Merge remote-tracking branch 'shared/master'

author: kwadronaut <kwadronaut@puscii.nl> 2018-09-26 17:36:20 +0200
committer: kwadronaut <kwadronaut@puscii.nl> 2018-09-26 17:36:20 +0200
commit: 118bfb9ba8fc819b99861992c93f665792f94874 (patch)
tree: 29c83b322850e36d739d9ef3491049fedfba2dc7
parent: 3bed48fba6ae35813b8c4413887aba5262c43689 (diff)
parent: 145b5238258827702ad3ac4a0a9713981209e1bc (diff)
11 files changed, 413 insertions, 133 deletions
diff --git a/UPGRADING.md b/UPGRADING.md
new file mode 100644
index 0000000..e6ed719
--- /dev/null
+++ b/UPGRADING.md
@@ -0,0 +1,261 @@
+# Introduction
+
+This aims to document the replacement of the shared apt module by the [puppetlabs](https://github.com/puppetlabs/puppetlabs-apt) one.
+
+I've tried to look at all the classes supported by our shared module.
+
+## Some thoughts on moving to the puppetlabs module
+
+Whereas the shared module tried to be a coherent mass of code doing all the apt-related things we needed to do, the puppetlabs module takes a more modular approach. This means some of the features we had are not present and will never be added, since "they are not part of the main apt core functionalities"...
+
+This means we'll have to start using multiple modules as "plugins" to the main puppetlabs apt module.
+
+# Minor deprecations & warnings
+
+## lsb
+One has to make sure `lsb-release` package is installed. Our shared apt module used to have a dependency on our `lsb` module that did that, but we deprecated that module.
+
+## `apt_updated` deprecation
+The puppetlabs module uses the `apt_update` exec, whereas the shared module uses `apt_updated`. If you where calling this exec in other modules, you'll need to update this for the new exec name.
+
+## stdlib
+
+Make sure your version of stdlib is recent. Mine wasn't and the apt module was failing on the pin functions because the `length` function was missing.
+
+## Partial management of the config files by default
+By default, the puppetlabs apt module only partially manages the apt configuration and will not purge configuration added by hand. This differs from the shared module behavior, where those modifications would get overwritten by our templates.
+
+To keep the old behavior, pass:
+
+    class { 'apt':
+      purge => {
+        sources.list   => true,
+        sources.list.d => true,
+        preferences    => true,
+        preferences.d  => true,
+      },
+    }
+
+## apt sources
+
+By default, the puppetlabs module won't create any sources. To replicate the shared module template, use this:
+
+    apt::source {
+      $::lsbdistcodename:
+        location => 'http://deb.debian.org/debian',
+        repos    => 'main contrib non-free';
+
+      "${::lsbdistcodename}-security":
+        location => 'http://security.debian.org/debian-security',
+        repos    => 'main contrib non-free',
+        release  => "${::lsbdistcodename}/updates";
+
+      'testing':
+        location => 'http://deb.debian.org/debian',
+        repos    => 'main contrib non-free',
+        release  => "testing";
+    }
+    apt::pin {
+      "${::lsbdistcodename}":
+        priority => 990;
+      'testing':
+        priority => 2;
+    }
+
+
+Sadly I can't find a way to iter the next codename from the facts :(. You can either use testing instead of "the next release" or specify it manually.
+
+## backports
+
+The module provides a class specifically for deploying the backports repository and pin.
+
+    class { 'apt::backports':
+      pin      => 200,
+      location => 'http://deb.debian.org/debian',
+    }
+
+# Classes comparison
+
+## apticron
+
+Apticron is not supported by the puppetlabs module either, but [this slightly out of date](https://github.com/dhoppe/puppet-apticron) module from the Forge (the most popular one), although it doesn't state support for Debian 9 and could profit from a little love.
+
+## dist_upgrade
+
+The behavior of the three `dist_upgrade` classes (`apt::cron::dist_upgrade`, `apt::dist_upgrade` and `apt::dist_upgrade::initiator`) are not supported by the puppetlabs module.
+
+Maybe consider moving to a workflow using `unattended-upgrades`?
+
+## dselect
+
+`dselect` is not supported and nothing seems to do what the shared module feature did.
+
+## apt-listchanges
+
+I ported and upgraded our modules `apt::listchanges` code to a
+[separate module](https://gitlab.com/baldurmen/puppet-apt_listchanges).
+
+It basically does the same thing, but in a more modern style. Check the
+parameters list as types are now defined.
+
+## proxy
+
+Here is how you would configure an apt proxy:
+
+    class { 'apt':
+      proxy => {
+        host  => 'hostname',
+        port  => '8080',
+        https => true,
+       ensure => file,
+      },
+    }
+
+## reboot required
+
+The puppetlabs notice will not manage `reboot-required` like the shared one did, but it creates a fact named `apt_reboot_required` that could be used by some external monitoring system.
+
+Since it only looks at `/var/run/reboot-required`, it might be a better idea to use something like a combination of the `needrestart` package and an external monitoring system.
+
+The [needrestart](https://github.com/hetznerZA/hetzner-needrestart) module seems to work well.
+
+## unattended-upgrades
+
+The puppetlabs modules does not support `unattended-upgrades` natively anymore [it used to](https://tickets.puppetlabs.com/browse/MODULES-4943).
+
+The recommended way to setup this feature is to use the compatible [voxpopuli/unattended-upgrades](https://github.com/voxpupuli/puppet-unattended_upgrades) module.
+
+The default configuration is quite sane, but you might want to set up automatic upgrades for the stable release too (and not just stable security):
