Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[apt] Instruct apt-get to NOT check the "Valid Until" date in Release files #2609

Closed
wants to merge 5 commits into from
Closed

[apt] Instruct apt-get to NOT check the "Valid Until" date in Release files #2609

wants to merge 5 commits into from

Conversation

jleveque
Copy link
Contributor

@jleveque jleveque commented Feb 27, 2019

- What I did

SONiC image builds were failing due to expired "Valid Until" date in jessie-backports/InRelease and stretch-backports/InRelease files in Debian repo, causing the SONiC build to fail with a message like the following:

Step 9/27 : RUN apt-get update
 ---> Running in 7e733c41d938
Ign:1 http://debian-archive.trafficmanager.net/debian stretch InRelease
Get:2 http://debian-archive.trafficmanager.net/debian-security stretch/updates InRelease [94.3 kB]
Get:3 http://debian-archive.trafficmanager.net/debian stretch-backports InRelease [91.9 kB]
Get:4 http://debian-archive.trafficmanager.net/debian stretch Release [118 kB]
Get:5 http://debian-archive.trafficmanager.net/debian stretch Release.gpg [2434 B]
Get:6 http://debian-archive.trafficmanager.net/debian-security stretch/updates/contrib Sources [1384 B]
Get:7 http://debian-archive.trafficmanager.net/debian-security stretch/updates/non-free Sources [1216 B]
Get:8 http://debian-archive.trafficmanager.net/debian-security stretch/updates/main Sources [193 kB]
Get:9 http://debian-archive.trafficmanager.net/debian-security stretch/updates/contrib amd64 Packages [1760 B]
Get:10 http://debian-archive.trafficmanager.net/debian-security stretch/updates/non-free amd64 Packages [1600 B]
Get:11 http://debian-archive.trafficmanager.net/debian-security stretch/updates/main amd64 Packages [474 kB]
Get:12 http://debian-archive.trafficmanager.net/debian stretch/non-free Sources [79.4 kB]
Get:13 http://debian-archive.trafficmanager.net/debian stretch/main Sources [6746 kB]
Get:14 http://debian-archive.trafficmanager.net/debian stretch/contrib Sources [44.7 kB]
Get:15 http://debian-archive.trafficmanager.net/debian stretch/contrib amd64 Packages [50.9 kB]
Get:16 http://debian-archive.trafficmanager.net/debian stretch/non-free amd64 Packages [78.3 kB]
Get:17 http://debian-archive.trafficmanager.net/debian stretch/main amd64 Packages [7084 kB]
Reading package lists...
Release file for http://debian-archive.trafficmanager.net/debian/dists/stretch-backports/InRelease is expired (invalid since 7h 33min 52s). Updates for this repository will not be applied.
The command '/bin/sh -c apt-get update' returned a non-zero code: 100
[  FAIL LOG END  ] [ target/docker-base-stretch.gz ]

This change prevents the build from failing under these circumstances.

- How I did it

Instruct apt-get to NOT check the "Valid Until" date in Release files by adding a new file inside base image and Docker images, /etc/apt/apt.conf.d/no-check-valid-until. The change was applied to the base image, docker-base, docker-base-stretch, sonic-slave and sonic-slave-stretch.

- How to verify it

Ensure build succeeds even if the "Valid Until" date in some Debian Release/InRelease files is expired.

@yxieca
Copy link
Contributor

yxieca commented Feb 27, 2019

Looks like the installer image also need this change?

@jleveque jleveque changed the title [dockers] Instruct apt-get to NOT check the "Valid Until" date in Release files [apt] Instruct apt-get to NOT check the "Valid Until" date in Release files Feb 27, 2019
@jleveque jleveque closed this Feb 27, 2019
@jleveque
Copy link
Contributor Author

jleveque commented Feb 27, 2019

Closing because the "Valid Until" date has since been updated and the change has now propagated to the Azure Debian mirror. Will revisit in the future if this becomes an issue again.

