+
+case $(debian-codename) in
+ # needed for debootstrap scripts for fai since fai requires debian
+ flidas)
+ curl http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg | s apt-key add -
+ s dd of=/etc/apt/preferences.d/flidas-xenial <<EOF
+Package: *
+Pin: release a=xenial
+Pin-Priority: -100
+
+Package: *
+Pin: release a=xenial-updates
+Pin-Priority: -100
+
+Package: *
+Pin: release a=xenial-security
+Pin-Priority: -100
+EOF
+ s dd of=/etc/apt/sources.list.d/xenial.list 2>/dev/null <<EOF
+deb http://us.archive.ubuntu.com/ubuntu/ xenial main
+deb http://us.archive.ubuntu.com/ubuntu/ xenial-updates main
+deb http://us.archive.ubuntu.com/ubuntu/ xenial-security main
+EOF
+
+ s apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
+ s dd of=/etc/apt/preferences.d/flidas-bionic <<EOF
+Package: *
+Pin: release a=bionic
+Pin-Priority: -100
+
+Package: *
+Pin: release a=bionic-updates
+Pin-Priority: -100
+
+Package: *
+Pin: release a=bionic-security
+Pin-Priority: -100
+EOF
+
+ # better to run btrfs-progs which matches our kernel version
+ # (note, renamed from btrfs-tools)
+ s dd of=/etc/apt/preferences.d/btrfs-progs <<EOF
+Package: btrfs-progs libzstd1
+Pin: release a=bionic
+Pin-Priority: 1005
+
+Package: btrfs-progs libzstd1
+Pin: release a=bionic-updates
+Pin-Priority: 1005
+
+Package: btrfs-progs libzstd1
+Pin: release a=bionic-security
+Pin-Priority: 1005
+EOF
+
+
+ t=$(mktemp)
+ cat >$t <<EOF
+deb http://us.archive.ubuntu.com/ubuntu/ bionic main
+deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates main
+deb http://us.archive.ubuntu.com/ubuntu/ bionic-security main
+EOF
+ f=/etc/apt/sources.list.d/bionic.list
+ if ! diff -q $t $f; then
+ s cp $t $f
+ s chmod 644 $f
+ p update
+ fi
+
+ # no special reason, but its better for btrfs-progs to
+ # be closer to our kernel version
+ pi btrfs-progs
+
+ t=$(mktemp -d)
+ cd $t
+ aptitude download debootstrap/xenial
+ ex ./*
+ s cp ./usr/share/debootstrap/scripts/* /usr/share/debootstrap/scripts
+
+ s dd of=/etc/apt/preferences.d/flidas-etiona <<EOF
+Package: *
+Pin: release a=etiona
+Pin-Priority: -100
+
+Package: *
+Pin: release a=etiona-updates
+Pin-Priority: -100
+
+Package: *
+Pin: release a=etiona-security
+Pin-Priority: -100
+
+Package: *
+Pin: release a=etiona-backports
+Pin-Priority: -100
+EOF
+
+ t=$(mktemp)
+ cat >$t <<EOF
+deb http://mirror.fsf.org/trisquel/ etiona main
+deb http://mirror.fsf.org/trisquel/ etiona-updates main
+deb http://archive.trisquel.info/trisquel/ etiona-security main
+deb http://mirror.fsf.org/trisquel/ etiona-backports main
+EOF
+ f=/etc/apt/sources.list.d/etiona.list
+ if ! diff -q $t $f; then
+ s cp $t $f
+ s chmod 644 $f
+ p update
+ fi
+
+ s dd of=/etc/apt/preferences.d/debian-goodies <<EOF
+Package: debian-goodies
+Pin: release n=buster
+Pin-Priority: 1005
+EOF
+
+
+ s dd of=/etc/apt/preferences.d/flidas-buster <<EOF
+Package: *
+Pin: release n=buster
+Pin-Priority: -100
+EOF
+
+ # stupid buster uses some key algorithm not supported by flidas gpg that apt uses.
+ s dd of=/etc/apt/apt.conf.d/01iank <<'EOF'
+Acquire::AllowInsecureRepositories "true";
+EOF
+
+ t=$(mktemp)
+ cat >$t <<EOF
+deb http://http.us.debian.org/debian buster main
+deb-src http://http.us.debian.org/debian buster main
+
+deb http://security.debian.org/ buster/updates main
+deb-src http://security.debian.org/ buster/updates main
+
+deb http://http.us.debian.org/debian buster-updates main
+deb-src http://http.us.debian.org/debian buster-updates main
+EOF
+ f=/etc/apt/sources.list.d/buster.list
+ if ! diff -q $t $f; then
+ s cp $t $f
+ s chmod 644 $f
+ p update
+ fi
+
+ # newer version needed for false positive in checkrestart
+ p install -y --allow-unauthenticated debian-goodies
+
+ s dd of=/etc/apt/preferences.d/shellcheck <<EOF
+Package: shellcheck
+Pin: release a=etiona
+Pin-Priority: 1005
+
+Package: shellcheck
+Pin: release a=etiona-updates
+Pin-Priority: 1005
+
+Package: shellcheck
+Pin: release a=etiona-security
+Pin-Priority: 1005
+EOF
+
+
+ ;;
+esac
+
+