Fix Jessie, update DNS to CloudFlare, fix sources.list order, add more Travis validation #42
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ates This places security above "-updates", which makes sense (we generally want to prefer security-provided packages in the case of the same version existing in both places, even though they _should_ be identical), but more importantly, matches what the Debian installer itself generates.
This change seems more in line with the Debian ethos in general.
|
Here's the $ diffoscope travis{.bak,}/20170101/amd64/jessie/rootfs.tar.xz
|###################################################################################################################################| 100% Time: 0:00:10
--- travis.bak/20170101/amd64/jessie/rootfs.tar.xz
+++ travis/20170101/amd64/jessie/rootfs.tar.xz
├── rootfs.tar
│ ├── file list
│ │ @@ -114,15 +114,15 @@
│ │ lrwxrwxrwx 0 0 0 0 2017-01-01 00:00:00.000000 etc/alternatives/w.1.gz -> /usr/share/man/man1/w.procps.1.gz
│ │ drwxr-xr-x 0 0 0 0 2017-01-01 00:00:00.000000 etc/apt/
│ │ drwxr-xr-x 0 0 0 0 2017-01-01 00:00:00.000000 etc/apt/apt.conf.d/
│ │ -rw-r--r-- 0 0 0 643 2016-03-12 13:32:33.000000 etc/apt/apt.conf.d/01autoremove
│ │ -rw-r--r-- 0 0 0 182 2015-03-19 00:58:08.000000 etc/apt/apt.conf.d/70debconf
│ │ -rw-r--r-- 0 0 0 754 2017-01-01 00:00:00.000000 etc/apt/apt.conf.d/docker-autoremove-suggests
│ │ -rw-r--r-- 0 0 0 1175 2017-01-01 00:00:00.000000 etc/apt/apt.conf.d/docker-clean
│ │ --rw-r--r-- 0 0 0 481 2017-01-01 00:00:00.000000 etc/apt/apt.conf.d/docker-gzip-indexes
│ │ +-rw-r--r-- 0 0 0 925 2017-01-01 00:00:00.000000 etc/apt/apt.conf.d/docker-gzip-indexes
│ │ -rw-r--r-- 0 0 0 269 2017-01-01 00:00:00.000000 etc/apt/apt.conf.d/docker-no-languages
│ │ drwxr-xr-x 0 0 0 0 2016-03-12 13:32:33.000000 etc/apt/preferences.d/
│ │ -rw-r--r-- 0 0 0 165 2017-01-01 00:00:00.000000 etc/apt/sources.list
│ │ drwxr-xr-x 0 0 0 0 2016-03-12 13:32:33.000000 etc/apt/sources.list.d/
│ │ drwxr-xr-x 0 0 0 0 2017-01-01 00:00:00.000000 etc/apt/trusted.gpg.d/
│ │ -rw-r--r-- 0 0 0 5138 2014-11-30 18:55:55.000000 etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
│ │ -rw-r--r-- 0 0 0 5147 2014-11-30 18:55:55.000000 etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
│ │ @@ -346,15 +346,15 @@
│ │ lrwxrwxrwx 0 0 0 0 2017-01-01 00:00:00.000000 etc/rcS.d/S09mountall-bootclean.sh -> ../init.d/mountall-bootclean.sh
│ │ lrwxrwxrwx 0 0 0 0 2017-01-01 00:00:00.000000 etc/rcS.d/S10procps -> ../init.d/procps
│ │ lrwxrwxrwx 0 0 0 0 2017-01-01 00:00:00.000000 etc/rcS.d/S10udev-finish -> ../init.d/udev-finish
│ │ lrwxrwxrwx 0 0 0 0 2017-01-01 00:00:00.000000 etc/rcS.d/S10urandom -> ../init.d/urandom
│ │ lrwxrwxrwx 0 0 0 0 2017-01-01 00:00:00.000000 etc/rcS.d/S12mountnfs.sh -> ../init.d/mountnfs.sh
│ │ lrwxrwxrwx 0 0 0 0 2017-01-01 00:00:00.000000 etc/rcS.d/S13mountnfs-bootclean.sh -> ../init.d/mountnfs-bootclean.sh
│ │ lrwxrwxrwx 0 0 0 0 2017-01-01 00:00:00.000000 etc/rcS.d/S14bootmisc.sh -> ../init.d/bootmisc.sh
│ │ --rw-r--r-- 0 0 0 38 2017-01-01 00:00:00.000000 etc/resolv.conf
│ │ +-rw-r--r-- 0 0 0 104 2017-01-01 00:00:00.000000 etc/resolv.conf
│ │ -rwxr-xr-x 0 0 0 268 2014-11-08 18:48:35.000000 etc/rmt
│ │ -rw-r--r-- 0 0 0 4038 2015-11-18 08:11:30.000000 etc/securetty
│ │ drwxr-xr-x 0 0 0 0 2017-01-01 00:00:00.000000 etc/security/
│ │ -rw-r--r-- 0 0 0 4620 2016-01-28 03:48:53.000000 etc/security/access.conf
│ │ -rw-r--r-- 0 0 0 3635 2016-01-28 03:48:55.000000 etc/security/group.conf
│ │ -rw-r--r-- 0 0 0 2150 2016-01-28 03:48:56.000000 etc/security/limits.conf
│ │ drwxr-xr-x 0 0 0 0 2016-01-28 03:48:56.000000 etc/security/limits.d/
│ ├── etc/apt/apt.conf.d/docker-gzip-indexes
│ │ @@ -4,7 +4,12 @@
│ │ # compressed on-disk too instead of decompressing them.
