[Lxc-users] [PATCH 1/1] ubuntu template: use -updates and -security
Serge E. Hallyn
serge.hallyn at canonical.com
Mon Nov 14 14:09:43 UTC 2011
Quoting Stéphane Graber (stgraber at ubuntu.com):
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 11/10/2011 04:42 PM, Serge E. Hallyn wrote:
> > Particularly for LTS releases, which many people will want to use
> > in their containers, it is not wise to not use release-security
> > and release-updates. Furthermore the fix allowing ssh to allow the
> > container to shut down is in lucid-updates only.
> >
> > With this patch, after debootstrapping a container, we add -updates
> > and -security to sources.list and do an upgrade under chroot.
> > Unfortunately we need to do this because debootstrap doesn't know
> > how to.
>
> As mentioned on IRC, I think it'd be worth making sure no daemon will
> start when running dist-upgrade.
>
> This is usually done using:
> cat << EOF
> #!/bin/sh
> exit 101
> EOF
> ) > /usr/sbin/policy-rc.d
> chmod +x /usr/sbin/policy-rc.d
>
> Then removing it once the dist-upgrade is done.
Awesome, thanks Stéphane - I had no idea about that. I was afraid
we'd have to do it inside the container itself, meaning we'd have
to slow down every container creation with an update, rather than
just the cache image creation.
I'll update my bzr tree first (probably not this morning or even
today :( ) and send out a new patch against git later this week.
-serge
More information about the lxc-users
mailing list