upgrades: Don't ship apt backport preferences file

- Don't ship the file preferences file as this is a violation of the Debian policy. Lintian throws a hard error that can't be overridden. Remove the lintian override. Remove this file using maintainer scripts when upgrading from all version below 20.5. - The preferences file is now renamed to 50freedombox4.pref. - Instead write the file when the app is getting setup (on each new version). - Don't run the setup code on daily timer, instead run the code when the app upgrades. This ensures that as soon as freedombox package is upgraded and run, the new preferences file is created instead of waiting for the daily timer to run. - From now on when the preferences change, we will increment the version number of the upgrades app. Change the setup() for the app so that it does not re-enable automatic upgrades every time setup() is run. Closes: #1673. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2026-06-03 10:50:20 +00:00 · 2020-03-19 13:58:41 -07:00 · 2020-03-19 13:58:41 -07:00 · 6179d98a07
commit 6179d98a07
parent fcc69bdc06
6 changed files with 59 additions and 33 deletions
--- a/actions/upgrades
+++ b/actions/upgrades
@ -18,6 +18,37 @@ LOG_FILE = '/var/log/unattended-upgrades/unattended-upgrades.log'
 BUSTER_BACKPORTS_RELEASE_FILE_URL = \
    'https://deb.debian.org/debian/dists/buster-backports/Release'

+# Whenever these preferences needs to change, increment the version number
+# upgrades app. This ensures that setup is run again and the new contents are
+# overwritten on the old file.
+APT_PREFERENCES = '''Explanation: This file is managed by FreedomBox, do not edit.
+Explanation: Allow carefully selected updates to 'freedombox' from backports.
+Package: freedombox
+Pin: release a=buster-backports
+Pin-Priority: 500
+
+Explanation: matrix-synapse 0.99.5 introduces room version 4. Older version
+Explanation: 0.99.2 in buster won't be able join newly created rooms.
+Package: matrix-synapse
+Pin: release a=buster-backports
+Pin-Priority: 500
+
+Explanation: matrix-synapse >= 1.2 requires python3-service-identity >= 18.1
+Package: python3-service-identity
+Pin: release a=buster-backports
+Pin-Priority: 500
+
+Explanation: matrix-synapse >= 1.5 requires python3-typing-extensions >= 3.7.4
+Package: python3-typing-extensions
+Pin: release a=buster-backports
+Pin-Priority: 500
+
+Explanation: matrix-synapse >= 1.11 requires python3-signedjson >= 1.1.0
+Package: python3-signedjson
+Pin: release a=buster-backports
+Pin-Priority: 500
+'''
+

 def parse_arguments():
    """Return parsed command line arguments as dictionary"""
@ -31,6 +62,7 @@ def parse_arguments():
    subparsers.add_parser('disable-auto', help='Disable automatic upgrades.')
    subparsers.add_parser('get-log', help='Print the automatic upgrades log')

+    subparsers.add_parser('setup', help='Setup apt preferences')
    subparsers.add_parser('setup-repositories',
                          help='Setup software repositories for FreedomBox')

@ -156,11 +188,23 @@ def _check_and_backports_sources():

 def _add_apt_preferences():
    """Setup APT preferences to upgrade selected packages from backports."""
+    base_path = pathlib.Path('/etc/apt/preferences.d')
    for file_name in ['50freedombox.pref', '50freedombox2.pref']:
-        full_path = pathlib.Path('/etc/apt/preferences.d') / file_name
+        full_path = base_path / file_name
        if full_path.exists():
            full_path.unlink()

+    # Don't try to remove 50freedombox3.pref as this file is shipped with the
+    # Debian package and is removed using maintainer scripts.
+
+    with open(base_path / '50freedombox4.pref', 'w') as file_handle:
+        file_handle.write(APT_PREFERENCES)
+
+
+def subcommand_setup(_):
+    """Setup apt preferences."""
+    _add_apt_preferences()
+

 def subcommand_setup_repositories(_):
    """Setup software repositories needed for FreedomBox.
@ -170,7 +214,6 @@ def subcommand_setup_repositories(_):

