canonical
diff --git a/‎cmd/chisel/cmd_cut.go‎
Lines changed: 36 additions & 0 deletions b/‎cmd/chisel/cmd_cut.go‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎cmd/chisel/cmd_debug_check_release_archives.go‎
Lines changed: 2 additions & 0 deletions b/‎cmd/chisel/cmd_debug_check_release_archives.go‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎cmd/chisel/cmd_debug_check_release_archives_test.go‎
Lines changed: 4 additions & 14 deletions b/‎cmd/chisel/cmd_debug_check_release_archives_test.go‎
Lines changed: 4 additions & 14 deletions
diff --git a/‎cmd/chisel/cmd_info_test.go‎
Lines changed: 1 addition & 16 deletions b/‎cmd/chisel/cmd_info_test.go‎
Lines changed: 1 addition & 16 deletions
diff --git a/‎internal/archive/archive.go‎
Lines changed: 12 additions & 2 deletions b/‎internal/archive/archive.go‎
Lines changed: 12 additions & 2 deletions
diff --git a/‎internal/archive/archive_test.go‎
Lines changed: 39 additions & 0 deletions b/‎internal/archive/archive_test.go‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎internal/setup/setup.go‎
Lines changed: 17 additions & 3 deletions b/‎internal/setup/setup.go‎
Lines changed: 17 additions & 3 deletions
@@ -1,6 +1,9 @@
 package main
 
 import (
+	"fmt"
+	"time"
+
 	"github.com/jessevdk/go-flags"
 
 	"github.com/canonical/chisel/internal/archive"
@@ -22,12 +25,14 @@ var cutDescs = map[string]string{
 	"release": "Chisel release name or directory (e.g. ubuntu-22.04)",
 	"root":    "Root for generated content",
 	"arch":    "Package architecture",
+	"ignore":  "Conditions to ignore (e.g. unmaintained, unstable)",
 }
 
 type cmdCut struct {
 	Release string `long:"release" value-name:"<dir>"`
 	RootDir string `long:"root" value-name:"<dir>" required:"yes"`
 	Arch    string `long:"arch" value-name:"<arch>"`
+	Ignore  string `long:"ignore" choice:"unmaintained" choice:"unstable" value-name:"<cond>"`
 
 	Positional struct {
 		SliceRefs []string `positional-arg-name:"<slice names>" required:"yes"`
@@ -57,6 +62,16 @@ func (cmd *cmdCut) Execute(args []string) error {
 		return err
 	}
 
+	if time.Now().Before(release.Maintenance.Standard) {
+		if cmd.Ignore == "unstable" {
+			logf(`Warning: This release is in the "unstable" maintenance status. ` +
+				`See https://documentation.ubuntu.com/chisel/en/latest/reference/chisel-releases/chisel.yaml/#maintenance to be safe`)
+		} else {
+			return fmt.Errorf(`this release is in the "unstable" maintenance status, ` +
+				`see https://documentation.ubuntu.com/chisel/en/latest/reference/chisel-releases/chisel.yaml/#maintenance for details`)
+		}
+	}
+
 	selection, err := setup.Select(release, sliceKeys)
 	if err != nil {
 		return err
@@ -73,6 +88,8 @@ func (cmd *cmdCut) Execute(args []string) error {
 			Pro:        archiveInfo.Pro,
 			CacheDir:   cache.DefaultDir("chisel"),
 			PubKeys:    archiveInfo.PubKeys,
+			Maintained: archiveInfo.Maintained,
+			OldRelease: archiveInfo.OldRelease,
 		})
 		if err != nil {
 			if err == archive.ErrCredentialsNotFound {
@@ -84,6 +101,25 @@ func (cmd *cmdCut) Execute(args []string) error {
 		archives[archiveName] = openArchive
 	}
 
