#1140618 mmdebstrap: Please support specifying wanted suites

#1140618#5
Date:
2026-06-23 16:30:56 UTC
From:
To:
Dear Maintainer,

The Ubuntu sbuild package currently carries this patch:

```
my $ubuntu_mmdebstrap_extra_args = {};
use Debian::DistroInfo;
for my $series (UbuntuDistroInfo->new()->supported()) {
	$ubuntu_mmdebstrap_extra_args->{$series} = ['--components=main,universe'];
# We use snapshot.ubuntu.com here so it works both for ports and non-ports architectures
# without having to do complicated architecture detection logic
	$ubuntu_mmdebstrap_extra_args->{"$series-proposed"} = [
		'--components=main,universe',
		'--include=ca-certificates',
'--setup-hook=echo "deb [signed-by=/usr/share/keyrings/ubuntu-archive-keyring.gpg] https://snapshot.ubuntu.com/ubuntu '
		  . $series
		  . '-proposed main universe" > "$1"/etc/apt/sources.list.d/proposed.list',
		"--aptopt=APT::Default-Release \"$series\";" # this pins all pockets to 990 so we actually get proposed binaries
	];
	$ubuntu_mmdebstrap_extra_args->{"$series-backports"} = [
		'--components=main,universe',
		'--include=ca-certificates',
'--setup-hook=echo "deb [signed-by=/usr/share/keyrings/ubuntu-archive-keyring.gpg] https://snapshot.ubuntu.com/ubuntu '
		  . $series
		  . '-backports main universe" > "$1"/etc/apt/sources.list.d/backports.list'
	];
	# security we need to delete the -updates pocket
	$ubuntu_mmdebstrap_extra_args->{"$series-security"} = [
		'--components=main,universe',
		'--setup-hook=sed -i /-updates/d "$1"/etc/apt/sources.list',
	];
}
```

Instead of tweaking the sources list, it would be nice if mmdebstrap
could be instructed which suites should be enabled.

Calling `mmdebstrap resolute resolute.tar` creates /etc/apt/sources.list
with:

```
deb [signed-by="/usr/share/keyrings/ubuntu-archive-keyring.gpg"] http://archive.ubuntu.com/ubuntu resolute main
deb [signed-by="/usr/share/keyrings/ubuntu-archive-keyring.gpg"] http://archive.ubuntu.com/ubuntu resolute-updates main
deb [signed-by="/usr/share/keyrings/ubuntu-archive-keyring.gpg"] http://security.ubuntu.com/ubuntu resolute-security main
```

I propose taking a --suites parameter to tweak the suites (similar to
the --components paramater):

```
mmdebstrap --suites="%s %s-updates %s-proposed %s-security" resolute resolute.tar
```

would result in:

```
deb [signed-by="/usr/share/keyrings/ubuntu-archive-keyring.gpg"] http://archive.ubuntu.com/ubuntu resolute main
deb [signed-by="/usr/share/keyrings/ubuntu-archive-keyring.gpg"] http://archive.ubuntu.com/ubuntu resolute-updates main
deb [signed-by="/usr/share/keyrings/ubuntu-archive-keyring.gpg"] http://archive.ubuntu.com/ubuntu resolute-proposed main
deb [signed-by="/usr/share/keyrings/ubuntu-archive-keyring.gpg"] http://security.ubuntu.com/ubuntu resolute-security main
```

#1140618#8
Date:
2026-06-23 20:57:09 UTC
From:
To:
Hi,

Quoting Benjamin Drung (2026-06-23 18:30:56)

I don't think a --suites parameter would fix this problem because you want
"resolute-security" with a different mirror security.ubuntu.com.

I think what we want here is a better distro-info-data-extra which we can tell
"I want the defaults for Ubuntu Resolute" and it would give you above list
of mirror URLs, suites and signed-by, no?

Thanks!

cheers, josch

#1140618#13
Date:
2026-06-25 09:10:37 UTC
From:
To:
I thought about it. We should handle security.ubuntu.com separately. It
might be useful to use resolute-security from the mirror that you
specified and have security.ubuntu.com as fallback. So

```
mmdebstrap --suites="%s %s-updates %s-security" resolute resolute.tar http://my.mirror.example/ubuntu
```

would create:

```
deb [signed-by="/usr/share/keyrings/ubuntu-archive-keyring.gpg"] http://my.mirror.example/ubuntu resolute main
deb [signed-by="/usr/share/keyrings/ubuntu-archive-keyring.gpg"] http://my.mirror.example/ubuntu resolute-updates main
deb [signed-by="/usr/share/keyrings/ubuntu-archive-keyring.gpg"] http://my.mirror.example/ubuntu resolute-security main
deb [signed-by="/usr/share/keyrings/ubuntu-archive-keyring.gpg"] http://security.ubuntu.com/ubuntu resolute-security main
```

What do you think?