Merge pull request #204 from b1-systems/fix/ubuntu-legacy

Replace legacy Allowed-Origins with Origins-Pattern on all distros
voxpupuli · Nov 3, 2021 · 3605678 · 3605678
2 parents 427bd1b + 0c582cb
commit 3605678
Show file tree

Hide file tree

Showing 7 changed files with 19 additions and 73 deletions.
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -7,10 +7,9 @@
   Optional[Integer[0]]                      $dl_limit               = undef,
   Integer[0, 1]                             $enable                 = 1,
   Boolean                                   $install_on_shutdown    = false,
-  Boolean                                   $legacy_origin          = $unattended_upgrades::params::legacy_origin,
   Unattended_upgrades::Mail                 $mail                   = {},
   Boolean                                   $minimal_steps          = true,
-  Array[String[1]]                          $origins                = $unattended_upgrades::params::origins,
+  Array[Unattended_upgrades::Origin]        $origins                = $unattended_upgrades::params::origins,
   String[1]                                 $package_ensure         = installed,
   Array[String[1]]                          $extra_origins          = [],
   Optional[Integer[0]]                      $random_sleep           = undef,

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -21,14 +21,12 @@
     'debian', 'raspbian': {
       case fact('lsbdistcodename') {
         'bullseye': {
-          $legacy_origin      = false
           $origins            = [
             'origin=Debian,codename=${distro_codename},label=Debian', #lint:ignore:single_quote_string_with_variables
             'origin=Debian,codename=${distro_codename}-security,label=Debian-Security', #lint:ignore:single_quote_string_with_variables
           ]
         }
         default: {
-          $legacy_origin      = false
           $origins            = [
             'origin=Debian,codename=${distro_codename},label=Debian', #lint:ignore:single_quote_string_with_variables
             'origin=Debian,codename=${distro_codename},label=Debian-Security', #lint:ignore:single_quote_string_with_variables
@@ -38,33 +36,25 @@
     }
     'ubuntu', 'neon': {
       # Ubuntu: https://ubuntu.com/about/release-cycle and https://wiki.ubuntu.com/Releases
-      $legacy_origin      = true
+      # Ubuntu 18.04 and up do allow the use of Origins-Pattern; 16.04 is out of support for Vox Pupuli.
       $origins            = [
-        '${distro_id}:${distro_codename}', #lint:ignore:single_quote_string_with_variables
-        '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
-        '${distro_id}ESMApps:${distro_codename}-apps-security', #lint:ignore:single_quote_string_with_variables
-        '${distro_id}ESM:${distro_codename}-infra-security', #lint:ignore:single_quote_string_with_variables
+        'origin=${distro_id},suite=${distro_codename}', #lint:ignore:single_quote_string_with_variables
+        'origin=${distro_id},suite=${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
+        'origin=${distro_id}ESMApps,suite=${distro_codename}-apps-security', #lint:ignore:single_quote_string_with_variables
+        'origin=${distro_id}ESM,suite=${distro_codename}-infra-security', #lint:ignore:single_quote_string_with_variables
       ]
     }
     'LinuxMint': {
       case fact('lsbmajdistrelease') {
         # Linux Mint 18* is based on Ubuntu 16.04
-        '18': {
-          $legacy_origin      = true
-          $origins            = [
-            'Ubuntu:xenial-security',
-          ]
-        }
         default: {
-          $legacy_origin      = true
           $origins            = [
             '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables
           ]
         }
       }
     }
     default: {
-      $legacy_origin = undef
       $origins       = undef
     }
   }

