Note that exim contains tracker-specific configuration

[mirror/dsa-puppet.git] / modules / schroot / files / setup-dchroot

diff --git a/modules/schroot/files/setup-dchroot b/modules/schroot/files/setup-dchroot
index 99f0919..7f372fe 100755 (executable)
--- a/modules/schroot/files/setup-dchroot
+++ b/modules/schroot/files/setup-dchroot
@@ -72,6 +72,20 @@ do_cleanup() {
     done
 }
 
+genname() {
+    local suite="$1"; shift
+    local arch="$1"; shift
+
+    if [ -n "$sbuildnames" ]; then
+        local name="${suite}-${arch}-sbuild"
+    else
+        local name="${suite}_${arch}-dchroot"
+    fi
+
+    echo "$name"
+}
+
+
 genschrootconf() {
     local suite="$1"; shift
     local arch="$1"; shift
@@ -83,11 +97,7 @@ genschrootconf() {
         local suite="${suite}-${extra}"
     fi
 
-    if [ -n "$sbuildnames" ]; then
-        local name="${suite}-${arch}-sbuild"
-    else
-        local name="${suite}_${arch}-dchroot"
-    fi
+    local name="$(genname "$suite" "$arch")"
 
     local fullname="$name"
     case "$arch" in
@@ -174,7 +184,8 @@ arch="$THISARCH"
 if [ -e /etc/schroot/dsa/default-mirror ]; then
     mirror=$(cat /etc/schroot/dsa/default-mirror )
 fi
-mirror="${mirror:-http://ftp.debian.org/debian}"
+mirror="${mirror:-https://deb.debian.org/debian}"
+smirror="https://deb.debian.org/debian-security"
 configonly=""
 force=""
 basedir="/srv/chroot"
@@ -185,7 +196,7 @@ sbuildnames=""
 ubuntu=""
 groupuser="Debian,guest,d-i"
 grouproot=""
-include="apt,fakeroot"
+include="apt,fakeroot,ca-certificates"
 users=""
 usersroot=""
 bare=""
@@ -336,12 +347,28 @@ if ! [ -e "$script" ]; then
     fi
 fi
 
+case "$suite" in
+  stretch|jessie|precise|trusty|xenial)
+    include="$include,apt-transport-https"
+    ;;
+esac
+
+bindir=$(mktemp -d)
+cleanup+=("rm -r $bindir")
+cat > "$bindir/wget" << 'EOF'
+#!/bin/sh
+exec /usr/bin/wget --ca-directory=/etc/ssl/ca-global "$@"
+EOF
+chmod +x "$bindir/wget"
+
 set -x
-debootstrap \
+PATH="$bindir:$PATH" \
+  debootstrap \
     --keyring "$keyring" \
     --include="$include" \
     --variant=buildd \
     --arch="$arch" \
+    --no-merged-usr \
     "$suite_alias" "$rootdir" "$mirror" "$script"
 echo "$tuple" > "$rootdir/etc/debian_chroot"
 echo "force-unsafe-io" > "$rootdir/etc/dpkg/dpkg.cfg.d/force-unsafe-io"
@@ -380,19 +407,24 @@ while true; do
 done
 EOF
 chmod +x "$rootdir/usr/local/sbin/policy-rc.d"
+
+case "$suite" in
+  jessie) # LTS updates
+    echo "deb ${smirror} ${suite}/updates main" >> "$rootdir/etc/apt/sources.list"
+    chroot "$rootdir" apt-get update
+    chroot "$rootdir" apt-get dist-upgrade -y
+    ;;
+esac
+if [ -n "$ubuntu" ]; then
+  echo "deb $mirror ${suite}-updates main" >> "$rootdir/etc/apt/sources.list"
+  echo "deb $mirror ${suite}-security main" >> "$rootdir/etc/apt/sources.list"
+  chroot "$rootdir" apt-get update
+  chroot "$rootdir" apt-get dist-upgrade -y
+fi
+
 [ -z "$bare" ] && [ -z "$ubuntu" ] && chroot "$rootdir" apt-get install -y --no-install-recommends locales-all
 chroot "$rootdir" apt-get install -y --no-install-recommends build-essential
 [ -z "$bare" ] && chroot "$rootdir" apt-get install -y --no-install-recommends zsh less vim fakeroot devscripts gdb
-if [ -n "$buildd" ] ; then
-    case "$suite" in
-      wheezy|jessie|stretch)
-        chroot "$rootdir" apt-get install -y --no-install-recommends apt-transport-https
-        ;;
-      *)
-        # Nothing to do, https support is part of the apt package
-        ;;
-    esac
-fi
 rm -f "$rootdir/etc/apt/sources.list" "$rootdir/etc/apt/sources.list.d/*"
 chroot "$rootdir" apt-get clean
 umount "$rootdir/dev" 2>/dev/null || true