mirror of
https://github.com/armbian/build
synced 2025-09-24 19:47:06 +07:00
feat: Use deb822 APT sources
- Replace `armbian.list` with `armbian.sources`. This holds the same information in a newer format, deb822. - Replace HTTP with HTTPS for Armbian repositories.
This commit is contained in:
Blieque Mariguan
@@ -78,91 +78,88 @@ function create_sources_list_and_deploy_repo_key() {
|
||||
declare basedir="${3}" # @TODO: rpardini: this is SDCARD in all practical senses. Why not just use SDCARD?
|
||||
[[ -z $basedir ]] && exit_with_error "No basedir passed to create_sources_list_and_deploy_repo_key"
|
||||
|
||||
declare distro=""
|
||||
|
||||
# Add upstream (Debian/Ubuntu) APT repository
|
||||
case $release in
|
||||
buster)
|
||||
cat <<- EOF > "${basedir}"/etc/apt/sources.list
|
||||
deb http://${DEBIAN_MIRROR} $release main contrib non-free
|
||||
#deb-src http://${DEBIAN_MIRROR} $release main contrib non-free
|
||||
buster | bullseye | bookworm | trixie)
|
||||
distro="debian"
|
||||
|
||||
deb http://${DEBIAN_MIRROR} ${release}-updates main contrib non-free
|
||||
#deb-src http://${DEBIAN_MIRROR} ${release}-updates main contrib non-free
|
||||
declare -a suites=("${release}" "${release}-updates")
|
||||
declare -a security_suites=("${release}-security")
|
||||
declare -a components=(main contrib non-free)
|
||||
|
||||
deb http://${DEBIAN_SECURTY} ${release}/updates main contrib non-free
|
||||
#deb-src http://${DEBIAN_SECURTY} ${release}/updates main contrib non-free
|
||||
if [[ "$release" == "buster" ]]; then
|
||||
security_suites=("${release}/updates")
|
||||
else
|
||||
suites+=("${release}-backports")
|
||||
fi
|
||||
|
||||
if [[ "$release" != "buster" && "$release" != "bullseye" ]]; then
|
||||
components+=("non-free-firmware")
|
||||
fi
|
||||
|
||||
cat <<- EOF > "${basedir}/etc/apt/sources.list.d/${distro}.sources"
|
||||
Types: deb
|
||||
URIs: http://${DEBIAN_MIRROR}
|
||||
Suites: ${suites[@]}
|
||||
Components: ${components[@]}
|
||||
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
|
||||
|
||||
Types: deb
|
||||
URIs: http://${DEBIAN_SECURTY}
|
||||
Suites: ${security_suites[@]}
|
||||
Components: ${components[@]}
|
||||
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
|
||||
EOF
|
||||
;;
|
||||
|
||||
bullseye)
|
||||
cat <<- EOF > "${basedir}"/etc/apt/sources.list
|
||||
deb http://${DEBIAN_MIRROR} $release main contrib non-free
|
||||
#deb-src http://${DEBIAN_MIRROR} $release main contrib non-free
|
||||
|
||||
deb http://${DEBIAN_MIRROR} ${release}-updates main contrib non-free
|
||||
#deb-src http://${DEBIAN_MIRROR} ${release}-updates main contrib non-free
|
||||
|
||||
deb http://${DEBIAN_MIRROR} ${release}-backports main contrib non-free
|
||||
#deb-src http://${DEBIAN_MIRROR} ${release}-backports main contrib non-free
|
||||
|
||||
deb http://${DEBIAN_SECURTY} ${release}-security main contrib non-free
|
||||
#deb-src http://${DEBIAN_SECURTY} ${release}-security main contrib non-free
|
||||
EOF
|
||||
;;
|
||||
|
||||
bookworm | trixie)
|
||||
# non-free firmware in bookworm and later has moved from the non-free archive component to a new non-free-firmware component (alongside main/contrib/non-free). This was implemented on 2023-01-27, see also https://lists.debian.org/debian-boot/2023/01/msg00235.html
|
||||
cat <<- EOF > "${basedir}"/etc/apt/sources.list
|
||||
deb http://${DEBIAN_MIRROR} $release main contrib non-free non-free-firmware
|
||||
#deb-src http://${DEBIAN_MIRROR} $release main contrib non-free non-free-firmware
|
||||
|
||||
deb http://${DEBIAN_MIRROR} ${release}-updates main contrib non-free non-free-firmware
|
||||
#deb-src http://${DEBIAN_MIRROR} ${release}-updates main contrib non-free non-free-firmware
|
||||
|
||||
deb http://${DEBIAN_MIRROR} ${release}-backports main contrib non-free non-free-firmware
|
||||
#deb-src http://${DEBIAN_MIRROR} ${release}-backports main contrib non-free non-free-firmware
|
||||
|
||||
deb http://${DEBIAN_SECURTY} ${release}-security main contrib non-free non-free-firmware
|
||||
#deb-src http://${DEBIAN_SECURTY} ${release}-security main contrib non-free non-free-firmware
|
||||
EOF
|
||||
;;
|
||||
|
||||
sid | unstable) # sid is permanent unstable development and has no such thing as updates or security
|
||||
cat <<- EOF > "${basedir}"/etc/apt/sources.list
|
||||
deb http://${DEBIAN_MIRROR} $release main contrib non-free non-free-firmware
|
||||
#deb-src http://${DEBIAN_MIRROR} $release main contrib non-free non-free-firmware
|
||||
sid | unstable)
|
||||
distro="debian"
|
||||
|
||||
# sid is permanent unstable development and has no such thing as updates or security
|
||||
cat <<- EOF > "${basedir}/etc/apt/sources.list.d/${distro}.sources"
