autopkgtest-cloud

Merge ~hyask/autopkgtest-cloud:skia/private_ppa_noble into autopkgtest-cloud:master

  1. Git
  2. lp:~hyask/autopkgtest-cloud
  3. skia/private_ppa_noble
  4. Merge into master
Proposed by Skia
Status: Merged
Merged at revision: ac0e18876bd6c8db12735c2f5aeb6aff76f74db5
Proposed branch: ~hyask/autopkgtest-cloud:skia/private_ppa_noble
Merge into: autopkgtest-cloud:master
Diff against target: 68 lines (+18/-28)
2 files modified
charms/focal/autopkgtest-cloud-worker/autopkgtest-cloud/worker/worker (+17/-27)
mojo/service-bundle (+1/-1)
Reviewer Review Type Date Requested Status
Paride Legovini Approve
Review via email: mp+464327@code.launchpad.net

Description of the change

Main high level change is to enable the use of private PPAs on Noble.

Lower-level changes are:
  * move away from `apt-key`.
  * get the `release` in a way that is deb822 compatible.
  * remove the `noble`-specific quirk that was added when it became deb822-only.

To post a comment you must log in.
Revision history for this message
Skia (hyask) wrote :

WARNING: this has **not** been tested yet, we are still waiting for a private PPA to be setup for our team.

Revision history for this message
Skia (hyask) wrote :

First round of test showed that we needed to add keyserver.ubuntu.com to `no_proxy`. With that fix, things are working. We just need to validate that it also works with a private PPA.

Revision history for this message
Tim Andersson (andersson123) wrote :

If you haven't seen yet, our private ppa has been set up :)

Revision history for this message
Skia (hyask) wrote :

Tested with our newly created private PPA on both Noble and Trusty.
Command-lines used, for memory:
* ./run-autopkgtest -s noble -a amd64 --trigger hello/2.10-3build1~hellothere1 --ppa hyask:thisismytoken@canonical-ubuntu-qa/private-ppa-testing:074721E255F8AC93F97019410847687141517A9C --swiftuser skia hello
* ./run-autopkgtest -s trusty -a amd64 --trigger hello/2.8-4ubuntu1~hellothere14.04 --ppa hyask:thisismytoken@canonical-ubuntu-qa/private-ppa-testing:074721E255F8AC93F97019410847687141517A9C --swiftuser skia hello

Revision history for this message
Paride Legovini (paride) wrote :

Nice simplification!

I wonder how apt-key was accessing keyserver.ubuntu.com before, without it being in no_proxy. Maybe is uses https by default, and that's allowed in the squid config, while you went for plain http?

Not worth overthinking: skipping the proxy is even better.

review: Approve
Revision history for this message
Skia (hyask) wrote :

I wondered the same, and my wild guess, is that `apt-key` uses `gpg` directly, and `gpg` may simply not support the `http_proxy` variable, thus bypassing it naturally without requiring `no_proxy`.

Thanks for the review!

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/charms/focal/autopkgtest-cloud-worker/autopkgtest-cloud/worker/worker b/charms/focal/autopkgtest-cloud-worker/autopkgtest-cloud/worker/worker
2index 5689302..bfa35e7 100755
3--- a/charms/focal/autopkgtest-cloud-worker/autopkgtest-cloud/worker/worker
4+++ b/charms/focal/autopkgtest-cloud-worker/autopkgtest-cloud/worker/worker
5@@ -912,33 +912,23 @@ def request(msg):
6 )
7 else:
8 ppaprefix = "http://"
9- if release == "noble":
10- # add GPG key
11- argv += [
12- "--setup-commands",
13- "apt-get install -y software-properties-common",
14- ]
15- # add apt source
16- argv += [
17- "--setup-commands",
18- "add-apt-repository --enable-source --yes ppa:%(u)s/%(p)s"
19- % {"u": ppauser, "p": ppaname},
20- ]
21- else:
22- # add GPG key
23- argv += [
24- "--setup-commands",
25- "apt-key adv --keyserver keyserver.ubuntu.com --recv-key "
26- + fingerprint,
27- ]
28- # add apt source
29- argv += [
30- "--setup-commands",
31- 'REL=$(sed -rn "/^(deb|deb-src) .*(ubuntu.com|ftpmaster)/ { s/^[^ ]+ +(\[.*\] *)?[^ ]* +([^ -]+) +.*$/\\2/p; q }" /etc/apt/sources.list); '
32- 'echo "deb %(prefix)sppa.launchpad.net/%(u)s/%(p)s/ubuntu $REL main" > /etc/apt/sources.list.d/autopkgtest-%(u)s-%(p)s.list; '
33- 'echo "deb-src %(prefix)sppa.launchpad.net/%(u)s/%(p)s/ubuntu $REL main" >> /etc/apt/sources.list.d/autopkgtest-%(u)s-%(p)s.list;'
34- % {"prefix": ppaprefix, "u": ppauser, "p": ppaname},
35- ]
36+ # add GPG key
37+ # we need to `gpg --dearmor` because at least trusty doesn't seem to support asc keys and
38+ # OpenPGP HKS protocol doesn't specify a way to directly download unarmored keys
39+ # both wget and gpg are thus required on the testbed, and both are present on the cloud images by default
40+ argv += [
41+ "--setup-commands",
42+ f"wget -O- 'http://keyserver.ubuntu.com/pks/lookup?op=get&options=mr&v=1&search=0x{fingerprint}' | "
43+ f"gpg --dearmor > '/etc/apt/trusted.gpg.d/autopkgtest-{ppauser}-{ppaname}.gpg'",
44+ ]
45+ # add apt source
46+ argv += [
47+ "--setup-commands",
48+ "REL=$(lsb_release -cs); "
49+ 'echo "deb %(prefix)sppa.launchpad.net/%(u)s/%(p)s/ubuntu $REL main" > /etc/apt/sources.list.d/autopkgtest-%(u)s-%(p)s.list; '
50+ 'echo "deb-src %(prefix)sppa.launchpad.net/%(u)s/%(p)s/ubuntu $REL main" >> /etc/apt/sources.list.d/autopkgtest-%(u)s-%(p)s.list;'
51+ % {"prefix": ppaprefix, "u": ppauser, "p": ppaname},
52+ ]
53
54 # put results into separate container, named by the last PPA
55 container += "-%s-%s" % (ppauser, ppaname)
56diff --git a/mojo/service-bundle b/mojo/service-bundle
57index f2da41c..24d2d14 100644
58--- a/mojo/service-bundle
59+++ b/mojo/service-bundle
60@@ -15,7 +15,7 @@
61 {%- if stage_name == "production" or stage_name == "staging" %}
62 {%- set http_proxy = "http://squid.internal:3128" %}
63 {%- set https_proxy = "http://squid.internal:3128" %}
64- {%- set no_proxy = "127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com" %}
65+ {%- set no_proxy = "127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,keyserver.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com" %}
66 {%- endif %}
67
68 description: "autopkgtest-cloud"

Subscribers

People subscribed via source and target branches