+
+    class { 'unattended_upgrades':
+      origins   => [ 'origin=Debian,archive=stable',
+                     'origin=Debian,archive=stable,label=Debian-Security' ]
+    }
+
+# Defines comparison
+
+## apt confs
+
+You can using the `apt::conf` define:
+
+    class { 'apt::conf':
+      'whatever_config':
+        ensure        => present,
+        content       => 'foo bar the config you want to see',
+        priority      => '20',
+        notify_update => true,
+    }
+
+The content part can get quite long, so I would recommend using [heredocs](https://puppet.com/docs/puppet/4.8/lang_data_string.html#heredocs).
+
+## preferences_snippet
+
+The way to pin a package is now [much more fleshed out](https://github.com/puppetlabs/puppetlabs-apt#defined-type-aptpin) and looks like:
+
+    apt::pin { 'certbot':
+      codename => 'buster',
+      packages => [ 'python3-certbot', 'python3-certbot-apache' ],
+    }
+
+Be aware, as by default if you don't specify a list of packages, this define pins all packages.
+
+## apt_packages (preseed)
+
+As far as I can see, there is nothing in the puppetlabs module that lets you preseed packages.
+
+## GPG key management
+
+The shared module simply used to push a `.gpg` file to `/etc/apt/trusted.gpg.d` to manage GPG keys.
+
+The puppetlabs module is a bit more sophisticated and lets you either import a key from a source (path, ftp, https, etc.) or fetches keys from a keyserver. 
+
+    apt::key { 'my_local_key':
+      id      => '13C904F0CE085E7C36307985DECF849AA6357FB7',
+      source  => "puppet://files/gpg/13C904F0CE085E7C36307985DECF849AA6357FB7.gpg",
+    }
+
+    apt::key { 'puppetlabs':
+      id      => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
+      server  => 'pgp.mit.edu',
+      options => 'http-proxy="http://proxyuser:proxypass@example.org:3128"',
+    }
+
+The heavy lifting is done by [these](https://github.com/puppetlabs/puppetlabs-apt/blob/dc3ead0ed5f4d735869565660c982983d379a519/lib/puppet/type/apt_key.rb) [two](https://github.com/puppetlabs/puppetlabs-apt/blob/dc3ead0ed5f4d735869565660c982983d379a519/lib/puppet/provider/apt_key/apt_key.rb) Ruby files.
+
+## upgrade_package
+
+This can be done by using `apt::pin` and specifying a version:
+
+    apt::pin { 'perl':
+      packages => 'perl',
+      version  => '5.26.1-4',
+    }
+
+## dpkg_statoverride
+
+Is there a reason you are using this instead of using `file`?
+
+## Facts
+
+There are a bunch of new and [interesting facts](https://github.com/puppetlabs/puppetlabs-apt#facts).
+
+# Contributing to the puppetlabs module
+
+[Submitting a patch seems to be feasible](https://docs.puppet.com/forge/contributing.html), but is also a lot more work than just creating a pull request.
+
+# Hiera
+
+Here's some sane Hiera config I'm using. You'll need to specify a `create_ressources` statement somewhere since `apt::pin` is a define:
+
+```
+$aptpins = hiera('apt::pin', {})                                                                                                                            
+create_resources(apt::pin, $aptpins)
+```
+
+```
+classes:
+  - apt
+  - needrestart
+  - unattended_upgrades
+
+apt::purge:
+  'sources.list': true
+  'sources.list.d': true
+  'preferences': true
+  'preferences.d': true
+
+apt::sources:
+  "%{facts.lsbdistcodename}":
+    comment: 'Stable'
+    location: 'http://deb.debian.org/debian/'
+    repos: 'main contrib non-free'
+  "%{facts.lsbdistcodename}-security":
+    comment: 'Stable security'
+    location: 'http://security.debian.org/debian-security'
+    repos: 'main contrib non-free'
+    release: "%{facts.lsbdistcodename}/updates"
+  "%{facts.lsbdistcodename}-backports":
+    comment: 'Backports'
+    location: 'http://deb.debian.org/debian/'
+    repos: 'main contrib non-free'
+    release: "%{facts.lsbdistcodename}-backports"
+  'testing':
+    comment: 'Testing'
+    location: 'http://deb.debian.org/debian/'
+    repos: 'main contrib non-free'
+    release: 'testing'
+    
+apt::pin:
+  "%{facts.lsbdistcodename}":
+    priority: 990
+  "%{facts.lsbdistcodename}-backports":
+    priority: 200
+  'testing':
+    priority: 2
+
+needrestart::action: automatic
+
+unattended_upgrades::origins:
+  - origin=Debian,archive=stable
+  - origin=Debian,archive=stable,label=Debian-Security
+```
diff --git a/templates/Debian/fallback.erb b/files/Debian/preferences_fallback
index 1c75e83..1c75e83 100644
--- a/templates/Debian/fallback.erb
+++ b/files/Debian/preferences_fallback
diff --git a/manifests/params.pp b/manifests/params.pp
index 3879c81..b67a85a 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -6,7 +6,7 @@ class apt::params () {
   $use_next_release   = false
   $manage_preferences = true
   $custom_preferences = undef
-  $debian_url         = 'http://httpredir.debian.org/debian/'
+  $debian_url         = 'http://deb.debian.org/debian/'
   $security_url       = 'http://security.debian.org/'
   $ubuntu_url         = 'http://archive.ubuntu.com/ubuntu'
   $lts_url            = $debian_url
diff --git a/manifests/preferences.pp b/manifests/preferences.pp
index ce28d37..0ec77cf 100644
--- a/manifests/preferences.pp
+++ b/manifests/preferences.pp
@@ -1,110 +1,135 @@
+# Configure basic pins for debian/Ubuntu codenames
+#
+# This all ensures that apt behaves as expected with regards to packages when
+# we have more sources than just the one for the current codenamed release.
+#
+# This class should not be included directly. It is automatically called in by
+# the 'apt' class. Thus you should use the apt class instead.
+#
 class apt::preferences {
 
