ubuntu template: use -updates and -security (v3)

Particularly for LTS releases, which many people will want to use in
their containers, it is not wise to not use release-security and
release-updates.  Furthermore the fix allowing ssh to allow the container
to shut down is in lucid-updates only.

With this patch, after debootstrapping a container, we add -updates and
-security to sources.list and do an upgrade under chroot.  Unfortunately
we need to do this because debootstrap doesn't know how to.

Changelog:
	Nov 14: as Stéphane Graber suggested, make sure no daemons start on
		the host while doing dist-upgrade from chroot.
	Nov 15: use security.ubuntu.com, not mirror. (stgraber)

Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

templates/lxc-ubuntu.in

@@ -105,9 +105,36 @@ download_ubuntu()
             return 1
     fi
 
-    mv "$1/partial-$arch" "$1/rootfs-$arch"
-    echo "Download complete."
+    echo "Installing updates"
+    if [ -z "$MIRROR" ]; then
+        MIRROR="http://archive.ubuntu.com/ubuntu"
+    fi
+    cat >> "$1/partial-${arch}/etc/apt/sources.list" << EOF
+deb $MIRROR ${release}-updates main universe
+deb http://security.ubuntu.com/ubuntu ${release}-security main universe
+EOF
+    chroot "$1/partial-${arch}" apt-get update
+    if [ $? -ne 0 ]; then
+        echo "Failed to update the apt cache"
+        return 1
+    fi
+    cat > "$1/partial-${arch}"/usr/sbin/policy-rc.d << EOF
+#!/bin/sh
+exit 101
+EOF
+    chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d
 
+    chroot "$1/partial-${arch}" apt-get dist-upgrade -y
+    ret=$?
+
+    rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d
+    if [ $ret -ne 0 ]; then
+        echo "Failed to upgrade the cache"
+        return 1
+    fi
+
+    mv "$1/partial-$arch" "$1/rootfs-$arch"
+    echo "Download complete"
     return 0
 }