The APT pinning we ship does not support that, and this seems a bit too much of
a corner case to me to deserve being supported out-of-the-box.
Anyone willing to use current release + next release + next release backports
(e.g. Lenny + Squeeze + squeeze-backports) can anyway do so using
apt::sources_list and apt::preferences_snippet.
https://labs.riseup.net/code/issues/2856 is the bug that triggered this change.
This implements the "update initiator" pattern suggested by
http://projects.puppetlabs.com/projects/puppet/wiki/Debian_Patterns.
This feature is useful when one does not want to setup a fully automated upgrade
process but still needs a way to manually trigger full upgrades of any number of
systems at scheduled times.
Move this Exec to a dedicated class that is not included by default i.e. we
default not to "apt-get update" on every Puppet run.
We now make use of this class in the apt::upgrade_package define to make sure
APT indexes are up-to-date before attempting package upgrades.
One may now use the following to ensure current packages are installed by
Package resources:
include apt::update
Package { require => Exec[apt_updated] }
... because Exec[update_apt] is currently never run since we set it refreshonly.
Better solutions are being thought of, but in the meantime the least we can do
is somehow repair apt::upgrade_package.
Lenny's APT does not support pinning like this:
Pin: release o=Debian,n=<%= codename %>
We therefore switched (in commit ef2ebdffd) to:
Pin: release o=Debian,a=<%= release %>
With such a pinning setup, when Squeeze is released, systems using this module
with $apt_use_next_release set to true would immediately switch to prefer
packages from Squeeze. If an automated upgrade process is setup, they would be
automatically upgraded to Squeeze.
This does not sound safe to me, so let's use the release version number as an
additional selection criterion to prevent upgrades to Squeeze to happen behind
our back:
Pin: release o=Debian,a=<%= release %>,v=<%= release_version %>*
Note that the trailing '*' is intentional and necessary to match stable
point-releases.
This class installs a daily cronjob that checks if a package upgrade
requires the system to be rebooted; if so, cron sends a notification
email to root.
Why apticron, when we have cron-apt already? Some people have different preferences, we use apticron along with the upgrade_package functionality in this module. I know someone who uses cron-apt to run the upgrades, but apticron for notifications, because apticron's notifications are much nicer (cron-apt just gives you the output of apt-get upgrade)