lxc-ubuntu: use release-updates and release-security

Particularly for LTS releases, which many people will want to use in their containers, it is not wise to not use -security and -updates. Furthermore the fix allowing ssh to allow the container to shut down is in lucid-updates only. With this patch, after debootstrapping a container, we add -updates and -security to sources.list and do an apt-get upgrade under chroot. Unfortunately we need to do this because debootstrap doesn't know how to. Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

lxc-ubuntu: use release-updates and release-security
2e44ed1e · Serge Hallyn · Daniel Lezcano · 2407e68e · 2e44ed1e
Commit 2e44ed1e authored Jan 23, 2012 by Serge Hallyn Committed by Daniel Lezcano Feb 26, 2012
Show whitespace changes
Inline Side-by-side

Showing with 51 additions and 1 deletion

lxc-ubuntu.in templates/lxc-ubuntu.in +51 -1

No files found.
--- a/templates/lxc-ubuntu.in
+++ b/templates/lxc-ubuntu.in
@@ -133,6 +133,55 @@ EOF
        return 1
    fi
+    # Serge isn't sure whether we should avoid doing this when
+    # $release == `distro-info -d`
+    echo "Installing updates"
+    case $arch in
+      amd64|i386)
+            MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu}
+            SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.ubuntu.com/ubuntu}
+            ;;
+      sparc)
+            case $SUITE in
+              gutsy)
+            MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu}
+            SECURITY_MIRROR=${SECURITY_MIRRORMIRROR:-http://security.ubuntu.com/ubuntu}
+            ;;
+              *)
+            MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
+            SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
+            ;;
+            esac
+            ;;
+      *)
+            MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
+            SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
+            ;;
+    esac
+    cat >> "$1/partial-${arch}/etc/apt/sources.list" << EOF
+deb $MIRROR ${release}-updates main universe
+deb $SECURITY_MIRROR ${release}-security main universe
+EOF
+    chroot "$1/partial-${arch}" apt-get update
+    if [ $? -ne 0 ]; then
+        echo "Failed to update the apt cache"
+        return 1
+    fi
+    cat > "$1/partial-${arch}"/usr/sbin/policy-rc.d << EOF
+#!/bin/sh
+exit 101
+EOF
+    chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d
+    lxc-unshare -s MOUNT -- chroot "$1/partial-${arch}" apt-get dist-upgrade -y
+    ret=$?
+    rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d
+    if [ $ret -ne 0 ]; then
+        echo "Failed to upgrade the cache"
+        return 1
+    fi
    mv "$1/partial-$arch" "$1/rootfs-$arch"
    echo "Download complete"
    return 0
@@ -359,8 +408,9 @@ post_process()
        if [ $release = "lucid" -o $release = "maverick" ]; then
            chroot $rootfs apt-get install --force-yes -y python-software-properties
            chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa
-            chroot $rootfs apt-get update
        fi
+        cp /etc/resolv.conf "${rootfs}/etc"
+        chroot $rootfs apt-get update
        chroot $rootfs apt-get install --force-yes -y lxcguest
    fi
 }