debian/util.sh falsifies custom sources file

c4bhuf commented 1 year ago

Describe the bug Calling the util.sh with a custom sources file changes the mirrors that are provided to cowbuilder in an unpredictable way (see https://github.com/signalwire/freeswitch/blob/master/debian/util.sh#L404). This is currently a problem when building for bullseye since it omits the security part of the bullseye-security portion of the security mirror (see https://wiki.debian.org/NewInBullseye and https://wiki.debian.org/DebianBullseye?highlight=%28CategoryRelease%29) but could also result in other unwanted behaviour. For example the original deb https://security.debian.org/debian-security bullseye-security main will be parsed to deb https://security.debian.org/debian-security bullseye main.

To Reproduce I call the util.sh with the following parameters: ./debian/util.sh build-all -i -j -b -d -k -z9 -aamd64 -cbullseye -v "10.10.7" -T "test.list"

The custom build list (test.list):

deb http://security.debian.org/debian-security/ bullseye-security main contrib non-free 
deb-src http://security.debian.org/debian-security/ bullseye-security main contrib non-free 

deb http://deb.debian.org/debian bullseye main
deb-src http://deb.debian.org/debian bullseye main 
deb http://deb.debian.org/debian bullseye-updates main
deb-src http://deb.debian.org/debian bullseye-updates main

The code from util.sh parsing the argument othermirror for cowbuilder (see https://github.com/signalwire/freeswitch/blob/master/debian/util.sh#L269). Only removed the delimiter change from "\n" to "|" for readability:

get_sources () {
  local tgt_distro="$1"
  while read type args path distro components; do
    test "$type" = deb || continue
    if echo "$args" | grep -qv "\[" ; then components=$distro;distro=$path;path=$args;args=""; fi
    prefix=`echo $distro | awk -F/ '{print $1}'`
    suffix="`echo $distro | awk -F/ '{print $2}'`"
    if test -n "$suffix" ; then full="$tgt_distro/$suffix" ; else full="$tgt_distro" ; fi
    printf "$type $args $path $full $components\n"
  done < "$2"
}

get_mirrors () {
  file=${2-/etc/apt/sources.list}
  announce "Using apt sources file: $file"
  get_sources "$1" "$file" | head -c-1; echo
}

announce () {
  cat >&2 <<EOF

########################################################################
## $1
########################################################################

EOF
}

get_mirrors "bullseye" "test.list"

Steps to reproduce the behavior:

Create a file test.sh with the code from util.sh (see above)
Create a file test.list with the debian mirrors
Execute bash test.sh

Result:

########################################################################
## Using apt sources file: test.list
########################################################################

deb  http://security.debian.org/debian-security/ bullseye main
deb  http://deb.debian.org/debian bullseye main
deb  http://deb.debian.org/debian bullseye main

Some of the debian mirrors are completely ommited (specifically deb-src) and some have missing elements like "contrib non-free" or "bullseye-security".

Expected behavior cowbuilder should only be provided with a format it can work with (e.g. delimited with "|") and should not omit some of the custom sources a user provided to util.sh. The intention here is probably to replace the distribution part of the mirrors with the provided distribution name for get_mirrors. This should not be necessary since the list of custom sources is already provided by the user of the util.sh. It should be the users responsibility to provide the right custom sources.

mjerris commented 1 year ago

please provide a pull request to address this

c4bhuf commented 1 year ago

Sorry for the "slight" delay :D. Here is my pull request for the fix.

signalwire / freeswitch

debian/util.sh falsifies custom sources file #2112