When the URL of the security archive is unset, curtin will set it to the
URL of the primary archive.
This is not the behavior we want for Ubuntu installations. On amd64 (and
i386), the URL of the security archive should be set to
http://security.ubuntu.com/ubuntu
On other architectures, it should be set to
http://ports.ubuntu.com/ubuntu-ports
Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
Mirror testing should focus on testing the primary mirror, not the
security archive - therefore we disable the -security suite.
Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
When accessing the Help menu, Subiquity looks up the IP addresses
currently configured - so it knows whether to show the "Help on SSH
access" option.
Unfortunately, it also looks for IP addresses on devices that were
"configured" through the network screen but that still do not exist in
the system. When such a device exist (e.g., a bond), the Subiquity
client crashes with the following exception:
Traceback (most recent call last):
File "subiquity/common/api/server.py", line 164, in handler
result = await implementation(**args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "subiquity/server/server.py", line 117, in ssh_info_GET
ips.extend(map(str, dev.actual_global_ip_addresses))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "subiquitycore/models/network.py", line 394, in actual_global_ip_addresses
for _, addr in sorted(self.info.addresses.items())
^^^^^^^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'addresses'
A similar crash is observed when calling /network/global_addresses after
creating the bond.
Fixed by only checking the IP addresses of devices that have a
probert.network.Link instance (i.e., they exist in the system).
Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
When the server raises an exception in a HTTP request handler context,
more often than not, the exception is sent back to the client in the
body.
Additionally, the message of the exception (if any), is also copied as
is in a x-error-msg HTTP header.
That said, HTTP headers must obey strict rules. The "\r\n" sequence
indicate the end of the current HTTP header. When using aiohttp, the
library rejects any header that has a "\r" or "\n" in its value:
ValueError: Newline or carriage return character detected in HTTP status message or header. This is a potential security issue.
As an example, any curtin.util.ProcessExecutionError exception will
contain "\n" characters when converted into a string.
We now encode the error message as JSON before copying it in the HTTP
header.
Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
Remove swap space size allocation suggestion. It often won't be used on
smaller installs anyhow.
Drop /boot size to the min instead of max.
Add esp size min into the mix.
(which more than cancels out the /boot change to min)
Reduce padding to max(2G, 50% source min)
When doing an offline install, ubuntu-drivers would sometimes list a
package that is available in the archive but not present in the pool.
This is not something we would expect since we run apt-get update (with
only the pool configured when offline) in the install tree.
However, it turned out that we create the overlay with the lower layers
specified in the wrong order - which essentially makes APT indexes
visible in the source tree also visible in the OEM/third-party driver
overlay.
When calling setup_overlay(lowers=[a, b, c]), Subiquity invokes mount
with lowerdir=c🅱️a (in the reverse order).
This means that c is top, b is middle and a is bottom.
For the OEM and third-party drivers, we build overlays that are based
on:
* the source tree
* the configured tree
* the install tree
Unfortunately, we were doing the opposite. Fixed by reversing the order of
the lower layers.
Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
Controllers have started, but we have decided that no refresh check
is needed, so no check_task was started (or assigned).
GET /refresh is called, resulting in:
DEBUG subiquity.server.server:446 request to /refresh?wait=true crashed
Traceback (most recent call last):
File "subiquity/server/controllers/refresh.py", line 233, in GET
await self.check_task.wait()
AttributeError: 'NoneType' object has no attribute 'wait'
Detecting the bootloader is an obvious choice for real installs, but
is a source of glitches in CI. Default to UEFI, and if tests want
something else they should pass a specific --bootloader.