diff --git a/spec/classes/os_spec.rb b/spec/classes/os_spec.rb
@@ -45,33 +45,33 @@
       case os_facts[:operatingsystem]
       when 'Debian'
         case os_facts[:lsbdistcodename]
-        when 'buster'
+        when 'bullseye'
           it do
             is_expected.to create_file(file_unattended).with_content(
               /Unattended-Upgrade::Origins-Pattern\ {\n
               \t"origin=Debian,codename=\${distro_codename},label=Debian";\n
-              \t"origin=Debian,codename=\${distro_codename},label=Debian-Security";\n
+              \t"origin=Debian,codename=\${distro_codename}-security,label=Debian-Security";\n
               };/x
             )
           end
-        when 'bullseye'
+        else
           it do
             is_expected.to create_file(file_unattended).with_content(
               /Unattended-Upgrade::Origins-Pattern\ {\n
               \t"origin=Debian,codename=\${distro_codename},label=Debian";\n
-              \t"origin=Debian,codename=\${distro_codename}-security,label=Debian-Security";\n
+              \t"origin=Debian,codename=\${distro_codename},label=Debian-Security";\n
               };/x
             )
           end
         end
       when 'Ubuntu'
         it do
           is_expected.to create_file(file_unattended).with_content(
-            /Unattended-Upgrade::Allowed-Origins\ {\n
-            \t"\${distro_id}\:\${distro_codename}";\n
-            \t"\${distro_id}\:\${distro_codename}-security";\n
-            \t"\${distro_id}ESMApps\:\${distro_codename}-apps-security";\n
-            \t"\${distro_id}ESM\:\${distro_codename}-infra-security";\n
+            /Unattended-Upgrade::Origins-Pattern\ {\n
+            \t"origin=\${distro_id},suite=\${distro_codename}";\n
+            \t"origin=\${distro_id},suite=\${distro_codename}-security";\n
+            \t"origin=\${distro_id}ESMApps,suite=\${distro_codename}-apps-security";\n
+            \t"origin=\${distro_id}ESM,suite=\${distro_codename}-infra-security";\n
             };/x
           )
         end

diff --git a/spec/classes/other_debians_spec.rb b/spec/classes/other_debians_spec.rb
@@ -28,35 +28,4 @@
       )
     end
   end
-
-  context 'with defaults on Linux Mint 18 Sarah' do
-    let(:facts) do
-      {
-        os: {
-          name: 'LinuxMint',
-          family: 'Debian',
-          release: {
-            full: '18'
-          }
-        },
-        osfamily: 'Debian',
-        lsbdistid: 'LinuxMint',
-        lsbdistcodename: 'sarah',
-        lsbdistrelease: '18',
-        lsbmajdistrelease: '18'
-      }
-    end
-
-    it do
-      is_expected.to create_file(file_unattended).with(
-        'owner' => 'root',
-        'group' => 'root'
-      ).with_content(
-        # This is the only section that's different for Ubuntu compared to Debian
-        %r{\Unattended-Upgrade::Allowed-Origins\ {\n
-        \t"Ubuntu\:xenial-security";\n
-        };}x
-      )
-    end
-  end
 end
diff --git a/spec/classes/unattended_upgrades_spec.rb b/spec/classes/unattended_upgrades_spec.rb
@@ -64,8 +64,7 @@
             'reboot_time'          => '03:00'
           },
           verbose: 1,
-          legacy_origin: true,
-          origins: %w[bananas],
+          origins: %w[codename=bananas],
           blacklist: %w[foo bar],
           whitelist: %w[foo bar],
           minimal_steps: false,
@@ -119,7 +118,7 @@
           owner: 'root',
           group: 'root'
         ).with_content(
-          /Unattended-Upgrade::Allowed-Origins {\n\t"bananas";\n};/
+          /Unattended-Upgrade::Origins-Pattern {\n\t"codename=bananas";\n};/
         ).with_content(
           /Unattended-Upgrade::Package-Blacklist {\n\t"foo";\n\t"bar";\n};/
         ).with_content(
@@ -234,15 +233,6 @@
 
         it { is_expected.to compile.and_raise_error(/got String/) }
       end
-      context 'bad legacy_origin' do
-        let :params do
-          {
-            legacy_origin: 'foo'
-          }
-        end
-
-        it { is_expected.to compile.and_raise_error(/got String/) }
-      end
       context 'bad minimal_steps' do
         let :params do
           {

diff --git a/templates/unattended-upgrades.erb b/templates/unattended-upgrades.erb
@@ -3,11 +3,7 @@
 // Note that in Ubuntu security updates may pull in new dependencies
 // from non-security sources (e.g. chromium). By allowing the release
 // pocket these get automatically pulled in.
-<%- if @legacy_origin -%>
-Unattended-Upgrade::Allowed-Origins {
-<%- else -%>
 Unattended-Upgrade::Origins-Pattern {
-<%- end -%>
 <% @origins.each do |origin| -%>
 	"<%= origin %>";
 <% end -%>

diff --git a/types/origin.pp b/types/origin.pp
@@ -0,0 +1,2 @@
+# @summary Validate that the given input is accepted as an `Unattended-Upgrade::Origin-Pattern`.
+type Unattended_upgrades::Origin = Pattern[/^(origin|codename|label|site|suite|component|archive|[oalcn])=[^,]+(,(origin|codename|label|site|suite|component|archive|[oalcn])=[^,]+)*/]