+	hasMaintainedArchive := false
+	for _, archive := range archives {
+		if archive.Options().Maintained {
+			hasMaintainedArchive = true
+			break
+		}
+	}
+	if !hasMaintainedArchive {
+		if cmd.Ignore == "unmaintained" {
+			logf(`Warning: No archive has "maintained" maintenance status. ` +
+				`Consider the different Ubuntu Pro subcriptions to be safe. ` +
+				`See https://documentation.ubuntu.com/chisel/en/latest/reference/chisel-releases/chisel.yaml/#maintenance for details.`)
+		} else {
+			return fmt.Errorf(`no archive has "maintained" maintenance status, ` +
+				`consider the different Ubuntu Pro subcriptions to be safe, ` +
+				`see https://documentation.ubuntu.com/chisel/en/latest/reference/chisel-releases/chisel.yaml/#maintenance for details`)
+		}
+	}
+
 	err = slicer.Run(&slicer.RunOptions{
 		Selection: selection,
 		Archives:  archives,
 
@@ -73,6 +73,8 @@ func (cmd *cmdDebugCheckReleaseArchives) Execute(args []string) error {
 			Pro:        archiveInfo.Pro,
 			CacheDir:   cache.DefaultDir("chisel"),
 			PubKeys:    archiveInfo.PubKeys,
+			Maintained: archiveInfo.Maintained,
+			OldRelease: archiveInfo.OldRelease,
 		})
 		if err == archive.ErrCredentialsNotFound {
 			logf("Archive %q ignored: credentials not found\n", archiveName)
 
@@ -542,19 +542,7 @@ func (s *ChiselSuite) TestRun(c *C) {
 // makeChiselYaml returns a valid chisel.yaml that contains the archives
 // supplied.
 func makeChiselYaml(archives []string) string {
-	archiveKey := testutil.PGPKeys["key-ubuntu-2018"]
-	rawChiselYaml := testutil.Reindent(`
-		format: v1
-		archives:
-			ubuntu:
-				version: 22.04
-				components: [main, universe]
-				suites: [jammy]
-				public-keys: [test-key]
-		public-keys:
-			test-key:
-				id: ` + archiveKey.ID + `
-				armor: |` + "\n" + testutil.PrefixEachLine(archiveKey.PubKeyArmor, "\t\t\t\t\t\t"))
+	rawChiselYaml := testutil.Reindent(testutil.DefaultChiselYaml)
 
 	chiselYaml := map[string]any{}
 	err := yaml.Unmarshal([]byte(rawChiselYaml), chiselYaml)
@@ -578,7 +566,9 @@ func makeChiselYaml(archives []string) string {
 	if err != nil {
 		panic(err)
 	}
-	return string(bs)
+	out := string(bs)
+	// Maintenance dates get marshaled as <date>T00:00:00Z by default.
+	return strings.ReplaceAll(out, "T00:00:00Z", "")
 }
 
 func deepCopyYAML(src map[string]any) map[string]any {
 
@@ -137,23 +137,8 @@ var infoTests = []infoTest{{
 	err:     `no slice definitions found for: "foo_bar_foo", "a_b", "7_c", "a_b c", "a_b x_y"`,
 }}
 
-var testKey = testutil.PGPKeys["key1"]
-
-var defaultChiselYaml = `
-	format: v1
-	archives:
-		ubuntu:
-			version: 22.04
-			components: [main, universe]
-			suites: [jammy]
-			public-keys: [test-key]
-	public-keys:
-		test-key:
-			id: ` + testKey.ID + `
-			armor: |` + "\n" + testutil.PrefixEachLine(testKey.PubKeyArmor, "\t\t\t\t\t\t")
-
 var infoRelease = map[string]string{
-	"chisel.yaml": string(defaultChiselYaml),
+	"chisel.yaml": string(testutil.DefaultChiselYaml),
 	"slices/mypkg1.yaml": `
 		package: mypkg1
 		essential:
 
@@ -40,6 +40,11 @@ type Options struct {
 	Pro        string
 	CacheDir   string
 	PubKeys    []*packet.PublicKey
+	// Maintained is set when the archive is still being updated.
+	Maintained bool
+	// OldRelease is set for Ubuntu releases which are moved from the regular
+	// archive which happens after the release's end of life date.
+	OldRelease bool
 }
 
 func Open(options *Options) (Archive, error) {
@@ -149,6 +154,7 @@ func (a *ubuntuArchive) Info(pkg string) (*PackageInfo, error) {
 }
 
 const ubuntuURL = "http://archive.ubuntu.com/ubuntu/"
+const ubuntuOldReleasesURL = "http://old-releases.ubuntu.com/ubuntu/"
 const ubuntuPortsURL = "http://ports.ubuntu.com/ubuntu-ports/"
 
 const (
@@ -179,7 +185,7 @@ var proArchiveInfo = map[string]struct {
 	},
 }
 
-func archiveURL(pro, arch string) (string, *credentials, error) {
+func archiveURL(pro, arch string, oldRelease bool) (string, *credentials, error) {
 	if pro != "" {
 		archiveInfo, ok := proArchiveInfo[pro]
 		if !ok {
@@ -193,6 +199,10 @@ func archiveURL(pro, arch string) (string, *credentials, error) {
 		return url, creds, nil
 	}
 
