Sunday, July 29, 2007

Tracking fast-paced packages on debian based systems (aka debian-volatile project)

If you run some ISP services (your own mail server with virus and/or spam scanning tools) you will have run into the age old problem that the scanning tools in the stable distribution do not evolve as fast as they should to keep up with their fast-paced projects.

Even continual updates of the software in your distribution are not enough to stay up to date as the release cycle of the stable distribution is out of sync with the speed at which things change in the wild.

According to the debian-volatile project page:

The main goal of volatile is allowing system administrators to update their systems
in a nice, consistent way, without getting the drawbacks of using unstable, even
without getting the drawbacks for the selected packages. So debian-volatile will
only contain changes to stable programs that are necessary to keep them functional.

Great effort goes into ensuring that no functional changes are made to packages in debian-volatile (so that configuration file changes, etc. are not required) for painless upgrades. Unfortunately painful upgrades are not always avoidable so a volatile-sloppy section was created to contain packages that are fast-paced but also require some functional change to how it runs, is installed or configured.

You should note that the debian-volatile project is not supported by the _official_ security team. This responsibility falls to the debian-volatile team who currently has at least one member that is shared with the official debian testing security team.

How do I use it?
Add the relevant repository (volatile and/or volatile-sloppy) to your /etc/apt/sources.list file:

deb sarge/volatile main contrib non-free
deb sarge/volatile-sloppy main contrib non-free

deb etch/volatile main contrib non-free
deb etch/volatile-sloppy main contrib non-free

Save sources.list and run _atp-get update_ which should generate something like this (your listing will vary depending on the repositories you have listed in your sources file):

# apt-get update
Get:1 dapper Release.gpg [189B]
Get:2 dapper Release.gpg [189B]
Get:3 dapper-backports Release.gpg [191B]
Get:4 dapper-updates Release.gpg [191B]
Get:5 etch/volatile Release.gpg [189B]
Hit dapper Release
Hit dapper Release
Get:6 etch/volatile Release [40.7kB]
Hit dapper-updates Release
Hit dapper-backports Release
Hit dapper/main Packages
Hit dapper/restricted Packages
Hit dapper/universe Packages
Hit dapper/universe Sources
Hit dapper/main Sources
Hit dapper/restricted Sources
Hit dapper-updates/main Packages
Hit dapper-updates/restricted Packages
Hit dapper-backports/main Packages
Hit dapper-backports/restricted Packages
Hit dapper-backports/universe Packages
Hit dapper-updates/main Sources
Hit dapper-updates/restricted Sources
Hit dapper-backports/multiverse Packages
Hit dapper-backports/main Sources
Hit dapper-backports/restricted Sources
Hit dapper-backports/universe Sources
Hit dapper-backports/multiverse Sources
Ign etch/volatile Release
Get:7 etch/volatile/main Packages [3953B]
Hit etch/volatile/contrib Packages
Hit etch/volatile/non-free Packages
Get:8 dapper-security Release.gpg [191B]
Hit dapper-security Release
Hit dapper-security/main Packages
Hit dapper-security/restricted Packages
Hit dapper-security/main Sources
Hit dapper-security/restricted Sources
Hit dapper-security/universe Packages
Hit dapper-security/universe Sources
Fetched 44.8kB in 5s (7554B/s)
Reading package lists... Done
W: GPG error: etch/volatile Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EC61E0B0BBE55AB3
W: You may want to run apt-get update to correct these problems

The inclusion of the debian-volatile release fails because we do not have a key to authenticate the repository. Adding the following will import their key (mentioned as EC61E0B0BBE55AB3 above) into your key ring:

# gpg --keyserver --recv-keys EC61E0B0BBE55AB3
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: requesting key BBE55AB3 from hkp server
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key BBE55AB3: public key "Debian-Volatile Archive Automatic Signing Key (4.0/etch)" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1
# gpg --armor --export EC61E0B0BBE55AB3 | apt-key add -
gpg: no ultimately trusted keys found

Another spin of _apt-get update_ (and possibly _apt-get upgrade_ if their are any outdated packages) should then do the trick.

No comments:

About Me

My photo
I love solving real-world problems with code and systems (web apps, distributed systems and all the bits and pieces in-between).