Merge pull request #7424 from freedomofpress/stg-fixed-phased

Set a fixed APT::Machine-ID so phased updates are consistent
freedomofpress · Jan 27, 2025 · 3e20ade · 3e20ade
2 parents 2b0454c + 29a0f9a
commit 3e20ade
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/molecule/testinfra/common/test_automatic_updates.py b/molecule/testinfra/common/test_automatic_updates.py
@@ -162,6 +162,13 @@ def test_unattended_upgrades_functional(host):
     assert expected_result in c.stdout
 
 
+def test_fixed_phasing(host):
+    """Verify APT's machine-id is set to a fixed value for consistent phasing"""
+    cmd = host.run("apt-config dump APT::Machine-ID")
+    assert cmd.rc == 0
+    assert cmd.stdout.startswith('APT::Machine-ID "1ebf')
+
+
 @pytest.mark.parametrize(
     "service",
     [

diff --git a/securedrop/debian/config/opt/securedrop/50unattended-upgrades b/securedrop/debian/config/opt/securedrop/50unattended-upgrades
@@ -66,3 +66,7 @@ Dpkg::Options {
     "--force-confdef";
     "--force-confold";
 }
+
+// Set a fixed machine-id to ensure phased updates are consistent across all instances
+// see <https://discourse.ubuntu.com/t/phased-updates-in-apt-in-21-04/20345>.
+APT::Machine-ID "1ebf5f15850c540b3142f1584bdd496d";