A while ago I realised, that some of my ubuntu systems, most of them nspawn containers, don’t recieve any updates. I didn’t really care about the containers but as I realised that one of my internet facing host is also affected, I began to search. I searched on https://packages.ubuntu.com/ for the newest kernel and locally with apt-cache policy linux-generic for the newest available on the system. Of course the kernel which apt listed was way older but at leased I thereby saw, that the kernel in the repos should come from the “security” list. All the systems had in common that I created them with debootstrap, most of them via a ansible role which explicitly adds universe as a component. I thought that was enough, but it leads to a sources.list with just the basic package list, leaving out the security and updates lists.

After I added them manually I got the ton of updates I was missing for something like a year.

deb http://de.archive.ubuntu.com/ubuntu focal main universe restricted
deb http://de.archive.ubuntu.com/ubuntu focal-security main universe restricted
deb http://de.archive.ubuntu.com/ubuntu focal-updates main universe restricted

Afterwards I read the manpage of debootstrap an figured out that it is not capable of bootstrapping from multiple sources. There is another tool called Multistrap for that, but it needs its information from a configfile and cannot be feeded via commandline parameters.