with the release of squeeze-lts, the current way we deal with security
sources is problemaic. by flipping things around we hope to make the
files contents more stable.
What happened here was the $codename = $::lsbdistcodename was removed from
init.pp and replaced with just $::lsbdistcodename whereever $codename was
used. Then in the sources.list.erb and preferences files things were changed
like this:
<pre>+### Debian current: <%= codename = scope.lookupvar('::lsbdistcodename') %>
...
-deb <%= debian_url %> <%= codename %> <%= repos %>
...
+deb <%= debian_url=scope.lookupvar('apt::debian_url') %> <%= codename %> <%= repos=scope.lookupvar('apt::repos') %>
</pre>
This meant that the codename was always set to lsbdistcodename, and you because
in newer puppet versions you cannot assign a value to a top-level facter
variable, it is not possible to change this.
Because we cannot change $lsbdistcodename, we have to fix this by allowing the
user to pass a different, non-top-level scoped variable to the class as a
parameter, which defaults to $::lsbdistcodename, so that upgrades can be
triggered.
This is documented in the README in an upgrade notice
The APT pinning we ship does not support that, and this seems a bit too much of
a corner case to me to deserve being supported out-of-the-box.
Anyone willing to use current release + next release + next release backports
(e.g. Lenny + Squeeze + squeeze-backports) can anyway do so using
apt::sources_list and apt::preferences_snippet.
https://labs.riseup.net/code/issues/2856 is the bug that triggered this change.
Lenny's APT does not support pinning like this:
Pin: release o=Debian,n=<%= codename %>
We therefore switched (in commit ef2ebdffd) to:
Pin: release o=Debian,a=<%= release %>
With such a pinning setup, when Squeeze is released, systems using this module
with $apt_use_next_release set to true would immediately switch to prefer
packages from Squeeze. If an automated upgrade process is setup, they would be
automatically upgraded to Squeeze.
This does not sound safe to me, so let's use the release version number as an
additional selection criterion to prevent upgrades to Squeeze to happen behind
our back:
Pin: release o=Debian,a=<%= release %>,v=<%= release_version %>*
Note that the trailing '*' is intentional and necessary to match stable
point-releases.
Why apticron, when we have cron-apt already? Some people have different preferences, we use apticron along with the upgrade_package functionality in this module. I know someone who uses cron-apt to run the upgrades, but apticron for notifications, because apticron's notifications are much nicer (cron-apt just gives you the output of apt-get upgrade)
the templates/Debian/preferences_lenny.erb file checked in with
e2f80db7b7 contains pinning based on codename,
which is not supported in lenny (see #433624 - if you look at the version graph,
you see, "Fixed in version 0.7.21", and lenny has 0.7.20.2+lenny1.)
Merging one more commit.
Conflicts:
files/preferences
templates/Debian/sources.list.deb-src.erb
templates/Debian/sources.list.volatile.erb
templates/Ubuntu/sources.list.backports.erb
templates/Ubuntu/sources.list.deb-src.erb
File headers are there to indicate that the files should not be touched
directly on the server. By changing the first sentence to "This file is
managed by Puppet", we reinforce the idea that it is already taken care
of by something else.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
Currently, it's either we use the default source that's hardcoded in the
sources.list template or we redefine entirely this template.
Make it easier to just change the URL of the apt source while using the
rest of the default template by adding a $main_apt_source variable.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>