mirror: do not let curtin decide the URL of the security archive
When the URL of the security archive is unset, curtin will set it to the
URL of the primary archive.
This is not the behavior we want for Ubuntu installations. On amd64 (and
i386), the URL of the security archive should be set to
http://security.ubuntu.com/ubuntu
On other architectures, it should be set to
http://ports.ubuntu.com/ubuntu-ports
Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
(cherry picked from commit 5556313652
)
This commit is contained in:
parent
efb1bd8ae5
commit
c1166b1e0d
|
@ -41,6 +41,18 @@ validate () {
|
|||
echo "password leaked into log file"
|
||||
exit 1
|
||||
fi
|
||||
# After the lunar release and the introduction of mirror testing, it
|
||||
# came to our attention that new Ubuntu installations have the security
|
||||
# repository configured with the primary mirror URL (i.e.,
|
||||
# http://<cc>.archive.ubuntu.com/ubuntu) instead of
|
||||
# http://security.ubuntu.com/ubuntu. Let's ensure we instruct curtin
|
||||
# not to do that.
|
||||
# If we run an autoinstall that customizes the security section as part
|
||||
# of the test-suite, we will need to adapt this test.
|
||||
python3 scripts/check-yaml-fields.py $tmpdir/var/log/installer/subiquity-curtin-apt.conf \
|
||||
apt.security[0].uri='"http://security.ubuntu.com/ubuntu/"' \
|
||||
apt.security[0].arches='["amd64", "i386"]' \
|
||||
apt.security[1].uri='"http://ports.ubuntu.com/ubuntu-ports"'
|
||||
netplan generate --root $tmpdir
|
||||
elif [ "${mode}" = "system_setup" ]; then
|
||||
setup_mode="$2"
|
||||
|
|
|
@ -89,7 +89,9 @@ from curtin.commands.apt_config import (
|
|||
get_arch_mirrorconfig,
|
||||
get_mirror,
|
||||
PORTS_ARCHES,
|
||||
PORTS_MIRRORS,
|
||||
PRIMARY_ARCHES,
|
||||
PRIMARY_ARCH_MIRRORS,
|
||||
)
|
||||
from curtin.config import merge_config
|
||||
|
||||
|
@ -100,8 +102,8 @@ except ImportError:
|
|||
|
||||
log = logging.getLogger('subiquity.models.mirror')
|
||||
|
||||
DEFAULT_SUPPORTED_ARCHES_URI = "http://archive.ubuntu.com/ubuntu"
|
||||
DEFAULT_PORTS_ARCHES_URI = "http://ports.ubuntu.com/ubuntu-ports"
|
||||
DEFAULT_SUPPORTED_ARCHES_URI = PRIMARY_ARCH_MIRRORS["PRIMARY"]
|
||||
DEFAULT_PORTS_ARCHES_URI = PORTS_MIRRORS["PRIMARY"]
|
||||
|
||||
LEGACY_DEFAULT_PRIMARY_SECTION = [
|
||||
{
|
||||
|
@ -113,6 +115,17 @@ LEGACY_DEFAULT_PRIMARY_SECTION = [
|
|||
},
|
||||
]
|
||||
|
||||
DEFAULT_SECURITY_SECTION = [
|
||||
{
|
||||
"arches": PRIMARY_ARCHES,
|
||||
"uri": PRIMARY_ARCH_MIRRORS["SECURITY"],
|
||||
},
|
||||
{
|
||||
"arches": PORTS_ARCHES,
|
||||
"uri": PORTS_MIRRORS["SECURITY"],
|
||||
},
|
||||
]
|
||||
|
||||
DEFAULT = {
|
||||
"preserve_sources_list": False,
|
||||
}
|
||||
|
@ -311,6 +324,10 @@ class MirrorModel(object):
|
|||
|
||||
config = copy.deepcopy(self.config)
|
||||
config["disable_components"] = sorted(self.disabled_components)
|
||||
|
||||
if "security" not in config:
|
||||
config["security"] = DEFAULT_SECURITY_SECTION
|
||||
|
||||
return config
|
||||
|
||||
def _get_apt_config_using_candidate(
|
||||
|
|
|
@ -19,6 +19,7 @@ from unittest import mock
|
|||
|
||||
from subiquity.models.mirror import (
|
||||
countrify_uri,
|
||||
DEFAULT_SECURITY_SECTION,
|
