From 2df62afa213efe1133e2f9f23abd3bd713634941 Mon Sep 17 00:00:00 2001
From: David Prevot <dprevot+git@evolix.fr>
Date: Wed, 13 Dec 2023 17:40:06 +0100
Subject: [PATCH] =?UTF-8?q?IS=5FDEBIANSECURITY=5FLXC:=20Don=E2=80=99t=20te?=
 =?UTF-8?q?st=20older=20than=20Debian=209=20containers?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We use eLTS for Jessie without security, that has been archived and
signed with an expired key.
---
 linux/evocheck.sh | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/linux/evocheck.sh b/linux/evocheck.sh
index 92cf81e..98db80d 100755
--- a/linux/evocheck.sh
+++ b/linux/evocheck.sh
@@ -205,8 +205,11 @@ check_debiansecurity_lxc() {
     if is_installed lxc; then
         container_list=$(lxc-ls)
         for container in $container_list; do
-            lxc-attach --name $container apt-cache policy | grep "\bl=Debian-Security\b" | grep "\bo=Debian\b" | grep --quiet "\bc=main\b"
-            test $? -eq 0 || failed "IS_DEBIANSECURITY_LXC" "missing Debian-Security repository in container ${container}"
+            DEBIAN_LXC_VERSION=$(cut -d "." -f 1 < /var/lib/lxc/${container}/rootfs/etc/debian_version)
+            if [ $DEBIAN_LXC_VERSION -ge 9 ]; then
+                lxc-attach --name $container apt-cache policy | grep "\bl=Debian-Security\b" | grep "\bo=Debian\b" | grep --quiet "\bc=main\b"
+                test $? -eq 0 || failed "IS_DEBIANSECURITY_LXC" "missing Debian-Security repository in container ${container}"
+            fi
         done
     fi
 }
@@ -215,7 +218,7 @@ check_backports_version() {
     apt-cache policy | grep "\bl=Debian Backports\b" | grep "\bo=Debian\b" | grep --quiet "\bc=main\b"
     test $? -eq 1 || ( \
         apt-cache policy | grep "\bl=Debian Backports\b" | grep --quiet "\bn=${DEBIAN_RELEASE}-backports\b" && \
-	test $? -eq 0 || failed "IS_BACKPORTS_VERSION" "Debian Backports enabled for another release than ${DEBIAN_RELEASE}" )
+        test $? -eq 0 || failed "IS_BACKPORTS_VERSION" "Debian Backports enabled for another release than ${DEBIAN_RELEASE}" )
 }
 check_oldpub() {
     # Look for enabled pub.evolix.net sources (supersed by pub.evolix.org since Stretch)
@@ -777,7 +780,7 @@ check_gitperms_lxc() {
             if test -d $GIT_DIR; then
                 expected="700"
                 actual=$(stat -c "%a" $GIT_DIR)
-		[ "$expected" = "$actual" ] || failed "IS_GITPERMS_LXC" "$GIT_DIR must be $expected (in container ${container})"
+                [ "$expected" = "$actual" ] || failed "IS_GITPERMS_LXC" "$GIT_DIR must be $expected (in container ${container})"
             fi
         done
     fi