[pve-devel] [RFC common 2/7] APT: add extended repositories check

Wed Jan 20 11:01:38 CET 2021

To detect old/bad suites and see whether the 'enterprise' repository or at least
the 'no-subscription' repository is configured.

Signed-off-by: Fabian Ebner <f.ebner at proxmox.com>
---

Suggestions for further checks are welcome.

Note that the distribution names might conflict for external non-Debian repos
that would re-use Debian names, but I think we can safely ignore that.

 src/PVE/APT.pm | 108 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 108 insertions(+)

diff --git a/src/PVE/APT.pm b/src/PVE/APT.pm
index 75d1810..9f29593 100644
--- a/src/PVE/APT.pm
+++ b/src/PVE/APT.pm
@@ -287,4 +287,112 @@ sub list_repositories {
     return $repos;
 }
 
+sub check_repositories {
+    my ($repos, $product) = @_;
+
+    my $enterprise_configured = 0;
+    my $no_subscription_configured = 0;
+
+    my $enterprise_uri = "https://enterprise.proxmox.com/debian/${product}";
+    my $enterprise_component = "${product}-enterprise";
+    my $no_subscription_uri = "http://download.proxmox.com/debian/${product}";
+    my $no_subscription_component = "${product}-no-subscription";
+
+    # TODO update for PVE 7.0
+    my @old_suites = (
+	'lenny',
+	'squeeze',
+	'wheezy',
+	'jessie',
+	'stretch',
+	'oldoldstable',
+	'oldstable',
+    );
+
+    my @new_suites = (
+	'unstable',
+	'sid',
+	'experimental',
+    );
+
+    my $warnings = [];
+
+    my $add_warning = sub {
+	my ($repo, $message) = @_;
+
+	if (defined($repo)) {
+	    push @{$warnings}, {
+		path => $repo->{path},
+		number => $repo->{number},
+		message => $message,
+	    };
+	} else {
+	    push @{$warnings}, { message => $message };
+	}
+    };
+
+    my $match_suite = sub {
+	my ($suite, $list) = @_;
+
+	return grep {
+	    $_ =~ m|^\Q$suite\E$| ||
+	    $_ =~ m|^\Q$suite\E-backports$| ||
+	    $_ =~ m|^\Q$suite\E-backports-sloppy$| ||
+	    $_ =~ m|^\Q$suite\E-updates$| ||
+	    $_ =~ m|^\Q$suite\E/updates$|
+	} @{$list};
+    };
+
+    foreach my $repo (@{$repos}) {
+	my $types = $split_list->($repo->{Types});
+	my $uris = $split_list->($repo->{URIs});
+	my $components = $split_list->($repo->{Components});
+	my $suites = $split_list->($repo->{Suites});
+
+	foreach my $type (@{$types}) {
+	    next if $type ne 'deb';
+
+	    foreach my $old_suite (@old_suites) {
+		$add_warning->($repo, "Old suite '${old_suite}' configured!")
+		    if $match_suite->($old_suite, $suites);
+	    }
+
+	    foreach my $new_suite (@new_suites) {
+		$add_warning->($repo, "Suite '${new_suite}' should not be " .
+		    "used in production!") if $match_suite->($new_suite, $suites);
+	    }
+
+	    $add_warning->($repo, "Use the name of the stable distribuition " .
+		"instead of 'stable'!") if $match_suite->('stable', $suites);
+
+	    next if !$repo->{enabled};
+
+	    foreach my $uri (@{$uris}) {
+		if ($uri =~ m|^\Q$enterprise_uri\E/?|) {
+		    foreach my $component (@{$components}) {
+			$enterprise_configured = 1
+			    if $component eq $enterprise_component;
+		    }
+		}
+		if ($uri =~ m|^\Q$no_subscription_uri\E/?|) {
+		    foreach my $component (@{$components}) {
+			$no_subscription_configured = 1
+			    if $component eq $no_subscription_component;
+		    }
+		}
+	    }
+	}
+    }
+
+    if (!$enterprise_configured && !$no_subscription_configured) {
+	$add_warning->(undef, "You should configure either the 'enterprise' " .
+	    "or 'no-subscription' repository!");
+    } elsif (!$enterprise_configured && $no_subscription_configured) {
+	$add_warning->(undef, "The 'no-subscription' repository is not " .
+	    "recommended for production use!");
+    }
+
+    return $warnings;
+}
+
 1;
-- 
2.20.1




