Improve apt-get retry and mirror fallback

Add robust retry logic for APT operations in misc/build.func and misc/install.func. Introduces an apt_retry helper and multiple fallback steps: disable by-hash, switch to a country mirror (ftp.de.debian.org), wait and retry to allow mirror sync, and as a last resort temporarily relax APT verification to allow insecure repositories to complete updates. Ensures cleanup and restores secure settings where possible, with clearer failure handling and messages to increase resilience of package installation during container builds and installs.
2026-03-26 13:48:56 +01:00
parent d836402348
commit 0f3a8c8406
2 changed files with 71 additions and 18 deletions
--- a/misc/install.func
+++ b/misc/install.func
@@ -205,13 +205,34 @@ pkg_update() {
      echo 'Acquire::By-Hash "no";' >/etc/apt/apt.conf.d/99no-by-hash
      rm -rf /var/lib/apt/lists/*
      if ! $STD apt-get update; then
-        if [[ -f /etc/apt/sources.list.d/debian.sources ]]; then
-          sed -i 's|deb.debian.org|ftp.debian.org|g' /etc/apt/sources.list.d/debian.sources
-        elif [[ -f /etc/apt/sources.list ]]; then
-          sed -i 's|deb.debian.org|ftp.debian.org|g' /etc/apt/sources.list
-        fi
+        # Retry with country mirror
+        for src in /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list; do
+          [[ -f "$src" ]] && sed -i 's|deb.debian.org|ftp.de.debian.org|g' "$src"
+        done
        rm -rf /var/lib/apt/lists/*
-        $STD apt-get update
+        if ! $STD apt-get update; then
+          # Wait for mirror sync, try original
+          sleep 30
+          for src in /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list; do
+            [[ -f "$src" ]] && sed -i 's|ftp.de.debian.org|deb.debian.org|g' "$src"
+          done
+          rm -rf /var/lib/apt/lists/*
+          if ! $STD apt-get update; then
+            # Last resort: temporarily allow insecure repos
+            msg_warn "All mirrors have hash mismatch, temporarily relaxing APT verification..."
+            echo 'Acquire::AllowInsecureRepositories "true";' >>/etc/apt/apt.conf.d/99no-by-hash
+            for src in /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list; do
+              [[ -f "$src" ]] && sed -i 's|deb.debian.org|ftp.debian.org|g' "$src"
+            done
+            rm -rf /var/lib/apt/lists/*
+            $STD apt-get update --allow-insecure-repositories
+            # Restore secure settings immediately
+            echo 'Acquire::By-Hash "no";' >/etc/apt/apt.conf.d/99no-by-hash
+            for src in /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list; do
+              [[ -f "$src" ]] && sed -i 's|ftp.debian.org|deb.debian.org|g' "$src"
+            done
+          fi
+        fi
      fi
    fi
    ;;