diff --git a/cookbooks/apt/CHANGELOG.md b/cookbooks/apt/CHANGELOG.md index 6fa49a63..d2cf320b 100644 --- a/cookbooks/apt/CHANGELOG.md +++ b/cookbooks/apt/CHANGELOG.md @@ -2,9 +2,85 @@ This file is used to list changes made in each version of the apt cookbook. +## 7.1.1 (2018-10-11) + +- Allow to customize sender email for unattended-upgrades + +## 7.1.0 (2018-09-05) + +- Add the installation of dirmngr and gnupg to the apt default cookbook to support secure repositories +- Added support for the unattended-upgrade SyslogEnable configuration feature +- Added support for the unattended-upgrade SyslogFacility configuration feature + +## 7.0.0 (2018-04-06) + +### Breaking Change + +- This cookbook no longer includes apt_preference as that resource was moved into Chef Client 13.3. The cookbook now also requires Chef 13.3 or later. If you require support for an older release of Chef you will need to pin to a 6.X release. + +## 6.1.4 (2017-08-31) + +- Restores ignore_failure true on compile time update. +- name_property vs name_attribute in the resource + +## 6.1.3 (2017-07-19) + +- Fixed typo in readme +- Fixed config namespace in the 10dpkg-options file + +## 6.1.2 (2017-06-20) + +- restore backwards compatability by respecting node['apt']['periodic_update_min_delay'] + +## 6.1.1 (2017-06-20) + +- Remove action_class.class_eval usage that caused failures +- Remove wrong warning logs generated by apt_preference +- Fix wrong warning log in cacher-client recipe + +## 6.1.0 (2017-04-11) + +- Test with local delivery and not Rake +- Use proper value type for bsd-mailx package only_if/not_if block +- Update apache2 license string +- Convert apt_preference to a custom resource + +## 6.0.1 (2017-02-27) + +- Update cookbook description +- Testing updates for Chef 13 and fixes to the cacher recipe + +## 6.0.0 (2017-02-08) + +### Breaking changes + +- apt_update and apt_repository resources have been removed from the cookbook. These resources were both added to the chef-client itself. Due to this we now require Chef 12.9 or later, which has both of these resources built in. If you require compatibility with older chef-client releases you will need to pin to the 5.X release. + +### Other changes + +- apt_preference resource now properly required a pin_priority, which prevents us from writing out bad preference files that must be manually removed + +## 5.1.0 (2017-02-01) + +- Convert integration tests to inspec +- Add management of the /etc/apt/apt.conf.d/10dpkg-options file with new attributes. This allows tuning of how dpkg will handle package prompts during package installation. Note that Chef 12.19+ will automatically suppress package prompts + +## 5.0.1 (2016-12-22) + +- Avoid CHEF-3694 in apt_preferences resource +- Cookstyle fixes + +## 5.0.0 (2016-10-14) + +- Remove search logic from the cacher client cookbook and rework attribute structure. See the attributes file and readme for new structure. Determining what servers to cache against is better handled in a wrapper cookbook where you can define the exact search syntax yourself +- Corrected readme examples for the cacher client setup +- Depend on the latest compat_resource +- Define matchers for ChefSpec +- Testing updates to better test the various recipes and providers in the cookbook on Travis + ## 4.0.2 (2016-08-13) -- The cookbook requires Chef 12.1+ not 12.0. Update docs +- The cookbook requires Chef 12.1+ not 12.0\. Update docs - Test on Chef 12.1 to ensure compatibility - Restore compatibility with Chef < 12.4 diff --git a/cookbooks/apt/Gemfile b/cookbooks/apt/Gemfile index 4fe68dd7..c1dbddd8 100644 --- a/cookbooks/apt/Gemfile +++ b/cookbooks/apt/Gemfile @@ -1,6 +1,9 @@ +# This gemfile provides additional gems for testing and releasing this cookbook +# It is meant to be installed on top of ChefDK which provides the majority +# of the necessary gems for testing this cookbook +# +# Run 'chef exec bundle install' to install these dependencies + source 'https://rubygems.org' -gem 'tomlrb' -gem 'rake' -gem 'stove' gem 'community_cookbook_releaser' diff --git a/cookbooks/apt/MAINTAINERS.md b/cookbooks/apt/MAINTAINERS.md deleted file mode 100644 index 00eed8d7..00000000 --- a/cookbooks/apt/MAINTAINERS.md +++ /dev/null @@ -1,18 +0,0 @@ - - -# Maintainers -This file lists how this cookbook project is maintained. When making changes to the system, this -file tells you who needs to review your patch - you need a simple majority of maintainers -for the relevant subsystems to provide a :+1: on your pull request. Additionally, you need -to not receive a veto from a Lieutenant or the Project Lead. - -Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) -for details on the process and how to become a maintainer or the project lead. - -# Project Maintainer -* [Tim Smith](https://github.com/tas50) - -# Maintainers -* [Jennifer Davis](https://github.com/sigje) -* [Tim Smith](https://github.com/tas50) -* [Thom May](https://github.com/thommay) diff --git a/cookbooks/apt/MAINTAINERS.toml b/cookbooks/apt/MAINTAINERS.toml deleted file mode 100644 index d3787664..00000000 --- a/cookbooks/apt/MAINTAINERS.toml +++ /dev/null @@ -1,41 +0,0 @@ -# -# This file is structured to be consumed by both humans and computers. -# It is a TOML document containing Markdown -# -[Preamble] - title = "Maintainers" - text = """ -This file lists how this cookbook project is maintained. When making changes to the system, this -file tells you who needs to review your patch - you need a simple majority of maintainers -for the relevant subsystems to provide a :+1: on your pull request. Additionally, you need -to not receive a veto from a Lieutenant or the Project Lead. - -Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) -for details on the process and how to become a maintainer or the project lead. -""" - -[Org] - [Org.Components] - [Org.Components.Core] - title = "Project Maintainer" - - lieutenant = 'tas50' - - maintainers = [ - 'sigje', - 'tas50', - 'thommay' - ] - -[people] - [people.sigje] - name = "Jennifer Davis" - github = "sigje" - - [people.tas50] - name = "Tim Smith" - github = "tas50" - - [people.thommay] - name = "Thom May" - github = "thommay" diff --git a/cookbooks/apt/README.md b/cookbooks/apt/README.md index b6c146dc..d54e58a6 100644 --- a/cookbooks/apt/README.md +++ b/cookbooks/apt/README.md @@ -1,87 +1,125 @@ # apt Cookbook + [![Build Status](https://img.shields.io/travis/chef-cookbooks/apt.svg)][travis] [![Cookbook Version](https://img.shields.io/cookbook/v/apt.svg)][cookbook] -This cookbook includes recipes to execute apt-get update to ensure the local APT package cache is up to date. There are recipes for managing the apt-cacher-ng caching proxy and proxy clients. It also includes a LWRP for managing APT repositories in /etc/apt/sources.list.d as well as an LWRP for pinning packages via /etc/apt/preferences.d. +This cookbook includes recipes to execute apt-get update to ensure the local APT package cache is up to date. There are recipes for managing the apt-cacher-ng caching proxy and proxy clients. It also includes a custom resource for pinning packages via /etc/apt/preferences.d. ## Requirements + ### Platforms + - Ubuntu 12.04+ - Debian 7+ May work with or without modification on other Debian derivatives. ### Chef -- Chef 12.1+ + +- Chef 13.3+ ### Cookbooks + - None ## Recipes + ### default + This recipe manually updates the timestamp file used to only run `apt-get update` if the cache is more than one day old. This recipe should appear first in the run list of Debian or Ubuntu nodes to ensure that the package cache is up to date before managing any `package` resources with Chef. This recipe also sets up a local cache directory for preseeding packages. -**Including the default recipe on a node that does not support apt (such as Windows) results in a noop.** +**Including the default recipe on a node that does not support apt (such as Windows or RHEL) results in a noop.