Allow preseeding extra options for the local sources.list lines

This patch allows a preseed to specify extra options for the sources.list lines. The concrete use case triggering this change was a local requirement to add check-valid-until=false on a local repository: setting the URL of the repo to "[check-valid-until=false] http://…" was a hack that only worked as long as it didn't require a specific key; when a key was specified, the line ended up like "deb [signed-with=…] [check-valid-until=false] https://…", which was invalid. This patch provides a cleaner way to fullfill that need, without the hackish solution.

added 1 commit

• 8e1c803b - Restore previous indentation style

Compare with previous version

added 1 commit

• fb6738e2 - Allow preseeding extra options for the local sources.list lines

Compare with previous version

added 13 commits

• fb6738e2...14cd9b6e - 12 commits from branch installer-team:master
• 07f104a2 - Allow preseeding extra options for the local sources.list lines

Compare with previous version

added 1 commit

• 948da128 - Allow preseeding extra options for the local sources.list lines

Compare with previous version

added 8 commits

• 948da128...8e66bab2 - 4 commits from branch installer-team:master
• 91a94e06 - Allow preseeding extra options for the local sources.list lines
• 37023aec - avoid need to remove extra space, by not adding it
• 51c99f44 - avoid double space when $options unset
• cd259bf5 - set $options imediately, avoiding $key_path check

Compare with previous version

added 1 commit

• 7f95f5ce - set $options immediately, avoiding $key_path check

Compare with previous version

added 1 commit

• a6a07ea4 - add coverage test for 60local

Compare with previous version

added 1 commit

• b1f014f2 - add coverage test for 60local

Compare with previous version

added 1 commit

• a2c53d9a - add coverage test for 60local

Compare with previous version

added 7 commits

• 9793d568 - 1 commit from branch installer-team:master
• bdd9fdbd - Allow preseeding extra options for the local sources.list lines
• b7062174 - avoid need to remove extra space, by not adding it
• 1e5004c3 - avoid double space when $options unset
• c6471d0f - set $options immediately, avoiding $key_path check
• 05083e1b - add coverage test for 60local
• 136f75a3 - add some documentation for the tests

Compare with previous version

added 1 commit

• dd8c6651 - add some documentation for the tests

Compare with previous version

added 8 commits

• dd8c6651...ee3660f6 - 4 commits from branch installer-team:master
• 0423a21f - Allow preseeding extra options for the local sources.list lines
• 116025c8 - avoid need to remove extra space, by not adding it
• 464bb40a - avoid double space when $options unset
• 837ccf75 - set $options immediately, avoiding $key_path check

Compare with previous version

@lolando hopefully you like the tweaks I made to your MR.

BTW if you configure your repo. to use debian/salsa-ci.yml as the CI/CD configuration file then it should also run a coverage job (like the installer-team one now does).

You can see that in action here, in my copy of the MR branch:

https://salsa.debian.org/philh/apt-setup/-/pipelines/742101

and if you click through the coverage job to its artifacts, you can get to here:

https://salsa.debian.org/philh/apt-setup/-/jobs/6377188/artifacts/external_file/debian/output/coverage/kcov-merged/index.html

At the time of writing, there's no coverage of the options="$RET" on line 27.

Adding a test to cover this is trivial, but I'd like to leave it in this state to see if we can get it to show which lines have coverage, and which not, in the MR (I'm yet to see this feature of gitlab actually do what's claimed, and this MR seems like a good opportunity).

I suspect that it only works once you manage to also run the coverage test in your repo, so that there are coverage reports for both the source and target branches that the MR deals with.

@philh Thanks for the tweaks indeed, they're very welcome. I'm not familiar with Gitlab CI/CD yet and I haven't been able to set it up in my repository so far. I'll look for docs and see where I end up.

It may be better to have one template per option, to avoid parsing this template value in case we switch to generating deb822-style sources files.

@alpernebbi: Do you mean that we have e.g.: apt-setup/$repo_name/opt-check-valid-until which is set to true or false and then that generates the relevant option setting depending upon whether we generate it as a one-liner or deb822-style?

If so, presumably we'd need to have one for every possible option, which seems like a bit of a maintenance burden.

How about detecting that someone is using deb822 options (which would contain a ':') and if we're still generating one-line config, converting the options.

I'm imagining that one might specify something like:

apt-setup/$repo_name/option="Check-Valid-Until: false\nArchitecture: xyz"

and get something like:

deb [check-valid-until=false arch=xyz] ...

Using \n as a delimiter seems pretty easy to deal with, and ought to work on the kernel command line (one would also want to handle \\ and replace it with \).

We could then differentiate between options that include no colons (:), and are thus in the old style, and those that do.

For those including colons, if we're still producing one-line output we could process such options back into one-line style.

It seems like a good idea to use the deb822 version of the option names, because one can get most of the one-line versions of an option name by lower-casing the deb822 version, and we could have a lookup function for the few that are not (e.g. 'Architecture' -> 'arch').

