Merge pull request #1790 from ogayot/security-archive
Ensure the security archive is set to the proper URL
This commit is contained in:
commit
f7c5d8c665
|
@ -54,6 +54,18 @@ validate () {
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
python3 scripts/validate-autoinstall-user-data.py < $tmpdir/var/log/installer/autoinstall-user-data
|
python3 scripts/validate-autoinstall-user-data.py < $tmpdir/var/log/installer/autoinstall-user-data
|
||||||
|
# After the lunar release and the introduction of mirror testing, it
|
||||||
|
# came to our attention that new Ubuntu installations have the security
|
||||||
|
# repository configured with the primary mirror URL (i.e.,
|
||||||
|
# http://<cc>.archive.ubuntu.com/ubuntu) instead of
|
||||||
|
# http://security.ubuntu.com/ubuntu. Let's ensure we instruct curtin
|
||||||
|
# not to do that.
|
||||||
|
# If we run an autoinstall that customizes the security section as part
|
||||||
|
# of the test-suite, we will need to adapt this test.
|
||||||
|
python3 scripts/check-yaml-fields.py $tmpdir/var/log/installer/subiquity-curtin-apt.conf \
|
||||||
|
apt.security[0].uri='"http://security.ubuntu.com/ubuntu/"' \
|
||||||
|
apt.security[0].arches='["amd64", "i386"]' \
|
||||||
|
apt.security[1].uri='"http://ports.ubuntu.com/ubuntu-ports"'
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
netplan generate --root $tmpdir
|
netplan generate --root $tmpdir
|
||||||
|
|
|
@ -70,7 +70,7 @@ parts:
|
||||||
|
|
||||||
source: https://git.launchpad.net/curtin
|
source: https://git.launchpad.net/curtin
|
||||||
source-type: git
|
source-type: git
|
||||||
source-commit: 307b32f7bf7eebc32f81b1f0f2f17184a7cffb22
|
source-commit: d5f5dde574aca60935fc9e1acf9cb669e24f22de
|
||||||
|
|
||||||
override-pull: |
|
override-pull: |
|
||||||
craftctl default
|
craftctl default
|
||||||
|
|
|
@ -81,6 +81,8 @@ from urllib import parse
|
||||||
import attr
|
import attr
|
||||||
from curtin.commands.apt_config import (
|
from curtin.commands.apt_config import (
|
||||||
PORTS_ARCHES,
|
PORTS_ARCHES,
|
||||||
|
PORTS_MIRRORS,
|
||||||
|
PRIMARY_ARCH_MIRRORS,
|
||||||
PRIMARY_ARCHES,
|
PRIMARY_ARCHES,
|
||||||
get_arch_mirrorconfig,
|
get_arch_mirrorconfig,
|
||||||
get_mirror,
|
get_mirror,
|
||||||
|
@ -96,8 +98,8 @@ except ImportError:
|
||||||
|
|
||||||
log = logging.getLogger("subiquity.models.mirror")
|
log = logging.getLogger("subiquity.models.mirror")
|
||||||
|
|
||||||
DEFAULT_SUPPORTED_ARCHES_URI = "http://archive.ubuntu.com/ubuntu"
|
DEFAULT_SUPPORTED_ARCHES_URI = PRIMARY_ARCH_MIRRORS["PRIMARY"]
|
||||||
DEFAULT_PORTS_ARCHES_URI = "http://ports.ubuntu.com/ubuntu-ports"
|
DEFAULT_PORTS_ARCHES_URI = PORTS_MIRRORS["PRIMARY"]
|
||||||
|
|
||||||
LEGACY_DEFAULT_PRIMARY_SECTION = [
|
LEGACY_DEFAULT_PRIMARY_SECTION = [
|
||||||
{
|
{
|
||||||
|
@ -110,6 +112,17 @@ LEGACY_DEFAULT_PRIMARY_SECTION = [
|
||||||
},
|
},
|
||||||
]
|
]
|
||||||
|
|
||||||
|
DEFAULT_SECURITY_SECTION = [
|
||||||
|
{
|
||||||
|
"arches": PRIMARY_ARCHES,
|
||||||
|
"uri": PRIMARY_ARCH_MIRRORS["SECURITY"],
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"arches": PORTS_ARCHES,
|
||||||
|
"uri": PORTS_MIRRORS["SECURITY"],
|
||||||
|
},
|
||||||
|
]
|
||||||
|
|
||||||
DEFAULT = {
|
DEFAULT = {
|
||||||
"preserve_sources_list": False,
|
"preserve_sources_list": False,
|
||||||
}
|
}
|
||||||
|
@ -312,6 +325,10 @@ class MirrorModel(object):
|
||||||
|
|
||||||
config = copy.deepcopy(self.config)
|
config = copy.deepcopy(self.config)
|
||||||
config["disable_components"] = sorted(self.disabled_components)
|
config["disable_components"] = sorted(self.disabled_components)
|
||||||
|
|
||||||
|
if "security" not in config:
|
||||||
|
config["security"] = DEFAULT_SECURITY_SECTION
|
||||||
|
|
||||||
return config
|
return config
|
||||||
|
|
||||||
def _get_apt_config_using_candidate(
|
def _get_apt_config_using_candidate(
|
||||||
|
@ -323,7 +340,15 @@ class MirrorModel(object):
|
||||||
|
|
||||||
def get_apt_config_staged(self) -> Dict[str, Any]:
|
def get_apt_config_staged(self) -> Dict[str, Any]:
|
||||||
assert self.primary_staged is not None
|
assert self.primary_staged is not None
|
||||||
return self._get_apt_config_using_candidate(self.primary_staged)
|
config = self._get_apt_config_using_candidate(self.primary_staged)
