[DONE] Use wheezy or stable in /etc/apt/sources.list.d/debian.list?

Patrick · November 15, 2015, 7:42pm

Definitions:

“break package manager” defined as "apt-get will not be able to finish upgrading. Stop in the middle. Whonix maintainers may or may not be able to release a fix and or instructions to repair it.

Using stable:

Requires no intervention from Whonix maintainer since it will automatically upgrade at some point to jessie when Debian developers bless jessie as stable.

Forced upgrade of Whonix jessie at decision time when Debian developers bless jessie as stable might break package manager. Risk of such breakage can be reduced by making Whonix’s Debian packages compatible with jessie/testing early. More maintenance effort by Whonix maintainer to continuously check jessie/testing compatibly since it is an always changing target (besides in the period of Debian freezing testing).

Using wheezy:

Better control on when system will be upgraded to jessie by Whonix maintainer. No surprising upgrade to jessie.
Less maintenance effort for Whonix maintainer. Work on jessie compatibly can begin as soon as jessie was blessed stable by Debian developers. But then there is very little chance of getting any Debian changes into that version that Whonix would require.
Less chance of breaking package manager.

Upgrading Whonix to jessie gets complicated, since the anon-apt-sources-list package can change the file but not run apt-get update. Whonix packages made compatible with jessie-only (I hope there is no need to break compatibility with wheezy anytime before jessie is blessed stable for a while) would not be installable on the currently running wheezy based version that is supposed to be upgraded also leaving with a difficult to manage situation.

At the moment we’re using stable over wheezy and I think it is the less problematic choice.

Why is this a non-issue for Ubuntu or many other derivatives of Debian? They rebuild the whole Debian archive on their own servers and the dedicated manpower available for this endeavor.

Maybe Whonix’s repository should also use codenames wheezy and jessie? And use wheezy in /etc/apt/sources.list.d/debian.list. At some point when jessie was blessed stable by Debian developers and Whonix is fully compatible with jessie, tell users to switch wheezy to jessie in /etc/apt/sources.list.d/debian.list as well as in /etc/apt/sources.list.d/whonix.list (using whonix_repository tool)?

Package in question:

File in question:

github.com

Whonix/anon-apt-sources-list/blob/master/etc/apt/sources.list.d/debian.list

## Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## See the file COPYING for copying conditions.

## This is a default sources.list for Anonymity Linux Distributions,
## which are derivatives of Debian.

## If you want to see the example, which came with the upstream
## distribution, see: /usr/share/doc/apt/examples/sources.list

## Instead of directly editing this file,
## the user is advised to create the file /etc/apt/sources.list.d/user.list.
## This is because when this package gets updated,
## /etc/apt/sources.list.d/debian.list will be overwritten and may receive new
## new default values and comments. The entire folder /etc/apt/sources.list.d/
## gets scanned for additional sources.list files by apt-get.
## The user may keep their settings even after updating this package.
##
## Without graphical user interface, you can use for example:
##    sudoedit /etc/apt/sources.list.d/user.list
## With graphical user interface (XFCE), you can use for example:

This file has been truncated. show original

HulaHoop · November 15, 2015, 7:42pm

I’m not really qualified to make such a decision as I ave not experienced the kind of maintenance effort done on you part.

But here is what I think, the less direct intervention by newbie users needed for them to stay updated and protected, the better.

Patrick · November 15, 2015, 7:42pm

That’s for sure what the goal should be. The question is just what can be realistically accomplished at current state of development.

Asked on debian derivatives mailing list:
https://lists.debian.org/debian-derivatives/2014/08/msg00000.html

Patrick · November 15, 2015, 7:42pm

One reply (https://lists.debian.org/debian-derivatives/2014/08/msg00002.html) by Paul Wise.

> Use wheezy or stable in /etc/apt/sources.list.d/debian.list?
I think it depends on how many compatibility issues you find for the
Whonix use-case, in my experience there will probably be enough issues
to warrant separate branches,

Patrick · November 15, 2015, 7:42pm

At Whonix 9 release time, if I were to replace the stable repository with Whonix 9 packages, it would break since special instructions are required for Whonix 8 -> Whonix 9 upgrades unfortunately (https://www.whonix.org/wiki/Upgrading_Whonix_8_to_Whonix_9). [This happened during the Whonix 7 -> Whonix 8 change and some users were not amazed.]

whonix-repository tool current situation:

Menu point 1 text.

Automatically install updates from the Whonix team?
Whonix News (via whonixcheck) will notify you of available updates.

When you run
apt-get dist-upgrade
updates from the Whonix team will be AUTOMATICALLY downloaded and installed, along with updates from the Debian team. Please read https://whonix.org/wiki/Trust to understand the risks.

You can always start the Whonix Repository Tool again by running:
sudo whonix_repository

Menu point 1 choices.

Yes. Automatically install updates from the Whonix team. No. I will manually update from source code.

Menu point 2 text.

Which Whonix Repository would you like to receive updates from?
Most users should select the Stable repository.

You can always start the Whonix Repository Tool again by running:
sudo whonix_repository

Menu point 2 choices.

Whonix Stable Repository. Whonix Testers Repository. Whonix Developers Repository.

Positions of textual strings in the code:

github.com

Whonix/whonix-repository/blob/master/usr/bin/whonix_repository#L321




sudo whonix_repository --enable --codename $codename_default_stable


sudo whonix_repository --disable


sudo whonix_repository --disable --verbose


See also:


man whonix_repository"
      exit 1
   fi
fi
}


enable_disable_refresh_keys() {
if [ "$disable" = "1" ]; then
   remove_legacy
   remove_keys
elif [ "$enable" = "1" ]; then
   add_keys

github.com

Whonix/whonix-repository/blob/master/usr/bin/whonix_repository#L345


   echo "ERROR: You must use either --enable, --refresh-keys or --disable."
   exit 1
fi
}


sources_list_generator() {
if [ "$disable" = "1" ]; then
   if [ -f "/etc/apt/sources.list.d/whonix.list" ]; then
      echo "INFO $BASH_SOURCE: Deleting Whonix apt repository /etc/apt/sources.list.d/whonix.list..."
      rm --force "/etc/apt/sources.list.d/whonix.list"
      echo "INFO $BASH_SOURCE: Done."
   else
      echo "INFO $BASH_SOURCE: /etc/apt/sources.list.d/whonix.list does not exist, ok."
   fi
elif [ "$refresh_keys" = "1" ]; then
   true
else
   echo "INFO $BASH_SOURCE: Using distribution ${under}$codename${reset} (version of Whonix) as apt repository."
   echo "INFO $BASH_SOURCE: Creating /etc/apt/sources.list.d/whonix.list..."


   echo "\

github.com

Whonix/whonix-repository/blob/master/usr/bin/whonix_repository#L369


## Whonix /etc/apt/sources.list.d/whonix.list


## This file has been automatically created by /usr/bin/whonix_repository.
## If you make manual changes to it, your changes get lost next time you run
## the whonix_repository tool.
## You can conveniently manage this file, using the whonix_repository tool.
## For any modifications (delete this file, use stable version, use testers
## version or use developers version), please use the whonix_repository tool.
## Run:
##    sudo whonix_repository
" > "/etc/apt/sources.list.d/whonix.list"


for baseuri in $WHONIX_APT_REPOSITORY_BASEURI; do
   echo "\
deb $baseuri $codename main
#deb-src $baseuri $codename main
" >> "/etc/apt/sources.list.d/whonix.list"
done


   echo "\
## Leaving source line disabled by default to safe some time, it's not useful

github.com

Whonix/whonix-repository/blob/master/usr/bin/whonix_repository#L389


## Leaving source line disabled by default to safe some time, it's not useful
## anyway, since it's better to get the source code from the git repository.


## End of /etc/apt/sources.list.d/whonix.list
" >> "/etc/apt/sources.list.d/whonix.list"


   cat "/etc/apt/sources.list.d/whonix.list"
   echo "INFO $BASH_SOURCE: Done."
fi
}


main_function() {
root_check
sanity_tests
colors
preparation
parse_cmd_options "$@"
parse_variables
enable_disable_refresh_keys
sources_list_generator
sync

Patrick · November 15, 2015, 7:42pm

This needs some changes for Whonix 9.

Menu point 1 can stay as is, I think.

Menu point 2 text.

Which Whonix Repository would you like to receive updates from?
Most users should select the wheezy - stable Repository.

You will be notified by whonixcheck and Whonix News Blog when an upgrade to jessie is required and instructions will be provided.

You can always start the Whonix Repository Tool again by running:
sudo whonix_repository

Menu point 2 choices.

Whonix based on Debian wheezy - stable Repository. Whonix based on Debian jessie - stable Repository. Whonix testers Repository. Whonix developers Repository.

Patrick · November 15, 2015, 7:42pm

Discussion moved here: