From d95d7948b5ed4d922539e22b4d0a06083527523b Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Mon, 8 Jan 2018 11:07:54 +0100
Subject: install security updates in installer late_command

---
 preseed/hosts/Readme.md                                  | 2 +-
 preseed/hosts/dione_debian-stretch.cfg                   | 1 +
 preseed/hosts/helene_debian-stretch.cfg                  | 1 +
 roles/vm-install/templates/preseed_debian-stretch.cfg.j2 | 1 +
 vminstall.yaml                                           | 2 +-
 5 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/preseed/hosts/Readme.md b/preseed/hosts/Readme.md
index a4b2ece9..c6899a8d 100644
--- a/preseed/hosts/Readme.md
+++ b/preseed/hosts/Readme.md
@@ -9,7 +9,7 @@ When this is done run the netinst image and intrd with the following boot comman
     auto=true interface=auto url=http://<ip of your machine>:8000/dione_debian-stretch.cfg netcfg/choose_interface=eno1 netcfg/get_hostname=dione netcfg/get_domain=spreadspace.org
 
 This example assumes you want to install the host `dione`.
-For debugging you also add the following to the kernel command line:
+For debugging you may add the following to the kernel command line:
 
     DEBCONF_DEBUG=5
 
diff --git a/preseed/hosts/dione_debian-stretch.cfg b/preseed/hosts/dione_debian-stretch.cfg
index 32a9b274..5a7cffcb 100644
--- a/preseed/hosts/dione_debian-stretch.cfg
+++ b/preseed/hosts/dione_debian-stretch.cfg
@@ -109,5 +109,6 @@ d-i finish-install/reboot_in_progress note
 
 d-i preseed/late_command string \
     lvremove -f dione/dummy; \
+    in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \
     in-target bash -c "sed 's#GRUB_CMDLINE_LINUX_DEFAULT.*#GRUB_CMDLINE_LINUX_DEFAULT=\"quiet nomodeset consoleblank=0\"#' -i /etc/default/grub && update-grub"; \
     in-target bash -c "passwd -d root; passwd -l root; umask 077; mkdir -p /root/.ssh/; echo -e 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtmysXjBidEwJek6hBgaENiyVOwroFi19xRZZw+cYYqi6asDfF6B/h6gYNkJGWo0rD5ZaLdau1O210O5Xu+TfK1e2bZbxuFIj2fguUkat9wN6IQIO2m2Wcf4k/eiTmtAE3dp0l5ThMqfxxE8dj76mOOrUHCfJUIVoATGs4X5TLcGcXroAcZ+DFFoDzjxjFYNmIuUNtXDwXTpPc63SAYmRvW0ZYZlvH1qZ6irLh+GtE1dZ1Q5lQZvp6xUYcjInbpcd5Ko3KbG/In7sNmUCI7iaTwC4DPDTcHFj99Ll1jruAbdaQqe+ClZv55dbQ+92RDF6fsuQBD8FeRz7nYChvCqNPT1KOvcVsDtbW0iJ1PZ05QdE27w23wJj9OE0JWM09P3AH3ttswHaJ+P4s7mSxxK2m6YZcqop3czLlWWoGna0ynd5eV6l/rtvAQUvBOXjKQ5fPQY5d9cF0Z87NBE54HM9a/IKZ2toU2MuYNUpI/DUoAA9ILS4bJm3AUz8wbaC5EiuIhbM6I/u0NANamaQKRrolGNP4ETaQvhABs+S3/NSSBy4DMjtwax2BxyenF6i89vyHPNY+LZzBOn842yUlEGn6Z11MxiE5fhIfMPUclSYi5bQJDf1fvAyAo59/AX8sPqRK+/OCLIgLwdtW6D4OZGXjqrBJe2j/5uZSJEsl6ROyKw== equinox@spreadspace.org' > /root/.ssh/authorized_keys"
diff --git a/preseed/hosts/helene_debian-stretch.cfg b/preseed/hosts/helene_debian-stretch.cfg
index a711836f..44758e8d 100644
--- a/preseed/hosts/helene_debian-stretch.cfg
+++ b/preseed/hosts/helene_debian-stretch.cfg
@@ -109,5 +109,6 @@ d-i finish-install/reboot_in_progress note
 