   file { '/etc/apt/preferences':
-      ensure => absent;
+    ensure => absent,
+  }
+  # Remove the file that we were previously deploying. It's now been renamed to
+  # current_codename
+  file { '/etc/apt/preferences.d/stable':
+    ensure => absent,
   }
 
   if ($apt::manage_preferences == true) and ($apt::custom_preferences != undef) {
-
-    file {
-      '/etc/apt/preferences.d/custom':
-        ensure  => present,
-        alias   => 'apt_config',
-        content => template($apt::custom_preferences),
-        require => File['/etc/apt/sources.list'],
-        owner   => root, group => 0, mode => '0644';
-
-      '/etc/apt/preferences.d/stable':
-        ensure => absent;
-
-      '/etc/apt/preferences.d/volatile':
-        ensure => absent;
-
-      '/etc/apt/preferences.d/lts':
-        ensure => absent;
-
-      '/etc/apt/preferences.d/nextcodename':
-        ensure => absent;
+    file { '/etc/apt/preferences.d/custom':
+      ensure  => present,
+      alias   => 'apt_config',
+      content => template($apt::custom_preferences),
+      owner   => 'root',
+      group   => 0,
+      mode    => '0644',
+      require => File['/etc/apt/sources.list'],
+    }
+    file { '/etc/apt/preferences.d/current_codename':
+      ensure => absent,
+    }
+    file { '/etc/apt/preferences.d/volatile':
+      ensure => absent,
+    }
+    file { '/etc/apt/preferences.d/lts':
+      ensure => absent,
+    }
+    file { '/etc/apt/preferences.d/nextcodename':
+      ensure => absent,
     }
   }
-
   elsif $apt::manage_preferences == true {
 