** ### cacher-client -Configures the node to use the `apt-cacher-ng` server as a client. + +Configures the node to use a `apt-cacher-ng` server to cache apt requests. Configuration of the server to use is located in `default['apt']['cacher_client']['cacher_server']` which is a hash containing `host`, `port`, `proxy_ssl`, and `bypass` keys. Example: + +```json +{ + "apt": { + "cacher_client": { + "cacher_server": { + "host": "cache_server.mycorp.dmz", + "port": 1234, + "proxy_ssl": true, + "cache_bypass": { + "download.oracle.com": "http" + } + } + } + } +} +``` #### Bypassing the cache + Occasionally you may come across repositories that do not play nicely when the node is using an `apt-cacher-ng` server. You can configure `cacher-client` to bypass the server and connect directly to the repository with the `cache_bypass` attribute. -To do this, you need to override the `cache_bypass` attribute with an array of repositories, with each array key as the repository URL and value as the protocol to use: +To do this, you need to override the `cache_bypass` attribute with an hash of repositories, with each key as the repository URL and value as the protocol to use: ```json { "apt": { - "cache_bypass": { - "URL": "PROTOCOL" + "cacher_client": { + "cacher_server": { + "cache_bypass": { + "URL": "PROTOCOL" + } + } } } } ``` -For example, to prevent caching and directly connect to the repository at `download.oracle.com` via http: +For example, to prevent caching and directly connect to the repository at `download.oracle.com` via http and the repo at `nginx.org` via https ```json { "apt": { - "cache_bypass": { - "download.oracle.com": "http" + "cacher_client": { + "cacher_server": { + "cache_bypass": { + "download.oracle.com": "http", + "nginx.org": "https" + } + } } } } ``` ### cacher-ng -Installs the `apt-cacher-ng` package and service so the system can provide APT caching. You can check the usage report at [http://{hostname}:3142/acng-report.html](http://{hostname}:3142/acng-report.html). + +Installs the `apt-cacher-ng` package and service so the system can provide APT caching. You can check the usage report at . If you wish to help the `cacher-ng` recipe seed itself, you must now explicitly include the `cacher-client` recipe in your run list **after** `cacher-ng` or you will block your ability to install any packages (ie. `apt-cacher-ng`). ### unattended-upgrades + Installs and configures the `unattended-upgrades` package to provide automatic package updates. This can be configured to upgrade all packages or to just install security updates by setting `['apt']['unattended_upgrades']['allowed_origins']`. To pull just security updates, set `origins_patterns` to something like `["origin=Ubuntu,archive=trusty-security"]` (for Ubuntu trusty) or `["origin=Debian,label=Debian-Security"]` (for Debian). ## Attributes + ### General + - `['apt']['compile_time_update']` - force the default recipe to run `apt-get update` at compile time. -- `['apt']['periodic_update_min_delay']` - minimum delay (in seconds) beetween two actual executions of `apt-get update` by the `execute[apt-get-update-periodic]` resource, default is '86400' (24 hours) +- `['apt']['periodic_update_min_delay']` - minimum delay (in seconds) between two actual executions of `apt-get update` by the `execute[apt-get-update-periodic]` resource, default is '86400' (24 hours) ### Caching -- `['apt']['cacher_ipaddress']` - use a cacher server (or standard proxy server) not available via search + +- `['apt']['cacher_client']['cacher_server']` - Hash containing server information used by clients for caching. See the example in the recipes section above for the full format of the hash. - `['apt']['cacher_interface']` - interface to connect to the cacher-ng service, no default. -- `['apt']['cacher_port']` - port for the cacher-ng service (either client or server), default is '3142' -- `['apt']['cacher_ssl_support']` - indicates whether the cacher supports upstream SSL servers, default is 'false' +- `['apt']['cacher_port']` - port for the cacher-ng service (used by server recipe only), default is '3142' - `['apt']['cacher_dir']` - directory used by cacher-ng service, default is '/var/cache/apt-cacher-ng' -- `['apt']['cacher-client']['restrict_environment']` - restrict your node to using the `apt-cacher-ng` server in your Environment, default is 'false' - `['apt']['compiletime']` - force the `cacher-client` recipe to run before other recipes. It forces apt to use the proxy before other recipes run. Useful if your nodes have limited access to public apt repositories. This is overridden if the `cacher-ng` recipe is in your run list. Default is 'false' -- `['apt']['cache_bypass']` - array of URLs to bypass the cache. Accepts the URL and protocol to fetch directly from the remote repository and not attempt to cache ### Unattended Upgrades + - `['apt']['unattended_upgrades']['enable']` - enables unattended upgrades, default is false - `['apt']['unattended_upgrades']['update_package_lists']` - automatically update package list (`apt-get update`) daily, default is true - `['apt']['unattended_upgrades']['allowed_origins']` - array of allowed apt origins from which to pull automatic upgrades, defaults to a guess at the system's main origin and should almost always be overridden @@ -91,166 +129,73 @@ To pull just security updates, set `origins_patterns` to something like `["origi - `['apt']['unattended_upgrades']['minimal_steps']` - Split the upgrade into the smallest possible chunks. This makes the upgrade a bit slower but it has the benefit that shutdown while a upgrade is running is possible (with a small delay). Defaults to false. - `['apt']['unattended_upgrades']['install_on_shutdown']` - Install upgrades when the machine is shuting down instead of doing it in the background while the machine is running. This will (obviously) make shutdown slower. Defaults to false. - `['apt']['unattended_upgrades']['mail']` - Send email to this address for problems or packages upgrades. Defaults to no email. +- `['apt']['unattended_upgrades']['sender']` - Send email from this address for problems or packages upgrades. Defaults to 'root'. - `['apt']['unattended_upgrades']['mail_only_on_error']` - If set, email will only be set on upgrade errors. Otherwise, an email will be sent after each upgrade. Defaults to true. - `['apt']['unattended_upgrades']['remove_unused_dependencies']` Do automatic removal of new unused dependencies after the upgrade. Defaults to false. - `['apt']['unattended_upgrades']['automatic_reboot']` - Automatically reboots _without confirmation_ if a restart is required after the upgrade. Defaults to false. - `['apt']['unattended_upgrades']['dl_limit']` - Limits the bandwidth used by apt to download packages. Value given as an integer in kb/sec. Defaults to nil (no limit). -- `['apt']['unattended_upgrades']['random_sleep]'` - Wait a random number of seconds up to this value before running daily periodic apt actions. System default is 1800 seconds (30 minutes). +- `['apt']['unattended_upgrades']['random_sleep']` - Wait a random number of seconds up to this value before running daily periodic apt actions. System default is 1800 seconds (30 minutes). +- `['apt']['unattended_upgrades']['syslog_enable']` - Enable logging to syslog. Defaults to false. +- `['apt']['unattended_upgrades']['syslog_facility']` - Specify syslog facility. Defaults to 'daemon'. +- `['apt']['unattended_upgrades']['dpkg_options']` An array of dpkg options to be used specifically only for unattended upgrades. Defaults to `[]` which will prevent it from being rendered from the template in the resulting file. ### Configuration for APT + +- `['apt']['confd']['force_confask']` - Prompt when overwriting configuration files. (default: false) +- `['apt']['confd']['force_confdef']` - Don't prompt when overwriting configuration files. (default: false) +- `['apt']['confd']['force_confmiss']` - Install removed configuration files when upgrading packages. (default: false) +- `['apt']['confd']['force_confnew']` - Overwrite configuration files when installing packages. (default: false) +- `['apt']['confd']['force_confold']` - Keep modified configuration files when installing packages. (default: false) - `['apt']['confd']['install_recommends']` - Consider recommended packages as a dependency for installing. (default: true) - `['apt']['confd']['install_suggests']` - Consider suggested packages as a dependency for installing. (default: false) ## Libraries -There is an `interface_ipaddress` method that returns the IP address for a particular host and interface, used by the `cacher-client` recipe. To enable it on the server use the `['apt']['cacher_interface']` attribute. - -## Resources/Providers -### `apt_repository` -This LWRP provides an easy way to manage additional APT repositories. Adding a new repository will notify running the `execute[apt-get-update]` resource immediately. - -#### Actions -- :add: creates a repository file and builds the repository listing (default) -- :remove: removes the repository file - -#### Attribute Parameters -- repo_name: name attribute. The name of the channel to discover -- uri: the base of the Debian distribution -- distribution: this is usually your release's codename...ie something like `karmic`, `lucid` or `maverick` -- components: package groupings... when in doubt use `main` -- arch: constrain package to a particular arch like `i386`, `amd64` or even `armhf` or `powerpc`. Defaults to nil. -- trusted: treat all packages from this repository as authenticated regardless of signature -- deb_src: whether or not to add the repository as a source repo as well - value can be `true` or `false`, default `false`. -- keyserver: the GPG keyserver where the key for the repo should be retrieved -- key: if a `keyserver` is provided, this is assumed to be the fingerprint, otherwise it can be