Merge pull request #579 from thaJeztah/verify_update_comments_and_strategy

[ce-nightly] verify: remove old hack, and update comments to describe the process

Author: thaJeztah

verify

@@ -26,6 +26,9 @@ function verify() {
 }
 
 function verify_deb() {
+	# First install prerequisites for our script and dpkg and apt to run correctly.
+	# This list SHOULD NOT include dependencies of docker itself, otherwise we would
+	# not be able to verify that our packages specify all the required dependencies.
 	apt-get update
 	apt-get -y install --no-install-recommends \
 		apt-transport-https \
@@ -44,16 +47,6 @@ function verify_deb() {
 	# All local packages need to be prefixed with `./` or else apt-get doesn't understand where to pull from
 	packages=$(echo "${packages}" | awk '$0="./"$0' | xargs)
 
-	# For apt-get install, we don't want to install docker-scan-plugin, as it would
-	# downgrade the already installed local package with an older version from
-	# download.docker.com.
-	# We search for packages starting with "docker-ce", which excludes "docker-scan-plugin"
-	# as it doesn't have the "docker-ce" prefix. We match on "docker-c" so that we also
-	# match "docker-ce.deb"
-	apt_packages=$(find "packaging/deb/debbuild/${DIST_ID}-${DIST_VERSION}/" -type f -name "docker-c*.deb")
-	# All local packages need to be prefixed with `./` or else apt-get doesn't understand where to pull from
-	apt_packages=$(echo "${apt_packages}" | awk '$0="./"$0' | xargs)
-
 	(
 		set -x
 		# Install the locally built packages using 'dpkg' because installing with
@@ -64,16 +57,27 @@ function verify_deb() {
 		# packages we know to be missing at this stage, and '--force-depends' to
 		# only warn about any other missing dependency.
 		#
-		# Afterwards, we run 'apt-get install' with the '--fix-broken' option to
-		# trigger installation of the dependencies, which should succceed succesfully.
 		# shellcheck disable=SC2086
 		dpkg \
 			--ignore-depends=containerd.io,iptables,libdevmapper,libdevmapper1.02.1 \
 			--force-depends \
 			-i ${packages}
 
+		# After installing the local packages, we run 'apt-get install' with the
+		# '--fix-broken' option to trigger installation of the dependencies, which
+		# should succeed successfully. This step is to verify that not only the
+		# packages can be installed, but also that all dependencies (including
+		# containerd.io) can be resolved correctly for the distro that we built for,
+		# before going through the whole pipeline and publishing the packages.
+		#
+		# The '--no-upgrade' option is set to prevent apt from attempting to install
+		# packages from download(-stage).docker.com that we already installed using
+		# the local packages above. Without this, installing (e.g.) ./docker-ce-cli
+		# would result in apt installing "docker-ce" from the package repository and
+		# produce a "the following packages will be DOWNGRADED" error.
+		#
 		# shellcheck disable=SC2086
-		apt-get -y install --no-install-recommends --no-upgrade --fix-broken ${apt_packages}
+		apt-get -y install --no-install-recommends --no-upgrade --fix-broken ${packages}
 	)
 	docker --version
 	# FIXME this tries to connect to the docker daemon, which isn't started