|
||||
Types: deb
|
||||
URIs: http://${DEBIAN_MIRROR}
|
||||
Suites: ${release}
|
||||
Components: main contrib non-free non-free-firmware
|
||||
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
|
||||
EOF
|
||||
|
||||
# Exception: with riscv64 not everything was moved from ports
|
||||
# https://lists.debian.org/debian-riscv/2023/07/msg00053.html
|
||||
# Required for some packages on riscv64.
|
||||
# See: http://lists.debian.org/debian-riscv/2023/07/msg00053.html
|
||||
if [[ "${ARCH}" == riscv64 ]]; then
|
||||
echo "deb http://deb.debian.org/debian-ports/ sid main " >> "${basedir}"/etc/apt/sources.list
|
||||
cat <<- EOF >> "${basedir}/etc/apt/sources.list.d/${distro}.sources"
|
||||
|
||||
Types: deb
|
||||
URIs: http://deb.debian.org/debian-ports/
|
||||
Suites: ${release}
|
||||
Components: main
|
||||
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
|
||||
Architectures: riscv64
|
||||
EOF
|
||||
fi
|
||||
;;
|
||||
|
||||
focal | jammy | noble | oracular | plucky)
|
||||
cat <<- EOF > "${basedir}"/etc/apt/sources.list
|
||||
deb http://${UBUNTU_MIRROR} $release main restricted universe multiverse
|
||||
#deb-src http://${UBUNTU_MIRROR} $release main restricted universe multiverse
|
||||
distro="ubuntu"
|
||||
|
||||
deb http://${UBUNTU_MIRROR} ${release}-security main restricted universe multiverse
|
||||
#deb-src http://${UBUNTU_MIRROR} ${release}-security main restricted universe multiverse
|
||||
|
||||
deb http://${UBUNTU_MIRROR} ${release}-updates main restricted universe multiverse
|
||||
#deb-src http://${UBUNTU_MIRROR} ${release}-updates main restricted universe multiverse
|
||||
|
||||
deb http://${UBUNTU_MIRROR} ${release}-backports main restricted universe multiverse
|
||||
#deb-src http://${UBUNTU_MIRROR} ${release}-backports main restricted universe multiverse
|
||||
cat <<- EOF > "${basedir}/etc/apt/sources.list.d/${distro}.sources"
|
||||
Types: deb
|
||||
URIs: http://${UBUNTU_MIRROR}
|
||||
Suites: ${release} ${release}-security ${release}-updates ${release}-backports
|
||||
Components: main restricted universe multiverse
|
||||
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
|
||||
EOF
|
||||
;;
|
||||
esac
|
||||
|
||||
# add armbian key
|
||||
display_alert "Adding Armbian repository and authentication key" "${when} :: /etc/apt/sources.list.d/armbian.list" "info"
|
||||
display_alert "Adding Armbian repository and authentication key" "${when} :: /etc/apt/sources.list.d/armbian.sources" "info"
|
||||
mkdir -p "${basedir}"/usr/share/keyrings
|
||||
# change to binary form
|
||||
APT_SIGNING_KEY_FILE="/usr/share/keyrings/armbian.gpg"
|
||||
gpg --dearmor < "${SRC}"/config/armbian.key > "${basedir}${APT_SIGNING_KEY_FILE}"
|
||||
SIGNED_BY="[signed-by=${APT_SIGNING_KEY_FILE}] "
|
||||
|
||||
# lets keep old way for old distributions
|
||||
if [[ "${RELEASE}" =~ (focal|bullseye) ]]; then
|
||||
@@ -170,6 +167,7 @@ function create_sources_list_and_deploy_repo_key() {
|
||||
chroot "${basedir}" /bin/bash -c "cat armbian.key | apt-key add - > /dev/null 2>&1"
|
||||
fi
|
||||
|
||||
# Add Armbian APT repository
|
||||
declare -a components=()
|
||||
if [[ "${when}" == "image"* ]]; then # only include the 'main' component when deploying to image (early or late)
|
||||
components+=("main")
|
||||
@@ -178,23 +176,31 @@ function create_sources_list_and_deploy_repo_key() {
|
||||
components+=("${RELEASE}-desktop") # desktop contains packages Igor picks from other repos
|
||||
|
||||
# stage: add armbian repository and install key
|
