banana's picture

Debian changed conf, and i use yours links for download my packages.

Error start : Day:15 - Month:08 --2021

if ! deck --isdeck build/root.build; then deck build/bootstrap build/root.build; fi
fab-install build/root.build build/root.spec
setting apt proxy settings...
updating package lists...
Get:1 http://deb.debian.org/debian buster InRelease [122 kB]
Ign:2 http://archive.turnkeylinux.org/debian buster-security InRelease         
Get:3 http://security.debian.org buster/updates InRelease [65.4 kB]
Ign:4 http://archive.turnkeylinux.org/debian buster InRelease
Get:5 http://archive.turnkeylinux.org/debian buster-security Release [3857 B]
Get:6 http://archive.turnkeylinux.org/debian buster Release [3830 B]
Get:7 http://archive.turnkeylinux.org/debian buster-security Release.gpg [833 B]
Get:8 http://archive.turnkeylinux.org/debian buster Release.gpg [833 B]
Get:9 http://archive.turnkeylinux.org/debian buster/main amd64 Packages [31.0 kB]
Reading package lists... Done       
N: Repository 'http://deb.debian.org/debian buster InRelease' changed its 'Version' value from '10.3' to '10.10'
E: Repository 'http://deb.debian.org/debian buster InRelease' changed its 'Suite' value from 'stable' to 'oldstable'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.
E: Release file for http://security.debian.org/dists/buster/updates/InRelease is not valid yet (invalid for another 21h 58min 43s). Updates for this repository will not be applied.
Traceback (most recent call last):
  File "/usr/lib/fab/wrapper.py", line 34, in <module>
    CliWrapper.main()
  File "/usr/lib/python2.7/dist-packages/pyproject.py", line 388, in main
    commands.run(name, args)
  File "/usr/lib/python2.7/dist-packages/pyproject.py", line 261, in run
    command.module.main()
  File "/usr/lib/fab/pylib/cmd_install.py", line 129, in main
    installer.install(packages, ignore_errors)
  File "/usr/lib/fab/pylib/installer.py", line 276, in install
    self.chroot.system("apt-get update")
  File "/usr/lib/python2.7/dist-packages/chroot.py", line 80, in system
    executil.system(*self._prepare_command(*command))
  File "/usr/lib/python2.7/dist-packages/executil.py", line 56, in system

Forum: 
banana's picture

I found this:

 

#!/bin/bash -e
# create apt sources
# environment variables:
#   - required: CODENAME
#   - optional: NONFREE
#   - optional: TKL_TESTING
#   - optional: BACKPORTS
#   - optional: PHP_VERSION

# Note, to install packages from backports:
# - set 'BACKPORTS=y'; and either:
#   - add to plan & pin package(s) to backports (via prefs file); or
#   - install via apt using '-t $CODENAME-backports' switch

fatal() {
    echo "fatal: $@" 1>&2
    exit 1
}

[ -n "$CODENAME" ] || fatal "CODENAME is not set"

SOURCES_LIST=/etc/apt/sources.list.d
PREFS_LIST=/etc/apt/preferences.d
mkdir -p $SOURCES_LIST $PREFS_LIST

# Default Debian PHP version. This should return the current:
#   apt-cache policy php | sed -n "\|Candidate:|s|.*:\([0-9]\.[0-9]*\)+.*|\1|p"
DEBIAN_PHP_V=7.3

# keys are provided as ascii armoured for transparency; but secure apt requires
# gpg keyrting files
key_dir=/usr/share/keyrings
repos=(main security testing)
for repo in ${repos[@]}; do
    full_path=$key_dir/tkl-$CODENAME-$repo
    keyring=$full_path.gpg
    keyfile=$full_path.asc
    gpg --no-default-keyring --keyring $keyring --import $keyfile
    rm $keyfile
done
# ensure that gpg-agent is killed after processing keys
kill -9 $(pidof gpg-agent) || true
rm -rf $HOME/.gnupg

cat > $SOURCES_LIST/sources.list <<EOF
deb [signed-by=$key_dir/tkl-$CODENAME-main.gpg] http://archive.turnkeylinux.org/debian $CODENAME main

deb http://deb.debian.org/debian $CODENAME main
deb http://deb.debian.org/debian $CODENAME contrib
#deb http://deb.debian.org/debian $CODENAME non-free
EOF

cat > $SOURCES_LIST/security.sources.list <<EOF
deb [signed-by=$key_dir/tkl-$CODENAME-security.gpg] http://archive.turnkeylinux.org/debian $CODENAME-security main

deb http://security.debian.org/ $CODENAME/updates main
deb http://security.debian.org/ $CODENAME/updates contrib
#deb http://security.debian.org/ $CODENAME/updates non-free
EOF

TKL_TESTING_LIST=$SOURCES_LIST/turnkey-testing.list
cat > $TKL_TESTING_LIST.disabled <<EOF
deb [signed-by=$key_dir/tkl-$CODENAME-testing.gpg] http://archive.turnkeylinux.org/debian $CODENAME-testing main
EOF
 

Jeremy Davis's picture

I probably would have just run apt update within the bootstrap. I.e.:

fab-chroot /turnkey/fab/bootstraps/buster
apt update --allow-releaseinfo-change
exit

Although obviously your fix works fine too! :)

Craig T.'s picture

Thanks, Jeremy. Just ran into this myself and your fix worked for me.

banana's picture

Hey Master, Im follow your suggestion.

I changed this, and now, is beaut.

PS: Sorry for my english. Im Brazilian, and dont use google translate or other.

I, learning english. (Its Ok? ) hehehe

 

TKS.



 

Jeremy Davis's picture

And your English isn't too bad. Please feel free to continue to practice your English here on our forums if you want! :)

Jeremy Davis's picture

Unfortunately, we still haven't fixed the sandbox functionality, so that likely won't work.

FYI, my workflow when updating or developing an appliance is to first use the root.patched level interactively. That way I don't build to ISO at all initially. I try to get it as close as "done" as I can within root.patched (rebuilding root.patched at least once to check, sometimes many times). Then I will build to ISO and do final tests (with perhaps a rebuilt ISO to polish up final points).

I have a repo that includes a few internal tools (which aren't very polished, hence why not included by default) that you can install and use if you want. They should be useful for development. Have a look at tkldev-tools on GitHub.

The one that I find most useful is fab-investigate (essentially opens a chroot into the build root dir). Another is fab-rewind (supports rewinding build root level(s)).

What I normally do when I'm developing is that I include an 'exit 1' in the conf script (at a desirable point, usually just before the final cleanup in the conf script). Then when you run 'make' the build will fail during the 'root.patched' step. Then I use fab-investigate to interactively enter into the root.patched level (assuming no other bugs, exactly where you put the 'exit 1'). You can then do stuff interactively there. When you are ready to rebuild (and test your update conf script and overlay files) then just rerun 'make'.

Whilst it doesn't allow you to quickly tweak the ISO the way the sandbox was intended to, it's not too bad because you can test and rebuild from individual layers and rollback only when you need to. So long as you don't do a 'make clean' then the rebuilds should be fairly quick.

Be sure to take note of commands you run and config you tweak within root.patched. Copy the relevant commands into your conf script and overlay files to the relevant place. Personally, I will often have multiple shell sessions open, Including the conf script open in an editor, the build dir, etc). Any changes not copied out when you run 'make' will be lost.

Add new comment