New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
private apt env (SC-1346) #2342
Conversation
46fcc60
to
a631888
Compare
cpp hook portion of this is mostly done and sitting at #2358 for now. we can decide how to rebase/merge all of this together in the new year |
81e9230
to
45e3bf9
Compare
Rebased this branch on |
45e3bf9
to
b5f4116
Compare
Imported the commit from @orndorffgrant's branch here for completeness |
dfaa16d
to
baa8895
Compare
aef2c4c
to
74c2eff
Compare
40cea43
to
becd0ac
Compare
d713171
to
172a6e3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've only reviewed the apt related bits and not very deeply but I did not see anything wrong there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not a full review. I've taken the code at face value and have assumed that it does what it's intended to do and your testing is adequate.
My comments are all optional - I'd like you to consider them as suggestions for improvement but nothing is a hard blocker. Some of them relate to style that wouldn't be appropriate to fix in this PR anyway.
I appreciate how nicely this is laid out in separate commits. This made it straightforward to review. Thanks!
2ef82d9
to
fccf893
Compare
Remove all the logic to setup unauthenticated repos LP: #1990378 Signed-off-by: Renan Rodrigo <renanrodrigo@canonical.com>
Other logic will be used to ensure the esm packages will be advertised Signed-off-by: Renan Rodrigo <renanrodrigo@canonical.com>
Signed-off-by: Renan Rodrigo <renanrodrigo@canonical.com>
This service is executed as part of the pre-invoke apt hook. Signed-off-by: Renan Rodrigo <renanrodrigo@canonical.com>
Remove all enable/disable/logic status relying on it Signed-off-by: Renan Rodrigo <renanrodrigo@canonical.com>
Signed-off-by: Renan Rodrigo <renanrodrigo@canonical.com>
When the user does not have esm enabled, we will need the security_status module to read esm package information from the private cache. We are updating the code to support that path
When running the apt dist-upgrade command, we want to remove the private esm apt cache, since it will be targeting the old release. When the user runs apt update again, the private apt cache will be created again for the right release Signed-off-by: Renan Rodrigo <renanrodrigo@canonical.com>
Signed-off-by: Renan Rodrigo <renanrodrigo@canonical.com>
Signed-off-by: Renan Rodrigo <renanrodrigo@canonical.com>
fccf893
to
a304d63
Compare
Stop relying on the unauthenticated and pinned-to-never ESM repositories in the apt config and use a private separate apt cache for that instead.
Reference is spec US028.
LP: #1990378
todos:
apt update
hookDesired commit type
Checklist
Does this PR require extra reviews?