2018-02-10 22:57:39

intrigeri wrote:
> > My first attempt to solve that is to tell apt to ignore the expiry date. I attach the patch so that you get the idea.
>
> (Without looking at the actual patch) IMO this should require toggling an explicit and opt-in setting, and not done automatically when offline mode is enabled: I want to be able to use TAILS_OFFLINE_MODE in a safe way, and most of the time I’m fine if it tells me that it can’t be done.

Agreed. That option will also be useful when trying to reproduce a Tails release whose APT lists have expired.

#6 Updated by anonym 2018-02-10 23:49:30

QA Check changed from Info Needed to Dev Needed
Feature Branch set to wip/12452-ignore-apt-valid-until-build-option

The WIP branch is basically a TODO. I think the generation of the base box, which would have to move to use tagged snapshots, makes this pretty difficult to implement. Damn. It’s still worthwhile to implement this option without that part, for the reason arnaud opened this ticket, but it will not be helpful for reproducing a Tails version a long time after it was released.

#7 Updated by intrigeri 2018-02-11 06:37:37

FTR I don’t think this is part of our Core work or of the reprobuilds deliverable so feel free to set this as low prio and deassign yourself (=> the closest we have to good idea, wishlist, great patches are welcome).