-    if $::operatingsystem == "Debian" {
-
-      file {
-        '/etc/apt/preferences.d/stable':
-          ensure  => present,
-          alias   => 'apt_config',
-          content => template('apt/Debian/stable.erb'),
-          require => File['/etc/apt/sources.list'],
-          owner   => root, group => 0, mode => '0644';
-
-        '/etc/apt/preferences.d/custom':
-          ensure => absent;
+    if $::operatingsystem == 'Debian' {
+      file { '/etc/apt/preferences.d/current_codename':
+        ensure  => present,
+        alias   => 'apt_config',
+        content => template('apt/Debian/current_codename.erb'),
+        owner   => 'root',
+        group   => 0,
+        mode    => '0644',
+        require => File['/etc/apt/sources.list'],
+      }
+      # Cleanup for cases where users might switch from using
+      # custom_preferences to not using it anymore.
+      file { '/etc/apt/preferences.d/custom':
+        ensure => absent,
+      }
+      # This file ensures that all debian packages that don't have a
+      # preference file shouldn't be considered for auto-install or upgrade at
+      # all.
+      file { '/etc/apt/preferences.d/debian_fallback':
+        ensure  => present,
+        source  => 'puppet:///modules/apt/Debian/preferences_fallback',
+        owner   => 'root',
+        group   => 0,
+        mode    => '0644',
+        require => File['/etc/apt/sources.list'],
       }
 
       if $apt::use_volatile {
-
         file { '/etc/apt/preferences.d/volatile':
           ensure  => present,
           content => template('apt/Debian/volatile.erb'),
+          owner   => 'root',
+          group   => 0,
+          mode    => '0644',
           require => File['/etc/apt/sources.list'],
-          owner   => root, group => 0, mode => '0644';
         }
       }
 
       if $apt::use_lts {
-
         file { '/etc/apt/preferences.d/lts':
           ensure  => present,
           content => template('apt/Debian/lts.erb'),
+          owner   => 'root',
+          group   => 0,
+          mode    => '0644',
           require => File['/etc/apt/sources.list'],
-          owner   => root, group => 0, mode => '0644';
         }
       }
 
-      if ($::debian_nextcodename) and ($::debian_nextcodename != "experimental") {
-
+      if ($::debian_nextcodename) and ($::debian_nextcodename != 'experimental') {
         file { '/etc/apt/preferences.d/nextcodename':
           ensure  => present,
           content => template('apt/Debian/nextcodename.erb'),
+          owner   => 'root',
+          group   => 0,
+          mode    => '0644',
           require => File['/etc/apt/sources.list'],
-          owner   => root, group => 0, mode => '0644';
         }
       }
     }
-
-    elsif $::operatingsystem == "Ubuntu" {
-
+    elsif $::operatingsystem == 'Ubuntu' {
       file { '/etc/apt/preferences':
-       ensure  => present,
-       alias   => 'apt_config',
-       # only update together
-       content => template("apt/Ubuntu/preferences_${apt::codename}.erb"),
-       require => File['/etc/apt/sources.list'],
-       owner   => root, group => 0, mode => '0644';
+        ensure  => present,
+        alias   => 'apt_config',
+        # only update together
+        content => template("apt/Ubuntu/preferences_${apt::codename}.erb"),
+        owner   => 'root',
+        group   => 0,
+        mode    => '0644',
+        require => File['/etc/apt/sources.list'],
       }
     }
   }
-
   elsif $apt::manage_preferences == false {
-
-    file {
-      '/etc/apt/preferences.d/custom':
-        ensure => absent;
-
-      '/etc/apt/preferences.d/stable':
-        ensure => absent;
-
-      '/etc/apt/preferences.d/volatile':
-        ensure => absent;
-
-      '/etc/apt/preferences.d/lts':
-        ensure => absent;
-
-      '/etc/apt/preferences.d/nextcodename':
-        ensure => absent;
+    file { '/etc/apt/preferences.d/custom':
+      ensure => absent,
+    }
+    file { '/etc/apt/preferences.d/current_codename':
+        ensure => absent,
+    }
+    file { '/etc/apt/preferences.d/volatile':
+        ensure => absent,
+    }
+    file { '/etc/apt/preferences.d/lts':
+        ensure => absent,
+    }
+    file { '/etc/apt/preferences.d/nextcodename':
+        ensure => absent,
     }
   }
 }
diff --git a/manifests/reboot_required_notify.pp b/manifests/reboot_required_notify.pp
index 3463bb4..a538c9a 100644
--- a/manifests/reboot_required_notify.pp
+++ b/manifests/reboot_required_notify.pp
@@ -1,6 +1,6 @@
 class apt::reboot_required_notify {
 
