StealthOS/subiquity
StealthOS
/
subiquity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mirror: do not let curtin decide the URL of the security archive 

When the URL of the security archive is unset, curtin will set it to the
URL of the primary archive.

This is not the behavior we want for Ubuntu installations. On amd64 (and
i386), the URL of the security archive should be set to
http://security.ubuntu.com/ubuntu

On other architectures, it should be set to
http://ports.ubuntu.com/ubuntu-ports

Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
(cherry picked from commit 5556313652)
This commit is contained in:
Olivier Gayot 2023-09-07 11:31:53 +02:00 committed by Dan Bungert
parent efb1bd8ae5
commit c1166b1e0d
3 changed files with 82 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
scripts/runtests.sh
View File

@ -41,6 +41,18 @@ validate () {
echo "password leaked into log file"
exit 1
fi
# After the lunar release and the introduction of mirror testing, it
# came to our attention that new Ubuntu installations have the security
# repository configured with the primary mirror URL (i.e.,
# http://<cc>.archive.ubuntu.com/ubuntu) instead of
# http://security.ubuntu.com/ubuntu. Let's ensure we instruct curtin
# not to do that.
# If we run an autoinstall that customizes the security section as part
# of the test-suite, we will need to adapt this test.
python3 scripts/check-yaml-fields.py $tmpdir/var/log/installer/subiquity-curtin-apt.conf \
apt.security[0].uri='"http://security.ubuntu.com/ubuntu/"' \
apt.security[0].arches='["amd64", "i386"]' \
apt.security[1].uri='"http://ports.ubuntu.com/ubuntu-ports"'
netplan generate --root $tmpdir
elif [ "${mode}" = "system_setup" ]; then
setup_mode="$2"

21
subiquity/models/mirror.py
View File

@ -89,7 +89,9 @@ from curtin.commands.apt_config import (
get_arch_mirrorconfig,
get_mirror,
PORTS_ARCHES,
PORTS_MIRRORS,
PRIMARY_ARCHES,
PRIMARY_ARCH_MIRRORS,
)
from curtin.config import merge_config
@ -100,8 +102,8 @@ except ImportError:
log = logging.getLogger('subiquity.models.mirror')
DEFAULT_SUPPORTED_ARCHES_URI = "http://archive.ubuntu.com/ubuntu"
DEFAULT_PORTS_ARCHES_URI = "http://ports.ubuntu.com/ubuntu-ports"
DEFAULT_SUPPORTED_ARCHES_URI = PRIMARY_ARCH_MIRRORS["PRIMARY"]
DEFAULT_PORTS_ARCHES_URI = PORTS_MIRRORS["PRIMARY"]
LEGACY_DEFAULT_PRIMARY_SECTION = [
{
@ -113,6 +115,17 @@ LEGACY_DEFAULT_PRIMARY_SECTION = [
},
]
DEFAULT_SECURITY_SECTION = [
{
"arches": PRIMARY_ARCHES,
"uri": PRIMARY_ARCH_MIRRORS["SECURITY"],
},
{
"arches": PORTS_ARCHES,
"uri": PORTS_MIRRORS["SECURITY"],
},
]
DEFAULT = {
"preserve_sources_list": False,
}
@ -311,6 +324,10 @@ class MirrorModel(object):
config = copy.deepcopy(self.config)
config["disable_components"] = sorted(self.disabled_components)
if "security" not in config:
config["security"] = DEFAULT_SECURITY_SECTION
return config
def _get_apt_config_using_candidate(

57
subiquity/models/tests/test_mirror.py
View File

@ -19,6 +19,7 @@ from unittest import mock
from subiquity.models.mirror import (
countrify_uri,
DEFAULT_SECURITY_SECTION,
LEGACY_DEFAULT_PRIMARY_SECTION,
MirrorModel,
MirrorSelectionFallback,
@ -150,7 +151,7 @@ class TestMirrorModel(unittest.TestCase):
self.assertIn(
country_mirror_candidate.uri,
[
"http://CC.archive.ubuntu.com/ubuntu",
"http://CC.archive.ubuntu.com/ubuntu/",
"http://CC.ports.ubuntu.com/ubuntu-ports",
])
@ -293,7 +294,9 @@ class TestMirrorModel(unittest.TestCase):
self.model.legacy_primary = False
self.model.primary_candidates = [
PrimaryEntry(
uri="http://mirror.local/ubuntu", arches=None, parent=self.model
uri="http://mirror.local/ubuntu",
arches=None,
parent=self.model
),
]
self.model.primary_candidates[0].stage()
@ -308,20 +311,31 @@ class TestMirrorModel(unittest.TestCase):
],
)
self.assertEqual(
set(config["disable_components"]), set(self.model.disabled_components)
set(config["disable_components"]),
set(self.model.disabled_components)
)
self.assertEqual(set(config["disable_suites"]), {"security"})
self.assertEqual(config["security"], DEFAULT_SECURITY_SECTION)
def test_get_apt_config_staged_with_config(self):
self.model.legacy_primary = False
self.model.primary_candidates = [
PrimaryEntry(
uri="http://mirror.local/ubuntu", arches=None, parent=self.model
uri="http://mirror.local/ubuntu",
arches=None,
parent=self.model
),
]
self.model.primary_candidates[0].stage()
security_config = [
{
"arches": ["default"],
"uri": "http://security.ubuntu.com/ubuntu",
},
]
self.model.config = {
"disable_suites": ["updates"],
"security": security_config,
}
config = self.model.get_apt_config_staged()
self.assertEqual(
@ -334,6 +348,37 @@ class TestMirrorModel(unittest.TestCase):
],
)
self.assertEqual(
set(config["disable_components"]), set(self.model.disabled_components)
set(config["disable_components"]),
set(self.model.disabled_components)
)
self.assertEqual(set(config["disable_suites"]), {"security", "updates"})
self.assertEqual(
set(config["disable_suites"]),
{"security", "updates"}
)
self.assertEqual(config["security"], security_config)
def test_get_apt_config_elected_default_config(self):
self.model.legacy_primary = False
self.model.primary_candidates = [
PrimaryEntry(
uri="http://mirror.local/ubuntu",
arches=None,
parent=self.model
),
]
self.model.primary_candidates[0].elect()
config = self.model.get_apt_config_elected()
self.assertEqual(
config["primary"],
[
{
"uri": "http://mirror.local/ubuntu",
"arches": ["default"],
}
],
)
self.assertEqual(
set(config["disable_components"]),
set(self.model.disabled_components)
)
self.assertEqual(config["security"], DEFAULT_SECURITY_SECTION)