Debian 11 Update broke samueldebruyn/debian-git?

Question

I have a staging, and a production server setup on Bitbucket Pipelines running a yaml script with the following;

          image: samueldebruyn/debian-git
          name: Staging - Upload FTP
          script:
            - apt-get update
            - apt-get -qq install git-ftp
            - git ftp push --user $FTP_USERNAME --passwd $FTP_PASSWORD -v ftp://$FTP_HOST/$FTP_STAGING_PATH
            - echo "Completed upload"

This script has been working great, and widely used in same format online for others using pipelines.

I submitted to my staging server literally 5-10 minutes before Debian 11 was released with successful builds, then post Debian 11 Release all subsequent releases Ive pushed to staging, or production result in a failure build with the following error...

Ign:1 http://security.debian.org/debian-security stable/updates InRelease
Get:2 http://deb.debian.org/debian stable InRelease [113 kB]
Err:3 http://security.debian.org/debian-security stable/updates Release
  404  Not Found [IP: 151.101.250.132 80]
Get:4 http://deb.debian.org/debian stable-updates InRelease [40.1 kB]
Get:5 http://deb.debian.org/debian stable/main amd64 Packages [8178 kB]
Reading package lists...
E: The repository 'http://security.debian.org/debian-security stable/updates Release' does not have a Release file.

Am I missing something, or did Debian 11 just break a lot of pipelines?!

or is samueldebruyn/debian-git out of date now?

Try `http://security.debian.org/debian-security stable-security Release` instead in your apt/sources.list. — Joachim Isaksson, Aug 14 '21 at 23:37
Im pulling an image? Is the git repo for samueldebruyn/debian-git no longer a valid repo to rely on? — levi, Aug 14 '21 at 23:38
A docker image? If so, the image would seem to have a broken sources.list. — Joachim Isaksson, Aug 14 '21 at 23:40
Since the docker file uses an "unversioned" base image (debian:stable-slim) and stable-slim went to debian 11 at the release the other day, the image got a whole lot of updates it was probably not prepared for. It should probably have been locked to debian 10 slim where it was tested and working until the kinks for debian 11 were ironed out. — Joachim Isaksson, Aug 14 '21 at 23:54
That said, the repo message you're seeing is a warning and should in itself not break anything. The problem is that any security updates won't be pulled correctly using apt. — Joachim Isaksson, Aug 14 '21 at 23:55
the error is most likely due to the "change in the security archive layout" described in bullseye's release notes: https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information#security-archive — MarcoLucidi, Aug 15 '21 at 07:49
Try using some other flavours of Debian , i was facing the same error and my docker file was using debian:slim but i changed type FROM debian:stable-slim to FROM debian:stable in my docker file and the error was gone — Debasish22, Aug 20 '21 at 10:27

score 15 · Accepted Answer · answered Aug 15 '21 at 17:06

15

I was able to locate a docker image that has the changes required to pass builds. For those that run into this issue and need a quick fix until Sam gets his docker image updated see

bitnami/git

answered Aug 15 '21 at 17:06

levi

1,566
3
21
37

1

Thank you, this worked for me. What do you mean by until Sam gets image updated? why don't we keep this? – Elyor Aug 16 '21 at 03:14
@Elyor I am going to keep bitnami over a personal managed repo as they will have a higher probability of maintaining upstream packages that causes down stream issues. – levi Aug 17 '21 at 04:08

Joachim Isaksson · Answer 2 · 2021-08-15T08:11:16.630

TL;DR; The stable images on docker hub have not yet been regenerated for Debian 11, but the security repo changed layout. The next rebuild of the stable docker image should be Debian 11 based and that should fix the problem.

--- Details ---

It seems the stable and stable-slim tags are currently a bit broken at docker hub.

For Debian 10 and older, the repo uses the subdirectory structure {RELEASE}/updates to contain the security updates;

> docker run -it --rm debian:buster-slim egrep '(/se.*security)' /etc/apt/sources.list
deb http://security.debian.org/debian-security buster/updates main

For Debian 11, it instead uses a directory called {RELEASE}-security

> docker run -it --rm debian:bullseye-slim egrep '(/se.*security)' /etc/apt/sources.list
deb http://security.debian.org/debian-security bullseye-security main

The problem with stable is that the image is still Debian 10 and expects stable/updates while the repo now uses the Debian 11 style stable-security. When the image pulls the security updates, it fails since the directory no longer exists with the new structure.

> docker run -it --rm debian:stable-slim egrep '(/se.*security)' /etc/apt/sources.list
deb http://security.debian.org/debian-security stable/updates main

Since the next build of the stable image should be Debian 11 based, the problem should sort itself out soon enough, but if you want to use the failing docker file until a new build is available, use buster-slim or bullseye-slim (both of which work well) instead of stable-slim.

Seems there is an issue created now on this; https://github.com/debuerreotype/docker-debian-artifacts/issues/134 — Joachim Isaksson, Aug 15 '21 at 10:34
this answer was posted Aug 2021, its now Dec 2021, its not clear how soon to expect a change for this. Seems like Debian 11 is just completely broken for the time being. I am not trying to mess with "security" settings just to get Docker containers to build correctly — user5359531, Dec 21 '21 at 00:28

score 4 · Answer 3 · answered Aug 31 '21 at 12:09

4

Replace the docker image to the following on your bitbucket-pipelines.yml

image: bitnami/git

answered Aug 31 '21 at 12:09

inerds

49
2

1

This was the easiest solution. Thanks! – mang Oct 21 '21 at 05:41
2

I am the creator of the debian-git image and I would not recommend using it anymore. At the time I created it, there weren't a lot of alternatives. I don't have the time to maintain such an image, so `bitname/git` or `alpine/git` are great alternatives. – Sam Debruyn Nov 06 '21 at 22:55

score 0 · Answer 4 · answered Aug 19 '21 at 14:22

Adding

sudo sed -i 's/stable\/updates/stable-security/g' /etc/apt/sources.list

to the docker file before 'apt-get update' addresses the issue and should be benign once the image is fixed (though should be reverted)

e.g.

FROM debian:stable-slim

RUN \
  sed -i 's/stable\/updates/stable-security/g' /etc/apt/sources.list && \
  apt-get update && \
  ...

Debian 11 Update broke samueldebruyn/debian-git?

4 Answers4