Quirk setting up a mirror of bullseye-security #1031
Description
The standard apt line would be something like:
deb https://deb.debian.org/debian-security bullseye-security main contrib non-free
However, the same in aptly does not work:
$ aptly mirror create security http://deb.debian.org/debian-security/ bullseye-security main contrib non-free
Downloading http://deb.debian.org/debian-security/dists/bullseye-security/InRelease...
gpgv: Signature made Thu 10 Feb 2022 12:21:47 CET using RSA key ID E562B32A
gpgv: Good signature from "Debian Security Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>"
gpgv: Signature made Thu 10 Feb 2022 12:21:47 CET using RSA key ID BBB6E853
gpgv: Good signature from "Debian Security Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>"
ERROR: unable to fetch mirror: component main not available in repo [security]: http://deb.debian.org/debian-security/ bullseye-security, use -force-components to override
Detailed Description
It turns out that https://deb.debian.org/debian-security/dists/bullseye-security/InRelease
defines the components as:
Components: updates/main updates/contrib updates/non-free
And aptly needs them to be spelled out exactly that way, so this works:
$ aptly mirror create security http://deb.debian.org/debian-security/ bullseye-security updates/main updates/contrib updates/non-free
It's rather surprising behaviour, and there's a working workaround,
although I did not dig into the root cause to figure out why Components
are defined that way, how apt makes it work, and what the consequences
of the work around could be.
Context
This is Debian bug 1005290 (https://bugs.debian.org/1005290).
Your Environment
Debian bullseye, aptly 1.4.0.