search

debuerreotype / docker-debian-eol-artifacts

Official builds of debuerreotype-generated Debian EOL tarballs for use in Docker (archive.debian.org)
https://hub.docker.com/r/debian/eol
Apache License 2.0
6 stars 1 forks source link

archive.debian.org shouldn't be used in sources.list until the relevant suite actually exists there #1

Closed tianon closed 3 years ago

tianon commented 3 years ago

From a discussion in #debian-ftp:

<GyrosGeier> jessie security updates are missing on debian-archive
<GyrosGeier> which breaks jessie Docker images
<GyrosGeier> to reproduce: "FROM debian/eol:jessie", "RUN apt-get update"
<GyrosGeier> same for jessie-updates
<GyrosGeier> W: Failed to fetch http://archive.debian.org/debian-security/dists/jessie/updates/main/binary-amd64/Packages  404  Not Found [IP: 193.62.202.28 80]
<GyrosGeier> W: Failed to fetch http://archive.debian.org/debian/dists/jessie-updates/main/binary-amd64/Packages  404  Not Found [IP: 193.62.202.28 80]
<jrtc27> -updates doesn't make sense for archive
<jrtc27> jessie only reached EOL this summer so up until then jessie/updates was still changing
<jcristau> sounds like a bug in that docker image then
<GyrosGeier> no, the image is aware that jessie is EOL, so it refers to archive.debian.org
<GyrosGeier> which has security for older releases as well
<jrtc27> yes but you shouldn't point at archive.d.o until the suite has been archived
<jrtc27> http://security.debian.org/debian-security/dists/ still has a jessie suite
<jrtc27> and should be used until it's been added to archive.d.o
<jrtc27> there is nothing saying that jessie is archived the moment it reaches EOL
<jrtc27> just that it happens _some_ time later
<jrtc27> therefore the docker image is buggy and making invalid assumptions
tianon commented 3 years ago

(@GyrosGeier, I believe this was you? just wanting to give you a heads up that I've logged it :sweat_smile: :heart:)

tianon commented 3 years ago

I've just filed https://github.com/debuerreotype/debuerreotype/issues/100 since this is technically a bug in debuerreotype itself, but I think there's a non-zero chance it'll be easier to add a workaround here than to fix the assumptions there (which I also want to do, but is a larger problem to tackle).

tianon commented 3 years ago

With debuerreotype 0.13 (6367504da56fda73f5f9bd5542d13e44b2ffbb92), this is finally fixed. :smile:

$ docker pull debian/eol:jessie
jessie: Pulling from debian/eol
2b2fa7211760: Pull complete 
Digest: sha256:2082a3a524dec0f7a5b147c89c26970378726c819b35faaabf10728f339f2c56
Status: Downloaded newer image for debian/eol:jessie

docker.io/debian/eol:jessie
$ docker run --rm debian/eol:jessie apt-get update
Get:1 http://deb.debian.org jessie-updates InRelease [16.3 kB]
Ign http://archive.debian.org jessie InRelease
Get:2 http://security.debian.org jessie/updates InRelease [44.9 kB]
Get:3 http://archive.debian.org jessie Release.gpg [2420 B]
Get:4 http://archive.debian.org jessie Release [148 kB]
Get:5 http://deb.debian.org jessie-updates/main amd64 Packages [20 B]
Get:6 http://archive.debian.org jessie/main amd64 Packages [9098 kB]
Get:7 http://security.debian.org jessie/updates/main amd64 Packages [992 kB]
Fetched 10.3 MB in 5s (1784 kB/s)
Reading package lists...

(Sorry it took so much longer than I was planning on!)