Prepareapt considered harmful...

Henning Glawe glaweh at physik.fu-berlin.de
Mon Jun 30 15:29:00 CEST 2008


On Mon, Jun 30, 2008 at 01:36:58PM +0200, Henning Sprang wrote:
> I rather propose something like
> 
> fcopy -ri /etc/apt
> 
> in a the hook updatebase.DEFAULT in the simple examples. This gives the 
> user the files *he defines*, not the ones *we think might be needed* - 
> and it even sets the right sources list on softupdate, where prepareapt 
> isn't even run.
> (BTW: why? I'd rather think, from the meaning of the words, "prepareapt" 
> must run always, and updatebase only on fresh installations - but it's 
> the othr way round!)

well, I am doing exactly this (fcopy for apt config) since 6 years, without
problems (first in my fai fork "pfai", now with two hooks (one deactivating
prepareapt, one doing everything (also apt-key management) before updatebase.
 this was not merged into fai, as it lead to problems in other
configurations, as thomas discovered.

-- 
c u
henning
-------------- nächster Teil --------------
#!/bin/bash
# $Id: prepareapt.DEFAULT,v 1.2 2007/01/05 16:00:42 glaweh Exp $
# 
# HG: due to softupdate not calling prepareapt in FAI3, just skip this
#     task and put the fcopy into updatebase.DEFAULT
skiptask prepareapt
-------------- nächster Teil --------------
#!/bin/bash

echo "--------------------------------------------"
echo -e "Performing update on host \"$HOSTNAME\"."
echo "--------------------------------------------"

# HG: use fcopy for apt preparation
fcopy -i etc/{hosts,hostname,resolv.conf}
fcopy -ri etc/apt
fcopy -ri etc/dpkg

# HG: apt-key initialization before apt is called the first time
#     code moved from JMD's $FAI/scripts/LAST/20aptkeys

if [ -x $target/usr/bin/apt-key ]; then
  echo "HG: list of keys"
  $ROOTCMD /usr/bin/apt-key list


# get the keys:
# root at zs05:~> gpg --keyring ~mini-dinstall/.gnupg/pubring.gpg --armor --export 39918430
echo "adding 'ZEDV Physik FU Berlin mini-distall' key to apt keyring"
cat <<EOF | $ROOTCMD /usr/bin/apt-key add -
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.1 (GNU/Linux)

mQGiBD6W9oURBACs9tcfLPz0TbA9mTGkDxkLA7uzpPnMAezT00fNTB8b6yUHxKMs
T//AAveclABKgE+nQQnIfHcTfZu4YcDxgpq04yC2stHKHpZmNZGfAv0zNR2M8mrQ
9oLclYlEYn1+J8IMTdOq65Si3PvXbn261lU0BAKDuxRbciq+InIpGVmhGwCgxhaU
Qqfs5X7+43pmZBTOhbZwvN8D/3twaIodKnUvbcoJGZ1WqbU+6td5xLfEm08OsK2n
LcorkXBeFnDiTCJobQepcI0THMMJpCMakCLO9/IYfKxlTzo0Pr/vKfoFi4LGMsdq
AOmn2AskbbLdJAkdYk8pwIt6yBebXL5gxkjl+KMuOOX1PJzzEinqoi2JTzAWMEh/
AVxyBACg3331y8BJuMwMUtFMF0Lwl97ysIWbwqCFtV9b/SnVGjj4E5jUX9ZZHaR7
/ZAfqTi5StYaB0lWOnT0EShjwshXIC5E48+ygB0ARyZI5L1CQiUjsDquI4z1p6L6
IMmT5+D/vO1d9zv4BZY/Qv4zne9c8NaGwRNFQi4uaxotx5Z3e7RPWkVEViBQaHlz
aWsgRlUgQmVybGluIChtaW5pLWRpbnN0YWxsIFBzZXVkb2FjY291bnQpIDxsaW51
eEBwaHlzaWsuZnUtYmVybGluLmRlPohZBBMRAgAZBQI+lvaGBAsHAwIDFQIDAxYC
AQIeAQIXgAAKCRATIjg1OZGEMKGRAJ9NwUl7BFeQHvE26KehAIO2v6aj2wCeInIj
YpCpVvMKCXptHV86JwHFKDi5AQ0EPpb2hxAEAI7Bo8yL0+XXglZciRAkenctqMvt
xeZ0vE/9tfbgJbGwOClbYvDUyPUri1KIT/U+yynb8MPa1s2WtCNk3WQZ/uXNxw/g
xG0Fmx+EKsgG2V/RoH3RwSAd8e9dhQjTJaFuqGhKysK3WXjkafRI5T8F95IUGcKk
kHfqRBOMNir/wNgTAAMFBACDV7Tna6/DCgQh8yph5MMF4b/rbQXpGcaEsRkXyFtu
D4mOKjQr+iWoNiwnAP9wIX47nJb5oznLHdgW8O6CLa1ktSxFVk7oeKiZaj4aH8SE
z/cZvxzikIxe1kjtMT1BPZlxMMVyP5wnwUYHNzsbYUzjWSMVVlwECgLueTd9Rldd
GIhGBBgRAgAGBQI+lvaHAAoJEBMiODU5kYQwxZ0AoLAhpATfs4ZGk+8LeWCdUPG/
6abQAKCMAL2ZKlrZ/hUPWDg4B9e3TIjm/g==
=ILtR
-----END PGP PUBLIC KEY BLOCK-----
EOF

fi


More information about the linux-fai-devel mailing list