Bug 1433033 - Workarounds for Debian stretch. r?dustin
The apt in Debian stretch doesn't allow repositories with a Release file
not being GPG signed. Setting up GPG signatures on the
taskcluster-artifact-based repositories is a tricky process, and not
strictly necessary. It turns out not creating a Release file at all
works just as well, and works across all current Debian versions. The
packages priorities remain the same, such that packages from those
repositories are still prefered over the ones from the main Debian
repository (as long as versions are higher).
See comment in cloud-mirror-workaround.sh for that part.
--- a/taskcluster/docker/debian-base/Dockerfile
+++ b/taskcluster/docker/debian-base/Dockerfile
@@ -37,19 +37,21 @@ RUN for s in debian_$DIST debian_$DIST-u
) > /etc/apt/apt.conf.d/99taskcluster
RUN apt-get update && \
apt-get install \
apt-transport-https \
ca-certificates
COPY setup_packages.sh /usr/local/sbin/
+COPY cloud-mirror-workaround.sh /usr/local/sbin/
# %ARG DOCKER_IMAGE_PACKAGES
RUN /usr/local/sbin/setup_packages.sh $DOCKER_IMAGE_PACKAGES && \
+ echo 'dir::bin::methods::https "/usr/local/sbin/cloud-mirror-workaround.sh";' > /etc/apt/apt.conf.d/99cloud-mirror-workaround && \
apt-get update && \
apt-get install \
git \
make \
mercurial \
python \
xz-utils
new file mode 100755
--- /dev/null
+++ b/taskcluster/docker/debian-base/cloud-mirror-workaround.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+# The apt in Debian stretch mishandles the HTTP redirects from queue.taskcluster.net to
+# cloud-mirror.taskcluster.net, and unescapes the url. This apt method wrapper
+# strips redirections and sends directly to the S3 bucket. This has the downside of
+# always hitting us-west-2 independently of the zone this runs on, but this is only
+# used when creating docker images, so shouldn't generate huge cross-AWS-zone S3
+# transfers.
+
+/usr/lib/apt/methods/https | sed -u 's,^New-URI: https://cloud-mirror.taskcluster.net/v1/redirect/[^/]*/[^/]*/https://,New-URI: https://,'
--- a/taskcluster/taskgraph/transforms/job/debian_package.py
+++ b/taskcluster/taskgraph/transforms/job/debian_package.py
@@ -177,19 +177,17 @@ def docker_worker_debian_package(config,
# Build the package
'DEB_BUILD_OPTIONS="parallel=$(nproc) nocheck" dpkg-buildpackage && '
# Copy the artifacts
'mkdir -p {artifacts}/debian && '
'dcmd cp ../{package}_*.changes {artifacts}/debian/ && '
'cd {artifacts} && '
# Make the artifacts directory usable as an APT repository.
'apt-ftparchive sources debian | gzip -c9 > debian/Sources.gz && '
- 'apt-ftparchive packages debian | gzip -c9 > debian/Packages.gz && '
- 'apt-ftparchive release -o APT::FTPArchive::Release::Codename={dist} debian > Release && '
- 'mv Release debian/'
+ 'apt-ftparchive packages debian | gzip -c9 > debian/Packages.gz'
.format(
package=package,
snapshot=run['snapshot'],
dist=run['dist'],
src_url=src_url,
src_file=src_file,
src_sha256=src_sha256,
unpack=unpack,