debian9 box (4.3.0): non-working security apt source

Question

debian9 box (4.3.0): non-working security apt source

ThomasWaldmann opened this issue a year ago · 6 comments

ThomasWaldmann commented a year ago

When I booted that box (downloaded today), it had "security.debian.org" in the sources.list.

That does not work any more, it needs to be "archive.debian.org".

The main source was ok, but the security source was bad.

Answer 1 · 2023-09-22T14:39:35.000Z

Ehrm, guess I was wrong. I updated some boxes to 4.3.0, but seems I forgot the debian9 box. Sorry for the noise.

Answer 2 · 2023-09-22T14:44:10.000Z

BTW, thanks for maintaining these boxes.

The original debian/stretch64box didn't get the final update yet needed to make it working again after they broke it by moving stretch to the archive server.

Answer 3 · 2023-09-22T14:58:42.000Z

@ThomasWaldmann I think the change was made during the last cycle. That said it took 2.5 weeks to build everything because I had to fix soo many different configs. The Debian 8/9 boxes were two of the configs that needed fixing.

The said I might have overlooked something, whereby I am switching to the archive server during the install, but for some reason it is switching back at the end. If so that isn't intentional.. It's also possible a Debian 9 image was built before I made the fix. Or wasn't rebuilt this cycle. I';d need to know the platform to say, but that probably applies to the Parallels box.

Either way, since it took awhile to build 4.3.0, I plan to start the next release cycle right away (today) so that I have new images ready next week (hopefully).

It takes 3-4 days to build all 1,038 images at this point, and and that is only if everything runs smoothly.

Answer 4 · 2023-09-22T15:58:50.000Z

Hi @ladar!

The 4.3.0 box works (guess I should have said that more clearly in my 2nd post).

Cheers, Thomas

Answer 5 · 2023-09-22T16:42:54.000Z

The original debian/stretch64box didn't get the final update yet needed to make it working again after they broke it by moving stretch to the archive server.

Yeah, I'm stubborn that way. I still have lots of computers running old distros, with no reason to fix something that isn't broken..

That said, it's getting harden and harder with some of the boxes. Some distrros have no archive server. Or they have design flaws that require workarounds.

One of the Ubuntu releases , 21.10 , I think, was the first cloud-init installer release to go EOL, and it had a very nasty design flaw which made it try and auto-update the installer. but once it went EOL< the update would break, because of the release file. And there was no config option to disable this "feature.:" It was nearly impossible to install after being switched over. I had to reverse engineering the installer to find a workaround for the flaw.

I only mention this because jessie has a similar problem. The GPG key used to sign packages, but it expired awhile back. That means I need to set the system back to avoid the problem. And with the clock off, I also have to disable HTTPS, as the TLS certs don't validate any more. I'm guessing users are having an even issues too. It should be trivial fix, issuing an with new repo keys, using the same pub/priv key pair, but with an updated expiration. But it's been awhile and no luck so far.

The bottom line is the Robox project is getting too bug for the build servers I have, so I'll need to make cuts at some point. And broken distros will be the first to go.

Answer 6 · 2023-10-04T17:06:49.000Z

Since you are cutting off all ways of communication with you, why don't you just pay me what is owed. We can then walk away, i'll keep that distant memory of our first meeting in person as a happy one. I will also remember the first couple of years working with you my enthusiasm to work at all times of the day, and then it just started to break down. What happened in India was a crying shame, so much promise. Ivy (Who's birthday is tomorrow reaching double figures) actually asks about you. She remembers the short time spent with and game you played with her. I short pay what is owed, let's call it severence pay and be done with it. M~

On 22 September 2023 17:43:06 BST, Ladar Levison ***@***.***> wrote: > The original `debian/stretch64`box didn't get the final update yet needed to make it working again after they broke it by moving stretch to the archive server. Yeah, I'm stubborn that way. I still have lots of computers running old distros, with no reason to fix something that isn't broken.. That said, it's getting harden and harder with some of the boxes. Some distrros have no archive server. Or they have design flaws that require workarounds. One of the Ubuntu releases , 21.10 , I think, was the first cloud-init installer release to go EOL, and it had a very nasty design flaw which made it try and auto-update the installer. but once it went EOL< the update would break, because of the release file. And there was no config option to disable this "feature.:" It was nearly impossible to install after being switched over. I had to reverse engineering the installer to find a workaround for the flaw. I only mention this because jessie has a similar problem. The GPG key used to sign packages, but it expired awhile back. That means I need to set the system back to avoid the problem. And with the clock off, I also have to disable HTTPS, as the TLS certs don't validate any more. I'm guessing users are having an even issues too. It should be trivial fix, issuing an with new repo keys, using the same pub/priv key pair, but with an updated expiration. But it's been awhile and no luck so far. The bottom line is the Robox project is getting too bug for the build servers I have, so I'll need to make cuts at some point. And broken distros will be the first to go. -- Reply to this email directly or view it on GitHub: #283 (comment) You are receiving this because you are subscribed to this thread. Message ID: ***@***.***>

-- K-9 Mail. Please excuse my brevity.