I am trying to build a Debian install CD with simple-cdd, which is recommended as the easiest way to create a custom installer. The CD will have a few extra packages and a preseed file.
Before adding any customisation I ran the tool to test a basic build:
$ build-simple-cdd --dist jessie --logfile log.txt
This fails with dependency errors, one example is vim-tiny:
2017-03-01 16:19:48,250 WARNING package: vim-tiny
2017-03-01 16:19:48,250 WARNING version: 2:7.4.488-7+deb8u1
2017-03-01 16:19:48,250 WARNING architecture: amd64
2017-03-01 16:19:48,250 WARNING status: broken
2017-03-01 16:19:48,250 WARNING reasons:
2017-03-01 16:19:48,250 WARNING -
2017-03-01 16:19:48,250 WARNING missing:
2017-03-01 16:19:48,250 WARNING pkg:
2017-03-01 16:19:48,250 WARNING package: vim-tiny
2017-03-01 16:19:48,250 WARNING version: 2:7.4.488-7+deb8u1
2017-03-01 16:19:48,250 WARNING architecture: amd64
2017-03-01 16:19:48,251 WARNING unsat-dependency: vim-common (= 2:7.4.488-7+deb8u1)
It's evident from the vim-common changelog that the requested version has been superseded by a security update (version deb8u1 was replaced with deb8u2). The actual dependency requirement is:
Looking at list, line "vim-tiny"
+ Trying to add vim-tiny...
vim-tiny Dep: vim-common (= 2:7.4.488-7+deb8u1) soft_depend 0
vim-common is included already, but invalid version 2:7.4.488-7+deb8u2
vim-common not included in a useful version, check_backports 0
Looking at the full log it seems the package is available but deleted by reprepro:
2017-03-01 16:17:14,385 DEBUG mirror/reprepro stdout: deleting and forgetting pool/main/v/vim/vim-common_7.4.488-7+deb8u1_amd64.deb
So it seems that some part of the base operating system requires vim-tiny, which requires a specific version of vim-common. That version isn't available due to a security release.
Note that vim-tiny is just an illustration, there is another unmet dependency for BIND which also recently got a security update.
Is there a way to ensure simple-cdd builds the CD regardless? Or disable package deletion, as the first apt-get upgrade should pull these in correctly.
