Comments (9)
DaanDeMeyer
commented on July 28, 2024
from mkosi.
bluca
commented on July 28, 2024
https://www.debian.org/mirror/ftpmirror#what
The debian-security/ archives contain the security updates released by the Debian security team. While it sounds interesting to everyone, we do not recommend to our users to use mirrors to obtain security updates and instead ask them to directly download them from our distributed security.debian.org service. We recommend debian-security not be mirrored.
from mkosi.
DaanDeMeyer
commented on July 28, 2024
https://wiki.ubuntu.com/SecurityTeam/FAQ
While packages are copied from security to updates frequently, it is recommended that systems always have the security pocket enabled, and use security.ubuntu.com for this pocket. For all other pockets feel free to use archive.ubuntu.com or an archive mirror. This combination will ensure you are able to download important updates immediately while taking advantage of the mirror network or archive.ubuntu.com for all other downloads. Ubuntu systems are configured in this manner by default.
So I'm not sure what to do here. I think your best bet is to provide your own sources file like follows:
[Distribution]
PackageManagerTrees=<path-to-sources>:/etc/apt/sources.list.d/mkosi.sources
from mkosi.
robleady
commented on July 28, 2024
For Debian that would be true. Indeed, you won't find any of the -security feeds on deb.debian.org/debian/dists
However, Canonical appear to taking a different approach with Ubuntu, and do provide the -security feeds alongside the others.
Mirror services do mirror the security feeds. For example: https://www.mirrorservice.org/sites/archive.ubuntu.com/ubuntu/dists/
from mkosi.
DaanDeMeyer
commented on July 28, 2024
@robleady See my earlier reply, ubuntu also recommends using security.ubuntu.com for security updates and to not use the mirror network.
from mkosi.
robleady
commented on July 28, 2024
OK - I'd missed that FAQ on the Ubuntu site.
I had looked at the PackageManagerTrees= option, but couldn't make sense of the documentation.
I'll do some more testing...
from mkosi.
robleady
commented on July 28, 2024
Using PackageManagerTrees= seems to do the trick. Well actually I ended up using SkeletonTrees=custom.sources:/etc/apt/sources.list.d/mkosi.sources as I wanted the repository information to be in the final image.
However, I also get a default jammy.sources being written to /etc/apt/sources.list.d alongside my custom mkosi.sources in the final image. Is there an option to prevent this being written?
from mkosi.
DaanDeMeyer
commented on July 28, 2024
@robleady There is no option to prevent this from being written. I'd suggest removing it in a finalize script.
from mkosi.
DaanDeMeyer
commented on July 28, 2024
Let's close this as there's no clear solution here
from mkosi.
Related Issues (20)
- Add support for nsresourced HOT 1
- UnicodeDecodeError while building x86 Debian on an x86_64 machine. HOT 2
- fixup_vmlinuz_location invalid on arch
- Adding a cross-image temporary output directory
- Add SourceDateEpochMode=override|clamp HOT 2
- Honor GNUPGHOME when signing checksum
- mkosi fails to build raw disk image from BaseTree HOT 4
- Add QemuSerial= to allow using virtconsole as the serial console HOT 1
- Add QemuSwtpmBanks= setting HOT 1
- Configuration parser issues and possible improvements HOT 1
- WithDocs=false is broken on Debian
- Unable to build bootable Ubuntu Noble disk image (Package 'libtss2-mu0' has no installation candidate) HOT 3
- Automatic PARTUUID doesn't work for mount.usr kernel parameter
- --profile CLI option is broken
- Better warning when setting universal properties in subimages
- `PackageManagerTree=` in image directory no longer falls back to `mkosi.skeleton/` HOT 2
- cp: cannot access '/home/<user>/.cache/mkosi/ubuntu~noble~x86-64/lib/apt/lists/partial': Permission denied HOT 12
- Add CacheKey config to override cache_tree_paths
- Arch Linux = error: failed retrieving file 'core.db' from geo.mirror.pkgbuild.com : Could not resolve host: geo.mirror.pkgbuild.com HOT 2
- Wrong documentation for installing local packages ? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mkosi.