    """
    _check_and_backports_sources()
-    _add_apt_preferences()


 def main():
--- a/debian/freedombox.lintian-overrides
+++ b/debian/freedombox.lintian-overrides
@ -15,6 +15,3 @@ freedombox binary: non-standard-apache2-configuration-name *
 # web servers. At some point we would like to work with other web servers but
 # that requires significant effort.
 freedombox binary: web-application-should-not-depend-unconditionally-on-apache2
-
-# FreedomBox takes over local administration of a system.
-freedombox binary: package-installs-apt-preferences etc/apt/preferences.d/50freedombox3.pref
--- a/debian/freedombox.maintscript
+++ b/debian/freedombox.maintscript
@ -9,3 +9,4 @@ rm_conffile /etc/plinth/modules-enabled/disks 0.15.3+ds-1~
 rm_conffile /etc/plinth/modules-enabled/udiskie 0.39.0~
 rm_conffile /etc/plinth/modules-enabled/restore 20.1~
 rm_conffile /etc/plinth/modules-enabled/repro 20.1~
+rm_conffile /etc/apt/preferences.d/50freedombox3.pref 20.5~
--- a/debian/postrm
+++ b/debian/postrm
@ -25,6 +25,10 @@ purge)
    if [ -e '/etc/apt/preferences.d/50freedombox2.pref' ]; then
        rm -f /etc/apt/preferences.d/50freedombox2.pref
    fi
+
+    if [ -e '/etc/apt/preferences.d/50freedombox4.pref' ]; then
+        rm -f /etc/apt/preferences.d/50freedombox4.pref
+    fi
    ;;
 esac

--- a/plinth/modules/upgrades/init.py
+++ b/plinth/modules/upgrades/init.py
@ -13,7 +13,7 @@ from plinth import menu

 from .manifest import backup  # noqa, pylint: disable=unused-import

-version = 1
+version = 2

 is_essential = True

@ -86,7 +86,14 @@ def init():
 def setup(helper, old_version=None):
    """Install and configure the module."""
    helper.install(managed_packages)
-    helper.call('post', actions.superuser_run, 'upgrades', ['enable-auto'])
+
+    # Enable automatic upgrades but only on first install
+    if not old_version:
+        helper.call('post', actions.superuser_run, 'upgrades', ['enable-auto'])
+
+    # Update apt preferences whenever on first install and on version
+    # increment.
+    helper.call('post', actions.superuser_run, 'upgrades', ['setup'])


 def is_enabled():
--- a/plinth/modules/upgrades/data/etc/apt/preferences.d/50freedombox3.pref
+++ b/plinth/modules/upgrades/data/etc/apt/preferences.d/50freedombox3.pref
@ -1,26 +0,0 @@
-Explanation: This file is managed by FreedomBox, do not edit.
-Explanation: Allow carefully selected updates to 'freedombox' from backports.
-Package: freedombox
-Pin: release a=buster-backports
-Pin-Priority: 500
-
-Explanation: matrix-synapse 0.99.5 introduces room version 4. Older version
-Explanation: 0.99.2 in buster won't be able join newly created rooms.
-Package: matrix-synapse
-Pin: release a=buster-backports
-Pin-Priority: 500
-
-Explanation: matrix-synapse >= 1.2 requires python3-service-identity >= 18.1
-Package: python3-service-identity
-Pin: release a=buster-backports
-Pin-Priority: 500
-
-Explanation: matrix-synapse >= 1.5 requires python3-typing-extensions >= 3.7.4
-Package: python3-typing-extensions
-Pin: release a=buster-backports
-Pin-Priority: 500
-
-Explanation: matrix-synapse >= 1.11 requires python3-signedjson >= 1.1.0
-Package: python3-signedjson
-Pin: release a=buster-backports
-Pin-Priority: 500