[SOLVED] preferences and security level

AleLinuxBSD · 12-13-2009, 04:00 AM

/etc/apt/apt.conf

Code:

APT::Default-Release "stable";

/etc/apt/preferences

Quote:

Package: *
Pin: release o=Debian,a=stable
Pin-Priority: 900

Package: *
Pin: origin download.virtualbox.org
Pin-Priority: 650

Package: *
Pin: origin www.debian-multimedia.org
Pin-Priority: 550

Package: *
Pin: origin www.backports.org
Pin-Priority: 500

I would like known if this configuration is sufficiently secure or if is better change the priority on some repository.

the trooper · 12-13-2009, 05:50 AM

Ok,i'm confused.
You are running Stable,and i assume your sources.list reflects this,why are you pinning individual repositories that should be pointing to Lenny/Stable already?.
Often people use apt pinning when they have mixed repositories in their sources.list.
For example a mixed Testing/Sid system.
The following guide shows the method i use for running a mixed system:

http://forums.debian.net/viewtopic.p...ing+sid+system

It might be worth posting your sources.list as well,so we know what exactly you are trying to pin.

AleLinuxBSD · 12-14-2009, 12:35 AM

Because i use even "external" repository, my idea will be to install program from other repository only when they aren't present on the main repository.

$ cat /etc/apt/sources.list

Quote:

deb http://mi.mirror.garr.it/mirrors/debian/ lenny main
deb-src http://mi.mirror.garr.it/mirrors/debian/ lenny main

deb http://security.debian.org/ lenny/updates main
deb-src http://security.debian.org/ lenny/updates main

deb http://volatile.debian.org/debian-volatile lenny/volatile main
deb-src http://volatile.debian.org/debian-volatile lenny/volatile main

# Multimedia
deb http://www.debian-multimedia.org lenny main
#deb-src http://www.debian-multimedia.org lenny main

# Utile ad es. per installare una vers. recente di pidgin.
deb http://www.backports.org/debian lenny-backports main

# Repository virtualbox
deb http://download.virtualbox.org/virtualbox/debian lenny non-free

the trooper · 12-14-2009, 08:33 AM

Quote:

Because i use even "external" repository, my idea will be to install program from other repository only when they aren't present on the main repository.

Looking at your sources.list i can sort of see where you are coming from.
If the package you require is not in the main repository,apt will install from an added repository such as Debian Multimedia automatically.
No need to use pinning for that.

AleLinuxBSD · 12-15-2009, 12:41 AM

Yes but i haven't checked if on the other repository there are some identical package but more update.
What i would like have, if avoid the installation package recent if exist version old on the main target, so i can avoid stability problem on the system because remain untouched.

craigevil · 12-15-2009, 05:38 AM

If you want to get your packages from backports upgraded automatically the following entry in /etc/apt/preferences should be sufficient:

Package: *
Pin: release a=lenny-backports
Pin-Priority: 200

All backports are deactivated by default (i.e. the packages are pinned to 1 by using NotAutomatic: yes in the Release files, just as in experimental).

As for the other repos, I know debian-multimedia.org doesn't require pinning, the package versions are higher so aptitude/apt-get automatically installs from there rather than from lenny.

AleLinuxBSD · 12-16-2009, 02:02 AM

man apt_preferences

Quote:

100 < P <=500
causes a version to be installed unless there is a version
available belonging to some other distribution or the installed
version is more recent

Ok, I lower futher the priority on the last repository.

In summary using apt-pinning isn't possible doing what i would like, patience.