||||
if [[ $DOWNLOAD_MIRROR == "china" ]]; then
|
||||
echo "deb ${SIGNED_BY}https://mirrors.tuna.tsinghua.edu.cn/armbian $RELEASE ${components[*]}" > "${basedir}"/etc/apt/sources.list.d/armbian.list
|
||||
# armbian_mirror="http://$([[ $BETA == yes ]] && echo "beta" || echo "apt").armbian.com"
|
||||
declare armbian_mirror="apt.armbian.com"
|
||||
if [[ -n $LOCAL_MIRROR ]]; then
|
||||
armbian_mirror="$LOCAL_MIRROR"
|
||||
elif [[ $DOWNLOAD_MIRROR == "china" ]]; then
|
||||
armbian_mirror="mirrors.tuna.tsinghua.edu.cn/armbian"
|
||||
elif [[ $DOWNLOAD_MIRROR == "bfsu" ]]; then
|
||||
echo "deb ${SIGNED_BY}http://mirrors.bfsu.edu.cn/armbian $RELEASE ${components[*]}" > "${basedir}"/etc/apt/sources.list.d/armbian.list
|
||||
else
|
||||
echo "deb ${SIGNED_BY}http://$([[ $BETA == yes ]] && echo "beta" || echo "apt").armbian.com $RELEASE ${components[*]}" > "${basedir}"/etc/apt/sources.list.d/armbian.list
|
||||
armbian_mirror="mirrors.bfsu.edu.cn/armbian"
|
||||
elif [[ $BETA == "yes" ]]; then
|
||||
armbian_mirror="beta.armbian.com"
|
||||
fi
|
||||
|
||||
# replace local package server if defined. Suitable for development
|
||||
[[ -n $LOCAL_MIRROR ]] && echo "deb ${SIGNED_BY}http://$LOCAL_MIRROR $RELEASE ${components[*]}" > "${basedir}"/etc/apt/sources.list.d/armbian.list
|
||||
cat <<- EOF > "${basedir}"/etc/apt/sources.list.d/armbian.sources
|
||||
Types: deb
|
||||
URIs: https://${armbian_mirror}
|
||||
Suites: $RELEASE
|
||||
Components: ${components[*]}
|
||||
Signed-By: ${APT_SIGNING_KEY_FILE}
|
||||
EOF
|
||||
|
||||
# disable repo if DISTRIBUTION_STATUS==eos, or if SKIP_ARMBIAN_REPO==yes, or if when==image-early.
|
||||
if [[ "${when}" == "image-early" ||
|
||||
"$(cat "${SRC}/config/distributions/${RELEASE}/support")" == "eos" ||
|
||||
"${SKIP_ARMBIAN_REPO}" == "yes" ]]; then
|
||||
display_alert "Disabling Armbian repo" "${ARCH}-${RELEASE} :: skip:${SKIP_ARMBIAN_REPO:-"no"} when:${when}" "info"
|
||||
mv "${SDCARD}"/etc/apt/sources.list.d/armbian.list "${SDCARD}"/etc/apt/sources.list.d/armbian.list.disabled
|
||||
mv "${SDCARD}"/etc/apt/sources.list.d/armbian.sources "${SDCARD}"/etc/apt/sources.list.d/armbian.sources.disabled
|
||||
fi
|
||||
|
||||
declare CUSTOM_REPO_WHEN="${when}"
|
||||
@@ -202,9 +208,9 @@ function create_sources_list_and_deploy_repo_key() {
|
||||
# Let user customize
|
||||
call_extension_method "custom_apt_repo" <<- 'CUSTOM_APT_REPO'
|
||||
*customize apt sources.list.d and/or deploy repo keys*
|
||||
Called after core Armbian has finished setting up SDCARD's sources.list and sources.list.d/armbian.list.
|
||||
If SKIP_ARMBIAN_REPO=yes, armbian.list.disabled is present instead.
|
||||
The global Armbian GPG key has been deployed to SDCARD's /usr/share/keyrings/armbian.gpg, de-armored.
|
||||
Called after core Armbian has finished setting up SDCARD's debian.sources/ubuntu.sources and armbian.sources in /etc/apt/sources.list.d/.
|
||||
If SKIP_ARMBIAN_REPO=yes, armbian.sources.disabled is present instead.
|
||||
The global Armbian GPG key has been deployed to SDCARD's ${APT_SIGNING_KEY_FILE}, de-armored.
|
||||
You can implement this hook to add, remove, or modify sources.list.d entries, and/or deploy additional GPG keys.
|
||||
Important: honor $CUSTOM_REPO_WHEN; if it's ==rootfs, don't add repos/components that carry the .debs produced by armbian/build.
|
||||
Ideally, also don't add any possibly-conflicting repo if `$CUSTOM_REPO_WHEN==image-early`.
|
||||
|
||||
Reference in New Issue
Block a user