incorrect Debian OS origin string

[drshawnkwang]

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: all
• Ruby: all
• Distribution: all
• Module version: v4.0.0

How to reproduce (e.g Puppet code you use)

Include the unattended upgrades class without additional parameters.

class profile::debian {
  include unattended_upgrades
}

What are you seeing

https://github.com/voxpupuli/puppet-unattended_upgrades/blob/v4.0.0/manifests/params.pp#L71

This line sets the origins for Debian 9 stretch to origin=Debian,archive=stable,label=Debian-Security. However, as of July 2019, Debian 9 stretch is no longer 'stable' but 'oldstable' and Debian 10 buster is now stable.

What behaviour did you expect instead

The origin string for Debian 9 stretch should be origin=Debian,archive=oldstable,label=Debian-Security

Output log

N/A

Any additional information you'd like to impart

I believe this is a simple fix of changing the names in the manifests/params.pp file. However, one may want to consider using the distribution codename in the string which may be more resistant to changes, i.e., when Debian upgrades what is considered 'stable'.

See these commits for the last time this changed (2017): c20f1fc & 5fe39f8; also PR #102 .

[deubert-it]

I can confirm this behavior through all of my systems, mainly debian 9 stretch, as well.

I quickly checked that this will work on stretch as expected, the suggested switch to package filtering by codename sounds like a good idea:

origin=Debian,codename=stretch,label=Debian-Security

If we don't do this, it will break again in the future.
What I can't check if this will work on all other supported systems though. We should get someone with other/older debian and ubuntu versions to also check if the codename filter works there as well.

After we have all confirmations, we can adjust the already existing structure in params.pp to set codename where possible, and leave everything else in the old style.

Also if you want to find out about the naming of an apt source, information can be found in /var/lib/apt/lists.

Example:

# head /var/lib/apt/lists/security.debian.org_dists_stretch_updates_InRelease

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Origin: Debian
Label: Debian-Security
Suite: oldstable
Version: 9
Codename: stretch
Date: Wed, 14 Aug 2019 06:21:29 UTC
Valid-Until: Sat, 24 Aug 2019 06:21:29 UTC

Edit:

Jessie seems to carry the codename too:
http://security-cdn.debian.org/dists/jessie/updates/Release

Origin: Debian
Label: Debian-Security
Suite: oldoldstable
Version: 8
Codename: jessie
Date: Wed, 14 Aug 2019 06:21:29 UTC
Valid-Until: Sat, 24 Aug 2019 06:21:29 UTC
Architectures: amd64 armel armhf i386
Components: updates/main updates/contrib updates/non-free
Description: Debian 8 Security Updates

Buster should also be safe:
http://security-cdn.debian.org/dists/buster/updates/Release

Origin: Debian
Label: Debian-Security
Suite: stable
Version: 10
Codename: buster
Date: Wed, 14 Aug 2019 06:21:29 UTC
Valid-Until: Wed, 21 Aug 2019 06:21:29 UTC
Acquire-By-Hash: yes
Architectures: amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64el s390x
Components: updates/main updates/contrib updates/non-free
Description: Debian 10 - Security Updates

[deubert-it]

The attached PR should fully cover this issue and also move to codename based filtering where possible (jessie, stretch, buster), tests have been adapted, and some validation for codename based filtering provided in my comment above.

Not sure if there is any process for me to follow now for the PR to get reviewed/merged?