Clean up sources.list in autoinstaller; take updates

Bug #314427 reported by Evan Broder on 2009-01-06
Affects Status Importance Assigned to Milestone
Invirt Project

Bug Description

   xvm / / kcr 11:25 (we do what we must because we can)
       also, autoinstalled machines should *not* come up without
       security patches or the security apt source commented out

This must be a problem with the Etch autoinstaller, because the Hardy one comes up fine.

That being said, Hardy's sources.list comes up incomplete. I don't a fresh install accessible to me, but xen-create-image leaves multiverse off of a couple of the lines.

Evan Broder (broder) wrote :

Eww, eww, make it go away. From /usr/lib/xen-tools/debian.d/20-setup-apt:

> #
> # If the host system has security support then enable that here too.
> #
> if ( grep ^deb.* /etc/apt/sources.list >/dev/null 2>/dev/null ) ; then

If that doesn't match, it adds in the security sources commented out.

This is totally a bug in xen-utils, both because the hooks may not be running on a Debian system, and because you probably never want a system running without the security repo enabled.

The issue with the Ubuntu installers is separate - someone just forgot to mention multiverse in several different places in /usr/lib/xen-tools/edgy.d/20-setup-apt (which is different from the Debian one)

Changed in invirt:
status: New → Confirmed
importance: Undecided → High
Jonté Craighead (jontec) wrote :

This is still an issue with Hardy.
Hardy 8.04 (i386) autoinstall's /etc/apt/sources.list (formatted for readability):
> deb hardy main restricted universe multiverse
> deb-src hardy main restricted universe
> deb hardy-updates main restricted universe multiverse
> deb-src hardy-updates main restricted universe
> deb hardy-security main restricted universe
> deb-src hardy-security main restricted universe

Jonté Craighead (jontec) wrote :

Issue with etch also confirmed:

> deb etch main contrib non-free
> deb-src etch main contrib non-free
> #
> # Security updates - Uncomment to enable.
> #
> # deb etch/updates main contrib non-free
> # deb-src etch/updates main contrib non-free

Jonté Craighead (jontec) wrote :

This patch should address the issue with etch.

Essentially, the grep command in the if statement has been changed from
> if ( grep ^deb.* /etc/apt/sources.list >/dev/null 2>/dev/null ) ; then
> if ( grep -E '^deb.*security\.(debian\.org|ubuntu\.com)' /etc/apt/sources.list >/dev/null 2>/dev/null ) ; then

This has been tested with the etch autoinstaller (it's actually in the current image). Note, however, that the Hardy issue has not been addressed.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers