File::Copy in Perl 5.10 does not copy permissions, so let's fix it
there and check for it elsewhere.
This reverts the two commits 06b3faa1bf8af440f865322de91a03ecadd04e06
and 68c20b4e4e351846c80af98db75eee3030f25fa6 which did not help to fix
this issue as the initially suspected noexec mount wasn't really
there. Hopefully this finally resolves the test failures with Perl
5.10 in the new t/hook-apt.t.
Those build failures with Perl 5.10 seem to neither be related to
xen-tools nor to Perl but to how the git repo is unpacked on Travis CI
as executable bits are either missing or /tmp/ is mounted with
"noexec".
So add some code to before_install to 1) output some debug information
on that issue and 2) abort early if executing scripts in /tmp/ fails.
Problem was that the commented variant only was a new, $dist-security
one, but is also written if the security repo is disabled with other
distributions than sid/unstable.
If the security repo will be enabled or not currently depends on the
host's sources.list. So the resulting files differ depending on the
host where the test is run. Add a TODO item to break with that
"feature".
Also mention in the TODO list that a repo on archive.debian.org should
be used instead security.debian.org if the release is EoL. Currently
the security mirror is hardcoded into the hook.
fix update-grub chroot silent failure
While it probably would be nicer to mount it at the beginning and umount it at the end, we have too many hooks already doing this and changing this seems a bigger task.
This reverts most code, but not the implemented functionality of
commit 2fba5cb90e30f2bfab07782c9fa3b99275e769da.
Requiring a config file change to still be able to install old
distributions would make a bump of the major version necessary
according to Semantic Versioning. Let's avoid that:
The list of distributions with the old path scheme is finite and will
never change again. Hence it's ok and especially backwards compatible
to hardcode this list in hooks/debian/20-setup-apt.
It's also less and more obvious (but not necessarily easier to read)
code. But it's all in one place and not scattered over three files.
And it's just one line instead like a dozen or two dozens.
Closes: #972749 (kinda again)
From Debian 11 Bullseye onwards, debian uses $dist-security instead of
$dist/updates as distribution part in /etc/apt/sources.list.
Mark those distributions with the old-style subdirectory path with
"security-subdir" in distributions.conf.
Thanks to Paul Wise for the bug report (and hence reminding me of
this) and for the suggestions on how to implement this (even if I
didn't follow them for the sake of simplicity and no additional
dependencies).
Closes: #972749
Reasoning:
Debian 8 Jessie has still (external) ELTS until 2022. But
debian-internal LTS has ended and it will likely vanish from the
normal mirrors soon. And it is already available in the archive. (And
some architectures are already only available in the archive.)
Also mention marking Debian 7 Wheezy as EoL in NEWS.markdown. (Was
already mentioned in debian/changelog.)
At least debootstrap 1.0.110 (Buster/Sid) or 1.0.110~bpo9+1
(Stretch-Backports) is required for:
* working bootstrapping of Ubuntu 6.06 Dapper and 6.10 Edgy (see
#659360).
* Support of Ubuntu 17.10 Artful, 18.04 LTS Bionic, 18.10 Cosmic, and
19.04 Disco.
Any tag ending in ".gpg" will be considered to be the according
keyring file in /usr/share/keyrings/. This is at least needed for some
Ubuntu releases which were eol'ed in the past few years, especially
because Ubuntu split up their keyrings much more finegrained than just
"archive" and "archive-removed-keys".