-  if versioncmp($::operatingsystemmajrelease, 8) >= 0 {
+  if versioncmp($::operatingsystemmajrelease, '8') >= 0 {
     class { 'apt::reboot_required_notify::jessie': }
     # Clean up systems that were upgraded from Wheezy or earlier:
     class { 'apt::reboot_required_notify::wheezy': ensure => absent }
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
index 9ba554f..a3f19a0 100644
--- a/spec/classes/init_spec.rb
+++ b/spec/classes/init_spec.rb
@@ -5,14 +5,15 @@ describe 'apt', :type => :class do
     'class { "apt": }'
   end
   let(:facts) { {
-    :lsbdistid => 'Debian',
-    :osfamily => 'Debian',
-    :operatingsystem => 'Debian',
-    :debian_release  => 'jessie',
-    :debian_codename => 'jessie',
-    :lsbdistcodename => 'jessie',
-    :virtual         => 'physical',
-    :puppetversion   => Puppet.version, } }
+    :lsbdistid           => 'Debian',
+    :osfamily            => 'Debian',
+    :operatingsystem     => 'Debian',
+    :debian_release      => 'jessie',
+    :debian_codename     => 'jessie',
+    :lsbdistcodename     => 'jessie',
+    :debian_nextcodename => 'stretch',
+    :virtual             => 'physical',
+    :puppetversion       => Puppet.version, } }
   #it { is_expected.to compile.with_all_deps }
   it { is_expected.to compile }
 end
diff --git a/spec/defines/conf_spec.rb b/spec/defines/conf_spec.rb
index cc4fb1f..167b249 100644
--- a/spec/defines/conf_spec.rb
+++ b/spec/defines/conf_spec.rb
@@ -4,14 +4,15 @@ describe 'apt::apt_conf', :type => :define do
     'class { "apt": }'
   end
   let(:facts) { {
-    :lsbdistid => 'Debian',
-    :osfamily => 'Debian',
-    :operatingsystem => 'Debian',
-    :debian_release  => 'jessie',
-    :debian_codename => 'jessie',
-    :lsbdistcodename => 'jessie',
-    :virtual         => 'physical',
-    :puppetversion   => Puppet.version, } }
+    :lsbdistid           => 'Debian',
+    :osfamily            => 'Debian',
+    :operatingsystem     => 'Debian',
+    :debian_release      => 'jessie',
+    :debian_codename     => 'jessie',
+    :lsbdistcodename     => 'jessie',
+    :debian_nextcodename => 'stretch',
+    :virtual             => 'physical',
+    :puppetversion       => Puppet.version, } }
   let :title do
     'norecommends'
   end
diff --git a/spec/defines/preferences_snippet_spec.rb b/spec/defines/preferences_snippet_spec.rb
index 012a5f6..6b1a23f 100644
--- a/spec/defines/preferences_snippet_spec.rb
+++ b/spec/defines/preferences_snippet_spec.rb
@@ -4,14 +4,15 @@ describe 'apt::preferences_snippet', :type => :define do
     'class { "apt": }'
   end
   let(:facts) { {
-    :lsbdistid => 'Debian',
-    :osfamily => 'Debian',
-    :operatingsystem => 'Debian',
-    :debian_release  => 'jessie',
-    :debian_codename => 'jessie',
-    :lsbdistcodename => 'jessie',
-    :virtual         => 'physical',
-    :puppetversion   => Puppet.version, } }
+    :lsbdistid           => 'Debian',
+    :osfamily            => 'Debian',
+    :operatingsystem     => 'Debian',
+    :debian_release      => 'jessie',
+    :debian_codename     => 'jessie',
+    :lsbdistcodename     => 'jessie',
+    :debian_nextcodename => 'stretch',
+    :virtual             => 'physical',
+    :puppetversion       => Puppet.version, } }
   let :title do
     'test'
   end
diff --git a/spec/unit/custom_facts_spec.rb b/spec/unit/custom_facts_spec.rb
index 9a28d92..c24b376 100644
--- a/spec/unit/custom_facts_spec.rb
+++ b/spec/unit/custom_facts_spec.rb
@@ -14,8 +14,8 @@ describe "Facter::Util::Fact" do
         Facter.fact(:lsbdistcodename).stubs(:value).returns("wheezy")
       end
 