@jleveque jleveque deleted the apt_no_check_valid_until branch February 27, 2019 19:02
lguohan pushed a commit that referenced this pull request Jan 7, 2020
… files (#3973)

This is an addendum to #3958, which also instructs apt to ignore the "Valid Until" date in Release files inside the slave containers, making a complete solution, much like the previously abandoned PR #2609. This patch also unifies file names and contents.

When the Debian team archives a repo, it stops updating the "Valid Until" date, thus apt-get will not apply updates for that repo unless we explicitly tell it to ignore the "Valid Until" date. Also, this has become an issue with active (i.e., non-archived) repos twice in the past year because the Debian folks seem to occasionally let the expiration lapse before updating the date. This will cause SONiC builds to fail with a message like E: Release file for http://debian-archive.trafficmanager.net/debian-security/dists/jessie/updates/InRelease is expired (invalid since 3d 3h 11min 20s). Updates for this repository will not be applied. until the dates have been updated and propagated to all mirrors. With this patch, SONiC should no longer be affected by lapsed "Valid Until" dates, whether they be accidental or purposeful.
abdosi pushed a commit that referenced this pull request Jan 21, 2020
… files (#3973)

This is an addendum to #3958, which also instructs apt to ignore the "Valid Until" date in Release files inside the slave containers, making a complete solution, much like the previously abandoned PR #2609. This patch also unifies file names and contents.

When the Debian team archives a repo, it stops updating the "Valid Until" date, thus apt-get will not apply updates for that repo unless we explicitly tell it to ignore the "Valid Until" date. Also, this has become an issue with active (i.e., non-archived) repos twice in the past year because the Debian folks seem to occasionally let the expiration lapse before updating the date. This will cause SONiC builds to fail with a message like E: Release file for http://debian-archive.trafficmanager.net/debian-security/dists/jessie/updates/InRelease is expired (invalid since 3d 3h 11min 20s). Updates for this repository will not be applied. until the dates have been updated and propagated to all mirrors. With this patch, SONiC should no longer be affected by lapsed "Valid Until" dates, whether they be accidental or purposeful.
pphuchar pushed a commit to SONIC-DEV/sonic-buildimage that referenced this pull request Mar 9, 2020
… files (sonic-net#3973)

This is an addendum to sonic-net#3958, which also instructs apt to ignore the "Valid Until" date in Release files inside the slave containers, making a complete solution, much like the previously abandoned PR sonic-net#2609. This patch also unifies file names and contents.

When the Debian team archives a repo, it stops updating the "Valid Until" date, thus apt-get will not apply updates for that repo unless we explicitly tell it to ignore the "Valid Until" date. Also, this has become an issue with active (i.e., non-archived) repos twice in the past year because the Debian folks seem to occasionally let the expiration lapse before updating the date. This will cause SONiC builds to fail with a message like E: Release file for http://debian-archive.trafficmanager.net/debian-security/dists/jessie/updates/InRelease is expired (invalid since 3d 3h 11min 20s). Updates for this repository will not be applied. until the dates have been updated and propagated to all mirrors. With this patch, SONiC should no longer be affected by lapsed "Valid Until" dates, whether they be accidental or purposeful.
tiantianlv pushed a commit to SONIC-DEV/sonic-buildimage that referenced this pull request Apr 24, 2020
… files (sonic-net#3973)

This is an addendum to sonic-net#3958, which also instructs apt to ignore the "Valid Until" date in Release files inside the slave containers, making a complete solution, much like the previously abandoned PR sonic-net#2609. This patch also unifies file names and contents.

When the Debian team archives a repo, it stops updating the "Valid Until" date, thus apt-get will not apply updates for that repo unless we explicitly tell it to ignore the "Valid Until" date. Also, this has become an issue with active (i.e., non-archived) repos twice in the past year because the Debian folks seem to occasionally let the expiration lapse before updating the date. This will cause SONiC builds to fail with a message like E: Release file for http://debian-archive.trafficmanager.net/debian-security/dists/jessie/updates/InRelease is expired (invalid since 3d 3h 11min 20s). Updates for this repository will not be applied. until the dates have been updated and propagated to all mirrors. With this patch, SONiC should no longer be affected by lapsed "Valid Until" dates, whether they be accidental or purposeful.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants