From 0492f28aa10dc93063ff3b46107fa705c5ee0d7e Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@whonix.org>
Date: Tue, 3 Aug 2021 12:37:39 -0400
Subject: [PATCH] enable "`apt-get --error-on=any`" by default

makes apt exit non-zero for transient failures

`/etc/apt/apt.conf.d/40error-on-any`

https://forums.whonix.org/t/debian-bullseye-apt-get-error-on-any/12068
---
 README.md                         | 2 ++
 etc/apt/apt.conf.d/40error-on-any | 9 +++++++++
 2 files changed, 11 insertions(+)
 create mode 100644 etc/apt/apt.conf.d/40error-on-any

diff --git a/README.md b/README.md
index 9ab625e..c14357c 100644
--- a/README.md
+++ b/README.md
@@ -352,6 +352,8 @@ See:
 
 ## Application-specific hardening
 
+* Enables "`apt-get --error-on=any`" which makes apt exit non-zero for
+ transient failures. — `/etc/apt/apt.conf.d/40error-on-any`.
 * Enables APT seccomp-BPF sandboxing — `/etc/apt/apt.conf.d/40sandbox`.
 * Deactivates previews in Dolphin.
 * Deactivates previews in Nautilus —
diff --git a/etc/apt/apt.conf.d/40error-on-any b/etc/apt/apt.conf.d/40error-on-any
new file mode 100644
index 0000000..e9357e6
--- /dev/null
+++ b/etc/apt/apt.conf.d/40error-on-any
@@ -0,0 +1,9 @@
+## Copyright (C) 2021 - 2021 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
+## See the file COPYING for copying conditions.
+
+## Make "sudo apt-get update" exit non-zero for transient failures.
+## Same as "apt-get --error-on=any".
+## https://forums.whonix.org/t/debian-bullseye-apt-get-error-on-any/12068
+## https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594813
+## https://salsa.debian.org/apt-team/apt/-/commit/c7123bea6a8dc2c9e327ce41ddfc25e29f1bb145
+APT::Update::Error-Mode any;