Control: tag -1 + patch On Fri, 15 Sep 2017, Steve McIntyre wrote: > >For Debian, I don't think that making such a difference makes sense. > >We should: > >- either always show the question with its default value of "none" > > (thus making sure that they have a chance to opt-in to this feature) > >- or not show the question (priority "medium") but make it default > > to install unattended-upgrades so that they get updates by default but > > have a chance to disable that with preseeding > > > >Given the last discussion on -devel > >(https://lists.debian.org/debian-devel/2016/11/threads.html#00117) I think > >we should make a bold choice and do the latter. > > > >I'm going to submit a tested patch later on. > > Sounds reasonable, yes.
Ok, so here's my set of patches. Relevant to this bug are the first and the last one. The other commits are other random improvements that I merged from Ubuntu that looked like useful. I tested the attached patches on modified mini.iso where I force-injected pkgsel and bootstrap-base (because I could not manage to get anna to reload the modified templates if I installed the new pkgsel manually once the installer was started up to the configure network step). Reviews are welcome. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/
>From 07855172bf545b6c6e632b4f3c6e267b056d5862 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <hert...@debian.org> Date: Fri, 15 Sep 2017 11:29:00 +0200 Subject: [PATCH 1/7] Merge pkgsel/update-policy preseed from Ubuntu to offer to install unattended-upgrades. --- debian/changelog | 7 +++++++ debian/pkgsel.templates | 13 +++++++++++++ pre-pkgsel.d/20update-policy | 41 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+) create mode 100755 pre-pkgsel.d/20update-policy diff --git a/debian/changelog b/debian/changelog index d9934a7..5dd6dc7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +pkgsel (0.46) UNRELEASED; urgency=medium + + * Merge pkgsel/update-policy preseed from Ubuntu to offer to install + unattended-upgrades. + + -- Raphaël Hertzog <hert...@debian.org> Fri, 15 Sep 2017 11:26:14 +0200 + pkgsel (0.45) unstable; urgency=medium * Export DEBIAN_TASKS_ONLY=1 when running tasksel in target, to make diff --git a/debian/pkgsel.templates b/debian/pkgsel.templates index 6ce4290..0b8fd54 100644 --- a/debian/pkgsel.templates +++ b/debian/pkgsel.templates @@ -48,3 +48,16 @@ Description: for internal use; can be preseeded Template: pkgsel/progress/fallback Type: text _Description: Running ${SCRIPT}... + +Template: pkgsel/update-policy +Type: select +Default: none +Choices-C: none, unattended-upgrades +__Choices: No automatic updates, Install security updates automatically +_Description: How do you want to manage upgrades on this system? + Applying updates on a frequent basis is an important part of keeping your + system secure. + . + By default, updates need to be applied manually using package management + tools. Alternatively, you can choose to have this system automatically + download and install security updates. diff --git a/pre-pkgsel.d/20update-policy b/pre-pkgsel.d/20update-policy new file mode 100755 index 0000000..c3588da --- /dev/null +++ b/pre-pkgsel.d/20update-policy @@ -0,0 +1,41 @@ +#!