Debian 12 (bookworm) how to get the security repositories list from sources.list

Question

We have a python script that does the following:

1. Runs on ubuntu/debian VMs to get the repos that has 'security' string in them and stores these lines in a new file (say /home/user/security.list)
2. Uses the above file in following command to get the list of security packages and displays the package name and version. apt-get dist-upgrade -o Dir::Etc::sourcelist=/home/user/security.list -s

This scripts works in ubuntu and debian 11. But in debian 12, there are some changes to the default sources.list file. for example, this is the sample sources.list in debian 11:

    deb http://security.debian.org/debian-security bullseye-security main
    deb-src http://security.debian.org/debian-security bullseye-security main

Sources.list in debian 12 is empty with a statement "# See /etc/apt/sources.list.d/debian.sources ". The contents of this file

Types: deb deb-src
URIs: mirror+file:///etc/apt/mirrors/debian.list
Suites: bookworm bookworm-updates bookworm-backports
Components: main

Types: deb deb-src
URIs: mirror+file:///etc/apt/mirrors/debian-security.list
Suites: bookworm-security
Components: main

I looked at the contents for the file "/etc/apt/mirrors/debian-security.list" as i am interested in the security packages only. It has only a URl (https://cdn-aws.deb.debian.org/debian-security). I tried to use this file in apt-get dist-upgrade command, but it was throwing an error:

# cat /etc/apt/mirrors/debian-security.list
https://cdn-aws.deb.debian.org/debian-security
# apt-get dist-upgrade -o Dir::Etc::sourcelist=/etc/apt/mirrors/debian-security.list -s 
E: Malformed line 1 in source list /etc/apt/mirrors/debian-security.list (type)
E: The list of sources could not be read.
E: Malformed line 1 in source list /etc/apt/mirrors/debian-security.list (type)
E: The list of sources could not be read.

I wanted to understand what is the correct way to extract/get the security sources list file and use it in the dist-upgrade command. Please point me in correct direction.

Thanks.

Answer 1

I think that your '.list' files, should be written according to convention

deb http://security.debian.org/ bookworm-security main contrib non-free non-free-firmware

https://www.debian.org/releases/bookworm/errata.en.html

using deb.debian.org is already a way to select a mirror

https://www.debian.org/mirror/list.en.html

To me, you're adding complexity on simplified things