all lists on lists.proxmox.com
 help / color / mirror / Atom feed
From: Fabian Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [RFC common 2/7] APT: add extended repositories check
Date: Wed, 20 Jan 2021 11:01:38 +0100	[thread overview]
Message-ID: <20210120100143.16268-3-f.ebner@proxmox.com> (raw)
In-Reply-To: <20210120100143.16268-1-f.ebner@proxmox.com>

To detect old/bad suites and see whether the 'enterprise' repository or at least
the 'no-subscription' repository is configured.

Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
---

Suggestions for further checks are welcome.

Note that the distribution names might conflict for external non-Debian repos
that would re-use Debian names, but I think we can safely ignore that.

 src/PVE/APT.pm | 108 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 108 insertions(+)

diff --git a/src/PVE/APT.pm b/src/PVE/APT.pm
index 75d1810..9f29593 100644
--- a/src/PVE/APT.pm
+++ b/src/PVE/APT.pm
@@ -287,4 +287,112 @@ sub list_repositories {
     return $repos;
 }
 
+sub check_repositories {
+    my ($repos, $product) = @_;
+
+    my $enterprise_configured = 0;
+    my $no_subscription_configured = 0;
+
+    my $enterprise_uri = "https://enterprise.proxmox.com/debian/${product}";
+    my $enterprise_component = "${product}-enterprise";
+    my $no_subscription_uri = "http://download.proxmox.com/debian/${product}";
+    my $no_subscription_component = "${product}-no-subscription";
+
+    # TODO update for PVE 7.0
+    my @old_suites = (
+	'lenny',
+	'squeeze',
+	'wheezy',
+	'jessie',
+	'stretch',
+	'oldoldstable',
+	'oldstable',
+    );
+
+    my @new_suites = (
+	'unstable',
+	'sid',
+	'experimental',
+    );
+
+    my $warnings = [];
+
+    my $add_warning = sub {
+	my ($repo, $message) = @_;
+
+	if (defined($repo)) {
+	    push @{$warnings}, {
+		path => $repo->{path},
+		number => $repo->{number},
+		message => $message,
+	    };
+	} else {
+	    push @{$warnings}, { message => $message };
+	}
+    };
+
+    my $match_suite = sub {
+	my ($suite, $list) = @_;
+
+	return grep {
+	    $_ =~ m|^\Q$suite\E$| ||
+	    $_ =~ m|^\Q$suite\E-backports$| ||
+	    $_ =~ m|^\Q$suite\E-backports-sloppy$| ||
+	    $_ =~ m|^\Q$suite\E-updates$| ||
+	    $_ =~ m|^\Q$suite\E/updates$|
+	} @{$list};
+    };
+
+    foreach my $repo (@{$repos}) {
+	my $types = $split_list->($repo->{Types});
+	my $uris = $split_list->($repo->{URIs});
+	my $components = $split_list->($repo->{Components});
+	my $suites = $split_list->($repo->{Suites});
+
+	foreach my $type (@{$types}) {
+	    next if $type ne 'deb';
+
+	    foreach my $old_suite (@old_suites) {
+		$add_warning->($repo, "Old suite '${old_suite}' configured!")
+		    if $match_suite->($old_suite, $suites);
+	    }
+
+	    foreach my $new_suite (@new_suites) {
+		$add_warning->($repo, "Suite '${new_suite}' should not be " .
+		    "used in production!") if $match_suite->($new_suite, $suites);
+	    }
+
+	    $add_warning->($repo, "Use the name of the stable distribuition " .
+		"instead of 'stable'!") if $match_suite->('stable', $suites);
+
+	    next if !$repo->{enabled};
+
+	    foreach my $uri (@{$uris}) {
+		if ($uri =~ m|^\Q$enterprise_uri\E/?|) {
+		    foreach my $component (@{$components}) {
+			$enterprise_configured = 1
+			    if $component eq $enterprise_component;
+		    }
+		}
+		if ($uri =~ m|^\Q$no_subscription_uri\E/?|) {
+		    foreach my $component (@{$components}) {
+			$no_subscription_configured = 1
+			    if $component eq $no_subscription_component;
+		    }
+		}
+	    }
+	}
+    }
+
+    if (!$enterprise_configured && !$no_subscription_configured) {
+	$add_warning->(undef, "You should configure either the 'enterprise' " .
+	    "or 'no-subscription' repository!");
+    } elsif (!$enterprise_configured && $no_subscription_configured) {
+	$add_warning->(undef, "The 'no-subscription' repository is not " .
+	    "recommended for production use!");
+    }
+
+    return $warnings;
+}
+
 1;
-- 
2.20.1





  parent reply	other threads:[~2021-01-20 10:02 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-20 10:01 [pve-devel] [RFC] APT repositories API/UI Fabian Ebner
2021-01-20 10:01 ` [pve-devel] [RFC common 1/7] add module for APT Fabian Ebner
2021-01-20 10:01 ` Fabian Ebner [this message]
2021-01-20 10:01 ` [pve-devel] [RFC manager 3/7] api: APT: add call to list repositories Fabian Ebner
2021-01-20 10:01 ` [pve-devel] [RFC widget-toolkit 4/7] add UI for APT repositories Fabian Ebner
2021-01-20 10:01 ` [pve-devel] [RFC manager 5/7] ui: add panel for listing " Fabian Ebner
2021-01-20 10:01 ` [pve-devel] [RFC manager 6/7] api: APT: add call for repository check Fabian Ebner
2021-01-20 10:01 ` [pve-devel] [RFC widget-toolkit 7/7] APT repositories: show list of warnings Fabian Ebner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210120100143.16268-3-f.ebner@proxmox.com \
    --to=f.ebner@proxmox.com \
    --cc=pve-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal