# SPDX-Version: 3.0 # SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; # SPDX-FileType: SOURCE # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-PackageName: CISS.debian.live.builder # SPDX-Security-Contact: security@coresecret.eu ########################################################################################### # apt settings # ########################################################################################### # Choose, if you want to scan additional installation media (default: false): d-i apt-setup/cdrom/set-first boolean false # By default source repositories are listed in /etc/apt/sources.list: d-i apt-setup/enable-source-repositories boolean true # A network mirror can be used to supplement the software that is not included on the # installation media. This may also make newer versions of software available: d-i apt-setup/use_mirror boolean true # Uncomment the following line, if you don't want to have the sources.list entry for a # DVD/BD installation image active in the installed system: d-i apt-setup/disable-cdrom-entries boolean true # You can choose to install non-free firmware: d-i apt-setup/non-free-firmware boolean true # You can choose to install non-free and contrib software: d-i apt-setup/non-free boolean true d-i apt-setup/contrib boolean true # Debian has two services that provide updates to releases: # # security and release updates. # . # Security updates help to keep your system secured against attacks. # Enabling this service is strongly recommended. # . # Release updates provide more current versions for software that changes relatively # frequently and where not having the latest version could reduce the usability of the # software. It also provides regression fixes. This service is only available for stable # and oldstable releases. # . # Backported software are adapted from the development version to work with this release. # Although this software has not gone through such complete testing as that contained in # the release, it includes newer versions of some applications which may provide useful # features. Enabling backports here does not cause any of them to be installed by default; # it only allows you to manually select backports to use. # https://preseed.debian.net/debian-preseed/bookworm/amd64-main-full.txt d-i apt-setup/services-select multiselect security updates, release updates, backported software # Different spelling: # d-i apt-setup/services-select multiselect security, updates, backports d-i apt-setup/security_host string security.debian.org # Whether to upgrade packages after debootstrap. Allowed values: none, safe-upgrade, full-upgrade d-i pkgsel/upgrade select full-upgrade # Applying updates on a frequent basis is an important part of keeping the system secure. # # . # By default, security updates are not automatically installed, as security advisories should be # reviewed before manual installation of the updates using standard package management tools. # . # Alternatively the unattended-upgrades package can be installed, which will install security # updates automatically. Note however that automatic installation of updates may occasionally # cause unexpected downtime of services provided by this machine in the rare cases where the # update is not fully backward-compatible, or where the security advisory requires the # administrator to perform some other manual operation. # . # Possible choices: No automatic updates, Install security updates automatically d-i pkgsel/update-policy select Install security updates automatically # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh