Closed aaron97neu closed 3 years ago
@aaron97neu Is it possible to somehow get the versions of everything installed and automatically lock everything? This would give us reproducible build, but make dev easy (lifting the locks, upgrading, testing, recomputing the locks).
@abalmos I don't think so. For example, running the following command to see all available kernels shows that only the most recent is available for install (ref)
$ apt-cache madison linux-headers-armmp
linux-headers-armmp | 5.10.13-1~bpo10+1 | http://deb.debian.org/debian buster-backports/main armhf Packages
linux-headers-armmp | 4.19+105+deb10u9 | http://http.us.debian.org/debian buster/main armhf Packages
linux-headers-armmp | 4.19+105+deb10u9 | http://security.debian.org/debian-security buster/updates/main armhf Packages
linux-latest | 105+deb10u9 | http://http.us.debian.org/debian buster/main Sources
linux-latest | 105+deb10u9 | http://security.debian.org/debian-security buster/updates/main Sources
This implies to me that a certain package version is not guaranteed to be available at any given time after it is released. The kernel could be a special case, but this does mean that I will need to rework the kernel aspect of this PR, especially because the dist-upgrade
task immediately after will also attempt to upgrade the kernel
Doing one final test and will merge
These fixes will allow the kernel version to be locked and installs the backports version of libsecomp2
Locking the kernel can come in handy for units in remote fields where risky upgrades like kernel upgrades are not desired. This addresses #122 at the most basic level, but could be done much more elegantly and with a few more features The kernel version can be specified in the host ansible config file with the following line (or similar):
The libseccomp2 fix solves the issue found here: https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.13.0#time64_requirements
@facastiblancor and I are upgrading some of the lab units. If these are successful and all tests pass, we will merge this PR