From 6179d98a07019d33483b03afde0039bf5b2f6a31 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Thu, 19 Mar 2020 13:58:41 -0700 Subject: [PATCH] upgrades: Don't ship apt backport preferences file - Don't ship the file preferences file as this is a violation of the Debian policy. Lintian throws a hard error that can't be overridden. Remove the lintian override. Remove this file using maintainer scripts when upgrading from all version below 20.5. - The preferences file is now renamed to 50freedombox4.pref. - Instead write the file when the app is getting setup (on each new version). - Don't run the setup code on daily timer, instead run the code when the app upgrades. This ensures that as soon as freedombox package is upgraded and run, the new preferences file is created instead of waiting for the daily timer to run. - From now on when the preferences change, we will increment the version number of the upgrades app. Change the setup() for the app so that it does not re-enable automatic upgrades every time setup() is run. Closes: #1673. Signed-off-by: Sunil Mohan Adapa Reviewed-by: James Valleroy --- actions/upgrades | 47 ++++++++++++++++++- debian/freedombox.lintian-overrides | 3 -- debian/freedombox.maintscript | 1 + debian/postrm | 4 ++ plinth/modules/upgrades/__init__.py | 11 ++++- .../etc/apt/preferences.d/50freedombox3.pref | 26 ---------- 6 files changed, 59 insertions(+), 33 deletions(-) delete mode 100644 plinth/modules/upgrades/data/etc/apt/preferences.d/50freedombox3.pref diff --git a/actions/upgrades b/actions/upgrades index f1802e0fb..d92699c6b 100755 --- a/actions/upgrades +++ b/actions/upgrades @@ -18,6 +18,37 @@ LOG_FILE = '/var/log/unattended-upgrades/unattended-upgrades.log' BUSTER_BACKPORTS_RELEASE_FILE_URL = \ 'https://deb.debian.org/debian/dists/buster-backports/Release' +# Whenever these preferences needs to change, increment the version number +# upgrades app. This ensures that setup is run again and the new contents are +# overwritten on the old file. +APT_PREFERENCES = '''Explanation: This file is managed by FreedomBox, do not edit. +Explanation: Allow carefully selected updates to 'freedombox' from backports. +Package: freedombox +Pin: release a=buster-backports +Pin-Priority: 500 + +Explanation: matrix-synapse 0.99.5 introduces room version 4. Older version +Explanation: 0.99.2 in buster won't be able join newly created rooms. +Package: matrix-synapse +Pin: release a=buster-backports +Pin-Priority: 500 + +Explanation: matrix-synapse >= 1.2 requires python3-service-identity >= 18.1 +Package: python3-service-identity +Pin: release a=buster-backports +Pin-Priority: 500 + +Explanation: matrix-synapse >= 1.5 requires python3-typing-extensions >= 3.7.4 +Package: python3-typing-extensions +Pin: release a=buster-backports +Pin-Priority: 500 + +Explanation: matrix-synapse >= 1.11 requires python3-signedjson >= 1.1.0 +Package: python3-signedjson +Pin: release a=buster-backports +Pin-Priority: 500 +''' + def parse_arguments(): """Return parsed command line arguments as dictionary""" @@ -31,6 +62,7 @@ def parse_arguments(): subparsers.add_parser('disable-auto', help='Disable automatic upgrades.') subparsers.add_parser('get-log', help='Print the automatic upgrades log') + subparsers.add_parser('setup', help='Setup apt preferences') subparsers.add_parser('setup-repositories', help='Setup software repositories for FreedomBox') @@ -156,11 +188,23 @@ def _check_and_backports_sources(): def _add_apt_preferences(): """Setup APT preferences to upgrade selected packages from backports.""" + base_path = pathlib.Path('/etc/apt/preferences.d') for file_name in ['50freedombox.pref', '50freedombox2.pref']: - full_path = pathlib.Path('/etc/apt/preferences.d') / file_name + full_path = base_path / file_name if full_path.exists(): full_path.unlink() + # Don't try to remove 50freedombox3.pref as this file is shipped with the + # Debian package and is removed using maintainer scripts. + + with open(base_path / '50freedombox4.pref', 