|
| 1 | +# coding=utf-8 |
| 2 | +# |
| 3 | +# The Qubes OS Project, http://www.qubes-os.org |
| 4 | +# |
| 5 | +# Copyright (C) 2025 Marek Marczykowski-Górecki |
| 6 | +# <marmarek@invisiblethingslab.com> |
| 7 | +# |
| 8 | +# This program is free software; you can redistribute it and/or |
| 9 | +# modify it under the terms of the GNU General Public License |
| 10 | +# as published by the Free Software Foundation; either version 2 |
| 11 | +# of the License, or (at your option) any later version. |
| 12 | +# |
| 13 | +# This program is distributed in the hope that it will be useful, |
| 14 | +# but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 15 | +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 16 | +# GNU General Public License for more details. |
| 17 | +# |
| 18 | +# You should have received a copy of the GNU General Public License |
| 19 | +# along with this program; if not, write to the Free Software |
| 20 | +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, |
| 21 | +# USA. |
| 22 | + |
| 23 | +import os |
| 24 | +import subprocess |
| 25 | + |
| 26 | +sources_list = "/etc/apt/sources.list.d/backports.list" |
| 27 | +base_repo_url = "deb.debian.org/debian/dists/bookworm/InRelease" |
| 28 | +base_onion_repo_url = "2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian/dists/bookworm/InRelease" |
| 29 | +backports_line = ( |
| 30 | + "deb {baseurl} bookworm-backports main contrib non-free-firmware\n" |
| 31 | +) |
| 32 | +prefs_path = "/etc/apt/preferences.d/backports_pins" |
| 33 | +prefs_firmware_data = """\ |
| 34 | +Package: src:firmware-nonfree |
| 35 | +Pin: release n=bookworm-backports |
| 36 | +Pin-Priority: 600 |
| 37 | +
|
| 38 | +""" |
| 39 | + |
| 40 | + |
| 41 | +def add_backports_repo(): |
| 42 | + # find URL flavor used for deb.debian.org |
| 43 | + try: |
| 44 | + output = subprocess.check_output( |
| 45 | + ["apt-get", "--print-uris", "update"], |
| 46 | + stderr=subprocess.DEVNULL, |
| 47 | + ) |
| 48 | + except subprocess.CalledProcessError: |
| 49 | + return |
| 50 | + baseurl = None |
| 51 | + backports_enabled = False |
| 52 | + for url in output.decode().splitlines(): |
| 53 | + if not baseurl and (base_repo_url in url or base_onion_repo_url in url): |
| 54 | + baseurl = ( |
| 55 | + url.split()[0] |
| 56 | + .strip("'") |
| 57 | + .replace("/dists/bookworm/InRelease", "") |
| 58 | + ) |
| 59 | + if "/debian/dists/bookworm-backports/" in url: |
| 60 | + # backports already enabled |
| 61 | + backports_enabled = True |
| 62 | + # add bookworm-backports if not already there |
| 63 | + if baseurl and not backports_enabled and not os.path.exists(sources_list): |
| 64 | + with open(sources_list, "w") as sources: |
| 65 | + sources.write(backports_line.format(baseurl=baseurl)) |
| 66 | + |
| 67 | + |
| 68 | +def check_package_not_from_backports(package): |
| 69 | + # check if package is installed but not from backports |
| 70 | + try: |
| 71 | + output = subprocess.check_output( |
| 72 | + ["dpkg", "-l", package], |
| 73 | + stderr=subprocess.DEVNULL, |
| 74 | + ) |
| 75 | + if b"bpo" not in output: |
| 76 | + # package installed but not from backports |
| 77 | + return True |
| 78 | + except subprocess.CalledProcessError: |
| 79 | + return False |
| 80 | + return False |
| 81 | + |
| 82 | + |
| 83 | +def bookworm_backports(os_data, log, **kwargs): |
| 84 | + """ |
| 85 | + Update firmware packages from backports repository. |
| 86 | +
|
| 87 | + https://github.com/QubesOS/qubes-issues/issues/9815 |
| 88 | + """ |
| 89 | + if os_data.get("codename", "") == "bookworm": |
| 90 | + # check what packages need to be updated to backports version |
| 91 | + update_firmware = check_package_not_from_backports( |
| 92 | + "firmware-linux-nonfree" |
| 93 | + ) |
| 94 | + if not update_firmware: |
| 95 | + return |
| 96 | + add_backports_repo() |
| 97 | + # then pin firmware packages to backports repo |
| 98 | + if not os.path.exists(prefs_path): |
| 99 | + with open(prefs_path, "w") as prefs: |
| 100 | + if update_firmware: |
| 101 | + prefs.write(prefs_firmware_data) |
0 commit comments