From: Ian Jackson <iwj@xenproject.org>
Date: Wed, 10 Feb 2021 16:41:12 +0000 (+0000)
Subject: Disable updates for ssapshot.debian.org
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=1f18d46b8880cd656c56dbf13a3b8199d3595b1c;p=people%2Faperard%2Fosstest.git

Disable updates for ssapshot.debian.org

security updates are a separate apt source.

The point of using snapshot is to avoid pulling in uncontrolled
updates, so we need to disable security updates.

The non-security SUITE-updates are disabled by this too.  But
everything is on fire and I don't want another iteration while I
figure out the proper syntax for disabling only the security updates.

Signed-off-by: Ian Jackson <iwj@xenproject.org>
---

diff --git a/Osstest/Debian.pm b/Osstest/Debian.pm
index d6e0b59d..ded7cdfc 100644
--- a/Osstest/Debian.pm
+++ b/Osstest/Debian.pm
@@ -972,12 +972,19 @@ END
     preseed_hook_command($ho, 'late_command', $sfx,
 			 debian_dhcp_rofs_fix($ho, '/target'));
 
+    my $disable_security_updates = 0;
+
     my $murl = debian_mirror_url($ho);
     if ($murl =~ m/$c{DebianMirrorAllowExpiredReleaseRegexp}/) {
 	# Inspired by
 	#  https://stackoverflow.com/questions/25039317/is-there-any-setting-in-the-preseed-file-to-ignore-the-release-valid-until-opt/51396935#51396935
 	# In some sense a workaround for the lack of a better way,
 	#  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771699
+	$disable_security_updates = 1;
+	# ^ this disables normal -updates too.  That's not desirable
+	#   but I don't want to mess with this now.  Hopefully it can
+	#   be improved later.
+
 	preseed_hook_installscript($ho, $sfx,
             '/usr/lib/apt-setup/generators/', '02IgnoreValidUntil', <<'END');
 #!/bin/sh
@@ -1075,12 +1082,14 @@ END
 d-i mirror/suite string $suite
 END
 
+    $disable_security_updates = 1 if $suite =~ m/jessie/;
+    # security.d.o CDN seems unreliable right now
+    # and jessie-updates is no more, so disable both for jessie
+
     $preseed .= <<'END'
 d-i apt-setup/services-select multiselect
 END
-       if $suite =~ m/jessie/;
-    # security.d.o CDN seems unreliable right now
-    # and jessie-updates is no more
+       if $disable_security_updates;
 
     if (grep { $r{$_} } runvar_glob('*_dmrestrict') and
 	$suite =~ m/stretch/) {