opendev/system-config
Code Issues Proposed changes

Further split Debian and Ubuntu reprepro configs

Browse Source 
Sharing an updates file between the Debian and Ubuntu reprepro runs
causes some warnings, and is generally just unclean. They use
different release naming and repositories, so should just have
separate updates files to track them (they're already separate on
the server, they were just being copied from the same source file in
the module).

While here, remove the label and suite parameters from the Debian
reprepro distribution templates, as they're unnecessary and
potentially confusing (job nodes should never be relying on the
suite names as they change at the next release).

Also allow signatures from subkeys of the listed keys to be
sufficient to verify the debian-security mirror's release files,
like we do for the debian mirror.

Change-Id: Id0ff476864f936bbd7c4637f3dc9e2c219c6e465
This commit is contained in:
Jeremy Stanley 2019-10-15 18:40:34 +00:00
parent f05dd90ddb
commit 4f0342be70
5 changed files with 12 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/openstack_project/files/reprepro/debian-security-updates
View File

@ -3,4 +3,4 @@ Method: http://security.debian.org/
Suite: */updates Suite: */updates
Architectures: amd64 arm64 Architectures: amd64 arm64
GetInRelease: no GetInRelease: no
VerifyRelease: EDA0D2388AE22BA9|4DFAB270CAA96DFA VerifyRelease: EDA0D2388AE22BA9+|4DFAB270CAA96DFA+

7
modules/openstack_project/files/reprepro/debian-updates Normal file
View File

@ -0,0 +1,7 @@
Name: debian
Method: http://ftp.us.debian.org/debian/
Components: main
UDebComponents: main
Architectures: amd64 arm64 source
GetInRelease: no
VerifyRelease: 7638D0442B90D010+|E0B11894F66AEC98+|DC30D7C23CBBABEE+

8
modules/openstack_project/files/reprepro/debuntu-updates → modules/openstack_project/files/reprepro/ubuntu-updates
View File

@ -29,11 +29,3 @@ UDebComponents: main
Architectures: arm64 source Architectures: arm64 source
GetInRelease: no GetInRelease: no
VerifyRelease: 437D05B5|C0B21F32 VerifyRelease: 437D05B5|C0B21F32
Name: debian
Method: http://ftp.us.debian.org/debian/
Components: main
UDebComponents: main
Architectures: amd64 arm64 source
GetInRelease: no
VerifyRelease: 7638D0442B90D010+|E0B11894F66AEC98+|DC30D7C23CBBABEE+

8
modules/openstack_project/manifests/mirror_update.pp
View File

@ -62,7 +62,7 @@ class openstack_project::mirror_update (
confdir => '/etc/reprepro/debian', confdir => '/etc/reprepro/debian',
basedir => '/afs/.openstack.org/mirror/debian', basedir => '/afs/.openstack.org/mirror/debian',
distributions => 'openstack_project/reprepro/distributions.debian.erb', distributions => 'openstack_project/reprepro/distributions.debian.erb',
updates_file => 'puppet:///modules/openstack_project/reprepro/debuntu-updates', updates_file => 'puppet:///modules/openstack_project/reprepro/debian-updates',
releases => ['stretch', 'buster'], releases => ['stretch', 'buster'],
skip_backports_for => [''], skip_backports_for => [''],
} }
@ -111,7 +111,7 @@ class openstack_project::mirror_update (
# Note debian-security needs it's own mirroring process, as we found # Note debian-security needs it's own mirroring process, as we found
# that including it in the main "debuntu-updates" config lead to # that including it in the main "debian-updates" config lead to
# weird conflicts of package names breaking the mirror. # weird conflicts of package names breaking the mirror.
::openstack_project::reprepro { 'debian-security-reprepro-mirror': ::openstack_project::reprepro { 'debian-security-reprepro-mirror':
confdir => '/etc/reprepro/debian-security', confdir => '/etc/reprepro/debian-security',
@ -155,7 +155,7 @@ class openstack_project::mirror_update (
confdir => '/etc/reprepro/ubuntu', confdir => '/etc/reprepro/ubuntu',
basedir => '/afs/.openstack.org/mirror/ubuntu', basedir => '/afs/.openstack.org/mirror/ubuntu',
distributions => 'openstack_project/reprepro/distributions.ubuntu.erb', distributions => 'openstack_project/reprepro/distributions.ubuntu.erb',
updates_file => 'puppet:///modules/openstack_project/reprepro/debuntu-updates', updates_file => 'puppet:///modules/openstack_project/reprepro/ubuntu-updates',
releases => ['bionic', 'trusty', 'xenial'], releases => ['bionic', 'trusty', 'xenial'],
} }
@ -177,7 +177,7 @@ class openstack_project::mirror_update (
confdir => '/etc/reprepro/ubuntu-ports', confdir => '/etc/reprepro/ubuntu-ports',
basedir => '/afs/.openstack.org/mirror/ubuntu-ports', basedir => '/afs/.openstack.org/mirror/ubuntu-ports',
distributions => 'openstack_project/reprepro/distributions.ubuntu-ports.erb', distributions => 'openstack_project/reprepro/distributions.ubuntu-ports.erb',
updates_file => 'puppet:///modules/openstack_project/reprepro/debuntu-updates', updates_file => 'puppet:///modules/openstack_project/reprepro/ubuntu-updates',
releases => ['bionic', 'xenial'], releases => ['bionic', 'xenial'],
} }

6
modules/openstack_project/templates/reprepro/distributions.debian.erb
View File

@ -1,7 +1,5 @@
<% @releases.each do |release| -%> <% @releases.each do |release| -%>
Origin: Debian Origin: Debian
Label: Debian
Suite: stable
Codename: <%= release %> Codename: <%= release %>
Description: OpenStack Debian <%= release.capitalize %> mirror Description: OpenStack Debian <%= release.capitalize %> mirror
Architectures: amd64 arm64 source Architectures: amd64 arm64 source
@ -12,8 +10,6 @@ Update: debian
Log: <%= @logdir %>/debian-<%= release %>.log Log: <%= @logdir %>/debian-<%= release %>.log
Origin: Debian Origin: Debian
Label: Debian
Suite: stable-updates
Codename: <%= release %>-updates Codename: <%= release %>-updates
Description: OpenStack Debian <%= release.capitalize %> Updates mirror Description: OpenStack Debian <%= release.capitalize %> Updates mirror
Architectures: amd64 arm64 source Architectures: amd64 arm64 source
@ -25,8 +21,6 @@ Log: <%= @logdir %>/debian-<%= release %>-updates.log
<% if not @skip_backports_for.include?(release) %> <% if not @skip_backports_for.include?(release) %>
Origin: Debian Backports Origin: Debian Backports
Label: Debian Backports
Suite: <%= release %>-backports
Codename: <%= release %>-backports Codename: <%= release %>-backports
NotAutomatic: yes NotAutomatic: yes
ButAutomaticUpgrades: yes ButAutomaticUpgrades: yes