From 4f0342be7030ee42ceee2743a0b6fb7403448945 Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Tue, 15 Oct 2019 18:40:34 +0000 Subject: [PATCH] Further split Debian and Ubuntu reprepro configs Sharing an updates file between the Debian and Ubuntu reprepro runs causes some warnings, and is generally just unclean. They use different release naming and repositories, so should just have separate updates files to track them (they're already separate on the server, they were just being copied from the same source file in the module). While here, remove the label and suite parameters from the Debian reprepro distribution templates, as they're unnecessary and potentially confusing (job nodes should never be relying on the suite names as they change at the next release). Also allow signatures from subkeys of the listed keys to be sufficient to verify the debian-security mirror's release files, like we do for the debian mirror. Change-Id: Id0ff476864f936bbd7c4637f3dc9e2c219c6e465 --- .../files/reprepro/debian-security-updates | 2 +- modules/openstack_project/files/reprepro/debian-updates | 7 +++++++ .../files/reprepro/{debuntu-updates => ubuntu-updates} | 8 -------- modules/openstack_project/manifests/mirror_update.pp | 8 ++++---- .../templates/reprepro/distributions.debian.erb | 6 ------ 5 files changed, 12 insertions(+), 19 deletions(-) create mode 100644 modules/openstack_project/files/reprepro/debian-updates rename modules/openstack_project/files/reprepro/{debuntu-updates => ubuntu-updates} (78%) diff --git a/modules/openstack_project/files/reprepro/debian-security-updates b/modules/openstack_project/files/reprepro/debian-security-updates index 1b9152f184..bffeb5bca9 100644 --- a/modules/openstack_project/files/reprepro/debian-security-updates +++ b/modules/openstack_project/files/reprepro/debian-security-updates @@ -3,4 +3,4 @@ Method: http://security.debian.org/ Suite: */updates Architectures: amd64 arm64 GetInRelease: no -VerifyRelease: EDA0D2388AE22BA9|4DFAB270CAA96DFA +VerifyRelease: EDA0D2388AE22BA9+|4DFAB270CAA96DFA+ diff --git a/modules/openstack_project/files/reprepro/debian-updates b/modules/openstack_project/files/reprepro/debian-updates new file mode 100644 index 0000000000..773bdbc43f --- /dev/null +++ b/modules/openstack_project/files/reprepro/debian-updates @@ -0,0 +1,7 @@ +Name: debian +Method: http://ftp.us.debian.org/debian/ +Components: main +UDebComponents: main +Architectures: amd64 arm64 source +GetInRelease: no +VerifyRelease: 7638D0442B90D010+|E0B11894F66AEC98+|DC30D7C23CBBABEE+ diff --git a/modules/openstack_project/files/reprepro/debuntu-updates b/modules/openstack_project/files/reprepro/ubuntu-updates similarity index 78% rename from modules/openstack_project/files/reprepro/debuntu-updates rename to modules/openstack_project/files/reprepro/ubuntu-updates index a280909a6b..dd61cb607f 100644 --- a/modules/openstack_project/files/reprepro/debuntu-updates +++ b/modules/openstack_project/files/reprepro/ubuntu-updates @@ -29,11 +29,3 @@ UDebComponents: main Architectures: arm64 source GetInRelease: no VerifyRelease: 437D05B5|C0B21F32 - -Name: debian -Method: http://ftp.us.debian.org/debian/ -Components: main -UDebComponents: main -Architectures: amd64 arm64 source -GetInRelease: no -VerifyRelease: 7638D0442B90D010+|E0B11894F66AEC98+|DC30D7C23CBBABEE+ diff --git a/modules/openstack_project/manifests/mirror_update.pp b/modules/openstack_project/manifests/mirror_update.pp index 7cd0e7fe0b..7cea6a973c 100644 --- a/modules/openstack_project/manifests/mirror_update.pp +++ b/modules/openstack_project/manifests/mirror_update.pp @@ -62,7 +62,7 @@ class openstack_project::mirror_update ( confdir => '/etc/reprepro/debian', basedir => '/afs/.openstack.org/mirror/debian', distributions => 'openstack_project/reprepro/distributions.debian.erb', - updates_file => 'puppet:///modules/openstack_project/reprepro/debuntu-updates', + updates_file => 'puppet:///modules/openstack_project/reprepro/debian-updates', releases => ['stretch', 'buster'], skip_backports_for => [''], } @@ -111,7 +111,7 @@ class openstack_project::mirror_update ( # Note debian-security needs it's own mirroring process, as we found - # that including it in the main "debuntu-updates" config lead to + # that including it in the main "debian-updates" config lead to # weird conflicts of package names breaking the mirror. ::openstack_project::reprepro { 'debian-security-reprepro-mirror': confdir => '/etc/reprepro/debian-security', @@ -155,7 +155,7 @@ class openstack_project::mirror_update ( confdir => '/etc/reprepro/ubuntu', basedir => '/afs/.openstack.org/mirror/ubuntu', distributions => 'openstack_project/reprepro/distributions.ubuntu.erb', - updates_file => 'puppet:///modules/openstack_project/reprepro/debuntu-updates', + updates_file => 'puppet:///modules/openstack_project/reprepro/ubuntu-updates', releases => ['bionic', 'trusty', 'xenial'], } @@ -177,7 +177,7 @@ class openstack_project::mirror_update ( confdir => '/etc/reprepro/ubuntu-ports', basedir => '/afs/.openstack.org/mirror/ubuntu-ports', distributions => 'openstack_project/reprepro/distributions.ubuntu-ports.erb', - updates_file => 'puppet:///modules/openstack_project/reprepro/debuntu-updates', + updates_file => 'puppet:///modules/openstack_project/reprepro/ubuntu-updates', releases => ['bionic', 'xenial'], } diff --git a/modules/openstack_project/templates/reprepro/distributions.debian.erb b/modules/openstack_project/templates/reprepro/distributions.debian.erb index 06e74315e8..5c72959226 100644 --- a/modules/openstack_project/templates/reprepro/distributions.debian.erb +++ b/modules/openstack_project/templates/reprepro/distributions.debian.erb @@ -1,7 +1,5 @@ <% @releases.each do |release| -%> Origin: Debian -Label: Debian -Suite: stable Codename: <%= release %> Description: OpenStack Debian <%= release.capitalize %> mirror Architectures: amd64 arm64 source @@ -12,8 +10,6 @@ Update: debian Log: <%= @logdir %>/debian-<%= release %>.log Origin: Debian -Label: Debian -Suite: stable-updates Codename: <%= release %>-updates Description: OpenStack Debian <%= release.capitalize %> Updates mirror Architectures: amd64 arm64 source @@ -25,8 +21,6 @@ Log: <%= @logdir %>/debian-<%= release %>-updates.log <% if not @skip_backports_for.include?(release) %> Origin: Debian Backports -Label: Debian Backports -Suite: <%= release %>-backports Codename: <%= release %>-backports NotAutomatic: yes ButAutomaticUpgrades: yes