TurnKey Linux Virtual Appliance Library

Preseeding: Cannot Prevent First Time Prompt For Security Updates

I'm using the VMware image of the Wordpress appliance. I created /etc/inithooks.conf to set my passwords, etc. I did this by mapping the .vmdk file, not by booting the VM, so it's never been run. I want everything to happen automatically during the first boot when I deploy it.

In addition to setting my passwords, I added "SEC_UPDATES=FORCE" to inithooks.conf and my problem is that I am still prompted to install updates during the first boot.

I can see from the logic in /usr/lib/inithooks/firstboot.d/95secupdates that this should prevent the execution of secupdates-ask.py and just do the one-time update. If I manually answer the prompt, I can log on with the password specified in inithooks.conf, so that file was installed correctly.

I found the following statement in a forum post titled "announcing-xen-builds": "You should also make sure that inithooks.conf includes *ALL* of the variables, otherwise the inithook system will turn on interactivity."

I wasn't sure if this applied to my situation, but I made sure I had all the variables listed for the Wordpress appliance in "How to customize appliance initialization (inithooks)", leaving my inithooks.conf looking like this:

HUB_APIKEY=SKIP
AUTO_APT_ARCHIVE=SKIP
ETCKEEPER_COMMIT=SKIP
ROOT_PASS=12345
DB_PASS=12345
APP_EMAIL=me@somewhere.com

APP_PASS=12345
SEC_UPDATES=FORCE
 

Can someone tell me what I'm doing wrong? I would greatly appreciate it.

Thanks!
 

Alon Swartz's picture

SEC_UPDATES preseed needs to be exported

The SEC_UPDATES preseed value needs to be exported into the environment otherwise it won't take affect as the 90delconf which runs before 95secupdates deletes the configuration (for security reasons), and the setting won't be accessible, and will default to interactive mode as you've seen.

So, just add 'export' before any preseed values and everything should work. For example:

export ROOT_PASS=...
export DB_PASS=...
export APP_PASS=...
export APP_EMAIL=...
export APP_DOMAIN=...
export HUB_APIKEY=SKIP
export SEC_UPDATES=FORCE

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)