+	if oldRelease {
+		return ubuntuOldReleasesURL, nil, nil
+	}
+
 	if arch == "amd64" || arch == "i386" {
 		return ubuntuURL, nil, nil
 	}
@@ -210,7 +220,7 @@ func openUbuntu(options *Options) (Archive, error) {
 		return nil, fmt.Errorf("archive options missing version")
 	}
 
-	baseURL, creds, err := archiveURL(options.Pro, options.Arch)
+	baseURL, creds, err := archiveURL(options.Pro, options.Arch, options.OldRelease)
 	if err != nil {
 		return nil, err
 	}
 
@@ -491,6 +491,31 @@ func (s *httpSuite) TestProArchives(c *C) {
 	}
 }
 
+func (s *httpSuite) TestOpenUnmaintainedArchives(c *C) {
+	s.base = "http://old-releases.ubuntu.com/ubuntu/"
+	s.prepareArchive("jammy", "22.04", "amd64", []string{"main", "universe"})
+
+	options := archive.Options{
+		Label:      "ubuntu",
+		Version:    "22.04",
+		Arch:       "amd64",
+		Suites:     []string{"jammy"},
+		Components: []string{"main", "universe"},
+		CacheDir:   c.MkDir(),
+		PubKeys:    []*packet.PublicKey{s.pubKey},
+		OldRelease: false,
+	}
+
+	_, err := archive.Open(&options)
+	// Fails when OldRelease is not set because it attempts to contact the
+	// default ubuntu archive where the release is no longer available.
+	c.Assert(err, Not(IsNil))
+
+	options.OldRelease = true
+	_, err = archive.Open(&options)
+	c.Assert(err, IsNil)
+}
+
 type verifyArchiveReleaseTest struct {
 	summary string
 	pubKeys []*packet.PublicKey
@@ -642,6 +667,7 @@ type realArchiveTest struct {
 	suites         []string
 	components     []string
 	pro            string
+	oldRelease     bool
 	archivePubKeys []*packet.PublicKey
 	archs          []string
 	pkg            string
@@ -651,6 +677,7 @@ type realArchiveTest struct {
 var realArchiveTests = []realArchiveTest{{
 	name:           "focal",
 	version:        "20.04",
+	oldRelease:     false,
 	suites:         []string{"focal"},
 	components:     []string{"main", "universe"},
 	archivePubKeys: []*packet.PublicKey{keyUbuntu2018.PubKey},
@@ -659,6 +686,7 @@ var realArchiveTests = []realArchiveTest{{
 }, {
 	name:           "jammy",
 	version:        "22.04",
+	oldRelease:     false,
 	suites:         []string{"jammy"},
 	components:     []string{"main", "universe"},
 	archivePubKeys: []*packet.PublicKey{keyUbuntu2018.PubKey},
@@ -667,11 +695,21 @@ var realArchiveTests = []realArchiveTest{{
 }, {
 	name:           "noble",
 	version:        "24.04",
+	oldRelease:     false,
 	suites:         []string{"noble"},
 	components:     []string{"main", "universe"},
 	archivePubKeys: []*packet.PublicKey{keyUbuntu2018.PubKey},
 	pkg:            "hostname",
 	path:           "/usr/bin/hostname",
+}, {
+	name:           "mantic",
+	version:        "23.10",
+	oldRelease:     true,
+	suites:         []string{"mantic"},
+	components:     []string{"main", "universe"},
+	archivePubKeys: []*packet.PublicKey{keyUbuntu2018.PubKey},
+	pkg:            "hostname",
+	path:           "/bin/hostname",
 }}
 
 var proArchiveTests = []realArchiveTest{{
@@ -797,6 +835,7 @@ func (s *S) testOpenArchiveArch(c *C, test realArchiveTest, arch string) {
 		CacheDir:   c.MkDir(),
 		Pro:        test.pro,
 		PubKeys:    test.archivePubKeys,
+		OldRelease: test.oldRelease,
 	}
 
 	testArchive, err := archive.Open(&options)
 
