Control: tag -1 + patch
On Fri, 15 Sep 2017, Steve McIntyre wrote:
> >For Debian, I don't think that making such a difference makes sense.
> >We should:
> >- either always show the question with its default value of "none"
> > (thus making sure that they have a chance to opt-in to this feature)
> >- or not show the question (priority "medium") but make it default
> > to install unattended-upgrades so that they get updates by default but
> > have a chance to disable that with preseeding
> >
> >Given the last discussion on -devel
> >(https://lists.debian.org/debian-devel/2016/11/threads.html#00117) I think
> >we should make a bold choice and do the latter.
> >
> >I'm going to submit a tested patch later on.
>
> Sounds reasonable, yes.
Ok, so here's my set of patches. Relevant to this bug are the first and
the last one. The other commits are other random improvements that I merged
from Ubuntu that looked like useful.
I tested the attached patches on modified mini.iso where I force-injected
pkgsel and bootstrap-base (because I could not manage to get anna to
reload the modified templates if I installed the new pkgsel manually once
the installer was started up to the configure network step).
Reviews are welcome.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
>From 07855172bf545b6c6e632b4f3c6e267b056d5862 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <hert...@debian.org>
Date: Fri, 15 Sep 2017 11:29:00 +0200
Subject: [PATCH 1/7] Merge pkgsel/update-policy preseed from Ubuntu to offer
to install unattended-upgrades.
---
debian/changelog | 7 +++++++
debian/pkgsel.templates | 13 +++++++++++++
pre-pkgsel.d/20update-policy | 41 +++++++++++++++++++++++++++++++++++++++++
3 files changed, 61 insertions(+)
create mode 100755 pre-pkgsel.d/20update-policy
diff --git a/debian/changelog b/debian/changelog
index d9934a7..5dd6dc7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+pkgsel (0.46) UNRELEASED; urgency=medium
+
+ * Merge pkgsel/update-policy preseed from Ubuntu to offer to install
+ unattended-upgrades.
+
+ -- Raphaël Hertzog <hert...@debian.org> Fri, 15 Sep 2017 11:26:14 +0200
+
pkgsel (0.45) unstable; urgency=medium
* Export DEBIAN_TASKS_ONLY=1 when running tasksel in target, to make
diff --git a/debian/pkgsel.templates b/debian/pkgsel.templates
index 6ce4290..0b8fd54 100644
--- a/debian/pkgsel.templates
+++ b/debian/pkgsel.templates
@@ -48,3 +48,16 @@ Description: for internal use; can be preseeded
Template: pkgsel/progress/fallback
Type: text
_Description: Running ${SCRIPT}...
+
+Template: pkgsel/update-policy
+Type: select
+Default: none
+Choices-C: none, unattended-upgrades
+__Choices: No automatic updates, Install security updates automatically
+_Description: How do you want to manage upgrades on this system?
+ Applying updates on a frequent basis is an important part of keeping your
+ system secure.
+ .
+ By default, updates need to be applied manually using package management
+ tools. Alternatively, you can choose to have this system automatically
+ download and install security updates.
diff --git a/pre-pkgsel.d/20update-policy b/pre-pkgsel.d/20update-policy
new file mode 100755
index 0000000..c3588da
--- /dev/null
+++ b/pre-pkgsel.d/20update-policy
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+. /usr/share/debconf/confmodule
+
+DISTRIB_ID=$(. /target/etc/os-release; echo $ID)
+DISTRIB_ID_LIKE=$(. /target/etc/os-release; echo $ID_LIKE)
+
+if [ "$DISTRIB_ID" = "ubuntu" ] || [ "$DISTRIB_ID_LIKE" = "ubuntu" ]; then
+ # Ubuntu hack to ask this at high priority on server or netboot
+ # installations, medium otherwise
+ if [ ! -d /cdrom/.disk ] || grep -iq server /cdrom/.disk/info; then
+ update_priority=high
+ else
+ update_priority=medium
+ fi
+else
+ # In Debian, we always ask the question
+ update_priority=high
+fi
+
+db_input "$update_priority" pkgsel/update-policy || true
+db_go || true
+db_get pkgsel/update-policy
+if [ "$RET" = none ]; then
+ # We might pull in unattended-upgrades, which defaults to doing security
+ # updates automatically. Seed it to have auto updates disabled so that if
+ # we *do* pull it in, it won't break stuff.
