[7975] in athena10
Re: [Debathena] #410: We need a public workstation verification
daemon@ATHENA.MIT.EDU (Debathena Trac)
Fri Jul 29 15:03:45 2011
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
From: "Debathena Trac" <debathena@MIT.EDU>
Cc: debathena@mit.edu
To: jdreed@mit.edu, geofft@mit.edu, amu@mit.edu
Date: Fri, 29 Jul 2011 19:03:36 -0000
Reply-To:
Message-ID: <052.24045dde6d239b8b1277d4a4d584f3c9@mit.edu>
In-Reply-To: <043.35d786f36c5aef372729f969b2a9ce3a@mit.edu>
Content-Transfer-Encoding: 8bit
#410: We need a public workstation verification script-------------------------+--------------------------------------------------
Reporter: jdreed | Owner: geofft
Type: enhancement | Status: accepted
Priority: normal | Milestone: Natty Release
Component: -- | Keywords: hackathon
See_also: |
-------------------------+--------------------------------------------------Changes (by geofft):
* owner: => geofft
* status: new => accepted
Comment:
We're not doing mokafive. :( For a first-order verification script, we
can:
* Make sure every package on the system is a recursive dependency of
ubuntu-desktop, debathena-cluster, or possibly at most a dozen other
"root" packages (we have some special cases which we explicitly install,
for instance)
* Make sure the apt repos are what we expect
* Make sure that apt-cache policy believes that the version of each
package on the system is actually installable from the apt repos (to catch
a too-new version of a package)
* Run debsums
* Make sure the list of untracked files matches some known whitelist
release-team (read jdreed) seems fine with just doing this in cron as
opposed to on boot as we did on Athena 9, which had the annoying side
effect of making boot take like ten minutes.
-- Ticket URL: <http://debathena.mit.edu/trac/ticket/410#comment:8>Debathena <http://debathena.mit.edu/>MIT Debathena Project
