diff mbox series

[OSSTEST,3/3] Disable updates for ssapshot.debian.org

Message ID 20210210173629.4788-3-iwj@xenproject.org (mailing list archive)
State New
Headers show
Series [OSSTEST,1/3] production-config: Rewind buster armhf snapshot to 2021-01-124 | expand

Commit Message

Ian Jackson Feb. 10, 2021, 5:36 p.m. UTC
security updates are a separate apt source.

The point of using snapshot is to avoid pulling in uncontrolled
updates, so we need to disable security updates.

The non-security SUITE-updates are disabled by this too.  But
everything is on fire and I don't want another iteration while I
figure out the proper syntax for disabling only the security updates.

Signed-off-by: Ian Jackson <iwj@xenproject.org>
---
 Osstest/Debian.pm | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/Osstest/Debian.pm b/Osstest/Debian.pm
index d6e0b59d..ded7cdfc 100644
--- a/Osstest/Debian.pm
+++ b/Osstest/Debian.pm
@@ -972,12 +972,19 @@  END
     preseed_hook_command($ho, 'late_command', $sfx,
 			 debian_dhcp_rofs_fix($ho, '/target'));
 
+    my $disable_security_updates = 0;
+
     my $murl = debian_mirror_url($ho);
     if ($murl =~ m/$c{DebianMirrorAllowExpiredReleaseRegexp}/) {
 	# Inspired by
 	#  https://stackoverflow.com/questions/25039317/is-there-any-setting-in-the-preseed-file-to-ignore-the-release-valid-until-opt/51396935#51396935
 	# In some sense a workaround for the lack of a better way,
 	#  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771699
+	$disable_security_updates = 1;
+	# ^ this disables normal -updates too.  That's not desirable
+	#   but I don't want to mess with this now.  Hopefully it can
+	#   be improved later.
+
 	preseed_hook_installscript($ho, $sfx,
             '/usr/lib/apt-setup/generators/', '02IgnoreValidUntil', <<'END');
 #!/bin/sh
@@ -1075,12 +1082,14 @@  END
 d-i mirror/suite string $suite
 END
 
+    $disable_security_updates = 1 if $suite =~ m/jessie/;
+    # security.d.o CDN seems unreliable right now
+    # and jessie-updates is no more, so disable both for jessie
+
     $preseed .= <<'END'
 d-i apt-setup/services-select multiselect
 END
-       if $suite =~ m/jessie/;
-    # security.d.o CDN seems unreliable right now
-    # and jessie-updates is no more
+       if $disable_security_updates;
 
     if (grep { $r{$_} } runvar_glob('*_dmrestrict') and
 	$suite =~ m/stretch/) {