either the URI to the GPG key for the repo, or a cookbook_file. -- key_proxy: if set, pass the specified proxy via `http-proxy=` to GPG. -- cookbook: if key should be a cookbook_file, specify a cookbook where the key is located for files/default. Defaults to nil, so it will use the cookbook where the resource is used. - -#### Examples -Add the Zenoss repo: -```ruby -apt_repository 'zenoss' do - uri 'http://dev.zenoss.org/deb' - components ['main', 'stable'] -end -``` - -Enable Ubuntu [multiverse](https://help.ubuntu.com/community/Repositories/Ubuntu) repositories: - -```ruby -apt_repository 'security-ubuntu-multiverse' do - uri 'http://security.ubuntu.com/ubuntu' - distribution 'trusty-security' - components ['multiverse'] - deb_src true -end -``` - -Add the Nginx PPA, autodetect the key and repository url: - -```ruby -apt_repository 'nginx-php' do - uri 'ppa:nginx/stable' - distribution node['lsb']['codename'] -end -``` - -Add the JuJu PPA, grab the key from the keyserver, and add source repo: +There is an `interface_ipaddress` method that returns the IP address for a particular host and interface, used by the `cacher-client` recipe. To enable it on the server use the `['apt']['cacher_interface']` attribute. -```ruby -apt_repository 'juju' do - uri 'http://ppa.launchpad.net/juju/stable/ubuntu' - components ['main'] - distribution 'trusty' - key 'C8068B11' - keyserver 'keyserver.ubuntu.com' - action :add - deb_src true -end -``` +## Usage -Add the Cloudera Repo of CDH4 packages for Ubuntu 12.04 on AMD64: +Put `recipe[apt]` first in the run list. If you have other recipes that you want to use to configure how apt behaves, like new sources, notify the execute resource to run, e.g.: ```ruby -apt_repository 'cloudera' do - uri 'http://archive.cloudera.com/cdh4/ubuntu/precise/amd64/cdh' - arch 'amd64' - distribution 'precise-cdh4' - components ['contrib'] - key 'http://archive.cloudera.com/debian/archive.key' +template '/etc/apt/sources.list.d/my_apt_sources.list' do + notifies :run, 'execute[apt-get update]', :immediately end ``` -Remove Zenoss repo: +The above will run during execution phase since it is a normal template resource, and should appear before other package resources that need the sources in the template. -```ruby -apt_repository 'zenoss' do - action :remove -end -``` +Put `recipe[apt::cacher-ng]` in the run_list for a server to provide APT caching and add `recipe[apt::cacher-client]` on the rest of the Debian-based nodes to take advantage of the caching server. -### `apt_preference` -This LWRP provides an easy way to pin packages in /etc/apt/preferences.d. Although apt-pinning is quite helpful from time to time please note that Debian does not encourage its use without thorough consideration. +If you want to cleanup unused packages, there is also the `apt-get autoclean` and `apt-get autoremove` resources provided for automated cleanup. -Further information regarding apt-pinning is available via [http://wiki.debian.org/AptPreferences](http://wiki.debian.org/AptPreferences). +## Resources -#### Actions -- :add: creates a preferences file under /etc/apt/preferences.d -- :remove: Removes the file, therefore unpin the package +### apt_preference -#### Attribute Parameters -- package_name: name attribute. The name of the package -- glob: Pin by glob() expression or regexp surrounded by /. -- pin: The package version/repository to pin -- pin_priority: The pinning priority aka "the highest package version wins" +The apt_preference resource has been moved into chef-client in Chef 13.3. -#### Examples -Pin libmysqlclient16 to version 5.1.49-3: +See for usage details -```ruby -apt_preference 'libmysqlclient16' do - pin 'version 5.1.49-3' - pin_priority '700' -end -``` +### apt_repository -Unpin libmysqlclient16: +The apt_repository resource has been moved into chef-client in Chef 12.9. -```ruby -apt_preference 'libmysqlclient16' do - action :remove -end -``` +See for usage details -Pin all packages from dotdeb.org: - -```ruby -apt_preference 'dotdeb' do - glob '*' - pin 'origin packages.dotdeb.org' - pin_priority '700' -end -``` - -## Usage -Put `recipe[apt]` first in the run list. If you have other recipes that you want to use to configure how apt behaves, like new sources, notify the execute resource to run, e.g.: +### apt_update -```ruby -template '/etc/apt/sources.list.d/my_apt_sources.list' do - notifies :run, 'execute[apt-get update]', :immediately -end -``` +The apt_update resource has been moved into chef-client in Chef 12.7. -The above will run during execution phase since it is a normal template resource, and should appear before other package resources that need the sources in the template. +See for usage details -Put `recipe[apt::cacher-ng]` in the run_list for a server to provide APT caching and add `recipe[apt::cacher-client]` on the rest of the Debian-based nodes to take advantage of the caching server. +## Maintainers -If you want to cleanup unused packages, there is also the `apt-get autoclean` and `apt-get autoremove` resources provided for automated cleanup. +This cookbook is maintained by Chef's Community Cookbook Engineering team. Our goal is to improve cookbook quality and to aid the community in contributing to cookbooks. To learn more about our team, process, and design goals see our [team documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/COOKBOOK_TEAM.MD). To learn more about contributing to cookbooks like this see our [contributing documentation](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD), or if you have general questions about this cookbook come chat with us in #cookbok-engineering on the [Chef Community Slack](http://community-slack.chef.io/) -## License & Authors -**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io)) +## License -**Copyright:** 2009-2015, Chef Software, Inc. +**Copyright:** 2009-2017, Chef Software, Inc. ``` Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/cookbooks/apt/Rakefile b/cookbooks/apt/Rakefile deleted file mode 100644 index ccd07dd8..00000000 --- a/cookbooks/apt/Rakefile +++ /dev/null @@ -1,69 +0,0 @@ -#!/usr/bin/env rake - -# Style tests. cookstyle (rubocop) and Foodcritic -namespace :style do - begin - require 'cookstyle' - require 'rubocop/rake_task' - - desc 'Run Ruby style checks' - RuboCop::RakeTask.new(:ruby) - rescue LoadError => e - puts ">>> Gem load error: #{e}, omitting style:ruby" unless ENV['CI'] - end - - begin - require 'foodcritic' - - desc 'Run Chef style checks' - FoodCritic::Rake::LintTask.new(:chef) do |t| - t.options = { - fail_tags: ['any'], - progress: true - } - end - rescue LoadError - puts ">>> Gem load error: #{e}, omitting style:chef" unless ENV['CI'] - end -end - -desc 'Run all style checks' -task style: ['style:chef', 'style:ruby'] - -# ChefSpec -begin - require 'rspec/core/rake_task' - - desc 'Run ChefSpec examples' - RSpec::Core::RakeTask.new(:spec) -rescue LoadError => e - puts ">>> Gem load error: #{e}, omitting spec" unless ENV['CI'] -end - -# Integration tests. Kitchen.ci -namespace :integration do - begin - require 'kitchen/rake_tasks' - - desc 'Run kitchen integration tests' - Kitchen::RakeTasks.new - rescue LoadError => e - puts ">>> Gem load error: #{e}, omitting #{task.name}" unless ENV['CI'] - rescue Kitchen::UserError => e - puts ">>> Test Kitchen error: #{e}" unless ENV['CI'] - end -end - -namespace :supermarket do - begin - require 'stove/rake_task' - - desc 'Publish cookbook to Supermarket with Stove' - Stove::RakeTask.new - rescue LoadError => e - puts ">>> Gem load error: #{e}, omitting #{task.name}" unless ENV['CI'] - end -end - -# Default -task default: %w(style spec) diff --git a/cookbooks/apt/attributes/default.rb b/cookbooks/apt/attributes/default.rb index 37680caa..2d3e6734 100644 --- a/cookbooks/apt/attributes/default.rb +++ b/cookbooks/apt/attributes/default.rb @@ -1,8 +1,8 @@ # -# Cookbook Name:: apt +# Cookbook:: apt # Attributes:: default # -# Copyright 2009-2016, Chef Software, Inc. +# Copyright:: 2009-2017, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,16 +17,12 @@ # limitations under the License. # -default['apt']['cacher-client']['restrict_environment'] = false default['apt']['cacher_dir'] = '/var/cache/apt-cacher-ng' default['apt']['cacher_interface'] = nil default['apt']['cacher_port'] = 3142 -default['apt']['cacher_ssl_support'] = false -default['apt']['caching_server'] = false default['apt']['compiletime'] = false default['apt']['compile_time_update'] = false default['apt']['key_proxy'] = '' -default['apt']['cache_bypass'] = {} default['apt']['periodic_update_min_delay'] = 86_400 default['apt']['launchpad_api_version'] = '1.0' default['apt']['unattended_upgrades']['enable'] = false @@ -34,20 +30,33 @@ # this needs a good default codename = node.attribute?