Merge pull request #5852 from freedomofpress/5849-confdef-confold

Focal: force confold and force confdef in apt options for unattended-upgrades
freedomofpress · Mar 8, 2021 · d26125e · d26125e
2 parents 6a5b829 + 399b67f
commit d26125e
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/install_files/securedrop-config-focal/opt/securedrop/50unattended-upgrades b/install_files/securedrop-config-focal/opt/securedrop/50unattended-upgrades
@@ -58,3 +58,9 @@ Unattended-Upgrade::Automatic-Reboot-WithUsers "true";
 // Use apt bandwidth limit feature, this example limits the download
 // speed to 70kb/sec
 //Acquire::http::Dl-Limit "70";
+
+// Here we set the dpkg options to force the old conffile if it's already present
+// or force the default config if no config is present
+// see https://github.com/freedomofpress/securedrop/pull/911
+Dpkg::Options "force-confdef";
+Dpkg::Options "force-confold";
diff --git a/molecule/testinfra/common/test_automatic_updates.py b/molecule/testinfra/common/test_automatic_updates.py
@@ -197,6 +197,8 @@ def test_unattended_upgrades_config(host):
         assert f.user == "root"
         assert f.mode == 0o644
         assert f.contains("origin=SecureDrop,codename=${distro_codename}")
+        assert f.contains('Dpkg::Options "force-confold";')
+        assert f.contains('Dpkg::Options "force-confdef";')
 
 
 def test_unattended_securedrop_specific(host):