@@ -7,6 +7,7 @@ import (
 	"path/filepath"
 	"slices"
 	"strings"
+	"time"
 
 	"golang.org/x/crypto/openpgp/packet"
 
@@ -17,9 +18,17 @@ import (
 // Release is a collection of package slices targeting a particular
 // distribution version.
 type Release struct {
-	Path     string
-	Packages map[string]*Package
-	Archives map[string]*Archive
+	Path        string
+	Packages    map[string]*Package
+	Archives    map[string]*Archive
+	Maintenance *Maintenance
+}
+
+type Maintenance struct {
+	Standard  time.Time
+	Expanded  time.Time
+	Legacy    time.Time
+	EndOfLife time.Time
 }
 
 // Archive is the location from which binary packages are obtained.
@@ -31,6 +40,11 @@ type Archive struct {
 	Priority   int
 	Pro        string
 	PubKeys    []*packet.PublicKey
+	// Maintained is set when the archive is still being updated.
+	Maintained bool
+	// OldRelease is set for Ubuntu releases which are moved from the regular
+	// archive which happens after the release's end of life date.
+	OldRelease bool
 }
 
 // Package holds a collection of slices that represent parts of themselves.
Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,11 @@ type Options struct {`
`40`	`40`	`Pro string`
`41`	`41`	`CacheDir string`
`42`	`42`	`PubKeys []*packet.PublicKey`
	`43`	`+ // Maintained is set when the archive is still being updated.`
	`44`	`+ Maintained bool`
	`45`	`+ // OldRelease is set for Ubuntu releases which are moved from the regular`
	`46`	`+ // archive which happens after the release's end of life date.`
	`47`	`+ OldRelease bool`
`43`	`48`	`}`
`44`	`49`
`45`	`50`	`func Open(options *Options) (Archive, error) {`
`@@ -149,6 +154,7 @@ func (a ubuntuArchive) Info(pkg string) (PackageInfo, error) {`
`149`	`154`	`}`
`150`	`155`
`151`	`156`	`const ubuntuURL = "http://archive.ubuntu.com/ubuntu/"`
	`157`	`+const ubuntuOldReleasesURL = "http://old-releases.ubuntu.com/ubuntu/"`
`152`	`158`	`const ubuntuPortsURL = "http://ports.ubuntu.com/ubuntu-ports/"`
`153`	`159`
`154`	`160`	`const (`
`@@ -179,7 +185,7 @@ var proArchiveInfo = map[string]struct {`
`179`	`185`	`},`
`180`	`186`	`}`
`181`	`187`
`182`		`-func archiveURL(pro, arch string) (string, *credentials, error) {`
	`188`	`+func archiveURL(pro, arch string, oldRelease bool) (string, *credentials, error) {`
`183`	`189`	`if pro != "" {`
`184`	`190`	`archiveInfo, ok := proArchiveInfo[pro]`
`185`	`191`	`if !ok {`
`@@ -193,6 +199,10 @@ func archiveURL(pro, arch string) (string, *credentials, error) {`
`193`	`199`	`return url, creds, nil`
`194`	`200`	`}`
`195`	`201`
	`202`	`+ if oldRelease {`
	`203`	`+ return ubuntuOldReleasesURL, nil, nil`
	`204`	`+ }`
	`205`	`+`
`196`	`206`	`if arch == "amd64" \|\| arch == "i386" {`
`197`	`207`	`return ubuntuURL, nil, nil`
`198`	`208`	`}`
`@@ -210,7 +220,7 @@ func openUbuntu(options *Options) (Archive, error) {`
`210`	`220`	`return nil, fmt.Errorf("archive options missing version")`
`211`	`221`	`}`
`212`	`222`
`213`		`- baseURL, creds, err := archiveURL(options.Pro, options.Arch)`
	`223`	`+ baseURL, creds, err := archiveURL(options.Pro, options.Arch, options.OldRelease)`
`214`	`224`	`if err != nil {`
`215`	`225`	`return nil, err`
`216`	`226`	`}`