'w') as file_handle: + file_handle.write(APT_PREFERENCES) + + +def subcommand_setup(_): + """Setup apt preferences.""" + _add_apt_preferences() + def subcommand_setup_repositories(_): """Setup software repositories needed for FreedomBox. @@ -170,7 +214,6 @@ def subcommand_setup_repositories(_): """ _check_and_backports_sources() - _add_apt_preferences() def main(): diff --git a/debian/freedombox.lintian-overrides b/debian/freedombox.lintian-overrides index 30f31ad68..13f87a95e 100644 --- a/debian/freedombox.lintian-overrides +++ b/debian/freedombox.lintian-overrides @@ -15,6 +15,3 @@ freedombox binary: non-standard-apache2-configuration-name * # web servers. At some point we would like to work with other web servers but # that requires significant effort. freedombox binary: web-application-should-not-depend-unconditionally-on-apache2 - -# FreedomBox takes over local administration of a system. -freedombox binary: package-installs-apt-preferences etc/apt/preferences.d/50freedombox3.pref diff --git a/debian/freedombox.maintscript b/debian/freedombox.maintscript index 0ae0f085e..9349c7399 100644 --- a/debian/freedombox.maintscript +++ b/debian/freedombox.maintscript @@ -9,3 +9,4 @@ rm_conffile /etc/plinth/modules-enabled/disks 0.15.3+ds-1~ rm_conffile /etc/plinth/modules-enabled/udiskie 0.39.0~ rm_conffile /etc/plinth/modules-enabled/restore 20.1~ rm_conffile /etc/plinth/modules-enabled/repro 20.1~ +rm_conffile /etc/apt/preferences.d/50freedombox3.pref 20.5~ diff --git a/debian/postrm b/debian/postrm index decc0700f..244f5736e 100755 --- a/debian/postrm +++ b/debian/postrm @@ -25,6 +25,10 @@ purge) if [ -e '/etc/apt/preferences.d/50freedombox2.pref' ]; then rm -f /etc/apt/preferences.d/50freedombox2.pref fi + + if [ -e '/etc/apt/preferences.d/50freedombox4.pref' ]; then + rm -f /etc/apt/preferences.d/50freedombox4.pref + fi ;; esac diff --git a/plinth/modules/upgrades/__init__.py b/plinth/modules/upgrades/__init__.py index 4293ea0b7..d737f2eb1 100644 --- a/plinth/modules/upgrades/__init__.py +++ b/plinth/modules/upgrades/__init__.py @@ -13,7 +13,7 @@ from plinth import menu from .manifest import backup # noqa, pylint: disable=unused-import -version = 1 +version = 2 is_essential = True @@ -86,7 +86,14 @@ def init(): def setup(helper, old_version=None): """Install and configure the module.""" helper.install(managed_packages) - helper.call('post', actions.superuser_run, 'upgrades', ['enable-auto']) + + # Enable automatic upgrades but only on first install + if not old_version: + helper.call('post', actions.superuser_run, 'upgrades', ['enable-auto']) + + # Update apt preferences whenever on first install and on version + # increment. + helper.call('post', actions.superuser_run, 'upgrades', ['setup']) def is_enabled(): diff --git a/plinth/modules/upgrades/data/etc/apt/preferences.d/50freedombox3.pref b/plinth/modules/upgrades/data/etc/apt/preferences.d/50freedombox3.pref deleted file mode 100644 index b7a06d9cb..000000000 --- a/plinth/modules/upgrades/data/etc/apt/preferences.d/50freedombox3.pref +++ /dev/null @@ -1,26 +0,0 @@ -Explanation: This file is managed by FreedomBox, do not edit. -Explanation: Allow carefully selected updates to 'freedombox' from backports. -Package: freedombox -Pin: release a=buster-backports -Pin-Priority: 500 - -Explanation: matrix-synapse 0.99.5 introduces room version 4. Older version -Explanation: 0.99.2 in buster won't be able join newly created rooms. -Package: matrix-synapse -Pin: release a=buster-backports -Pin-Priority: 500 - -Explanation: matrix-synapse >= 1.2 requires python3-service-identity >= 18.1 -Package: python3-service-identity -Pin: release a=buster-backports -Pin-Priority: 500 - -Explanation: matrix-synapse >= 1.5 requires python3-typing-extensions >= 3.7.4 -Package: python3-typing-extensions -Pin: release a=buster-backports -Pin-Priority: 500 - -Explanation: matrix-synapse >= 1.11 requires python3-signedjson >= 1.1.0 -Package: python3-signedjson -Pin: release a=buster-backports -Pin-Priority: 500