Skip to content

Commit

Permalink
Revert "fix: install upgrades for CVM images in pre-install dependenc… (
Browse files Browse the repository at this point in the history 
#4850)

Co-authored-by: anujmaheshwari1 <amaheshwari@microsoft.com>
  • Loading branch information
@anujmaheshwari1
anujmaheshwari1 and anujmaheshwari1 authored Aug 21, 2024
1 parent cdf79dd commit e02ead7
Showing 1 changed file with 15 additions and 7 deletions.
22 changes: 15 additions & 7 deletions vhdbuilder/packer/pre-install-dependencies.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,14 +99,22 @@ else
# Run apt get update to refresh repo list
# Run apt dist get upgrade to install packages/kernels

# Canonical snapshot is only implemented for 20.04 LTS, 22.04 LTS and 23.10 and above
# For 20.04, the only SKUs we support are FIPS, and it reaches out to ESM to get the packages, ESM does not have canonical snapshot support
# Therefore keeping this to 22.04 only for now
if [[ -n "${VHD_BUILD_TIMESTAMP}" && "${OS_VERSION}" == "22.04" ]]; then
sed -i "s#http://azure.archive.ubuntu.com/ubuntu/#https://snapshot.ubuntu.com/ubuntu/${VHD_BUILD_TIMESTAMP}#g" /etc/apt/sources.list
# CVM breaks on kernel image updates due to nullboot package post-install.
# it relies on boot measurements from real tpm hardware.
# building on a real CVM would solve this, but packer doesn't support it.
# we could make upstream changes but that takes time, and we are broken now.
# so we just hold the kernel image packages for now on CVM.
# this still allows us base image and package updates on a weekly cadence.
if [[ "$IMG_SKU" != "20_04-lts-cvm" ]]; then
# Canonical snapshot is only implemented for 20.04 LTS, 22.04 LTS and 23.10 and above
# For 20.04, the only SKUs we support are FIPS, and it reaches out to ESM to get the packages, ESM does not have canonical snapshot support
# Therefore keeping this to 22.04 only for now
if [[ -n "${VHD_BUILD_TIMESTAMP}" && "${OS_VERSION}" == "22.04" ]]; then
sed -i "s#http://azure.archive.ubuntu.com/ubuntu/#https://snapshot.ubuntu.com/ubuntu/${VHD_BUILD_TIMESTAMP}#g" /etc/apt/sources.list
fi
apt_get_update || exit $ERR_APT_UPDATE_TIMEOUT
apt_get_dist_upgrade || exit $ERR_APT_DIST_UPGRADE_TIMEOUT
fi
apt_get_update || exit $ERR_APT_UPDATE_TIMEOUT
apt_get_dist_upgrade || exit $ERR_APT_DIST_UPGRADE_TIMEOUT

if [[ "${ENABLE_FIPS,,}" == "true" ]]; then
# This is FIPS Install for Ubuntu, it purges non FIPS Kernel and attaches UA FIPS Updates
Expand Down

0 comments on commit e02ead7

Please sign in to comment.