 d-i preseed/late_command string \
     lvremove -f helene/dummy; \
+    in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \
     in-target bash -c "sed 's#GRUB_CMDLINE_LINUX_DEFAULT.*#GRUB_CMDLINE_LINUX_DEFAULT=\"quiet nomodeset consoleblank=0\"#' -i /etc/default/grub && update-grub"; \
     in-target bash -c "passwd -d root; passwd -l root; umask 077; mkdir -p /root/.ssh/; echo -e 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtmysXjBidEwJek6hBgaENiyVOwroFi19xRZZw+cYYqi6asDfF6B/h6gYNkJGWo0rD5ZaLdau1O210O5Xu+TfK1e2bZbxuFIj2fguUkat9wN6IQIO2m2Wcf4k/eiTmtAE3dp0l5ThMqfxxE8dj76mOOrUHCfJUIVoATGs4X5TLcGcXroAcZ+DFFoDzjxjFYNmIuUNtXDwXTpPc63SAYmRvW0ZYZlvH1qZ6irLh+GtE1dZ1Q5lQZvp6xUYcjInbpcd5Ko3KbG/In7sNmUCI7iaTwC4DPDTcHFj99Ll1jruAbdaQqe+ClZv55dbQ+92RDF6fsuQBD8FeRz7nYChvCqNPT1KOvcVsDtbW0iJ1PZ05QdE27w23wJj9OE0JWM09P3AH3ttswHaJ+P4s7mSxxK2m6YZcqop3czLlWWoGna0ynd5eV6l/rtvAQUvBOXjKQ5fPQY5d9cF0Z87NBE54HM9a/IKZ2toU2MuYNUpI/DUoAA9ILS4bJm3AUz8wbaC5EiuIhbM6I/u0NANamaQKRrolGNP4ETaQvhABs+S3/NSSBy4DMjtwax2BxyenF6i89vyHPNY+LZzBOn842yUlEGn6Z11MxiE5fhIfMPUclSYi5bQJDf1fvAyAo59/AX8sPqRK+/OCLIgLwdtW6D4OZGXjqrBJe2j/5uZSJEsl6ROyKw== equinox@spreadspace.org' > /root/.ssh/authorized_keys"
diff --git a/roles/vm-install/templates/preseed_debian-stretch.cfg.j2 b/roles/vm-install/templates/preseed_debian-stretch.cfg.j2
index c20b607b..fcf8ddd1 100644
--- a/roles/vm-install/templates/preseed_debian-stretch.cfg.j2
+++ b/roles/vm-install/templates/preseed_debian-stretch.cfg.j2
@@ -101,4 +101,5 @@ d-i finish-install/reboot_in_progress note
 
 d-i preseed/late_command string \
     lvremove -f {{ inventory_hostname }}/dummy; \
+    in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \
     in-target bash -c "passwd -d root; passwd -l root; umask 077; mkdir -p /root/.ssh/; echo -e '{{ sshserver_root_keys }}' > /root/.ssh/authorized_keys"
diff --git a/vminstall.yaml b/vminstall.yaml
index 6fe1e524..43fcf81b 100644
--- a/vminstall.yaml
+++ b/vminstall.yaml
@@ -10,7 +10,7 @@
   roles:
   - role: vm-install
 
-- import_playbook: "playbooks/{{ vmname }}.yaml"
+- import_playbook: "host_playbooks/{{ vmname }}.yaml"
 
 - name: Reboot and wait for VM come back
   hosts: "{{ vmname }}"
-- 
cgit v1.2.3