From 7d2b2aa1cbf9e1069b70fd54ab11195f0c8bef3b Mon Sep 17 00:00:00 2001
From: Cyril Brulebois <cyril@debamax.com>
Date: Thu, 26 Mar 2026 23:15:56 +0100
Subject: [PATCH] Add support for sid.

There's no sid-security suite, so we need to be careful.
---
 generate-recipe.py | 10 +++++++++-
 raspi_master.yaml  |  2 +-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/generate-recipe.py b/generate-recipe.py
index a2e44dc..8bfb936 100755
--- a/generate-recipe.py
+++ b/generate-recipe.py
@@ -19,7 +19,7 @@ if arch not in ['armhf', 'arm64']:
     sys.exit(1)
 
 suite = sys.argv[2]
-if suite not in ['bookworm', 'trixie', 'forky']:
+if suite not in ['bookworm', 'trixie', 'forky', 'sid']:
     print("E: unsupported suite %s" % suite, file=sys.stderr)
     sys.exit(1)
 target_yaml = 'raspi_%s_%s.yaml' % (arch, suite)
@@ -85,6 +85,13 @@ else:
 # deb http://deb.debian.org/debian %s main non-free-firmware
 """ % backports_suite
 
+# Enable security for everyone but sid:
+if suite != 'sid':
+    security_stanza = 'deb http://security.debian.org/debian-security %s-security main non-free-firmware' % suite
+else:
+    security_stanza = ''
+
+
 gitcommit = subprocess.getoutput("git show -s --pretty='format:%C(auto)%h (%s, %ad)' --date=short ")
 buildtime = subprocess.getoutput("date --utc +'%Y-%m-%d %H:%M'")
 
@@ -127,6 +134,7 @@ with open('raspi_master.yaml', 'r') as in_file:
         out_text = align_replace(out_text, '__EXTRA_ROOT_SHELL_CMDS__', extra_root_shell_cmds)
         out_text = align_replace(out_text, '__EXTRA_CHROOT_SHELL_CMDS__', extra_chroot_shell_cmds)
         out_text = align_replace(out_text, '__BACKPORTS__', backports_stanza.splitlines())
+        out_text = align_replace(out_text, '__SECURITY__', security_stanza.splitlines())
 
         # Try not to keep lines where the placeholder was replaced
         # with nothing at all (including on a "list item" line):
diff --git a/raspi_master.yaml b/raspi_master.yaml
index 4b34313..0b35c35 100644
--- a/raspi_master.yaml
+++ b/raspi_master.yaml
@@ -54,7 +54,7 @@ steps:
     contents: |+
       deb http://deb.debian.org/debian __RELEASE__ main non-free-firmware
       deb http://deb.debian.org/debian __RELEASE__-updates main non-free-firmware
-      deb http://security.debian.org/debian-security __RELEASE__-security main non-free-firmware
+      __SECURITY__
       __BACKPORTS__
 
     unless: rootfs_unpacked