│ │
│ │ # For comparison, an "apt-get update" layer without this on a pristine
│ │ # "debian:wheezy" base image was "29.88 MB", where with this it was only
│ │ # "8.273 MB".
│ │
│ │ Acquire::GzipIndexes "true";
│ │ +
│ │ +# https://salsa.debian.org/apt-team/apt/commit/b0f4b486e6850c5f98520ccf19da71d0ed748ae4; released in src:apt 1.0.9.2, 2014-10-02
│ │ +# prior to src:apt 1.0.9.2, "Acquire::GzipIndexes" _only_ applied to gzip-compressed list files, so we need to prefer those on older releases
│ │ +Acquire::CompressionTypes::Order:: "gz";
│ │ +# see also https://github.com/debuerreotype/debuerreotype/issues/41 (details of a bug that's apparently specific to Debian Jessie)
│ ├── etc/apt/sources.list
│ │ @@ -1,3 +1,3 @@
│ │ deb http://deb.debian.org/debian jessie main
│ │ -deb http://deb.debian.org/debian jessie-updates main
│ │ deb http://security.debian.org/debian-security jessie/updates main
│ │ +deb http://deb.debian.org/debian jessie-updates main
│ ├── etc/resolv.conf
│ │ @@ -1,2 +1,3 @@
│ │ -nameserver 8.8.8.8
│ │ -nameserver 8.8.4.4
│ │ +# https://1.1.1.1 (privacy-focused, highly-available DNS service)
│ │ +nameserver 1.1.1.1
│ │ +nameserver 1.0.0.1 |
|
Stretch is even smaller: $ diffoscope travis{.bak,}/20170101/amd64/stretch/rootfs.tar.xz
|###################################################################################################################################| 100% Time: 0:00:08
--- travis.bak/20170101/amd64/stretch/rootfs.tar.xz
+++ travis/20170101/amd64/stretch/rootfs.tar.xz
├── rootfs.tar
│ ├── file list
│ │ @@ -127,15 +127,15 @@
│ │ drwxr-xr-x 0 0 0 0 2016-11-06 20:02:00.000000 etc/rc3.d/
│ │ drwxr-xr-x 0 0 0 0 2016-11-06 20:02:00.000000 etc/rc4.d/
│ │ drwxr-xr-x 0 0 0 0 2016-11-06 20:02:00.000000 etc/rc5.d/
│ │ drwxr-xr-x 0 0 0 0 2017-01-01 00:00:00.000000 etc/rc6.d/
│ │ lrwxrwxrwx 0 0 0 0 2017-01-01 00:00:00.000000 etc/rc6.d/K01hwclock.sh -> ../init.d/hwclock.sh
│ │ drwxr-xr-x 0 0 0 0 2017-01-01 00:00:00.000000 etc/rcS.d/
│ │ lrwxrwxrwx 0 0 0 0 2017-01-01 00:00:00.000000 etc/rcS.d/S01hwclock.sh -> ../init.d/hwclock.sh
│ │ --rw-r--r-- 0 0 0 38 2017-01-01 00:00:00.000000 etc/resolv.conf
│ │ +-rw-r--r-- 0 0 0 104 2017-01-01 00:00:00.000000 etc/resolv.conf
│ │ -rwxr-xr-x 0 0 0 268 2016-10-30 06:35:31.000000 etc/rmt
│ │ -rw-r--r-- 0 0 0 4038 2016-11-22 18:31:28.000000 etc/securetty
│ │ drwxr-xr-x 0 0 0 0 2017-01-01 00:00:00.000000 etc/security/
│ │ -rw-r--r-- 0 0 0 4620 2016-12-18 00:03:58.000000 etc/security/access.conf
│ │ -rw-r--r-- 0 0 0 3635 2016-12-18 00:03:58.000000 etc/security/group.conf
│ │ -rw-r--r-- 0 0 0 2150 2016-12-18 00:03:58.000000 etc/security/limits.conf
│ │ drwxr-xr-x 0 0 0 0 2016-12-18 00:03:58.000000 etc/security/limits.d/
│ ├── etc/apt/sources.list
│ │ @@ -1,3 +1,3 @@
│ │ deb http://deb.debian.org/debian stretch main
│ │ -deb http://deb.debian.org/debian stretch-updates main
│ │ deb http://security.debian.org/debian-security stretch/updates main
│ │ +deb http://deb.debian.org/debian stretch-updates main
│ ├── etc/resolv.conf
│ │ @@ -1,2 +1,3 @@
│ │ -nameserver 8.8.8.8
│ │ -nameserver 8.8.4.4
│ │ +# https://1.1.1.1 (privacy-focused, highly-available DNS service)
│ │ +nameserver 1.1.1.1
│ │ +nameserver 1.0.0.1 |
|
Unstable wins the prize though: $ diffoscope travis{.bak,}/20170101/amd64/sid/rootfs.tar.xz
|############################| 100% Time: 0:00:08
--- travis.bak/20170101/amd64/sid/rootfs.tar.xz
+++ travis/20170101/amd64/sid/rootfs.tar.xz
├── rootfs.tar
│ ├── file list
│ │ @@ -127,15 +127,15 @@
│ │ drwxr-xr-x 0 0 0 0 2016-11-06 20:02:00.000000 etc/rc3.d/
│ │ drwxr-xr-x 0 0 0 0 2016-11-06 20:02:00.000000 etc/rc4.d/
│ │ drwxr-xr-x 0 0 0 0 2016-11-06 20:02:00.000000 etc/rc5.d/
│ │ drwxr-xr-x 0 0 0 0 2017-01-01 00:00:00.000000 etc/rc6.d/
│ │ lrwxrwxrwx 0 0 0 0 2017-01-01 00:00:00.000000 etc/rc6.d/K01hwclock.sh -> ../init.d/hwclock.sh
│ │ drwxr-xr-x 0 0 0 0 2017-01-01 00:00:00.000000 etc/rcS.d/
│ │ lrwxrwxrwx 0 0 0 0 2017-01-01 00:00:00.000000 etc/rcS.d/S01hwclock.sh -> ../init.d/hwclock.sh
│ │ --rw-r--r-- 0 0 0 38 2017-01-01 00:00:00.000000 etc/resolv.conf
│ │ +-rw-r--r-- 0 0 0 104 2017-01-01 00:00:00.000000 etc/resolv.conf
│ │ -rwxr-xr-x 0 0 0 268 2016-10-30 06:35:31.000000 etc/rmt
│ │ -rw-r--r-- 0 0 0 4038 2016-11-22 18:31:28.000000 etc/securetty
│ │ drwxr-xr-x 0 0 0 0 2017-01-01 00:00:00.000000 etc/security/
│ │ -rw-r--r-- 0 0 0 4620 2016-12-18 00:03:58.000000 etc/security/access.conf
│ │ -rw-r--r-- 0 0 0 3635 2016-12-18 00:03:58.000000 etc/security/group.conf
│ │ -rw-r--r-- 0 0 0 2150 2016-12-18 00:03:58.000000 etc/security/limits.conf
│ │ drwxr-xr-x 0 0 0 0 2016-12-18 00:03:58.000000 etc/security/limits.d/
│ ├── etc/resolv.conf
│ │ @@ -1,2 +1,3 @@
│ │ -nameserver 8.8.8.8
│ │ -nameserver 8.8.4.4
│ │ +# https://1.1.1.1 (privacy-focused, highly-available DNS service)
│ │ +nameserver 1.1.1.1
│ │ +nameserver 1.0.0.1 |
tianon
added a commit
to debuerreotype/debian-debuerreotype
that referenced
this pull request
Jul 10, 2018
- debuerreotype/debuerreotype#39 (read-only bind-mount of /etc/resolv.conf) - debuerreotype/debuerreotype#42 (fix jessie buildability, CloudFlare DNS, sources.list order)
tianon
added a commit
to debuerreotype/debian-debuerreotype
that referenced
this pull request
Jul 11, 2018
- debuerreotype/debuerreotype#39 (read-only bind-mount of /etc/resolv.conf) - debuerreotype/debuerreotype#42 (fix jessie buildability, CloudFlare DNS, sources.list order)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #41
Closes #40
(Combined in a single PR to avoid both the extra load/time on Travis and to avoid hash update clashes.)