-      it "debian_release = oldstable" do
-        expect(Facter.fact(:debian_release).value).to eq('oldstable')
+      it "debian_release = oldoldstable" do
+        expect(Facter.fact(:debian_release).value).to eq('oldoldstable')
       end
 
       it "debian_codename = wheezy" do
@@ -26,8 +26,8 @@ describe "Facter::Util::Fact" do
         expect(Facter.fact(:debian_nextcodename).value).to eq('jessie')
       end
 
-      it "debian_nextrelease = stable" do
-        expect(Facter.fact(:debian_nextrelease).value).to eq('stable')
+      it "debian_nextrelease = oldstable" do
+        expect(Facter.fact(:debian_nextrelease).value).to eq('oldstable')
       end
     end
 
@@ -38,8 +38,8 @@ describe "Facter::Util::Fact" do
         Facter.fact(:lsbdistcodename).stubs(:value).returns("jessie")
       end
 
-      it "debian_release = stable" do
-        expect(Facter.fact(:debian_release).value).to eq('stable')
+      it "debian_release = oldstable" do
+        expect(Facter.fact(:debian_release).value).to eq('oldstable')
       end
 
       it "debian_codename = jessie" do
@@ -50,7 +50,31 @@ describe "Facter::Util::Fact" do
         expect(Facter.fact(:debian_nextcodename).value).to eq('stretch')
       end
 
-      it "debian_nextrelease = testing" do
+      it "debian_nextrelease = stable" do
+        expect(Facter.fact(:debian_nextrelease).value).to eq('stable')
+      end
+    end
+
+    context 'Debian 9' do
+      before do
+        Facter.fact(:operatingsystem).stubs(:value).returns("Debian")
+        Facter.fact(:operatingsystemrelease).stubs(:value).returns("9.0")
+        Facter.fact(:lsbdistcodename).stubs(:value).returns("stretch")
+      end
+
+      it "debian_release = stable" do
+        expect(Facter.fact(:debian_release).value).to eq('stable')
+      end
+
+      it "debian_codename = stretch" do
+        expect(Facter.fact(:debian_codename).value).to eq('stretch')
+      end
+
+      it "debian_nextcodename = stretch" do
+        expect(Facter.fact(:debian_nextcodename).value).to eq('buster')
+      end
+
+      it "debian_nextrelease = stable" do
         expect(Facter.fact(:debian_nextrelease).value).to eq('testing')
       end
     end
diff --git a/templates/Debian/stable.erb b/templates/Debian/current_codename.erb
index be05e51..be05e51 100644
--- a/templates/Debian/stable.erb
+++ b/templates/Debian/current_codename.erb
diff --git a/templates/Debian/preferences.erb b/templates/Debian/preferences.erb
deleted file mode 100644
index 37cf80d..0000000
--- a/templates/Debian/preferences.erb
+++ /dev/null
@@ -1,33 +0,0 @@
-# This file is managed by puppet
-# all local modifications will be overwritten
-
-Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %>
-Package: *
-Pin: release o=Debian,n=<%= codename %>
-Pin-Priority: 990
-
-<% if use_volatile=scope.lookupvar('apt::use_volatile') -%>
-Explanation: Debian <%= codename %>-updates
-Package: *
-Pin: release o=Debian,n=<%= codename %>-updates
-Pin-Priority: 990
-<%- end -%>
-
-<% if (use_lts=scope.lookupvar('apt::use_lts')) && (scope.lookupvar('::debian_lts') == "true") -%>
-Explanation: Debian <%= codename %>-lts
-Package: *
-Pin: release o=Debian,n=<%= codename %>-lts
-Pin-Priority: 990
-<%- end -%>
-
-<% if (next_codename=scope.lookupvar('::debian_nextcodename')) && (next_codename != "experimental") -%>
-Explanation: Debian <%= next_codename %>
-Package: *
-Pin: release o=Debian,n=<%= next_codename %>
-Pin-Priority: 2
-<%- end -%>
-
-Explanation: Debian fallback
-Package: *
-Pin: release o=Debian
-Pin-Priority: -10
author	kwadronaut <kwadronaut@puscii.nl>	2018-09-26 17:36:20 +0200
committer	kwadronaut <kwadronaut@puscii.nl>	2018-09-26 17:36:20 +0200
commit	118bfb9ba8fc819b99861992c93f665792f94874 (patch)
tree	29c83b322850e36d739d9ef3491049fedfba2dc7
parent	3bed48fba6ae35813b8c4413887aba5262c43689 (diff)
parent	145b5238258827702ad3ac4a0a9713981209e1bc (diff)