[pve-devel] [RFC common 2/7] APT: add extended repositories check
Fabian Ebner
f.ebner at proxmox.com
Wed Jan 20 11:01:38 CET 2021
To detect old/bad suites and see whether the 'enterprise' repository or at least
the 'no-subscription' repository is configured.
Signed-off-by: Fabian Ebner <f.ebner at proxmox.com>
---
Suggestions for further checks are welcome.
Note that the distribution names might conflict for external non-Debian repos
that would re-use Debian names, but I think we can safely ignore that.
src/PVE/APT.pm | 108 +++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 108 insertions(+)
diff --git a/src/PVE/APT.pm b/src/PVE/APT.pm
index 75d1810..9f29593 100644
--- a/src/PVE/APT.pm
+++ b/src/PVE/APT.pm
@@ -287,4 +287,112 @@ sub list_repositories {
return $repos;
}
+sub check_repositories {
+ my ($repos, $product) = @_;
+
+ my $enterprise_configured = 0;
+ my $no_subscription_configured = 0;
+
+ my $enterprise_uri = "https://enterprise.proxmox.com/debian/${product}";
+ my $enterprise_component = "${product}-enterprise";
+ my $no_subscription_uri = "http://download.proxmox.com/debian/${product}";
+ my $no_subscription_component = "${product}-no-subscription";
+
+ # TODO update for PVE 7.0
+ my @old_suites = (
+ 'lenny',
+ 'squeeze',
+ 'wheezy',
+ 'jessie',
+ 'stretch',
+ 'oldoldstable',
+ 'oldstable',
+ );
+
+ my @new_suites = (
+ 'unstable',
+ 'sid',
+ 'experimental',
+ );
+
+ my $warnings = [];
+
+ my $add_warning = sub {
+ my ($repo, $message) = @_;
+
+ if (defined($repo)) {
+ push @{$warnings}, {
+ path => $repo->{path},
+ number => $repo->{number},
+ message => $message,
+ };
+ } else {
+ push @{$warnings}, { message => $message };
+ }
+ };
+
+ my $match_suite = sub {
+ my ($suite, $list) = @_;
+
+ return grep {
+ $_ =~ m|^\Q$suite\E$| ||
+ $_ =~ m|^\Q$suite\E-backports$| ||
+ $_ =~ m|^\Q$suite\E-backports-sloppy$| ||
+ $_ =~ m|^\Q$suite\E-updates$| ||
+ $_ =~ m|^\Q$suite\E/updates$|
+ } @{$list};
+ };
+
+ foreach my $repo (@{$repos}) {
+ my $types = $split_list->($repo->{Types});
+ my $uris = $split_list->($repo->{URIs});
+ my $components = $split_list->($repo->{Components});
+ my $suites = $split_list->($repo->{Suites});
+
+ foreach my $type (@{$types}) {
+ next if $type ne 'deb';
+
+ foreach my $old_suite (@old_suites) {
+ $add_warning->($repo, "Old suite '${old_suite}' configured!")
+ if $match_suite->($old_suite, $suites);
+ }
+
+ foreach my $new_suite (@new_suites) {
+ $add_warning->($repo, "Suite '${new_suite}' should not be " .
+ "used in production!") if $match_suite->($new_suite, $suites);
+ }
+
+ $add_warning->($repo, "Use the name of the stable distribuition " .
+ "instead of 'stable'!") if $match_suite->('stable', $suites);
+
+ next if !$repo->{enabled};
+
+ foreach my $uri (@{$uris}) {
+ if ($uri =~ m|^\Q$enterprise_uri\E/?|) {
+ foreach my $component (@{$components}) {
+ $enterprise_configured = 1
+ if $component eq $enterprise_component;
+ }
+ }
+ if ($uri =~ m|^\Q$no_subscription_uri\E/?|) {
+ foreach my $component (@{$components}) {
+ $no_subscription_configured = 1
+ if $component eq $no_subscription_component;
+ }
+ }
+ }
+ }
+ }
+
+ if (!$enterprise_configured && !$no_subscription_configured) {
+ $add_warning->(undef, "You should configure either the 'enterprise' " .
+ "or 'no-subscription' repository!");
+ } elsif (!$enterprise_configured && $no_subscription_configured) {
+ $add_warning->(undef, "The 'no-subscription' repository is not " .
+ "recommended for production use!");
+ }
+
+ return $warnings;
+}
+
1;
--
2.20.1
More information about the pve-devel
mailing list