From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0425413A87C for ; Sat, 29 Mar 2025 23:01:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.133 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743289305; cv=none; b=gjSq5XfdSaQITPqalr5jVsqIWoP9ZeZhwmhEmlHYsygSCkLQnL3v6jhHVCC3fOG46gWOe7kLV6xWmveGr0yw4ViaxFgUK+2SGYib+mT9fpSWW+W//wEmEN9Yd9fQfRRz+wSi4939TeVgkISqiATpaQrzeqae7WO5NspwjpuEnjI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743289305; c=relaxed/simple; bh=dZWYusjO/ymIqYGVxXVNWbNQ6QXiXsOilpm+Aleh15s=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rP1kF1HFsdJ5d4iHoVVQ4qqZcuJ75dpNpa8RXYzYZCfQtEBKT2k97bVe7gehW2EUI4DgENLkTHakwLLs5NC3G4VibBgWOoetqrFemtS12kQ0FIUuXvRZXH+1ONFQlpBqJJHLkr/1AVv572k/Z/MLAlysBDv/k3wIGe3vw4dUEFg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=kernel.org; spf=none smtp.mailfrom=infradead.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b=E2FuAwEN; arc=none smtp.client-ip=198.137.202.133 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=kernel.org Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=infradead.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="E2FuAwEN" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=czTjTimS9U+dskd17eU8lDE1DzSBbhQ31GKvaGBVjjY=; b=E2FuAwEN7VTEGmB1XT4fmIBgSE fCi4Z1Z89gp2yuOAYg+/uacKF3NT10/gwkAO3WS3bhPn/akYwIFiwGPtJd3M7BupFqugTjMbFmHs1 /SfinonJn+PzidwBciREaU+257zftT9juvWkNbSZKKdtfHF3uTjGtNRGhRkFJpSDbCG5mV3AdERGN RTGixr9uJYSDhsZ07QZu6Od+9kuasEpCQM+wKXo0JyuVCvll5vyCuwJhW9rbPbPSdSCPBFWzOR1US xPVXBQJS5ZrcpnIi3cN2Ssgxdn1m9DBU/sljv9n8xmLr5hJGJdDpvosY4QHjuSJrGvpOBqcvPZ6le WcMu+z0w==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.98.1 #2 (Red Hat Linux)) id 1tyfBO-0000000FbIX-1i3H; Sat, 29 Mar 2025 23:01:42 +0000 From: Luis Chamberlain To: kdevops@lists.linux.dev Cc: Luis Chamberlain Subject: [PATCH 2/6] devconfig: ensure unattended-upgrades is not installed on debian Date: Sat, 29 Mar 2025 16:01:37 -0700 Message-ID: <20250329230141.3718282-3-mcgrof@kernel.org> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250329230141.3718282-1-mcgrof@kernel.org> References: <20250329230141.3718282-1-mcgrof@kernel.org> Precedence: bulk X-Mailing-List: kdevops@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: Luis Chamberlain We already remove the package on debian bringups when downloading a an official but-not-guestfs-official (and so debian custom) image to build our base images for our guests. Now that we have that stop-gap measure, be sure we just fail if the package happens to be installed, and complain to the user about it. We can easily fix this with just two command so recommend that. Signed-off-by: Luis Chamberlain --- .../tasks/install-deps/debian/main.yml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/playbooks/roles/devconfig/tasks/install-deps/debian/main.yml b/playbooks/roles/devconfig/tasks/install-deps/debian/main.yml index 5624a9f8406a..954f0aede3b2 100644 --- a/playbooks/roles/devconfig/tasks/install-deps/debian/main.yml +++ b/playbooks/roles/devconfig/tasks/install-deps/debian/main.yml @@ -1,4 +1,26 @@ --- +- name: Check if unattended-upgrades is installed + command: dpkg-query -W -f='${Status}' unattended-upgrades + register: unattended_upgrade_status + ignore_errors: true + changed_when: false + +- name: Set fact if unattended-upgrades is installed + set_fact: + unattended_upgrades_installed: "{{ 'install ok installed' in unattended_upgrade_status.stdout }}" + +- name: Verify unattended-upgrades is not installed + fail: + msg: | + The unattended-upgrades package is installed on the base image, this + can cause tons of issues with CIs. Fix this by running the following + commands: + + make cleancache + make bringup + when: + - unattended_upgrades_installed|bool + - name: Upgrade Packages become: yes become_method: sudo -- 2.47.2