From: Ian Jackson <iwj@xenproject.org>
To: xen-devel@lists.xenproject.org
Cc: Ian Jackson <iwj@xenproject.org>
Subject: [OSSTEST PATCH 3/3] Disable updates for ssapshot.debian.org
Date: Wed, 10 Feb 2021 17:36:29 +0000 [thread overview]
Message-ID: <20210210173629.4788-3-iwj@xenproject.org> (raw)
In-Reply-To: <20210210173629.4788-1-iwj@xenproject.org>
security updates are a separate apt source.
The point of using snapshot is to avoid pulling in uncontrolled
updates, so we need to disable security updates.
The non-security SUITE-updates are disabled by this too. But
everything is on fire and I don't want another iteration while I
figure out the proper syntax for disabling only the security updates.
Signed-off-by: Ian Jackson <iwj@xenproject.org>
---
Osstest/Debian.pm | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/Osstest/Debian.pm b/Osstest/Debian.pm
index d6e0b59d..ded7cdfc 100644
--- a/Osstest/Debian.pm
+++ b/Osstest/Debian.pm
@@ -972,12 +972,19 @@ END
preseed_hook_command($ho, 'late_command', $sfx,
debian_dhcp_rofs_fix($ho, '/target'));
+ my $disable_security_updates = 0;
+
my $murl = debian_mirror_url($ho);
if ($murl =~ m/$c{DebianMirrorAllowExpiredReleaseRegexp}/) {
# Inspired by
# https://stackoverflow.com/questions/25039317/is-there-any-setting-in-the-preseed-file-to-ignore-the-release-valid-until-opt/51396935#51396935
# In some sense a workaround for the lack of a better way,
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771699
+ $disable_security_updates = 1;
+ # ^ this disables normal -updates too. That's not desirable
+ # but I don't want to mess with this now. Hopefully it can
+ # be improved later.
+
preseed_hook_installscript($ho, $sfx,
'/usr/lib/apt-setup/generators/', '02IgnoreValidUntil', <<'END');
#!/bin/sh
@@ -1075,12 +1082,14 @@ END
d-i mirror/suite string $suite
END
+ $disable_security_updates = 1 if $suite =~ m/jessie/;
+ # security.d.o CDN seems unreliable right now
+ # and jessie-updates is no more, so disable both for jessie
+
$preseed .= <<'END'
d-i apt-setup/services-select multiselect
END
- if $suite =~ m/jessie/;
- # security.d.o CDN seems unreliable right now
- # and jessie-updates is no more
+ if $disable_security_updates;
if (grep { $r{$_} } runvar_glob('*_dmrestrict') and
$suite =~ m/stretch/) {
--
2.20.1
prev parent reply other threads:[~2021-02-10 17:36 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-10 17:36 [OSSTEST PATCH 1/3] production-config: Rewind buster armhf snapshot to 2021-01-124 Ian Jackson
2021-02-10 17:36 ` [OSSTEST PATCH 2/3] production-config: Update d-i version to older Debian snapshot Ian Jackson
2021-02-10 17:36 ` Ian Jackson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210210173629.4788-3-iwj@xenproject.org \
--to=iwj@xenproject.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.