Invirt Project

Clean up sources.list in autoinstaller; take updates

Bug #314427 reported by Evan Broder
6
Affects Status Importance Assigned to Milestone
Invirt Project
Confirmed
High
Unassigned

Bug Description

   xvm / / kcr 11:25 (we do what we must because we can)
       also, autoinstalled machines should *not* come up without
       security patches or the security apt source commented out

This must be a problem with the Etch autoinstaller, because the Hardy one comes up fine.

That being said, Hardy's sources.list comes up incomplete. I don't a fresh install accessible to me, but xen-create-image leaves multiverse off of a couple of the lines.

Revision history for this message
Evan Broder (broder) wrote :

Eww, eww, make it go away. From /usr/lib/xen-tools/debian.d/20-setup-apt:

> #
> # If the host system has security support then enable that here too.
> #
> if ( grep ^deb.*security.debian.org /etc/apt/sources.list >/dev/null 2>/dev/null ) ; then

If that doesn't match, it adds in the security sources commented out.

This is totally a bug in xen-utils, both because the hooks may not be running on a Debian system, and because you probably never want a system running without the security repo enabled.

The issue with the Ubuntu installers is separate - someone just forgot to mention multiverse in several different places in /usr/lib/xen-tools/edgy.d/20-setup-apt (which is different from the Debian one)

Changed in invirt:
status: New → Confirmed
importance: Undecided → High
Revision history for this message
Jonté Craighead (jontec) wrote :

This is still an issue with Hardy.
Hardy 8.04 (i386) autoinstall's /etc/apt/sources.list (formatted for readability):
> deb http://mirrors.mit.edu/ubuntu hardy main restricted universe multiverse
> deb-src http://mirrors.mit.edu/ubuntu hardy main restricted universe
> deb http://mirrors.mit.edu/ubuntu hardy-updates main restricted universe multiverse
> deb-src http://mirrors.mit.edu/ubuntu hardy-updates main restricted universe
> deb http://security.ubuntu.com/ubuntu hardy-security main restricted universe
> deb-src http://security.ubuntu.com/ubuntu hardy-security main restricted universe

Revision history for this message
Jonté Craighead (jontec) wrote :

Issue with etch also confirmed:

> deb http://debian.lcs.mit.edu/debian etch main contrib non-free
> deb-src http://debian.lcs.mit.edu/debian etch main contrib non-free
>
> #
> # Security updates - Uncomment to enable.
> #
> # deb http://security.debian.org/ etch/updates main contrib non-free
> # deb-src http://security.debian.org/ etch/updates main contrib non-free

Revision history for this message
Jonté Craighead (jontec) wrote :

This patch should address the issue with etch.

Essentially, the grep command in the if statement has been changed from
> if ( grep ^deb.*security.debian.org /etc/apt/sources.list >/dev/null 2>/dev/null ) ; then
 to
> if ( grep -E '^deb.*security\.(debian\.org|ubuntu\.com)' /etc/apt/sources.list >/dev/null 2>/dev/null ) ; then

This has been tested with the etch autoinstaller (it's actually in the current image). Note, however, that the Hardy issue has not been addressed.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.