/bin/sh + +set -e +. /usr/share/debconf/confmodule + +DISTRIB_ID=$(. /target/etc/os-release; echo $ID) +DISTRIB_ID_LIKE=$(. /target/etc/os-release; echo $ID_LIKE) + +if [ "$DISTRIB_ID" = "ubuntu" ] || [ "$DISTRIB_ID_LIKE" = "ubuntu" ]; then + # Ubuntu hack to ask this at high priority on server or netboot + # installations, medium otherwise + if [ ! -d /cdrom/.disk ] || grep -iq server /cdrom/.disk/info; then + update_priority=high + else + update_priority=medium + fi +else + # In Debian, we always ask the question + update_priority=high +fi + +db_input "$update_priority" pkgsel/update-policy || true +db_go || true +db_get pkgsel/update-policy +if [ "$RET" = none ]; then + # We might pull in unattended-upgrades, which defaults to doing security + # updates automatically. Seed it to have auto updates disabled so that if + # we *do* pull it in, it won't break stuff. + echo 'unattended-upgrades unattended-upgrades/enable_auto_updates boolean false' | \ + log-output -t pkgsel chroot /target debconf-set-selections || \ + true +elif [ "$RET" = unattended-upgrades ]; then + # unattended-upgrades defaults to true on installation if otherwise untouched. + apt-install unattended-upgrades || true +elif [ "$RET" = landscape ]; then + # This is Ubuntu-specific but does no harm here + echo 'landscape-client landscape-client/register_system boolean true' | \ + log-output -t pkgsel chroot /target debconf-set-selections || \ + true + apt-install landscape-client || true +fi -- 2.14.1
>From 391eb9457ec44eaa8d2a4603fcbf6c9c2a581821 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <hert...@debian.org> Date: Fri, 15 Sep 2017 11:58:57 +0200 Subject: [PATCH 2/7] No longer divert scrollkeeper, the rarian-compat implementation is fast now. Change taken from Ubuntu. --- debian/changelog | 2 ++ debian/postinst | 5 +---- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/debian/changelog b/debian/changelog index 5dd6dc7..1109256 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,8 @@ pkgsel (0.46) UNRELEASED; urgency=medium * Merge pkgsel/update-policy preseed from Ubuntu to offer to install unattended-upgrades. + * No longer divert scrollkeeper, the rarian-compat implementation is fast + now. -- Raphaël Hertzog <hert...@debian.org> Fri, 15 Sep 2017 11:26:14 +0200 diff --git a/debian/postinst b/debian/postinst index 4614438..92eeeeb 100755 --- a/debian/postinst +++ b/debian/postinst @@ -6,7 +6,7 @@ set -e export LANG=C REMOUNT_CD="" -DIVERTS='/usr/bin/scrollkeeper-update /usr/bin/scrollkeeper-rebuilddb /usr/bin/fc-cache' +DIVERTS='/usr/bin/fc-cache' log() { logger -t pkgsel "$@" @@ -161,9 +161,6 @@ fi db_progress STEP 20 -if [ -x /target/usr/bin/scrollkeeper-update ]; then - log-output -t pkgsel chroot /target scrollkeeper-update -q || true -fi if [ -x /target/usr/bin/fc-cache ]; then chroot /target fc-cache -f -v >/target/var/log/fontconfig.log 2>&1 \ || true -- 2.14.1
>From c02ff2ab8f5e95d292932c3a2a83c3534a7bb094 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <hert...@debian.org> Date: Fri, 15 Sep 2017 12:04:00 +0200 Subject: [PATCH 3/7] Ensure a file is not already diverted before diverting it. This change has been taken from Ubuntu. --- debian/changelog | 1 + debian/postinst | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 1109256..c1b20d6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,7 @@ pkgsel (0.46) UNRELEASED; urgency=medium unattended-upgrades. * No longer divert scrollkeeper, the rarian-compat implementation is fast now. + * Ensure a file is not already diverted before diverting it. -- Raphaël Hertzog <hert...@debian.org> Fri, 15 Sep 2017 11:26:14 +0200 diff --git a/debian/postinst b/debian/postinst index 92eeeeb..ab97d2f 100755 --- a/debian/postinst +++ b/debian/postinst @@ -6,7 +6,12 @@ set -e export LANG=C REMOUNT_CD="" -DIVERTS='/usr/bin/fc-cache' +DIVERTS="" +for divert in /usr/bin/fc-cache; do + if ! chroot /target dpkg-divert --listpackage $divert | grep -q .; then + DIVERTS="$DIVERTS $divert" + fi +done log() { logger -t pkgsel "$@" -- 2.14.1
