Debian 7/Wheezy & 8/Jessie backports repos archived

Ever vigilant TurnKey community member, John Carver (aka Dude4Linux), has again bought to our attention an issue worth addressing. In a recent bug report John notes that the Debian old-old-stable (7/Wheezy) and old-stable (8/Jessie) backports apt repositories have now been archived.

Ideally v13.x & v14.x TurnKey users are advised to update/migrate their data to the relevant current v15.x release of their appliance. If you need a hand with that, please do not hesitate to start a new thread on the forums (new threads require a free website user account; if you have any troubles posting please let us know). But if that's not an option right now, to avoid errors jamming up your apt logs, TurnKey v13.x and v14.x users are advised to make an adjustment to their servers.

It is worth noting that the default daily security updates will still occur regardless, but without this manual update there will be additional errors being logged.

Please note that this does NOT currently affect TurnKey v15.x appliances.

What has happened?

A number of v13.x and v14.x TurnKey appliances (and all v14.2 appliances) have what is referred to as Debian backports enabled. Please follow the link for full details regarding backports, but essentially it provides additional and/or newer versions of software not available in the "main" Debian apt repositories.

Debian 7/Wheezy and 8/Jessie are now in ELTS (Extended Long Term Support) and LTS (Long Term Support) support periods respectively. Once Debian Security Team support ends (one year after a new stable release) support moves to the LTS Team. The LTS Team do not provide support for the backports repositories so I suspect that at least in part, this decision was made to avoid ongoing user confusion in this regard. Thus the backports repos have been archived and the current urls are no longer valid.

It may already be obvious, but to ensure it's completely clear, no further updates (including security updates) will occur for Wheezy and/or Jessie backports packages. That is why we recommend simply disabling backports altogether. However, I've also provided instructions on how to update the backports repo listing url if you still wish to install software from backports.

Who does this affect?

This affects many users of TurnKey versions v13.x & v14.x and all users of v14.2.

The v15.x appliances (based on Debian 9/Stretch) are NOT affected.

If you are unsure of which TurnKey version you have, please see the relevant section below.

If you wish to check whether you have backports repo enabled, grep is a useful tool. Run it like this:

grep -r backports /etc/apt/sources.list.d

If this returns any results, then that indicates that you likely have backports enabled. Please note that if a line is returned which starts with a '#' (hash/pound character) then it is already disabled and can be ignored. No results means no action is required.

Another way to check is to simply run 'apt-get update'. If that returns an error (as per John's bug report) then that suggests that you need to take some action.

What version of TurnKey do I have?

If you're not sure which version of TurnKey you are running, please log in via SSH (or Webshell) and run the following command:

turnkey-version

That will return a string in the following format:

turnkey-<APP_NAME>-<VERSION>-<CODENAME>-<ARCH>

Where:

  • APP_NAME is the appliance name; e.g. 'lamp'
  • VERSION is the TurnKey version number; e.g. '14.2'
  • CODENAME is the Debian codename; e.g. 'jessie'
  • ARCH is the system architecture; e.g. 'amd64'

So a 64 bit v14.2 LAMP appliance will return:

turnkey-lamp-14.2-jessie-amd64

Please see below for notes specific to the major TurnKey version relevant to you.

TurnKey v13.x/Debian 7/Wheezy users

Ideally no one is still using TurnKey v13.x anymore. Unless of course your server is not internet accessible, and/or you have subscribed to the Debian ELTS (and that is actually continuing post the currently anticipated cut off of June 2019 - i.e. now!).

This is because the basis of v13.x; Debian 7/Wheezy is now "old-old-stable" and is no longer receiving normal security updates, only very limited updates via the LTS Team (and as per above; that too is due to end any day).

So in most cases, the best course of action is to either migrate your data to a newer version of TurnKey, or do a "regular" in-place Debian upgrade (at least to Jessie; preferably Stretch).

TurnKey v14.x/Debian 8/Jessie users

The basis of TurnKey v14.x; Debian 8/Jessie is currently in its LTS phase. That means that there are security updates and bugfixes being provided, but not necessarily for all packages. Also, the updates that are available are being provided by the LTS team, rather than the Security Team.

Unless you have a need to remain on v14.x/Jessie, it is recommended that you either migrate your data to a newer TurnKey instance, or perform an in-place Debian upgrade. If you need a hand with that, please do not hesitate to start a new thread on the forums (new threads require a free website user account; if you have any troubles posting please let us know).

If you do need to stick with v14.x/Jessie, then you will receive about 1 year more of LTS updates (until June 2020). After that time, Jessie will likely move to ELTS. Although usage of ELTS is not recommended unless you are a paid ELTS subscriber.

What do I need to do?

Beyond following the highly recommended path of updating, as noted above there are 2 other options available.

The first is to disable backports altogether. As there will be no further updates to backports, disabling backports is the recommended option (if migrating/updating to v15.x is not an option for you right now).

The alternate "fix" is to update the backports repo listing url so that is it in a "working" state again.

I'll cover both possibilities in separate sections below. Please follow only one of these, not both.

Option 1: Disable backports completely (recommended)

As there will be no further updates to the backports repository in either Debian Wheezy or Jessie (v13.x & v14.x respectively) there is little value in leaving the backports repository enabled. So we recommend that you simply disable backports completely. You can do that like this (using 'jessie' as an example):

CODENAME=jessie # for v14.x; swap with 'wheezy' for v13.x
sed -i "/$CODENAME-backports/ s|^ *deb|#deb|" /etc/apt/sources.list*

Then as per above, to check all is well, run:

apt-get update

Option 2: Update backports repo to use archive

Alternatively, you can update the backports repo so that it points to the archive. As noted above, there is limited value in doing that as no new updates will be published. In fact, because a system wide apt modification is required to allow backports to still be installed, it removes one of the security measures (checking expiry of the release file) of the apt repository system.

Regardless, if you still wish to be able to install from backports, you may wish to update your apt config to point towards the archive. To update the backports repo to use the archive involves 2 steps. The following detail assumes this is being done on a v14.x (Debian 8/Jessie) system. For v13.x (Debian 7/Wheezy) please adjust the first line accordingly.

Firstly you need to update the sources.list file url(s) which apt uses to access the repo:

CODENAME=jessie # for v14.x; swap with 'wheezy' for v13.x
sed -i "/$CODENAME-backports/ s|httpredir|archive|" /etc/apt/sources.list.d/*

Then because the release file has expired, you'll need to adjust the config so that apt ignores that issue (note this change will affect all apt repositories):

echo 'Acquire::Check-Valid-Until no;' > /etc/apt/apt.conf.d/99no-check-valid-until

Then to check all is well, run:

apt-get update

If that is still returning an error, please post a comment below (include the full error message). Alternatively, please feel free to open a new thread in the forums.

As per always; feedback is encouraged

As per always here at TurnKey we love your feedback. Please let us know how you go with this via the comments section below. If you encounter issues not noted, ideally please open a new thread in our support forums (free website user account required to start a new thread).

Good luck! :)

Comments

Jeremy Davis's picture

I missed the last bit of the sed line to disable backports. Sorry about that... I've fixed the post by to make it a bit easier for you, here it is:

CODENAME=jessie
sed -i "/$CODENAME-backports/ s|^ *deb|#deb|" /etc/apt/sources.list*
apt update

If that still doesn't work, please post back with the error message and I'll try again.

Habib Ullah's picture

Thanks for fixing backports issue.

Pages

Add new comment