Block packages in image-builder

This commit adds support for block packages via apt to image builder. Signed-off-by: Sreejith Punnapuzha <Sreejith.Punnapuzha@outlook.com> Change-Id: Ia7504504c4415b38af862429a9e1f51a50da0bae
2021-02-17 08:46:14 -06:00 · 2021-02-17 08:46:14 -06:00 · 0d53a12526
commit 0d53a12526
parent 9f71952feb
4 changed files with 27 additions and 0 deletions
--- a/image-builder/assets/playbooks/roles/multistrap/defaults/main.yaml
+++ b/image-builder/assets/playbooks/roles/multistrap/defaults/main.yaml
@ -71,6 +71,8 @@ ubuntu_packages:
    - wget
    - xfsprogs
    - xz-utils
+unapproved_packages: # provide the exact name of the packages that need to be blocked
+    - unattended-upgrades
 repos:
    - register_repo_with_rootfs: true
      name: Ubuntu
--- a/image-builder/assets/playbooks/roles/multistrap/tasks/main.yaml
+++ b/image-builder/assets/playbooks/roles/multistrap/tasks/main.yaml
@ -25,6 +25,11 @@
    suffix: multistrap
  register: multistrap_tempdir

+- name: "Configure apt with unapproved packages"
+  template:
+    src: unapproved-packages.j2
+    dest: "{{ multistrap_tempdir.path }}/pref.conf"
+
 - name: "write out multistrap config"
  template:
    src: multistrap.conf.j2
@ -61,6 +66,18 @@
 #    cmd: |
 #        chroot {{ rootfs_root }} update-grub

+- name: "Configure apt with unapproved packages"
+  template:
+    src: unapproved-packages.j2
+    dest: "{{ rootfs_root }}/etc/apt/preferences.d/unapproved-packages.pref"
+
+- name: "Configure apt to remove unapproved packages from update"
+  ansible.builtin.lineinfile:
+    path: "{{ rootfs_root }}/etc/apt/apt.conf.d/01autoremove"
+    insertafter: "multiverse/metapackages"
+    line: '        "{{ item }}";'
+  with_items: "{{ unapproved_packages }}"
+
 - name: "Lock sources.list to prevent conflict and duplicates with multistrap repo list"
  shell: |
        set -e
--- a/image-builder/assets/playbooks/roles/multistrap/templates/multistrap.conf.j2
+++ b/image-builder/assets/playbooks/roles/multistrap/templates/multistrap.conf.j2
@ -14,6 +14,8 @@ unpack=true
 # enable MultiArch for the specified architectures
 # default is empty
 #multiarch=allowed
+# apt preferences file
+aptpreferences=pref.conf
 # the order of sections is not important.
 # the bootstrap option determines which repository
 # is used to calculate the list of Priority: required packages.
--- a/image-builder/assets/playbooks/roles/multistrap/templates/unapproved-packages.j2
+++ b/image-builder/assets/playbooks/roles/multistrap/templates/unapproved-packages.j2
@ -0,0 +1,6 @@
+{% for package in unapproved_packages %}
+Package: {{ package }}
+Pin: origin *
+Pin-Priority: -1
+
+{% endfor %}