+ echo 'unattended-upgrades unattended-upgrades/enable_auto_updates boolean false' | \
+ log-output -t pkgsel chroot /target debconf-set-selections || \
+ true
+elif [ "$RET" = unattended-upgrades ]; then
+ # unattended-upgrades defaults to true on installation if otherwise untouched.
+ apt-install unattended-upgrades || true
+elif [ "$RET" = landscape ]; then
+ # This is Ubuntu-specific but does no harm here
+ echo 'landscape-client landscape-client/register_system boolean true' | \
+ log-output -t pkgsel chroot /target debconf-set-selections || \
+ true
+ apt-install landscape-client || true
+fi
--
2.14.1
>From 391eb9457ec44eaa8d2a4603fcbf6c9c2a581821 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <hert...@debian.org>
Date: Fri, 15 Sep 2017 11:58:57 +0200
Subject: [PATCH 2/7] No longer divert scrollkeeper, the rarian-compat
implementation is fast now.
Change taken from Ubuntu.
---
debian/changelog | 2 ++
debian/postinst | 5 +----
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 5dd6dc7..1109256 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ pkgsel (0.46) UNRELEASED; urgency=medium
* Merge pkgsel/update-policy preseed from Ubuntu to offer to install
unattended-upgrades.
+ * No longer divert scrollkeeper, the rarian-compat implementation is fast
+ now.
-- Raphaël Hertzog <hert...@debian.org> Fri, 15 Sep 2017 11:26:14 +0200
diff --git a/debian/postinst b/debian/postinst
index 4614438..92eeeeb 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -6,7 +6,7 @@ set -e
export LANG=C
REMOUNT_CD=""
-DIVERTS='/usr/bin/scrollkeeper-update /usr/bin/scrollkeeper-rebuilddb /usr/bin/fc-cache'
+DIVERTS='/usr/bin/fc-cache'
log() {
logger -t pkgsel "$@"
@@ -161,9 +161,6 @@ fi
db_progress STEP 20
-if [ -x /target/usr/bin/scrollkeeper-update ]; then
- log-output -t pkgsel chroot /target scrollkeeper-update -q || true
-fi
if [ -x /target/usr/bin/fc-cache ]; then
chroot /target fc-cache -f -v >/target/var/log/fontconfig.log 2>&1 \
|| true
--
2.14.1
>From c02ff2ab8f5e95d292932c3a2a83c3534a7bb094 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <hert...@debian.org>
Date: Fri, 15 Sep 2017 12:04:00 +0200
Subject: [PATCH 3/7] Ensure a file is not already diverted before diverting
it.
This change has been taken from Ubuntu.
---
debian/changelog | 1 +
debian/postinst | 7 ++++++-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index 1109256..c1b20d6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ pkgsel (0.46) UNRELEASED; urgency=medium
unattended-upgrades.
* No longer divert scrollkeeper, the rarian-compat implementation is fast
now.
+ * Ensure a file is not already diverted before diverting it.
-- Raphaël Hertzog <hert...@debian.org> Fri, 15 Sep 2017 11:26:14 +0200
diff --git a/debian/postinst b/debian/postinst
index 92eeeeb..ab97d2f 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -6,7 +6,12 @@ set -e
export LANG=C
REMOUNT_CD=""
-DIVERTS='/usr/bin/fc-cache'
+DIVERTS=""
+for divert in /usr/bin/fc-cache; do
+ if ! chroot /target dpkg-divert --listpackage $divert | grep -q .; then
+ DIVERTS="$DIVERTS $divert"
+ fi
+done
log() {
logger -t pkgsel "$@"
--
2.14.1
>From fdc3d5a6cf5d2af0ca67494321faf4088170362a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <hert...@debian.org>
Date: Fri, 15 Sep 2017 12:16:37 +0200
Subject: [PATCH 4/7] Run updatedb by default when a locate implementation has
been installed
This can be disabled with the pkgsel/updatedb preseed.
