Bug #15837: APT is not configured to install packages from our repo

Bug #15837

APT is not configured to install packages from our repo

Added by segfault 2018-08-24 10:06:38 . Updated 2018-10-04 10:43:10 .

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Target version:

Tails_3.9.1

Start date:

2018-08-24

Due date:

% Done:

100%

Feature Branch:

bugfix/15837-fix-apt-preferences+force-all-tests

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

Packages are supposed to be pinned to our repo with pin priority 990 in config/chroot_apt/preferences:

Package: *
Pin: origin deb.tails.boum.org
Pin-Priority: 990

But this doesn’t work, because the origin is actually not deb.tails.boum.org but tor+http://jenw7xbd6tf7vfhp.onion.

That is because we replace the deb.tails.boum.org in /etc/apt/sources.list.d/tails.list in config/chroot_local-includes/lib/live/config/1500-reconfigure-APT:

### Custom APT repository

s{
   ^
   (deb(?:-src)?\s+)
   tor[+]https?://deb[.]tails[.]boum[.]org
   /?
   (\s+)
}{$1tor+http://jenw7xbd6tf7vfhp.onion/$2}xms;

' | perl -pi - /etc/apt/sources.list /etc/apt/sources.list.d/*.list

This script is executed at the end of the build of a Tails image, so when the packages are installed during the build, they are correctly installed from our repo.

To fix this, we could make config/chroot_local-includes/lib/live/config/1500-reconfigure-APT also replace the origin in the APT preferences.

Subtasks

Related issues

Blocks Tails - ~~Bug #15834~~: 3.9rc1: gvfs-bin (and presumably other) dependency tangles	Resolved	2018-08-23
Blocks Tails - ~~Feature #15334~~: Core work 2018Q3: Foundations Team	Resolved	2018-02-20
Blocks Tails - ~~Bug #15973~~: APT pinning broken for stretch-backports	Resolved	2018-09-23

History

#1 Updated by segfault 2018-08-24 10:07:10

blocks ~~Bug #15834~~: 3.9rc1: gvfs-bin (and presumably other) dependency tangles added

#2 Updated by intrigeri 2018-08-26 06:17:52

blocks ~~Feature #15334~~: Core work 2018Q3: Foundations Team added

#3 Updated by intrigeri 2018-08-26 06:18:09

Assignee set to segfault

Do you want to fix this as part of your FT work?

#4 Updated by segfault 2018-08-26 11:15:33

intrigeri wrote:
> Do you want to fix this as part of your FT work?

Sure

#5 Updated by segfault 2018-09-03 19:26:34

Feature Branch set to bugfix/15837-fix-apt-preferences

#6 Updated by segfault 2018-09-04 11:42:51

Target version changed from Tails_3.9 to Tails_3.10.1

#7 Updated by segfault 2018-09-18 22:08:15

I pushed a commit to the feature branch which should fix this, but I have still to build and test it.

#8 Updated by segfault 2018-09-19 21:55:20

Assignee changed from segfault to intrigeri
QA Check set to Ready for QA

> but I have still to build and test it

seems to work

#9 Updated by intrigeri 2018-09-20 04:41:28

Status changed from Confirmed to In Progress
% Done changed from 0 to 50
Feature Branch changed from bugfix/15837-fix-apt-preferences to bugfix/15837-fix-apt-preferences+force-all-tests

Thanks! Pushed to Jenkins with the +force-all-tests suffix, let’s see how it goes :)

#10 Updated by intrigeri 2018-09-20 04:43:00

segfault wrote:
> This script is executed at the end of the build of a Tails image

FYI this is incorrect: /lib/live/config/ stuff is executed at boot time by the live-config service.

#11 Updated by intrigeri 2018-09-20 04:50:18

Assignee changed from intrigeri to segfault
QA Check changed from Ready for QA to Dev Needed

About this part of the regexp:

+   /?
+   (\s+)

… I don’t understand what this is supposed to match; is a / even legal here? I would be tempted to replace these two lines with $.

#12 Updated by segfault 2018-09-20 17:32:28

Assignee changed from segfault to intrigeri
QA Check changed from Dev Needed to Ready for QA

intrigeri wrote:
> About this part of the regexp:
>
> […]
>
> … I don’t understand what this is supposed to match; is a / even legal here? I would be tempted to replace these two lines with $.

You’re right, this doesn’t make sense and can be removed. I copied it from above in config/chroot_local-includes/lib/live/config/1500-reconfigure-APT. I replaced it with $ now.

#13 Updated by segfault 2018-09-23 20:04:15

blocks ~~Bug #15973~~: APT pinning broken for stretch-backports added

#14 Updated by intrigeri 2018-09-28 08:09:43

% Done changed from 50 to 60

Yeah, cargo cult— :) Code review passes, will now test.

#15 Updated by intrigeri 2018-09-30 14:27:15

Status changed from In Progress to Fix committed
% Done changed from 60 to 100
QA Check changed from Ready for QA to Pass

Merged :)

#16 Updated by intrigeri 2018-09-30 14:27:43

Assignee deleted (~~intrigeri~~)

#17 Updated by intrigeri 2018-10-01 13:29:41

Target version changed from Tails_3.10.1 to Tails_3.9.1

#18 Updated by anonym 2018-10-04 10:43:10

Status changed from Fix committed to Resolved