||||
LEGACY_DEFAULT_PRIMARY_SECTION,
|
||||
MirrorModel,
|
||||
MirrorSelectionFallback,
|
||||
|
@ -150,7 +151,7 @@ class TestMirrorModel(unittest.TestCase):
|
|||
self.assertIn(
|
||||
country_mirror_candidate.uri,
|
||||
[
|
||||
"http://CC.archive.ubuntu.com/ubuntu",
|
||||
"http://CC.archive.ubuntu.com/ubuntu/",
|
||||
"http://CC.ports.ubuntu.com/ubuntu-ports",
|
||||
])
|
||||
|
||||
|
@ -293,7 +294,9 @@ class TestMirrorModel(unittest.TestCase):
|
|||
self.model.legacy_primary = False
|
||||
self.model.primary_candidates = [
|
||||
PrimaryEntry(
|
||||
uri="http://mirror.local/ubuntu", arches=None, parent=self.model
|
||||
uri="http://mirror.local/ubuntu",
|
||||
arches=None,
|
||||
parent=self.model
|
||||
),
|
||||
]
|
||||
self.model.primary_candidates[0].stage()
|
||||
|
@ -308,20 +311,31 @@ class TestMirrorModel(unittest.TestCase):
|
|||
],
|
||||
)
|
||||
self.assertEqual(
|
||||
set(config["disable_components"]), set(self.model.disabled_components)
|
||||
set(config["disable_components"]),
|
||||
set(self.model.disabled_components)
|
||||
)
|
||||
self.assertEqual(set(config["disable_suites"]), {"security"})
|
||||
self.assertEqual(config["security"], DEFAULT_SECURITY_SECTION)
|
||||
|
||||
def test_get_apt_config_staged_with_config(self):
|
||||
self.model.legacy_primary = False
|
||||
self.model.primary_candidates = [
|
||||
PrimaryEntry(
|
||||
uri="http://mirror.local/ubuntu", arches=None, parent=self.model
|
||||
uri="http://mirror.local/ubuntu",
|
||||
arches=None,
|
||||
parent=self.model
|
||||
),
|
||||
]
|
||||
self.model.primary_candidates[0].stage()
|
||||
security_config = [
|
||||
{
|
||||
"arches": ["default"],
|
||||
"uri": "http://security.ubuntu.com/ubuntu",
|
||||
},
|
||||
]
|
||||
self.model.config = {
|
||||
"disable_suites": ["updates"],
|
||||
"security": security_config,
|
||||
}
|
||||
config = self.model.get_apt_config_staged()
|
||||
self.assertEqual(
|
||||
|
@ -334,6 +348,37 @@ class TestMirrorModel(unittest.TestCase):
|
|||
],
|
||||
)
|
||||
self.assertEqual(
|
||||
set(config["disable_components"]), set(self.model.disabled_components)
|
||||
set(config["disable_components"]),
|
||||
set(self.model.disabled_components)
|
||||
)
|
||||
self.assertEqual(set(config["disable_suites"]), {"security", "updates"})
|
||||
self.assertEqual(
|
||||
set(config["disable_suites"]),
|
||||
{"security", "updates"}
|
||||
)
|
||||
self.assertEqual(config["security"], security_config)
|
||||
|
||||
def test_get_apt_config_elected_default_config(self):
|
||||
self.model.legacy_primary = False
|
||||
self.model.primary_candidates = [
|
||||
PrimaryEntry(
|
||||
uri="http://mirror.local/ubuntu",
|
||||
arches=None,
|
||||
parent=self.model
|
||||
),
|
||||
]
|
||||
self.model.primary_candidates[0].elect()
|
||||
config = self.model.get_apt_config_elected()
|
||||
self.assertEqual(
|
||||
config["primary"],
|
||||
[
|
||||
{
|
||||
"uri": "http://mirror.local/ubuntu",
|
||||
"arches": ["default"],
|
||||
}
|
||||
],
|
||||
)
|
||||
self.assertEqual(
|
||||
set(config["disable_components"]),
|
||||
set(self.model.disabled_components)
|
||||
)
|
||||
self.assertEqual(config["security"], DEFAULT_SECURITY_SECTION)
|
||||
|
|
Loading…
Reference in New Issue