This change has been taken from Ubuntu.
---
debian/changelog | 2 ++
debian/pkgsel.templates | 7 +++++++
debian/postinst | 9 +++++++++
3 files changed, 18 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index c1b20d6..a5b63b8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,8 @@ pkgsel (0.46) UNRELEASED; urgency=medium
* No longer divert scrollkeeper, the rarian-compat implementation is fast
now.
* Ensure a file is not already diverted before diverting it.
+ * Run updatedb by default when a locate implementation has been installed.
+ This can be disabled with the pkgsel/updatedb preseed.
-- Raphaël Hertzog <hert...@debian.org> Fri, 15 Sep 2017 11:26:14 +0200
diff --git a/debian/pkgsel.templates b/debian/pkgsel.templates
index 0b8fd54..8d13fca 100644
--- a/debian/pkgsel.templates
+++ b/debian/pkgsel.templates
@@ -61,3 +61,10 @@ _Description: How do you want to manage upgrades on this system?
By default, updates need to be applied manually using package management
tools. Alternatively, you can choose to have this system automatically
download and install security updates.
+
+Template: pkgsel/updatedb
+Type: boolean
+Default: true
+Description: for internal use; can be preseeded
+ If mlocate is installed, update its database after installing packages.
+ This is time-consuming, so you may wish to set this to false to disable it.
diff --git a/debian/postinst b/debian/postinst
index ab97d2f..f2a0a67 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -171,6 +171,15 @@ if [ -x /target/usr/bin/fc-cache ]; then
|| true
fi
+if db_get pkgsel/updatedb && [ "$RET" = true ]; then
+ for script in mlocate locate; do
+ if [ -x "/target/etc/cron.daily/$script" ]; then
+ chroot /target "/etc/cron.daily/$script" || true
+ break
+ fi
+ done
+fi
+
db_progress STEP 30
db_progress STOP
--
2.14.1
>From a787efcbb480165ea0de7382ad04f9f701775b0e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <hert...@debian.org>
Date: Fri, 15 Sep 2017 13:33:59 +0200
Subject: [PATCH 5/7] Divert update-initramfs during package installation
Despite the use of triggers, we often have multiple update-initramfs calls
in a single installation run. Thus divert the command during installation
and do a single run at the end.
This change has been taken from Ubuntu.
---
debian/changelog | 3 +++
debian/postinst | 17 ++++++++++++++++-
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index a5b63b8..2b03f59 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,9 @@ pkgsel (0.46) UNRELEASED; urgency=medium
* Ensure a file is not already diverted before diverting it.
* Run updatedb by default when a locate implementation has been installed.
This can be disabled with the pkgsel/updatedb preseed.
+ * Despite the use of triggers, we often have multiple update-initramfs calls
+ in a single installation run. Thus divert the command during installation
+ and do a single run at the end.