|
||||||
|
|
||||||
|
# For mirror testing, we disable the -security suite - so that we only
|
||||||
|
# test the primary mirror, not the security archive.
|
||||||
|
if "disable_suites" not in config:
|
||||||
|
config["disable_suites"]: List[str] = []
|
||||||
|
if "security" not in config["disable_suites"]:
|
||||||
|
config["disable_suites"].append("security")
|
||||||
|
return config
|
||||||
|
|
||||||
def get_apt_config_elected(self) -> Dict[str, Any]:
|
def get_apt_config_elected(self) -> Dict[str, Any]:
|
||||||
assert self.primary_elected is not None
|
assert self.primary_elected is not None
|
||||||
|
|
|
@ -18,6 +18,7 @@ import unittest
|
||||||
from unittest import mock
|
from unittest import mock
|
||||||
|
|
||||||
from subiquity.models.mirror import (
|
from subiquity.models.mirror import (
|
||||||
|
DEFAULT_SECURITY_SECTION,
|
||||||
LEGACY_DEFAULT_PRIMARY_SECTION,
|
LEGACY_DEFAULT_PRIMARY_SECTION,
|
||||||
LegacyPrimaryEntry,
|
LegacyPrimaryEntry,
|
||||||
MirrorModel,
|
MirrorModel,
|
||||||
|
@ -146,7 +147,7 @@ class TestMirrorModel(unittest.TestCase):
|
||||||
self.assertIn(
|
self.assertIn(
|
||||||
country_mirror_candidate.uri,
|
country_mirror_candidate.uri,
|
||||||
[
|
[
|
||||||
"http://CC.archive.ubuntu.com/ubuntu",
|
"http://CC.archive.ubuntu.com/ubuntu/",
|
||||||
"http://CC.ports.ubuntu.com/ubuntu-ports",
|
"http://CC.ports.ubuntu.com/ubuntu-ports",
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
|
@ -290,3 +291,81 @@ class TestMirrorModel(unittest.TestCase):
|
||||||
)
|
)
|
||||||
with country_mirror_candidates:
|
with country_mirror_candidates:
|
||||||
self.assertTrue(self.model.wants_geoip())
|
self.assertTrue(self.model.wants_geoip())
|
||||||
|
|
||||||
|
def test_get_apt_config_staged_default_config(self):
|
||||||
|
self.model.legacy_primary = False
|
||||||
|
self.model.primary_candidates = [
|
||||||
|
PrimaryEntry(
|
||||||
|
uri="http://mirror.local/ubuntu", arches=None, parent=self.model
|
||||||
|
),
|
||||||
|
]
|
||||||
|
self.model.primary_candidates[0].stage()
|
||||||
|
config = self.model.get_apt_config_staged()
|
||||||
|
self.assertEqual(
|
||||||
|
config["primary"],
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"uri": "http://mirror.local/ubuntu",
|
||||||
|
"arches": ["default"],
|
||||||
|
}
|
||||||
|
],
|
||||||
|
)
|
||||||
|
self.assertEqual(
|
||||||
|
set(config["disable_components"]), set(self.model.disabled_components)
|
||||||
|
)
|
||||||
|
self.assertEqual(set(config["disable_suites"]), {"security"})
|
||||||
|
self.assertEqual(config["security"], DEFAULT_SECURITY_SECTION)
|
||||||
|
|
||||||
|
def test_get_apt_config_staged_with_config(self):
|
||||||
|
self.model.legacy_primary = False
|
||||||
|
self.model.primary_candidates = [
|
||||||
|
PrimaryEntry(
|
||||||
|
uri="http://mirror.local/ubuntu", arches=None, parent=self.model
|
||||||
|
),
|
||||||
|
]
|
||||||
|
self.model.primary_candidates[0].stage()
|
||||||
|
security_config = [
|
||||||
|
{"arches": ["default"], "uri": "http://security.ubuntu.com/ubuntu"},
|
||||||
|
]
|
||||||
|
self.model.config = {
|
||||||
|
"disable_suites": ["updates"],
|
||||||
|
"security": security_config,
|
||||||
|
}
|
||||||
|
config = self.model.get_apt_config_staged()
|
||||||
|
self.assertEqual(
|
||||||
|
config["primary"],
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"uri": "http://mirror.local/ubuntu",
|
||||||
|
"arches": ["default"],
|
||||||
|
}
|
||||||
|
],
|
||||||
|
)
|
||||||
|
self.assertEqual(
|
||||||
|
set(config["disable_components"]), set(self.model.disabled_components)
|
||||||
|
)
|
||||||
|
self.assertEqual(set(config["disable_suites"]), {"security", "updates"})
|
||||||
|
self.assertEqual(config["security"], security_config)
|
||||||
|
|
||||||
|
def test_get_apt_config_elected_default_config(self):
|
||||||
|
self.model.legacy_primary = False
|
||||||
|
self.model.primary_candidates = [
|
||||||
|
PrimaryEntry(
|
||||||
|
uri="http://mirror.local/ubuntu", arches=None, parent=self.model
|
||||||
|
),
|
||||||
|
]
|
||||||
|
self.model.primary_candidates[0].elect()
|
||||||
|
config = self.model.get_apt_config_elected()
|
||||||
|
self.assertEqual(
|
||||||
|
config["primary"],
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"uri": "http://mirror.local/ubuntu",
|
||||||
|
"arches": ["default"],
|
||||||
|
}
|
||||||
|
],
|
||||||
|
)
|
||||||
|
self.assertEqual(
|
||||||
|
set(config["disable_components"]), set(self.model.disabled_components)
|
||||||
|
)
|
||||||
|
self.assertEqual(config["security"], DEFAULT_SECURITY_SECTION)
|
||||||
|
|
Loading…
Reference in New Issue