From patchwork Sun Mar 23 11:50:04 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 14026492 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 75E4E2046B3 for ; Sun, 23 Mar 2025 11:50:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.133 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742730612; cv=none; b=tkJKIKS2XxK9N8tuB7q9W4CVVEl2tj/NuYpbE3lj2wWAENLuWTZs6S+5W2G4ELuN3I6bL4iFnoG8nwAb6ov2EcwM/4QF2WRMtWhIUoA5Im51oV9+M2XtsubYwGLPOBxGCZoDRlAgraSwpdVZouXdvR2qpAkVKzxpUV/djiYHD3E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742730612; c=relaxed/simple; bh=bz8wSpwgWatBt5higMV2tnX2KKGrCeF/GNkag05rQmE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=nPpktp5ZLUSnej57EuFotji27Szxw0h+8gGw6EAxNZQFhqqLeDXSBYhqj/26BHMQrWiL4ZlBoDtLCuz/mKbXB3PcVncANibk46P3om8GTHozJ40DJTSQBYpkiiYGYtw3qa4BF/cogP/ERVbiB01VHGZvwsUqaMjRjmyN5kQc0ls= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=kernel.org; spf=none smtp.mailfrom=infradead.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b=Jq21f3RK; arc=none smtp.client-ip=198.137.202.133 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=kernel.org Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=infradead.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="Jq21f3RK" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=NtuEC3ZPrYAlBXsv7tD0SUG6kw7MWYGloSo9ctrn+ss=; b=Jq21f3RKE7BbunvjdLNzwRg8bo KLDkkSNjBz2zFyC8zCNIrU3X4PjColi4ioCoATRPMWaaQg/hnYp5S4TnpCwjw+pOMB3AFaBHGWJXI 4gcFK8zE9ulbF7sU135gCgtnWzhFfp4Fjy5pAllxAMZOzaYBpKVtKebKpGVFFFpV4ijrcP7ZZzar3 swuRTcezb8ZaqmEtwHHOHtPLQkgLB0DiKF+pODJtMZtEso6wvSg+erttUBOQPY/PmseXH2SwFQob0 HW1f0fIjzgNTY6OaRaK9T1UGvEB/7OiEoJ2bEP1INLrq+htXBxPXMzWoXSVgm6n3V1U7nxGnJwKhQ c47xiHOw==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.98 #2 (Red Hat Linux)) id 1twJqD-0000000181m-3obt; Sun, 23 Mar 2025 11:50:09 +0000 From: Luis Chamberlain To: kdevops@lists.linux.dev Cc: Luis Chamberlain Subject: [PATCH 1/6] scripts/bringup_guestfs.sh: uninstall unattended-upgrades on debian guests Date: Sun, 23 Mar 2025 04:50:04 -0700 Message-ID: <20250323115009.269172-2-mcgrof@kernel.org> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250323115009.269172-1-mcgrof@kernel.org> References: <20250323115009.269172-1-mcgrof@kernel.org> Precedence: bulk X-Mailing-List: kdevops@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Sender: Luis Chamberlain Be sure to remove unattended-upgrades when taking the downloaded image from Debian to build our base image which we will use to launch guests with. The package unattended-upgrades [0] is one of the biggest pain points for continous integeration on kdevops, where we race against package installations being mucked behind our back. So let's just be extremely vocal about it being a requirement to not be installed on debian systems and complain and ensure systems don't have it. Even though we have already in place devconfig rules to remove it, upon first bringup you can still race against it! If you do have an old guest with it, you should just remove the old guest and re-do your new guest as otherwise you will encounter many odd silly bugs and the issue is just races with debian doing its upgrades with unattended-upgrades. To my surprise unattended-upgrades has also been a default on debian for years now, it would seem we can just move to a debian image of "netinst" or "minimal" images but that requires more work than what we can just do by removing the package. Long term we really should request to see if is debian folks can ends up packaging a proper guestfs image based on debian testing for us, and when that does happen we ask it does not have unattended-upgrades. [0] https://wiki.debian.org/UnattendedUpgrades Signed-off-by: Luis Chamberlain --- scripts/bringup_guestfs.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/bringup_guestfs.sh b/scripts/bringup_guestfs.sh index 7166842307b5..1ba2c8c6ff9a 100755 --- a/scripts/bringup_guestfs.sh +++ b/scripts/bringup_guestfs.sh @@ -223,6 +223,7 @@ firstboot-command systemctl stop ssh firstboot-command DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true dpkg-reconfigure -p low --force openssh-server firstboot-command systemctl start ssh firstboot-command apt update && apt upgrade --yes +uninstall unattended-upgrades _EOT # CONFIG_GUESTFS_COPY_SOURCES_FROM_HOST_TO_GUEST will not work # if /etc/nsswitch.conf has a line like this: