Comment by NotPractical
4 months ago
> I can always "apt-get install".
I don't think you can reliably fix a specific version of a package though, meaning things will still break here the same way they did before containers.
4 months ago
> I can always "apt-get install".
I don't think you can reliably fix a specific version of a package though, meaning things will still break here the same way they did before containers.
If you need a specific version of one package: apt-get install hello=2.10-3
If you want to lock down versions on a system, Apt Pinning: https://wiki.debian.org/AptConfiguration#Using_pinning
If you have a herd of systems - prod environments, VMs for CI, lots of dev workstations, and especially if your product is an appliance VM: you might want to run your own apt mirror, creating known-good snapshots of your packages. I use https://www.aptly.info/
Containers can also be a great solution though.
That's what the apt sources are for; point them to a snapshot of known-good packages (e.g. S3, AptOnCD, whatever), and disable everything else.
I remember doing such things (via .deb packages, rather than random scripts) a couple of decades ago.