>From fdc3d5a6cf5d2af0ca67494321faf4088170362a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <hert...@debian.org> Date: Fri, 15 Sep 2017 12:16:37 +0200 Subject: [PATCH 4/7] Run updatedb by default when a locate implementation has been installed This can be disabled with the pkgsel/updatedb preseed. This change has been taken from Ubuntu. --- debian/changelog | 2 ++ debian/pkgsel.templates | 7 +++++++ debian/postinst | 9 +++++++++ 3 files changed, 18 insertions(+) diff --git a/debian/changelog b/debian/changelog index c1b20d6..a5b63b8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,8 @@ pkgsel (0.46) UNRELEASED; urgency=medium * No longer divert scrollkeeper, the rarian-compat implementation is fast now. * Ensure a file is not already diverted before diverting it. + * Run updatedb by default when a locate implementation has been installed. + This can be disabled with the pkgsel/updatedb preseed. -- Raphaël Hertzog <hert...@debian.org> Fri, 15 Sep 2017 11:26:14 +0200 diff --git a/debian/pkgsel.templates b/debian/pkgsel.templates index 0b8fd54..8d13fca 100644 --- a/debian/pkgsel.templates +++ b/debian/pkgsel.templates @@ -61,3 +61,10 @@ _Description: How do you want to manage upgrades on this system? By default, updates need to be applied manually using package management tools. Alternatively, you can choose to have this system automatically download and install security updates. + +Template: pkgsel/updatedb +Type: boolean +Default: true +Description: for internal use; can be preseeded + If mlocate is installed, update its database after installing packages. + This is time-consuming, so you may wish to set this to false to disable it. diff --git a/debian/postinst b/debian/postinst index ab97d2f..f2a0a67 100755 --- a/debian/postinst +++ b/debian/postinst @@ -171,6 +171,15 @@ if [ -x /target/usr/bin/fc-cache ]; then || true fi +if db_get pkgsel/updatedb && [ "$RET" = true ]; then + for script in mlocate locate; do + if [ -x "/target/etc/cron.daily/$script" ]; then + chroot /target "/etc/cron.daily/$script" || true + break + fi + done +fi + db_progress STEP 30 db_progress STOP -- 2.14.1
>From a787efcbb480165ea0de7382ad04f9f701775b0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <hert...@debian.org> Date: Fri, 15 Sep 2017 13:33:59 +0200 Subject: [PATCH 5/7] Divert update-initramfs during package installation Despite the use of triggers, we often have multiple update-initramfs calls in a single installation run. Thus divert the command during installation and do a single run at the end. This change has been taken from Ubuntu. --- debian/changelog | 3 +++ debian/postinst | 17 ++++++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index a5b63b8..2b03f59 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,6 +7,9 @@ pkgsel (0.46) UNRELEASED; urgency=medium * Ensure a file is not already diverted before diverting it. * Run updatedb by default when a locate implementation has been installed. This can be disabled with the pkgsel/updatedb preseed. + * Despite the use of triggers, we often have multiple update-initramfs calls + in a single installation run. Thus divert the command during installation + and do a single run at the end. -- Raphaël Hertzog <hert...@debian.org> Fri, 15 Sep 2017 11:26:14 +0200 diff --git a/debian/postinst b/debian/postinst index f2a0a67..c996d29 100755 --- a/debian/postinst +++ b/debian/postinst @@ -7,7 +7,7 @@ export LANG=C REMOUNT_CD="" DIVERTS="" -for divert in /usr/bin/fc-cache; do +for divert in /usr/bin/fc-cache /usr/sbin/update-initramfs; do if ! chroot /target dpkg-divert --listpackage $divert | grep -q .; then DIVERTS="$DIVERTS $divert" fi @@ -170,6 +170,21 @@ if [ -x /target/usr/bin/fc-cache ]; then chroot /target fc-cache -f -v >/target/var/log/fontconfig.log 2>&1 \ || true fi +if [ -x /target/usr/sbin/update-initramfs ]; then + # get UUIDs for any devices formatted after partitioning + update-dev + + # make UUIDs etc. available in the target system + mount -o bind /dev /target/dev + mount -o bind /sys /target/sys + mount -o bind /proc /target/proc + + chroot /target /usr/sbin/update-initramfs -u || true + + umount /target/proc + umount /target/sys + umount /target/dev +fi if db_get pkgsel/updatedb && [ "$RET" = true ]; then for script in mlocate locate; do -- 2.14.1
