banana's picture

Debian changed conf, and i use yours links for download my packages.

Error start : Day:15 - Month:08 --2021

if ! deck --isdeck build/; then deck build/bootstrap build/; fi
fab-install build/ build/root.spec
setting apt proxy settings...
updating package lists...
Get:1 buster InRelease [122 kB]
Ign:2 buster-security InRelease         
Get:3 buster/updates InRelease [65.4 kB]
Ign:4 buster InRelease
Get:5 buster-security Release [3857 B]
Get:6 buster Release [3830 B]
Get:7 buster-security Release.gpg [833 B]
Get:8 buster Release.gpg [833 B]
Get:9 buster/main amd64 Packages [31.0 kB]
Reading package lists... Done       
N: Repository ' buster InRelease' changed its 'Version' value from '10.3' to '10.10'
E: Repository ' buster InRelease' changed its 'Suite' value from 'stable' to 'oldstable'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.
E: Release file for is not valid yet (invalid for another 21h 58min 43s). Updates for this repository will not be applied.
Traceback (most recent call last):
  File "/usr/lib/fab/", line 34, in <module>
  File "/usr/lib/python2.7/dist-packages/", line 388, in main, args)
  File "/usr/lib/python2.7/dist-packages/", line 261, in run
  File "/usr/lib/fab/pylib/", line 129, in main
    installer.install(packages, ignore_errors)
  File "/usr/lib/fab/pylib/", line 276, in install
    self.chroot.system("apt-get update")
  File "/usr/lib/python2.7/dist-packages/", line 80, in system
  File "/usr/lib/python2.7/dist-packages/", line 56, in system

banana's picture

I found this:


#!/bin/bash -e
# create apt sources
# environment variables:
#   - required: CODENAME
#   - optional: NONFREE
#   - optional: TKL_TESTING
#   - optional: BACKPORTS
#   - optional: PHP_VERSION

# Note, to install packages from backports:
# - set 'BACKPORTS=y'; and either:
#   - add to plan & pin package(s) to backports (via prefs file); or
#   - install via apt using '-t $CODENAME-backports' switch

fatal() {
    echo "fatal: $@" 1>&2
    exit 1

[ -n "$CODENAME" ] || fatal "CODENAME is not set"


# Default Debian PHP version. This should return the current:
#   apt-cache policy php | sed -n "\|Candidate:|s|.*:\([0-9]\.[0-9]*\)+.*|\1|p"

# keys are provided as ascii armoured for transparency; but secure apt requires
# gpg keyrting files
repos=(main security testing)
for repo in ${repos[@]}; do
    gpg --no-default-keyring --keyring $keyring --import $keyfile
    rm $keyfile
# ensure that gpg-agent is killed after processing keys
kill -9 $(pidof gpg-agent) || true
rm -rf $HOME/.gnupg

cat > $SOURCES_LIST/sources.list <<EOF
deb [signed-by=$key_dir/tkl-$CODENAME-main.gpg] $CODENAME main

deb $CODENAME main
deb $CODENAME contrib
#deb $CODENAME non-free

cat > $SOURCES_LIST/security.sources.list <<EOF
deb [signed-by=$key_dir/tkl-$CODENAME-security.gpg] $CODENAME-security main

deb $CODENAME/updates main
deb $CODENAME/updates contrib
#deb $CODENAME/updates non-free

cat > $TKL_TESTING_LIST.disabled <<EOF
deb [signed-by=$key_dir/tkl-$CODENAME-testing.gpg] $CODENAME-testing main

Jeremy Davis's picture

I probably would have just run apt update within the bootstrap. I.e.:

fab-chroot /turnkey/fab/bootstraps/buster
apt update --allow-releaseinfo-change

Although obviously your fix works fine too! :)

Craig T.'s picture

Thanks, Jeremy. Just ran into this myself and your fix worked for me.

banana's picture

Hey Master, Im follow your suggestion.

I changed this, and now, is beaut.

PS: Sorry for my english. Im Brazilian, and dont use google translate or other.

I, learning english. (Its Ok? ) hehehe




Jeremy Davis's picture

And your English isn't too bad. Please feel free to continue to practice your English here on our forums if you want! :)

Jeremy Davis's picture

Unfortunately, we still haven't fixed the sandbox functionality, so that likely won't work.

FYI, my workflow when updating or developing an appliance is to first use the root.patched level interactively. That way I don't build to ISO at all initially. I try to get it as close as "done" as I can within root.patched (rebuilding root.patched at least once to check, sometimes many times). Then I will build to ISO and do final tests (with perhaps a rebuilt ISO to polish up final points).

I have a repo that includes a few internal tools (which aren't very polished, hence why not included by default) that you can install and use if you want. They should be useful for development. Have a look at tkldev-tools on GitHub.

The one that I find most useful is fab-investigate (essentially opens a chroot into the build root dir). Another is fab-rewind (supports rewinding build root level(s)).

What I normally do when I'm developing is that I include an 'exit 1' in the conf script (at a desirable point, usually just before the final cleanup in the conf script). Then when you run 'make' the build will fail during the 'root.patched' step. Then I use fab-investigate to interactively enter into the root.patched level (assuming no other bugs, exactly where you put the 'exit 1'). You can then do stuff interactively there. When you are ready to rebuild (and test your update conf script and overlay files) then just rerun 'make'.

Whilst it doesn't allow you to quickly tweak the ISO the way the sandbox was intended to, it's not too bad because you can test and rebuild from individual layers and rollback only when you need to. So long as you don't do a 'make clean' then the rebuilds should be fairly quick.

Be sure to take note of commands you run and config you tweak within root.patched. Copy the relevant commands into your conf script and overlay files to the relevant place. Personally, I will often have multiple shell sessions open, Including the conf script open in an editor, the build dir, etc). Any changes not copied out when you run 'make' will be lost.

Add new comment