('lsb') ? node['lsb']['codename'] : 'notlinux' default['apt']['unattended_upgrades']['allowed_origins'] = [ - "#{node['platform'].capitalize} #{codename}" + "#{node['platform'].capitalize} #{codename}", ] + +default['apt']['cacher_client']['cacher_server'] = {} + default['apt']['unattended_upgrades']['origins_patterns'] = [] default['apt']['unattended_upgrades']['package_blacklist'] = [] default['apt']['unattended_upgrades']['auto_fix_interrupted_dpkg'] = false default['apt']['unattended_upgrades']['minimal_steps'] = false default['apt']['unattended_upgrades']['install_on_shutdown'] = false default['apt']['unattended_upgrades']['mail'] = nil +default['apt']['unattended_upgrades']['sender'] = nil default['apt']['unattended_upgrades']['mail_only_on_error'] = true default['apt']['unattended_upgrades']['remove_unused_dependencies'] = false default['apt']['unattended_upgrades']['automatic_reboot'] = false default['apt']['unattended_upgrades']['automatic_reboot_time'] = 'now' default['apt']['unattended_upgrades']['dl_limit'] = nil default['apt']['unattended_upgrades']['random_sleep'] = nil +default['apt']['unattended_upgrades']['syslog_enable'] = false +default['apt']['unattended_upgrades']['syslog_facility'] = 'daemon' + +default['apt']['unattended_upgrades']['dpkg_options'] = [] +default['apt']['confd']['force_confask'] = false +default['apt']['confd']['force_confdef'] = false +default['apt']['confd']['force_confmiss'] = false +default['apt']['confd']['force_confnew'] = false +default['apt']['confd']['force_confold'] = false default['apt']['confd']['install_recommends'] = true default['apt']['confd']['install_suggests'] = false diff --git a/cookbooks/apt/chefignore b/cookbooks/apt/chefignore index a9769175..7e4ab407 100644 --- a/cookbooks/apt/chefignore +++ b/cookbooks/apt/chefignore @@ -45,22 +45,19 @@ a.out # Testing # ########### -.watchr .rspec spec/* spec/fixtures/* test/* features/* examples/* -Guardfile Procfile .kitchen* .rubocop.yml spec/* -Rakefile .travis.yml .foodcritic -.codeclimate.yml +appveyor.yml # SCM # ####### @@ -82,21 +79,14 @@ Berksfile.lock cookbooks/* tmp +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + # Cookbooks # ############# CONTRIBUTING* CHANGELOG* TESTING* -MAINTAINERS.toml -# Strainer # -############ -Colanderfile -Strainerfile -.colander -.strainer - -# Vagrant # -########### -.vagrant -Vagrantfile diff --git a/cookbooks/apt/files/default/15update-stamp b/cookbooks/apt/files/default/15update-stamp deleted file mode 100644 index 14ead837..00000000 --- a/cookbooks/apt/files/default/15update-stamp +++ /dev/null @@ -1 +0,0 @@ -APT::Update::Post-Invoke-Success {"touch /var/lib/apt/periodic/update-success-stamp 2>/dev/null || true";}; diff --git a/cookbooks/apt/files/default/apt-proxy-v2.conf b/cookbooks/apt/files/default/apt-proxy-v2.conf deleted file mode 100644 index 69540047..00000000 --- a/cookbooks/apt/files/default/apt-proxy-v2.conf +++ /dev/null @@ -1,50 +0,0 @@ -[DEFAULT] -;; All times are in seconds, but you can add a suffix -;; for minutes(m), hours(h) or days(d) - -;; commented out address so apt-proxy will listen on all IPs -;; address = 127.0.0.1 -port = 9999 -cache_dir = /var/cache/apt-proxy - -;; Control files (Packages/Sources/Contents) refresh rate -min_refresh_delay = 1s -complete_clientless_downloads = 1 - -;; Debugging settings. -debug = all:4 db:0 - -time = 30 -passive_ftp = on - -;;-------------------------------------------------------------- -;; Cache housekeeping - -cleanup_freq = 1d -max_age = 120d -max_versions = 3 - -;;--------------------------------------------------------------- -;; Backend servers -;; -;; Place each server in its own [section] - -[ubuntu] -; Ubuntu archive -backends = - http://us.archive.ubuntu.com/ubuntu - -[ubuntu-security] -; Ubuntu security updates -backends = http://security.ubuntu.com/ubuntu - -[debian] -;; Backend servers, in order of preference -backends = - http://debian.osuosl.org/debian/ - -[security] -;; Debian security archive -backends = - http://security.debian.org/debian-security - http://ftp2.de.debian.org/debian-security diff --git a/cookbooks/apt/libraries/apt_update.rb b/cookbooks/apt/libraries/apt_update.rb deleted file mode 100644 index 4ec4f947..00000000 --- a/cookbooks/apt/libraries/apt_update.rb +++ /dev/null @@ -1,56 +0,0 @@ -unless defined? Chef::Resource::AptUpdate - require 'chef_compat/copied_from_chef/chef/dsl/declare_resource' - require 'chef/mixin/shell_out' - - class AptUpdate < ChefCompat::Resource - include ChefCompat::CopiedFromChef::Chef::DSL::DeclareResource - include Chef::Mixin::ShellOut - - resource_name :apt_update - - provides :apt_update, os: 'linux' - property :frequency, Integer, default: 86_400 - - default_action :periodic - allowed_actions :update, :periodic - - APT_CONF_DIR = '/etc/apt/apt.conf.d'.freeze - STAMP_DIR = '/var/lib/apt/periodic'.freeze - - action :periodic do - unless apt_up_to_date? # ~FC023 - converge_by 'update new lists of packages' do - do_update - end - end - end - - action :update do - converge_by 'force update new lists of packages' do - do_update - end - end - - # Determines whether we need to run `apt-get update` - # - # @return [Boolean] - def apt_up_to_date? - ::File.exist?("#{STAMP_DIR}/update-success-stamp") && - ::File.mtime("#{STAMP_DIR}/update-success-stamp") > Time.now - new_resource.frequency - end - - def do_update - [STAMP_DIR, APT_CONF_DIR].each do |d| - build_resource(:directory, d, caller[0]) do - recursive true - end.run_action(:create) - end - - build_resource(:file, "#{APT_CONF_DIR}/15update-stamp", caller[0]) do - content "APT::Update::Post-Invoke-Success {\"touch #{STAMP_DIR}/update-success-stamp 2>/dev/null || true\";};" - end.run_action(:create_if_missing) - - shell_out!('apt-get -q update') - end - end -end diff --git a/cookbooks/apt/libraries/helpers.rb b/cookbooks/apt/libraries/helpers.rb index d576cdec..6d98060c 100644 --- a/cookbooks/apt/libraries/helpers.rb +++ b/cookbooks/apt/libraries/helpers.rb @@ -1,8 +1,8 @@ # -# Cookbook Name:: apt +# Cookbook:: apt # Library:: helpers # -# Copyright 2013-2016 Chef Software, Inc. +# Copyright:: 2013-2017, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,18 +27,6 @@ def apt_installed? !which('apt-get').nil? end - # Determines whether we need to run `apt-get update` - # - # @return [Boolean] - def apt_up_to_date? - if ::File.exist?('/var/lib/apt/periodic/update-success-stamp') && - ::File.mtime('/var/lib/apt/periodic/update-success-stamp') > Time.now - node['apt']['periodic_update_min_delay'] - true - else - false - end - end - # Finds a command in $PATH # # @return [String, nil] diff --git a/cookbooks/apt/libraries/matchers.rb b/cookbooks/apt/libraries/matchers.rb deleted file mode 100644 index b57d2c68..00000000 --- a/cookbooks/apt/libraries/matchers.rb +++ /dev/null @@ -1,38 +0,0 @@ -if defined?(ChefSpec) - - ################# - # apt_preference - ################# - - def add_apt_preference(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:apt_preference, :add, resource_name) - end - - def remove_apt_preference(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:apt_preference, :remove, resource_name) - end - - ################# - # apt_repository - ################# - - def add_apt_repository(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:apt_repository, :add, resource_name) - end - - def remove_apt_repository(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:apt_repository, :remove, resource_name) - end - - ################# - # apt_update - ################# - - def update_apt_update(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:apt_update, :update, resource_name) - end - - def periodic_apt_update(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:apt_update, :periodic, resource_name) - end -end diff --git a/cookbooks/apt/libraries/network.rb b/cookbooks/apt/libraries/network.rb deleted file mode 100644 index 307c5f45..00000000 --- a/cookbooks/apt/libraries/network.rb +++ /dev/null @@ -1,31 +0,0 @@ -# -# Cookbook Name:: apt -# library:: network -# -# Copyright 2013-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -module ::Apt - def interface_ipaddress(host, interface) - if interface # rubocop: disable Style/GuardClause - addresses = host['network']['interfaces'][interface]['addresses'] - addresses.select do |ip, data| - return ip if data['family'].eql?('inet') - end - else - return host.ipaddress - end - end -end diff --git a/cookbooks/apt/metadata.rb b/cookbooks/apt/metadata.rb index 00a9fe85..f0458449 100644 --- a/cookbooks/apt/metadata.rb +++ b/cookbooks/apt/metadata.rb @@ -1,10 +1,10 @@ name 'apt' maintainer 'Chef Software, Inc.' maintainer_email 'cookbooks@chef.io' -license 'Apache 2.0' -description 'Configures apt and apt services. Ships resources for managing apt repositories' +license 'Apache-2.0' +description 'Configures apt and apt caching.' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version '4.0.2' +version '7.1.1' recipe 'apt::default', 'Runs apt-get update during compile phase and sets up preseed directories' recipe 'apt::cacher-ng', 'Set up an apt-cacher-ng caching proxy' @@ -16,7 +16,4 @@ source_url 'https://github.com/chef-cookbooks/apt' issues_url 'https://github.com/chef-cookbooks/apt/issues' - -chef_version '>= 12.1' if respond_to?(:chef_version)\ - -depends 'compat_resource', '>= 12.10' +chef_version '>= 13.3' if respond_to?(:chef_version) diff --git a/cookbooks/apt/providers/preference.rb b/cookbooks/apt/providers/preference.rb deleted file mode 100644 index 0cef52f4..00000000 --- a/cookbooks/apt/providers/preference.rb +++ /dev/null @@ -1,84 +0,0 @@ -# -# Cookbook Name:: apt -# Provider:: preference -# -# Copyright 2010-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -use_inline_resources - -def whyrun_supported? - true -end - -# Build preferences.d file contents -def build_pref(package_name, pin, pin_priority) - "Package: #{package_name}\nPin: #{pin}\nPin-Priority: #{pin_priority}\n" -end - -def safe_name(name) - name.tr('.', '_').gsub('*', 'wildcard') -end - -action :add do - preference = build_pref( - new_resource.glob || new_resource.package_name, - new_resource.pin, - new_resource.pin_priority - ) - - directory '/etc/apt/preferences.d' do - owner 'root' - group 'root' - mode '0755' - recursive true - action :create - end - - name = safe_name(new_resource.name) - - file "/etc/apt/preferences.d/#{new_resource.name}.pref" do - action :delete - if ::File.exist?("/etc/apt/preferences.d/#{new_resource.name}.pref") - Chef::Log.warn "Replacing #{new_resource.name}.pref with #{name}.pref in /etc/apt/preferences.d/" - end - only_if { name != new_resource.name } - end - - file "/etc/apt/preferences.d/#{new_resource.name}" do - action :delete - if ::File.exist?("/etc/apt/preferences.d/#{new_resource.name}") - Chef::Log.warn "Replacing #{new_resource.name} with #{new_resource.name}.pref in /etc/apt/preferences.d/" - end - end - - file "/etc/apt/preferences.d/#{name}.pref" do - owner 'root' - group 'root' - mode '0644' - content preference - action :create - end -end - -action :remove do - name = safe_name(new_resource.name) - if ::File.exist?("/etc/apt/preferences.d/#{name}.pref") - Chef::Log.info "Un-pinning #{name} from /etc/apt/preferences.d/" - file "/etc/apt/preferences.d/#{name}.pref" do - action :delete - end - end -end diff --git a/cookbooks/apt/providers/repository.rb b/cookbooks/apt/providers/repository.rb deleted file mode 100644 index 1a4e7648..00000000 --- a/cookbooks/apt/providers/repository.rb +++ /dev/null @@ -1,246 +0,0 @@ -# -# Cookbook Name:: apt -# Provider:: repository -# -# Copyright 2010-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -use_inline_resources - -def whyrun_supported? - true -end - -# install apt key from keyserver -def install_key_from_keyserver(key, keyserver, key_proxy) - execute "install-key #{key}" do - if keyserver.start_with?('hkp://') - command "apt-key adv --keyserver #{keyserver} --recv #{key}" - elsif key_proxy.empty? - command "apt-key adv --keyserver hkp://#{keyserver}:80 --recv #{key}" - else - command "apt-key adv --keyserver-options http-proxy=#{key_proxy} --keyserver hkp://#{keyserver}:80 --recv #{key}" - end - sensitive new_resource.sensitive if respond_to?(:sensitive) - action :run - not_if do - key_present = extract_fingerprints_from_cmd('apt-key finger').any? do |fingerprint| - fingerprint.end_with?(key.upcase) - end - - key_present && key_is_valid('apt-key list', key.upcase) - end - end - - ruby_block "validate-key #{key}" do - block do - raise "The key #{key} is no longer valid and cannot be used for an apt repository." - end - not_if { key_is_valid('apt-key list', key.upcase) } - end -end - -# run command and extract gpg ids -def extract_fingerprints_from_cmd(cmd) - so = Mixlib::ShellOut.new(cmd, env: { 'LANG' => 'en_US', 'LANGUAGE' => 'en_US' }) - so.run_command - so.stdout.split(/\n/).map do |t| - if z = t.match(/^ +Key fingerprint = ([0-9A-F ]+)/) # rubocop: disable Lint/AssignmentInCondition - z[1].split.join - end - end.compact -end - -# determine whether apt thinks the key is still valid -def key_is_valid(cmd, key) - valid = true - - so = Mixlib::ShellOut.new(cmd, env: { 'LANG' => 'en_US', 'LANGUAGE' => 'en_US' }) - so.run_command - # rubocop:disable Style/Next - so.stdout.split(/\n/).map do |t| - if t =~ %r{^\/#{key}.*\[expired: .*\]$} - Chef::Log.debug "Found expired key: #{t}" - valid = false - break - end - end - - Chef::Log.debug "key #{key} validity: #{valid}" - valid -end - -# install apt key from URI -def install_key_from_uri(uri) - key_name = uri.split(%r{\/}).last - cached_keyfile = "#{Chef::Config[:file_cache_path]}/#{key_name}" - if new_resource.key =~ /http/ - remote_file cached_keyfile do - source new_resource.key - mode '0644' - sensitive new_resource.sensitive if respond_to?(:sensitive) - action :create - end - else - cookbook_file cached_keyfile do - source new_resource.key - cookbook new_resource.cookbook - mode '0644' - sensitive new_resource.sensitive if respond_to?(:sensitive) - action :create - end - - ruby_block "validate-key #{cached_keyfile}" do - block do - raise "The key #{cached_keyfile} is no longer valid and cannot be used for an apt repository." unless key_is_valid("gpg #{cached_keyfile}", '') - end - end - end - - execute "install-key #{key_name}" do - command "apt-key add #{cached_keyfile}" - sensitive new_resource.sensitive if respond_to?(:sensitive) - action :run - not_if do - installed_keys = extract_fingerprints_from_cmd('apt-key finger') - proposed_keys = extract_fingerprints_from_cmd("gpg --with-fingerprint #{cached_keyfile}") - (installed_keys & proposed_keys).sort == proposed_keys.sort - end - end -end - -# build repo file contents -def build_repo(uri, distribution, components, trusted, arch, add_deb_src) # rubocop: disable Metrics/ParameterLists - uri = '"' + uri + '"' unless uri.start_with?('"', "'") - components = components.join(' ') if components.respond_to?(:join) - repo_options = [] - repo_options << "arch=#{arch}" if arch - repo_options << 'trusted=yes' if trusted - repo_opts = '[' + repo_options.join(' ') + ']' unless repo_options.empty? - repo_info = "#{repo_opts} #{uri} #{distribution} #{components}\n".lstrip - repo = "deb #{repo_info}" - repo << "deb-src #{repo_info}" if add_deb_src - repo -end - -def get_ppa_key(ppa_owner, ppa_repo, key_proxy) - # Launchpad has currently only one stable API which is marked as EOL April 2015. - # The new api in devel still uses the same api call for +archive, so I made the version - # configurable to provide some sort of workaround if api 1.0 ceases to exist. - # See https://launchpad.net/+apidoc/ - launchpad_ppa_api = "https://launchpad.net/api/#{node['apt']['launchpad_api_version']}/~%s/+archive/%s" - default_keyserver = 'keyserver.ubuntu.com' - - require 'open-uri' - api_query = format("#{launchpad_ppa_api}/signing_key_fingerprint", ppa_owner, ppa_repo) - begin - key_id = open(api_query).read.delete('"') - rescue OpenURI::HTTPError => e - error = 'Could not access launchpad ppa key api: HttpError: ' + e.message - raise error - rescue SocketError => e - error = 'Could not access launchpad ppa key api: SocketError: ' + e.message - raise error - end - - install_key_from_keyserver(key_id, default_keyserver, key_proxy) -end - -# fetch ppa key, return full repo url -def get_ppa_url(ppa, key_proxy) - repo_schema = 'http://ppa.launchpad.net/%s/%s/ubuntu' - - # ppa:user/repo logic ported from - # http://bazaar.launchpad.net/~ubuntu-core-dev/software-properties/main/view/head:/softwareproperties/ppa.py#L86 - return false unless ppa.start_with?('ppa:') - - ppa_name = ppa.split(':')[1] - ppa_owner = ppa_name.split('/')[0] - ppa_repo = ppa_name.split('/')[1] - ppa_repo = 'ppa' if ppa_repo.nil? - - get_ppa_key(ppa_owner, ppa_repo, key_proxy) - - format(repo_schema, ppa_owner, ppa_repo) -end - -action :add do - # add key - if new_resource.keyserver && new_resource.key - install_key_from_keyserver(new_resource.key, new_resource.keyserver, new_resource.key_proxy) - elsif new_resource.key - install_key_from_uri(new_resource.key) - end - - file '/var/lib/apt/periodic/update-success-stamp' do - action :nothing - end - - execute 'apt-cache gencaches' do - ignore_failure true - action :nothing - end - - execute 'apt-get update' do - command "apt-get update -o Dir::Etc::sourcelist='sources.list.d/#{new_resource.name}.list' -o Dir::Etc::sourceparts='-' -o APT::Get::List-Cleanup='0'" - ignore_failure true - sensitive new_resource.sensitive if respond_to?(:sensitive) - action :nothing - notifies :run, 'execute[apt-cache gencaches]', :immediately - end - - repository = if new_resource.uri.start_with?('ppa:') - # build ppa repo file - build_repo( - get_ppa_url(new_resource.uri, new_resource.key_proxy), - new_resource.distribution, - 'main', - new_resource.trusted, - new_resource.arch, - new_resource.deb_src - ) - else - # build repo file - build_repo( - new_resource.uri, - new_resource.distribution, - new_resource.components, - new_resource.trusted, - new_resource.arch, - new_resource.deb_src - ) - end - - file "/etc/apt/sources.list.d/#{new_resource.name}.list" do - owner 'root' - group 'root' - mode '0644' - content repository - sensitive new_resource.sensitive if respond_to?