I'd say it's not worth making it possible to specify an old-style one-line option and have it generate a deb822 config, because people will quickly discover their options are not working and fix them - we could always throw an error if we notice an '=' once we're generating deb822 config.

It seems to me that we could leave writing that code until we're actually generating deb822 config, and at present continue with simply putting whatever's set into the options bit of the one-liner.

We could have a "Sorry not yet implemented" error if a we find that the set option matches ^[^=]+: to tell people that we expect to be able to specify deb822 options at some point.

Hi, sorry I missed this. Indeed, I meant it like you said in the beginning, apt-setup/$repo_name/check-valid-until ideally as a Type: boolean. Then we get everything from debconf and do something like:

echo >/target/etc/sources.list.d/$repo_name.sources <<EOF
Types: deb
URIs: $repo_uri
Architectures: $repo_arch
...
EOF

If so, presumably we'd need to have one for every possible option, which seems like a bit of a maintenance burden.

I think in general, it's better to keep the debconf templates as a simple key-value store with strict typing where possible. That way, we would be offloading most of the parsing and input validation burden to debconf, and would need less complex code in the installer.

Although in this case, I'm not sure how we can set Type: boolean for the dynamically-named template here, so we still might need if [ "$RET" = true ]; then opt=yes; else opt=no; fi kind of things. Regardless, I still think it'd be less of a burden than trying to parse the sources.list options field or deb822 options lines.

(And, I guess we don't need to support all of the options immediately.)

How about detecting that someone is using deb822 options (which would contain a ':') and if we're still generating one-line config, converting the options.

Some of the deb822 options can have multiple values like Architectures: amd64 arm64. Signed-By can be multiline and include an entire PGP key in armored form. Suites can have $(ARCH) in it as a variable. We can inject a new source by putting \n\n\nTypes: deb\nURIs: ...\n as 'options'. There are just too many problems trying to parse deb822 to convert back to sources.list. We can detect them and raise errors, or we can even be sloppy about parsing it. But why, when all that can be avoided instead?

Using \n as a delimiter seems pretty easy to deal with, and ought to work on the kernel command line (one would also want to handle \\ and replace it with \).

It's hard to parse spaces (and escapes) properly in the kernel command line, especially in shell (IFS=? $(echo "$options" | sed -ne "s/^Option:\s*//p")?). This way would require spaces to use these repo options. Debconf might handle that fine and put it into the db, but even then the installer won't be the only thing that needs to handle them. Bootloaders and bootloader-adjacent programs that create bootable images might get it wrong.

It seems like a good idea to use the deb822 version of the option names, because one can get most of the one-line versions of an option name by lower-casing the deb822 version, and we could have a lookup function for the few that are not (e.g. 'Architecture' -> 'arch').

I imagine we wouldn't need a name lookup function either, with simple per-option templates.

I'd say it's not worth making it possible to specify an old-style one-line option and have it generate a deb822 config, because people will quickly discover their options are not working and fix them - we could always throw an error if we notice an '=' once we're generating deb822 config.

It seems to me that we could leave writing that code until we're actually generating deb822 config, and at present continue with simply putting whatever's set into the options bit of the one-liner.

We could have a "Sorry not yet implemented" error if a we find that the set option matches ^[^=]+: to tell people that we expect to be able to specify deb822 options at some point.

If we design the templates to overfit one of the current sources.list (or deb822), we might have to carry the code we use to parse that format forever at the risk of breaking preseed users who would rely on the new templates. People will fix their things if we break it, sure, but they will complain loudly while doing so. Why should we plan now to break this new template later, when we can avoid breaking it altogether?

added 5 commits

• 91162074 - 1 commit from branch installer-team:master
• c8eafa94 - Allow preseeding extra options for the local sources.list lines
• 92f3d7cf - avoid need to remove extra space, by not adding it
• 3db109ff - avoid double space when $options unset
• 6869af5c - set $options immediately, avoiding $key_path check

Compare with previous version

BTW I've worked out what gitlab didn't like about the previous coverage reports, so now one can see red/green highlighting of lines in merges: e.g. philh/apt-setup!1 (diffs) (see line 27 of 60local for an uncovered line marked in red)

added 11 commits

• 6869af5c...84be6ebc - 10 commits from branch installer-team:master
• 3526f27a - Merge branch 'master' into preseed-extra-options

Compare with previous version

added 2 commits

• 9b11d2aa - break if into shorter lines
• 807a132d - add coverage for new 'options' preseed code

Compare with previous version

added 9 commits

• 807a132d...48f4cf2a - 8 commits from branch installer-team:master
• dc1fd5a3 - Merge branch 'master' into preseed-extra-options

Compare with previous version

added 2 commits

• a46ffc4e - 1 commit from branch installer-team:master
• 33414b23 - Merge branch 'master' into preseed-extra-options

Compare with previous version