Published: Fri Aug 20 18:58:51 UTC 2021
By Stephan Sürken
In 2021 .
For mini-buildd 1.0.x only.
The Debian bullseye release implicitly inflicts some mandatory (new
apt keys!) as well as some minor recommended housekeeping on an
existing mini-buildd installation.
So this is what I would recommend you to do -- assuming a basic
setup, near to what the wizards would set up automatically.
Given how the configuration currently works (i.e., affecting
dependencies when you change things), you might want
to stop the daemon before starting your housekeeping
and try to get all your changes done in one flow (to minimize the costly "PCA action" on repos and chroots later...)
1.0.49 adds wizard-support for new sources now available (like
bullseye-backports, buster-backports-sloppy, and also possibly new
Ubuntu releases). Obviously not mandatory, but it will really helps in
housekeeping.
With 1.0.49 installed, run (in the admin configuration):
Sources:Sources Debian wizard: Will get you new Debian sources the wizard knows about.Sources:Priority sources Extras wizard: Adds prio sources for new sources from last step.
There are three new keys from Debian:
Chances are they have already been added by the source wizard run
before. Make sure you have these as AptKeys instances, verify
and make them shiny green.
With the release of bullseye, repo signaturs have also changed in
other codenames. As in 1.0.x, any signatures a Release is signed with
needs to be in a Source, here is a list to help in manually fixing
this mess up:
[stretch/updates]: Success: EDA0D2388AE22BA9 (AA8E81B4331F7F50): Debian Security Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
[stretch/updates]: Success: 4DFAB270CAA96DFA (112695A0E562B32A): Debian Security Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
[sid]: Success: DC30D7C23CBBABEE (648ACFD622F3D138): Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
[sid]: Success: 73A4F27B8DD47936 (0E98404D386FA1D9): Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
[buster/updates]: Success: 4DFAB270CAA96DFA (112695A0E562B32A): Debian Security Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
[buster/updates]: Success: A48449044AAD5C5D (54404762BBB6E853): Debian Security Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
[bullseye-security]: Success: 4DFAB270CAA96DFA (112695A0E562B32A): Debian Security Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
[bullseye-security]: Success: A48449044AAD5C5D (54404762BBB6E853): Debian Security Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
[stretch]: Success: E0B11894F66AEC98 (04EE7237B7D453EC): Debian Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
[stretch]: Success: DC30D7C23CBBABEE (648ACFD622F3D138): Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
[stretch]: Success: 73A4F27B8DD47936 (0E98404D386FA1D9): Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
[stretch]: Success: EF0F382A1A7B6500 (): Debian Stable Release Key (9/stretch) <debian-release@lists.debian.org>
[bullseye]: Success: E0B11894F66AEC98 (04EE7237B7D453EC): Debian Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
[bullseye]: Success: DC30D7C23CBBABEE (648ACFD622F3D138): Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
[bullseye]: Success: 73A4F27B8DD47936 (0E98404D386FA1D9): Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
[bullseye]: Success: 605C66F00D6C9793 (): Debian Stable Release Key (11/bullseye) <debian-release@lists.debian.org>
[buster]: Success: E0B11894F66AEC98 (04EE7237B7D453EC): Debian Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
[buster]: Success: DC30D7C23CBBABEE (648ACFD622F3D138): Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
[buster]: Success: 73A4F27B8DD47936 (0E98404D386FA1D9): Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
[buster]: Success: DCC9EFBF77E11517 (): Debian Stable Release Key (10/buster) <debian-release@lists.debian.org>
[stretch-backports-sloppy]: Success: DC30D7C23CBBABEE (648ACFD622F3D138): Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
[stretch-backports-sloppy]: Success: 73A4F27B8DD47936 (0E98404D386FA1D9): Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
[stretch-backports]: Success: DC30D7C23CBBABEE (648ACFD622F3D138): Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
[stretch-backports]: Success: 73A4F27B8DD47936 (0E98404D386FA1D9): Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
[buster-backports-sloppy]: Success: DC30D7C23CBBABEE (648ACFD622F3D138): Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
[buster-backports-sloppy]: Success: 73A4F27B8DD47936 (0E98404D386FA1D9): Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
[buster-backports]: Success: DC30D7C23CBBABEE (648ACFD622F3D138): Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
[buster-backports]: Success: 73A4F27B8DD47936 (0E98404D386FA1D9): Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
[bullseye-backports]: Success: DC30D7C23CBBABEE (648ACFD622F3D138): Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
[bullseye-backports]: Success: 73A4F27B8DD47936 (0E98404D386FA1D9): Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
This manual update process is currently a PITA really, and there will
be something much more convenient in 2.0.x.
See: https://ftp-master.debian.org/keys.html , debian-archive-keyring package, apt-key.
Bullseye's release version (as configured in the bullseye Source )
should currently be "BULLSEYE" or "~BULLSEYE". Now with bullseye
released, this must be replaced by the actual release version.
FWIW: This default scheme will put you in the position to distinguish
between packages build while bullseye was rolling, and after bullseye
was released, just via the package version -- hinting you on what
packages you might want/need to rebuild on the actual finsihed stable
release.
To do this, just go the the bullseye Source instance, reveal the "Extra" section, and either
Recommended : Override with "11" (this is the current Debian scheme using only one number as main release version. New default in development mini-buildd).Override with "110" or remove the override string (this let's mbd guess on check , which will lead to "110" for 1.0.x).
Note that using option 1 may lead to dist-upgrade issues for packages
from, for example, a stretch distribution using "90" -- for packages
with otherwise the very same versioning. So only use that if you
(understand this and) are up to instruct your repo users on remedies,
or if you are using the new scheme consistently already anyway.
Run Chroots:Default wizard (on the backend you are using). This might yield new chroots if new base sources were added.
... now that you are at it anyway :).
mini-buildd always keeps the base chroots up to date, so this is
actually not strictly really necessary. However ;), as a safeguard
against any possible evilry that might have crept into your existing
base chroots, you might want to do this; there are no drawbacks, it
just take some time.
Just Remove the chroots you want to recreate, and then run PCA on it again.
Be sure everything you want is finally "green " in the admin config
overview (merciless run "PCA " on everything that's not ;).
Then, don't forget to restart the Daemon once (either by clicking an
stop/start as admin in the web app) or just by just restarting the
service:
# service mini-buildd restart
-- else you might experience subtle misbehaviours ;).
In case you have mutiple instances, you unfortunately need to do these
manual updates (or at least parts of it) on each of these.
In case you created new Distributions, you should build new keyring
packages (and migrate the new packages up to stable , at least for
new Distributions).
Hth!
S