(:sensitive) - action :create - notifies :delete, 'file[/var/lib/apt/periodic/update-success-stamp]', :immediately - notifies :run, 'execute[apt-get update]', :immediately if new_resource.cache_rebuild - end -end - -action :remove do - if ::File.exist?("/etc/apt/sources.list.d/#{new_resource.name}.list") - Chef::Log.info "Removing #{new_resource.name} repository from /etc/apt/sources.list.d/" - file "/etc/apt/sources.list.d/#{new_resource.name}.list" do - sensitive new_resource.sensitive if respond_to?(:sensitive) - action :delete - end - end -end diff --git a/cookbooks/apt/recipes/cacher-client.rb b/cookbooks/apt/recipes/cacher-client.rb index 10eeeb04..1bbf92c1 100644 --- a/cookbooks/apt/recipes/cacher-client.rb +++ b/cookbooks/apt/recipes/cacher-client.rb @@ -1,8 +1,8 @@ # -# Cookbook Name:: apt +# Cookbook:: apt # Recipe:: cacher-client # -# Copyright 2011-2016 Chef Software, Inc. +# Copyright:: 2011-2017, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,10 +17,6 @@ # limitations under the License. # -class ::Chef::Recipe - include ::Apt -end - # remove Acquire::http::Proxy lines from /etc/apt/apt.conf since we use 01proxy # these are leftover from preseed installs execute 'Remove proxy from /etc/apt/apt.conf' do @@ -28,56 +24,29 @@ class ::Chef::Recipe only_if 'grep Acquire::http::Proxy /etc/apt/apt.conf' end -servers = [] -if node['apt'] - if node['apt']['cacher_ipaddress'] - cacher = Chef::Node.new - cacher.default.name = node['apt']['cacher_ipaddress'] - cacher.default.ipaddress = node['apt']['cacher_ipaddress'] - cacher.default.apt.cacher_port = node['apt']['cacher_port'] - cacher.default.apt.cacher_interface = node['apt']['cacher_interface'] - cacher.default.apt.cacher_ssl_support = node['apt']['cacher_ssl_support'] - servers << cacher - elsif node['apt']['caching_server'] - node.override['apt']['compiletime'] = false - servers << node +if node['apt']['cacher_client']['cacher_server'].empty? + Chef::Log.warn("No cache server defined in node['apt']['cacher_client']['cacher_server']. Not setting up caching") + f = file '/etc/apt/apt.conf.d/01proxy' do + action(node['apt']['compiletime'] ? :nothing : :delete) + end + f.run_action(:delete) if node['apt']['compiletime'] +else + apt_update 'update for notification' do + action :nothing end -end - -unless Chef::Config[:solo] || !servers.empty? - query = 'apt_caching_server:true' - query += " AND chef_environment:#{node.chef_environment}" if node['apt']['cacher-client']['restrict_environment'] - Chef::Log.debug("apt::cacher-client searching for '#{query}'") - servers += search(:node, query) -end -if !servers.empty? - Chef::Log.info("apt-cacher-ng server found on #{servers[0]}.") - cacher_ipaddress = if servers[0]['apt']['cacher_interface'] - interface_ipaddress(servers[0], servers[0]['apt']['cacher_interface']) - else - servers[0].ipaddress - end t = template '/etc/apt/apt.conf.d/01proxy' do source '01proxy.erb' owner 'root' group 'root' mode '0644' variables( - proxy: cacher_ipaddress, - port: servers[0]['apt']['cacher_port'], - proxy_ssl: servers[0]['apt']['cacher_ssl_support'], - bypass: node['apt']['cache_bypass'] + server: node['apt']['cacher_client']['cacher_server'] ) action(node['apt']['compiletime'] ? :nothing : :create) - notifies :run, 'execute[apt-get update]', :immediately + notifies :update, 'apt_update[update for notification]', :immediately end t.run_action(:create) if node['apt']['compiletime'] -else - Chef::Log.info('No apt-cacher-ng server found.') - file '/etc/apt/apt.conf.d/01proxy' do - action :delete - end end include_recipe 'apt::default' diff --git a/cookbooks/apt/recipes/cacher-ng.rb b/cookbooks/apt/recipes/cacher-ng.rb index 25770117..5d7e8462 100644 --- a/cookbooks/apt/recipes/cacher-ng.rb +++ b/cookbooks/apt/recipes/cacher-ng.rb @@ -1,8 +1,8 @@ # -# Cookbook Name:: apt +# Cookbook:: apt # Recipe:: cacher-ng # -# Copyright 2008-2016, Chef Software, Inc. +# Copyright:: 2008-2017, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the 'License'); # you may not use this file except in compliance with the License. @@ -17,8 +17,6 @@ # limitations under the License. # -node.set['apt']['caching_server'] = true - package 'apt-cacher-ng' directory node['apt']['cacher_dir'] do diff --git a/cookbooks/apt/recipes/default.rb b/cookbooks/apt/recipes/default.rb index 1280dfd3..e8c9e8cd 100644 --- a/cookbooks/apt/recipes/default.rb +++ b/cookbooks/apt/recipes/default.rb @@ -1,9 +1,9 @@ # -# Cookbook Name:: apt +# Cookbook:: apt # Recipe:: default # -# Copyright 2008-2016, Chef Software, Inc. -# Copyright 2009, Bryan McLellan +# Copyright:: 2008-2017, Chef Software, Inc. +# Copyright:: 2009-2017, Bryan McLellan # # Licensed under the Apache License, Version 2.0 (the 'License'); # you may not use this file except in compliance with the License. @@ -31,11 +31,14 @@ # If compile_time_update run apt-get update at compile time if node['apt']['compile_time_update'] && apt_installed? - apt_update('compile time').run_action(:periodic) + apt_update('compile time') do + frequency node['apt']['periodic_update_min_delay'] + ignore_failure true + end.run_action(:periodic) end apt_update 'periodic' do - only_if { apt_installed? } + frequency node['apt']['periodic_update_min_delay'] end # For other recipes to call to force an update @@ -74,6 +77,14 @@ end end +template '/etc/apt/apt.conf.d/10dpkg-options' do + owner 'root' + group 'root' + mode '0644' + source '10dpkg-options.erb' + only_if { apt_installed? } +end + template '/etc/apt/apt.conf.d/10recommends' do owner 'root' group 'root' @@ -82,6 +93,6 @@ only_if { apt_installed? } end -package 'apt-transport-https' do +package %w(apt-transport-https gnupg dirmngr) do only_if { apt_installed? } end diff --git a/cookbooks/apt/recipes/unattended-upgrades.rb b/cookbooks/apt/recipes/unattended-upgrades.rb index 82c4cca2..ee2cb6e8 100644 --- a/cookbooks/apt/recipes/unattended-upgrades.rb +++ b/cookbooks/apt/recipes/unattended-upgrades.rb @@ -1,8 +1,8 @@ # -# Cookbook Name:: apt +# Cookbook:: apt # Recipe:: unattended-upgrades # -# Copyright 2014-2016, Chef Software, Inc. +# Copyright:: 2014-2017, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the 'License'); # you may not use this file except in compliance with the License. @@ -29,7 +29,7 @@ end package 'bsd-mailx' do - only_if { node['apt']['unattended_upgrades']['mail'] } + not_if { node['apt']['unattended_upgrades']['mail'].nil? } end template '/etc/apt/apt.conf.d/20auto-upgrades' do diff --git a/cookbooks/apt/resources/preference.rb b/cookbooks/apt/resources/preference.rb deleted file mode 100644 index 0c700c8c..00000000 --- a/cookbooks/apt/resources/preference.rb +++ /dev/null @@ -1,31 +0,0 @@ -# -# Cookbook Name:: apt -# Resource:: preference -# -# Copyright 2010-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -actions :add, :remove -default_action :add - -state_attrs :glob, - :package_name, - :pin, - :pin_priority - -attribute :package_name, kind_of: String, name_attribute: true, regex: [/^([a-z]|[A-Z]|[0-9]|_|-|\.|\*|\+)+$/] -attribute :glob, kind_of: String -attribute :pin, kind_of: String -attribute :pin_priority, kind_of: String diff --git a/cookbooks/apt/resources/repository.rb b/cookbooks/apt/resources/repository.rb deleted file mode 100644 index d0e49f52..00000000 --- a/cookbooks/apt/resources/repository.rb +++ /dev/null @@ -1,54 +0,0 @@ -# -# Cookbook Name:: apt -# Resource:: repository -# -# Copyright 2010-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -actions :add, :remove -default_action :add - -state_attrs :arch, - :cache_rebuild, - :components, - :cookbook, - :deb_src, - :distribution, - :key, - :keyserver, - :key_proxy, - :repo_name, - :trusted, - :uri, - :sensitive - -# name of the repo, used for source.list filename -attribute :repo_name, kind_of: String, name_attribute: true, regex: [/^([a-z]|[A-Z]|[0-9]|_|-|\.)