>From 43441db25191791936aba45bcb478b2f2f0f93a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <hert...@debian.org> Date: Fri, 15 Sep 2017 13:36:12 +0200 Subject: [PATCH 6/7] Add a final "apt-get clean" call at the end This is to ensure that we don't have any .deb file remaining in APT's cache. This change has been taken from Ubuntu. --- debian/changelog | 2 ++ debian/postinst | 3 +++ 2 files changed, 5 insertions(+) diff --git a/debian/changelog b/debian/changelog index 2b03f59..fd9f68f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -10,6 +10,8 @@ pkgsel (0.46) UNRELEASED; urgency=medium * Despite the use of triggers, we often have multiple update-initramfs calls in a single installation run. Thus divert the command during installation and do a single run at the end. + * Add a final "apt-get clean" call at the end to ensure that we don't have + any .deb file remaining in APT's cache. -- Raphaël Hertzog <hert...@debian.org> Fri, 15 Sep 2017 11:26:14 +0200 diff --git a/debian/postinst b/debian/postinst index c996d29..7391453 100755 --- a/debian/postinst +++ b/debian/postinst @@ -195,6 +195,9 @@ if db_get pkgsel/updatedb && [ "$RET" = true ]; then done fi +# Ensure we don't have any leftover .deb files in cache +chroot /target apt-get clean + db_progress STEP 30 db_progress STOP -- 2.14.1
>From 266d0b69f7eeb4397414b308d0308dc4fc2982d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <hert...@debian.org> Date: Mon, 18 Sep 2017 16:41:27 +0200 Subject: [PATCH 7/7] Install/enable unattended-upgrades by default Closes: #875858 --- debian/changelog | 1 + debian/pkgsel.templates | 2 +- pre-pkgsel.d/20update-policy | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index fd9f68f..566ad33 100644 --- a/debian/changelog +++ b/debian/changelog @@ -12,6 +12,7 @@ pkgsel (0.46) UNRELEASED; urgency=medium and do a single run at the end. * Add a final "apt-get clean" call at the end to ensure that we don't have any .deb file remaining in APT's cache. + * Install/enable unattended-upgrades by default. Closes: #875858 -- Raphaël Hertzog <hert...@debian.org> Fri, 15 Sep 2017 11:26:14 +0200 diff --git a/debian/pkgsel.templates b/debian/pkgsel.templates index 8d13fca..04fb797 100644 --- a/debian/pkgsel.templates +++ b/debian/pkgsel.templates @@ -51,7 +51,7 @@ _Description: Running ${SCRIPT}... Template: pkgsel/update-policy Type: select -Default: none +Default: unattended-upgrades Choices-C: none, unattended-upgrades __Choices: No automatic updates, Install security updates automatically _Description: How do you want to manage upgrades on this system? diff --git a/pre-pkgsel.d/20update-policy b/pre-pkgsel.d/20update-policy index c3588da..e9b0b2b 100755 --- a/pre-pkgsel.d/20update-policy +++ b/pre-pkgsel.d/20update-policy @@ -15,8 +15,8 @@ if [ "$DISTRIB_ID" = "ubuntu" ] || [ "$DISTRIB_ID_LIKE" = "ubuntu" ]; then update_priority=medium fi else - # In Debian, we always ask the question - update_priority=high + # In Debian, by default, we don't display it but enable unattended-upgrades + update_priority=medium fi db_input "$update_priority" pkgsel/update-policy || true -- 2.14.1