[2/6] devconfig: ensure unattended-upgrades is not installed on debian

Commit Message

Luis Chamberlain March 23, 2025, 11:50 a.m. UTC

We already remove the package on debian bringups when downloading a
an official but-not-guestfs-official (and so debian custom) image to
build our base images for our guests. Now that we have that stop-gap
measure, be sure we just fail if the package happens to be installed,
and complain to the user about it.

We can easily fix this with just two command so recommend that.

Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
---
 .../tasks/install-deps/debian/main.yml        | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)

Patch

diff --git a/playbooks/roles/devconfig/tasks/install-deps/debian/main.yml b/playbooks/roles/devconfig/tasks/install-deps/debian/main.yml
index 5624a9f8406a..954f0aede3b2 100644
--- a/playbooks/roles/devconfig/tasks/install-deps/debian/main.yml
+++ b/playbooks/roles/devconfig/tasks/install-deps/debian/main.yml
@@ -1,4 +1,26 @@ 
 ---
+- name: Check if unattended-upgrades is installed
+  command: dpkg-query -W -f='${Status}' unattended-upgrades
+  register: unattended_upgrade_status
+  ignore_errors: true
+  changed_when: false
+
+- name: Set fact if unattended-upgrades is installed
+  set_fact:
+    unattended_upgrades_installed: "{{ 'install ok installed' in unattended_upgrade_status.stdout }}"
+
+- name: Verify unattended-upgrades is not installed
+  fail:
+    msg: |
+      The unattended-upgrades package is installed on the base image, this
+      can cause tons of issues with CIs. Fix this by running the following
+      commands:
+
+      make cleancache
+      make bringup
+  when:
+    - unattended_upgrades_installed|bool
+
 - name: Upgrade Packages
   become: yes
   become_method: sudo