+$/] -attribute :uri, kind_of: String -attribute :distribution, kind_of: String -attribute :components, kind_of: Array, default: [] -attribute :arch, kind_of: String, default: nil -attribute :trusted, kind_of: [TrueClass, FalseClass], default: false -# whether or not to add the repository as a source repo as well -attribute :deb_src, default: false -attribute :keyserver, kind_of: String, default: nil -attribute :key, kind_of: String, default: nil -attribute :key_proxy, kind_of: String, default: node['apt']['key_proxy'] -attribute :cookbook, kind_of: String, default: nil -# trigger cache rebuild -# If not you can trigger in the recipe itself after checking the status of resource.updated{_by_last_action}? -attribute :cache_rebuild, kind_of: [TrueClass, FalseClass], default: true -# Hide content of the source file, don't show output for commands being run, etc. -attribute :sensitive, kind_of: [TrueClass, FalseClass], default: false diff --git a/cookbooks/apt/spec/spec_helper.rb b/cookbooks/apt/spec/spec_helper.rb index 4e000048..773d5579 100644 --- a/cookbooks/apt/spec/spec_helper.rb +++ b/cookbooks/apt/spec/spec_helper.rb @@ -1,4 +1,8 @@ require 'chefspec' require 'chefspec/berkshelf' -at_exit { ChefSpec::Coverage.report! } +RSpec.configure do |config| + config.color = true # Use color in STDOUT + config.formatter = :documentation # Use the specified formatter + config.log_level = :error # Avoid deprecation notice SPAM +end diff --git a/cookbooks/apt/spec/unit/recipes/cacher-client_spec.rb b/cookbooks/apt/spec/unit/recipes/cacher-client_spec.rb index 37d23ce8..ed9e378f 100644 --- a/cookbooks/apt/spec/unit/recipes/cacher-client_spec.rb +++ b/cookbooks/apt/spec/unit/recipes/cacher-client_spec.rb @@ -2,24 +2,34 @@ describe 'apt::cacher-client' do context 'no server' do - let(:chef_run) { ChefSpec::ServerRunner.new.converge(described_recipe) } + let(:chef_run) { ChefSpec::ServerRunner.new(platform: 'ubuntu', version: '16.04').converge(described_recipe) } - # it 'does not create 01proxy file' do - # expect(chef_run).not_to create_file('/etc/apt/apt.conf.d/01proxy') - # end + before do + stub_command('grep Acquire::http::Proxy /etc/apt/apt.conf').and_return(false) + end + + it 'does not create 01proxy file' do + expect(chef_run).not_to create_file('/etc/apt/apt.conf.d/01proxy') + end end context 'server provided' do let(:chef_run) do - runner = ChefSpec::ServerRunner.new - runner.node.set['apt']['cacher_ipaddress'] = '22.33.44.55' - runner.node.set['apt']['cacher_port'] = '9876' + runner = ChefSpec::ServerRunner.new(platform: 'ubuntu', version: '16.04') + runner.node.normal['apt']['cacher_client']['cacher_server'] = { + host: 'localhost', + port: 9876, + proxy_ssl: true, + } runner.converge('apt::cacher-client') end - # it 'creates 01proxy file' do - # expect(chef_run).to render_file('/etc/apt/apt.conf.d/01proxy').with_content() - # expect(chef_run).to create_file_with_content('/etc/apt/apt.conf.d/01proxy', 'Acquire::http::Proxy "http://22.33.44.55:9876";') - # end + before do + stub_command('grep Acquire::http::Proxy /etc/apt/apt.conf').and_return(false) + end + + it 'creates 01proxy file' do + expect(chef_run).to render_file('/etc/apt/apt.conf.d/01proxy').with_content('Acquire::http::Proxy "http://localhost:9876";') + end end end diff --git a/cookbooks/apt/spec/unit/recipes/cacher-ng_spec.rb b/cookbooks/apt/spec/unit/recipes/cacher-ng_spec.rb index 2c5abd83..0935cb85 100644 --- a/cookbooks/apt/spec/unit/recipes/cacher-ng_spec.rb +++ b/cookbooks/apt/spec/unit/recipes/cacher-ng_spec.rb @@ -4,7 +4,7 @@ context 'server' do let(:chef_run) do runner = ChefSpec::ServerRunner.new - runner.node.set['apt']['cacher_port'] = '9876' + runner.node.normal['apt']['cacher_port'] = '9876' runner.converge('apt::cacher-ng') end diff --git a/cookbooks/apt/spec/unit/recipes/default_spec.rb b/cookbooks/apt/spec/unit/recipes/default_spec.rb index ee344080..6e8f0248 100644 --- a/cookbooks/apt/spec/unit/recipes/default_spec.rb +++ b/cookbooks/apt/spec/unit/recipes/default_spec.rb @@ -1,11 +1,8 @@ require 'spec_helper' describe 'apt::default' do - let(:chef_run) do - ChefSpec::ServerRunner.new(platform: 'ubuntu', version: '14.04') do |node| - node.automatic[:lsb][:codename] = 'trusty' - end.converge('apt::default') - end + let(:runner) { ChefSpec::ServerRunner.new(platform: 'ubuntu', version: '16.04') } + let(:chef_run) { runner.converge('apt::default') } before do allow(::File).to receive(:executable?).and_return(true) @@ -17,8 +14,8 @@ expect(chef_run).to render_file('/etc/apt/apt.conf.d/10recommends').with_content('APT::Install-Suggests "0";') end - it 'installs apt-transport-https' do - expect(chef_run).to install_package('apt-transport-https') + it 'installs apt-transport-https, gnupg and dirmngr' do + expect(chef_run).to install_package(['apt-transport-https', 'gnupg', 'dirmngr']) end it 'creates preseeding directory' do diff --git a/cookbooks/apt/tasks/maintainers.rb b/cookbooks/apt/tasks/maintainers.rb deleted file mode 100644 index 7e996333..00000000 --- a/cookbooks/apt/tasks/maintainers.rb +++ /dev/null @@ -1,76 +0,0 @@ -# -# Copyright:: Copyright (c) 2015 Chef Software, Inc. -# License:: Apache License, Version 2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require 'rake' - -SOURCE = File.join(File.dirname(__FILE__), '..', 'MAINTAINERS.toml') -TARGET = File.join(File.dirname(__FILE__), '..', 'MAINTAINERS.md') - -begin - require 'tomlrb' - task default: 'maintainers:generate' - - namespace :maintainers do - desc 'Generate MarkDown version of MAINTAINERS file' - task :generate do - @toml = Tomlrb.load_file SOURCE - out = "\n\n" - - out << preamble - out << project_lieutenant - out << all_maintainers - - File.open(TARGET, 'w') do |fn| - fn.write out - end - end - end - -rescue LoadError - STDERR.puts "\n*** TomlRb not available.\n\n" -end - -private - -def preamble - <<-EOL -# #{@toml['Preamble']['title']} -#{@toml['Preamble']['text']} -EOL -end - -def project_lieutenant - <<-EOL -# #{@toml['Org']['Components']['Core']['title']} -#{github_link(@toml['Org']['Components']['Core']['lieutenant'])} - -EOL -end - -def all_maintainers - text = "# Maintainers\n" - @toml['Org']['Components']['Core']['maintainers'].each do |m| - text << "#{github_link(m)}\n" - end - text -end - -def github_link(person) - name = @toml['people'][person]['name'] - github = @toml['people'][person]['github'] - "* [#{name}](https://github.com/#{github})" -end diff --git a/cookbooks/apt/templates/default/01proxy.erb b/cookbooks/apt/templates/default/01proxy.erb deleted file mode 100644 index 1cd22565..00000000 --- a/cookbooks/apt/templates/default/01proxy.erb +++ /dev/null @@ -1,9 +0,0 @@ -Acquire::http::Proxy "http://<%= @proxy %>:<%= @port %>"; -<% if @proxy_ssl %> -Acquire::https::Proxy "http://<%= @proxy %>:<%= @port %>"; -<% else %> -Acquire::https::Proxy "DIRECT"; -<% end %> -<% @bypass.each do |bypass, type| %> -Acquire::<%= type %>::Proxy::<%= bypass %> "DIRECT"; -<% end %> diff --git a/cookbooks/apt/templates/default/10recommends.erb b/cookbooks/apt/templates/default/10recommends.erb deleted file mode 100644 index 16b3664e..00000000 --- a/cookbooks/apt/templates/default/10recommends.erb +++ /dev/null @@ -1,3 +0,0 @@ -# Managed by Chef -APT::Install-Recommends "<%= node['apt']['confd']['install_recommends'] ? 1 : 0 %>"; -APT::Install-Suggests "<%= node['apt']['confd']['install_suggests'] ? 1 : 0 %>"; diff --git a/cookbooks/apt/templates/default/20auto-upgrades.erb b/cookbooks/apt/templates/default/20auto-upgrades.erb deleted file mode 100644 index 47b2f23d..00000000 --- a/cookbooks/apt/templates/default/20auto-upgrades.erb +++ /dev/null @@ -1,5 +0,0 @@ -APT::Periodic::Update-Package-Lists "<%= node['apt']['unattended_upgrades']['update_package_lists'] ? 1 : 0 %>"; -APT::Periodic::Unattended-Upgrade "<%= node['apt']['unattended_upgrades']['enable'] ? 1 : 0 %>"; -<% if node['apt']['unattended_upgrades']['random_sleep'] -%> -APT::Periodic::RandomSleep "<%= node['apt']['unattended_upgrades']['random_sleep'] %>"; -<% end -%> diff --git a/cookbooks/apt/templates/default/50unattended-upgrades.erb b/cookbooks/apt/templates/default/50unattended-upgrades.erb deleted file mode 100644 index 9bf0380d..00000000 --- a/cookbooks/apt/templates/default/50unattended-upgrades.erb +++ /dev/null @@ -1,75 +0,0 @@ -// Automatically upgrade packages from these (origin:archive) pairs -Unattended-Upgrade::Allowed-Origins { -<% unless node['apt']['unattended_upgrades']['allowed_origins'].empty? -%> -<% node['apt']['unattended_upgrades']['allowed_origins'].each do |origin| -%> - "<%= origin %>"; -<% end -%> -<% end -%> -}; - -<% unless node['apt']['unattended_upgrades']['origins_patterns'].empty? -%> -Unattended-Upgrade::Origins-Pattern { -<% node['apt']['unattended_upgrades']['origins_patterns'].each do |pattern| -%> - "<%= pattern %>"; -<% end -%> -}; - -<% end -%> -// List of packages to not update -Unattended-Upgrade::Package-Blacklist { -<% unless node['apt']['unattended_upgrades']['package_blacklist'].empty? -%> -<% node['apt']['unattended_upgrades']['package_blacklist'].each do |package| -%> - "<%= package %>"; -<% end -%> -<% end -%> -}; - -// This option allows you to control if on a unclean dpkg exit -// unattended-upgrades will automatically run -// dpkg --force-confold --configure -a -// The default is true, to ensure updates keep getting installed -Unattended-Upgrade::AutoFixInterruptedDpkg "<%= node['apt']['unattended_upgrades']['auto_fix_interrupted_dpkg'] ? 'true' : 'false' %>"; - -// Split the upgrade into the smallest possible chunks so that -// they can be interrupted with SIGUSR1. This makes the upgrade -// a bit slower but it has the benefit that shutdown while a upgrade -// is running is possible (with a small delay) -Unattended-Upgrade::MinimalSteps "<%= node['apt']['unattended_upgrades']['minimal_steps'] ? 