THIS GIST HAS MOVED TO https://github.com/khimaros/debian-hybrid
PLEASE READ THE UPDATED INSTRUCTIONS CAREFULLY.
Last active
February 22, 2025 17:24
-
-
Save khimaros/21db936fa7885360f7bfe7f116b78daf to your computer and use it in GitHub Desktop.
debian testing with automatic security updates from unstable
@jmzumg thank you, updated!
I think that for bookworm+ that you need to add non-free-firmware to the sources.list file.
https://wiki.debian.org/Firmware
Thanks for maintaining this!
A suggestion
I would change the content of /etc/apt/apt/conf.d./99debscan to
APT::Update::Post-Invoke { "/usr/sbin/debsecan-apt-priority"; };
just to make sure we have the latest Info before doing any pinning'.
I ran into the issue that it did pin some package which wasn't available anymore because the system wasn't running for a few days and so a second apt-get update was needed to "fix" that ๐
@crpb thanks for the suggestion, done!
The link to enable-unstable-updates.sh used in the installation section points to a version of 99debsecan that still says Pre-Invoke rather than Post-Invoke.
The link to
enable-unstable-updates.shused in the installation section points to a version of99debsecanthat still saysPre-Invokerather thanPost-Invoke.
Still true today...
sed -i 's/Pre-/Post-/' /etc/apt/apt.conf.d/99debsecan
Thank you khimaros!
Thanks for this! Very useful.
very useful indeed. more people should know about this. best of the both worlds: relatively fresh packages yet quite stable.
Hej @khimaros,
thanks a lot for your work! I just "installed" and so far it works fine. ๐
I myself use debian without root user, so always sudo it is. Therefore a had a lot of line by line copying, which is fine, but maybe it is worth thinking to have the sudo way instead of the root way.
Again: Thanks for your work! <3
Simon
maintaining the hashes for all of these files has become onerous.
i've moved development to https://github.com/khimaros/debian-hybrid
please see the updated instructions there for how to use.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@khimaros
Thank you for the instructions and scripts here. There were extremely enlightening.
However I believe there is one small error in the instructions in
README.md.I believe the following line:
should actually read:
Otherwise the symbolic link points to a non-existent file. apt outputs the following error:
and the packages pinned by debsecan do not get upgraded.
I have tested using
ln -sf /var/lib/debsecan/apt_preferences /etc/apt/preferences.d/unstable-security-packagesinstead and everything seems to work.Thanks again for the instructions :)