[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[OSSTEST PATCH 3/3] Disable updates for ssapshot.debian.org

security updates are a separate apt source.

The point of using snapshot is to avoid pulling in uncontrolled
updates, so we need to disable security updates.

The non-security SUITE-updates are disabled by this too.  But
everything is on fire and I don't want another iteration while I
figure out the proper syntax for disabling only the security updates.

Signed-off-by: Ian Jackson <iwj@xxxxxxxxxxxxxx>
---
 Osstest/Debian.pm | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/Osstest/Debian.pm b/Osstest/Debian.pm
index d6e0b59d..ded7cdfc 100644
--- a/Osstest/Debian.pm
+++ b/Osstest/Debian.pm
@@ -972,12 +972,19 @@ END
     preseed_hook_command($ho, 'late_command', $sfx,
                         debian_dhcp_rofs_fix($ho, '/target'));
 
+    my $disable_security_updates = 0;
+
     my $murl = debian_mirror_url($ho);
     if ($murl =~ m/$c{DebianMirrorAllowExpiredReleaseRegexp}/) {
        # Inspired by
        #  
https://stackoverflow.com/questions/25039317/is-there-any-setting-in-the-preseed-file-to-ignore-the-release-valid-until-opt/51396935#51396935
        # In some sense a workaround for the lack of a better way,
        #  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771699
+       $disable_security_updates = 1;
+       # ^ this disables normal -updates too.  That's not desirable
+       #   but I don't want to mess with this now.  Hopefully it can
+       #   be improved later.
+
        preseed_hook_installscript($ho, $sfx,
             '/usr/lib/apt-setup/generators/', '02IgnoreValidUntil', <<'END');
 #!/bin/sh
@@ -1075,12 +1082,14 @@ END
 d-i mirror/suite string $suite
 END
 
+    $disable_security_updates = 1 if $suite =~ m/jessie/;
+    # security.d.o CDN seems unreliable right now
+    # and jessie-updates is no more, so disable both for jessie
+
     $preseed .= <<'END'
 d-i apt-setup/services-select multiselect
 END
-       if $suite =~ m/jessie/;
-    # security.d.o CDN seems unreliable right now
-    # and jessie-updates is no more
+       if $disable_security_updates;
 
     if (grep { $r{$_} } runvar_glob('*_dmrestrict') and
        $suite =~ m/stretch/) {
-- 
2.20.1

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.