-- Raphaël Hertzog <hert...@debian.org> Fri, 15 Sep 2017 11:26:14 +0200
diff --git a/debian/postinst b/debian/postinst
index f2a0a67..c996d29 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -7,7 +7,7 @@ export LANG=C
REMOUNT_CD=""
DIVERTS=""
-for divert in /usr/bin/fc-cache; do
+for divert in /usr/bin/fc-cache /usr/sbin/update-initramfs; do
if ! chroot /target dpkg-divert --listpackage $divert | grep -q .; then
DIVERTS="$DIVERTS $divert"
fi
@@ -170,6 +170,21 @@ if [ -x /target/usr/bin/fc-cache ]; then
chroot /target fc-cache -f -v >/target/var/log/fontconfig.log 2>&1 \
|| true
fi
+if [ -x /target/usr/sbin/update-initramfs ]; then
+ # get UUIDs for any devices formatted after partitioning
+ update-dev
+
+ # make UUIDs etc. available in the target system
+ mount -o bind /dev /target/dev
+ mount -o bind /sys /target/sys
+ mount -o bind /proc /target/proc
+
+ chroot /target /usr/sbin/update-initramfs -u || true
+
+ umount /target/proc
+ umount /target/sys
+ umount /target/dev
+fi
if db_get pkgsel/updatedb && [ "$RET" = true ]; then
for script in mlocate locate; do
--
2.14.1
>From 43441db25191791936aba45bcb478b2f2f0f93a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <hert...@debian.org>
Date: Fri, 15 Sep 2017 13:36:12 +0200
Subject: [PATCH 6/7] Add a final "apt-get clean" call at the end
This is to ensure that we don't have any .deb file remaining in APT's cache.
This change has been taken from Ubuntu.
---
debian/changelog | 2 ++
debian/postinst | 3 +++
2 files changed, 5 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 2b03f59..fd9f68f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -10,6 +10,8 @@ pkgsel (0.46) UNRELEASED; urgency=medium
* Despite the use of triggers, we often have multiple update-initramfs calls
in a single installation run. Thus divert the command during installation
and do a single run at the end.
+ * Add a final "apt-get clean" call at the end to ensure that we don't have
+ any .deb file remaining in APT's cache.
-- Raphaël Hertzog <hert...@debian.org> Fri, 15 Sep 2017 11:26:14 +0200
diff --git a/debian/postinst b/debian/postinst
index c996d29..7391453 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -195,6 +195,9 @@ if db_get pkgsel/updatedb && [ "$RET" = true ]; then
done
fi
+# Ensure we don't have any leftover .deb files in cache
+chroot /target apt-get clean
+
db_progress STEP 30
db_progress STOP
--
2.14.1
>From 266d0b69f7eeb4397414b308d0308dc4fc2982d7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <hert...@debian.org>
Date: Mon, 18 Sep 2017 16:41:27 +0200
Subject: [PATCH 7/7] Install/enable unattended-upgrades by default
Closes: #875858
---
debian/changelog | 1 +
debian/pkgsel.templates | 2 +-
pre-pkgsel.d/20update-policy | 4 ++--
3 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index fd9f68f..566ad33 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -12,6 +12,7 @@ pkgsel (0.46) UNRELEASED; urgency=medium
and do a single run at the end.
* Add a final "apt-get clean" call at the end to ensure that we don't have
any .deb file remaining in APT's cache.
+ * Install/enable unattended-upgrades by default. Closes: #875858
-- Raphaël Hertzog <hert...@debian.org> Fri, 15 Sep 2017 11:26:14 +0200
diff --git a/debian/pkgsel.templates b/debian/pkgsel.templates
index 8d13fca..04fb797 100644
--- a/debian/pkgsel.templates
+++ b/debian/pkgsel.templates
@@ -51,7 +51,7 @@ _Description: Running ${SCRIPT}...
Template: pkgsel/update-policy
Type: select
-Default: none
+Default: unattended-upgrades
Choices-C: none, unattended-upgrades
__Choices: No automatic updates, Install security updates automatically
_Description: How do you want to manage upgrades on this system?
diff --git a/pre-pkgsel.d/20update-policy b/pre-pkgsel.d/20update-policy
index c3588da..e9b0b2b 100755
--- a/pre-pkgsel.d/20update-policy
+++ b/pre-pkgsel.d/20update-policy
@@ -15,8 +15,8 @@ if [ "$DISTRIB_ID" = "ubuntu" ] || [ "$DISTRIB_ID_LIKE" = "ubuntu" ]; then
update_priority=medium
fi
else
- # In Debian, we always ask the question
- update_priority=high
+ # In Debian, by default, we don't display it but enable unattended-upgrades
+ update_priority=medium
fi
db_input "$update_priority" pkgsel/update-policy || true
--
2.14.1