'true' : 'false' %>"; - -// Install all unattended-upgrades when the machine is shuting down -// instead of doing it in the background while the machine is running -// This will (obviously) make shutdown slower -Unattended-Upgrade::InstallOnShutdown "<%= node['apt']['unattended_upgrades']['install_on_shutdown'] ? 'true' : 'false' %>"; - -// Send email to this address for problems or packages upgrades -// If empty or unset then no email is sent, make sure that you -// have a working mail setup on your system. A package that provides -// 'mailx' must be installed. -<% if node['apt']['unattended_upgrades']['mail'] -%> -Unattended-Upgrade::Mail "<%= node['apt']['unattended_upgrades']['mail'] %>"; -<% end -%> - -// Set this value to "true" to get emails only on errors. Default -// is to always send a mail if Unattended-Upgrade::Mail is set -Unattended-Upgrade::MailOnlyOnError "<%= node['apt']['unattended_upgrades']['mail_only_on_error'] ? 'true' : 'false' %>"; - -// Do automatic removal of new unused dependencies after the upgrade -// (equivalent to apt-get autoremove) -Unattended-Upgrade::Remove-Unused-Dependencies "<%= node['apt']['unattended_upgrades']['remove_unused_dependencies'] ? 'true' : 'false' %>"; - -// Automatically reboot *WITHOUT CONFIRMATION* if a -// the file /var/run/reboot-required is found after the upgrade -Unattended-Upgrade::Automatic-Reboot "<%= node['apt']['unattended_upgrades']['automatic_reboot'] ? 'true' : 'false' %>"; - -// If automatic reboot is enabled and needed, reboot at the specific -// time instead of immediately -// Default: "now" -<% if node['apt']['unattended_upgrades']['automatic_reboot'] -%> -Unattended-Upgrade::Automatic-Reboot-Time "<%= node['apt']['unattended_upgrades']['automatic_reboot_time'] %>"; -<% end %> - -// Use apt bandwidth limit feature, this example limits the download -// speed to 70kb/sec -<% if node['apt']['unattended_upgrades']['dl_limit'] -%> -Acquire::http::Dl-Limit "<%= node['apt']['unattended_upgrades']['dl_limit'] %>"; -<% end -%> diff --git a/cookbooks/apt/templates/default/acng.conf.erb b/cookbooks/apt/templates/default/acng.conf.erb deleted file mode 100644 index 3aa0c92a..00000000 --- a/cookbooks/apt/templates/default/acng.conf.erb +++ /dev/null @@ -1,275 +0,0 @@ -# Letter case in directive names does not matter. Must be separated with colons. -# Valid boolean values are a zero number for false, non-zero numbers for true. - -CacheDir: <%= node['apt']['cacher_dir'] %> - -# set empty to disable logging -LogDir: /var/log/apt-cacher-ng - -# place to look for additional configuration and resource files if they are not -# found in the configuration directory -# SupportDir: /usr/lib/apt-cacher-ng - -# TCP (http) port -# Set to 9999 to emulate apt-proxy -Port:<%= node['apt']['cacher_port'] %> - -# Addresses or hostnames to listen on. Multiple addresses must be separated by -# spaces. Each entry must be an exact local address which is associated with a -# local interface. DNS resolution is performed using getaddrinfo(3) for all -# available protocols (IPv4, IPv6, ...). Using a protocol specific format will -# create binding(s) only on protocol specific socket(s) (e.g. 0.0.0.0 will listen -# only to IPv4). -# -# Default: not set, will listen on all interfaces and protocols -# -# BindAddress: localhost 192.168.7.254 publicNameOnMainInterface - -# The specification of another proxy which shall be used for downloads. -# Username and password are, and see manual for limitations. -# -#Proxy: http://www-proxy.example.net:80 -#proxy: username:proxypassword@proxy.example.net:3128 - -# Repository remapping. See manual for details. -# In this example, some backends files might be generated during package -# installation using information collected on the system. -Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian # Debian Archives -Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu # Ubuntu Archives -Remap-debvol: file:debvol_mirror*.gz /debian-volatile ; file:backends_debvol # Debian Volatile Archives -Remap-cygwin: file:cygwin_mirrors /cygwin # ; file:backends_cygwin # incomplete, please create this file or specify preferred mirrors here -Remap-sfnet: file:sfnet_mirrors # ; file:backends_sfnet # incomplete, please create this file or specify preferred mirrors here -Remap-alxrep: file:archlx_mirrors /archlinux # ; file:backend_archlx # Arch Linux -Remap-fedora: file:fedora_mirrors # Fedora Linux -Remap-epel: file:epel_mirrors # Fedora EPEL -Remap-slrep: file:sl_mirrors # Scientific Linux - -# This is usually not needed for security.debian.org because it's always the -# same DNS hostname. However, it might be enabled in order to use hooks, -# ForceManaged mode or special flags in this context. -# Remap-secdeb: security.debian.org - -# Virtual page accessible in a web browser to see statistics and status -# information, i.e. under http://localhost:3142/acng-report.html -ReportPage: acng-report.html - -# Socket file for accessing through local UNIX socket instead of TCP/IP. Can be -# used with inetd bridge or cron client. -# SocketPath:/var/run/apt-cacher-ng/socket - -# Forces log file to be written to disk after every line when set to 1. Default -# is 0, buffers are flushed when the client disconnects. -# -# (technically, alias to the Debug option, see its documentation for details) -# -# UnbufferLogs: 0 - -# Set to 0 to store only type, time and transfer sizes. -# 1 -> client IP and relative local path are logged too -# VerboseLog: 1 - -# Don't detach from the console -# ForeGround: 0 - -# Store the pid of the daemon process therein -# PidFile: /var/run/apt-cacher-ng/pid - -# Forbid outgoing connections, work around them or respond with 503 error -# offlinemode:0 - -# Forbid all downloads that don't run through preconfigured backends (.where) -#ForceManaged: 0 - -# Days before considering an unreferenced file expired (to be deleted). -# Warning: if the value is set too low and particular index files are not -# available for some days (mirror downtime) there is a risk of deletion of -# still useful package files. -ExTreshold: 4 - -# Stop expiration when a critical problem appeared. Currently only failed -# refresh of an index file is considered as critical. -# -# WARNING: don't touch this option or set to zero. -# Anything else is DANGEROUS and may cause data loss. -# -# ExAbortOnProblems: 1 - -# Replace some Windows/DOS-FS incompatible chars when storing -# StupidFs: 0 - -# Experimental feature for apt-listbugs: pass-through SOAP requests and -# responses to/from bugs.debian.org. If not set, default is true if -# ForceManaged is enabled and false otherwise. -# ForwardBtsSoap: 1 - -# The daemon has a small cache for DNS data, to speed up resolution. The -# expiration time of the DNS entries can be configured in seconds. -# DnsCacheSeconds: 3600 - -# Don't touch the following values without good consideration! -# -# Max. count of connection threads kept ready (for faster response in the -# future). Should be a sane value between 0 and average number of connections, -# and depend on the amount of spare RAM. -# MaxStandbyConThreads: 8 -# -# Hard limit of active thread count for incoming connections, i.e. operation -# is refused when this value is reached (below zero = unlimited). -# MaxConThreads: -1 -# -# Pigeonholing files with regular expressions (static/volatile). Can be -# overriden here but not should not be done permanently because future update -# of default settings would not be applied later. -# VfilePattern = (^|.*?/)(Index|Packages(\.gz|\.bz2|\.lzma|\.xz)?|InRelease|Release|Release\.gpg|Sources(\.gz|\.bz2|\.lzma|\.xz)?|release|index\.db-.*\.gz|Contents-[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|pkglist[^/]*\.bz2|rclist[^/]*\.bz2|/meta-release[^/]*|Translation[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|MD5SUMS|SHA1SUMS|((setup|setup-legacy)(\.ini|\.bz2|\.hint)(\.sig)?)|mirrors\.lst|repo(index|md)\.xml(\.asc|\.key)?|directory\.yast|products|content(\.asc|\.key)?|media|filelists\.xml\.gz|filelists\.sqlite\.bz2|repomd\.xml|packages\.[a-zA-Z][a-zA-Z]\.gz|info\.txt|license\.tar\.gz|license\.zip|.*\.db(\.tar\.gz)?|.*\.files\.tar\.gz|.*\.abs\.tar\.gz|metalink\?repo|.*prestodelta\.xml\.gz)$|/dists/.*/installer-[^/]+/[^0-9][^/]+/images/.* -# PfilePattern = .*(\.d?deb|\.rpm|\.dsc|\.tar(\.gz|\.bz2|\.lzma|\.xz)(\.gpg)?|\.diff(\.gz|\.bz2|\.lzma|\.xz)|\.jigdo|\.template|changelog|copyright|\.udeb|\.debdelta|\.diff/.*\.gz|(Devel)?ReleaseAnnouncement(\?.*)?|[a-f0-9]+-(susedata|updateinfo|primary|deltainfo).xml.gz|fonts/(final/)?[a-z]+32.exe(\?download.*)?|/dists/.*/installer-[^/]+/[0-9][^/]+/images/.*)$ -# Whitelist for expiration, file types not to be removed even when being -# unreferenced. Default: many parts from VfilePattern where no parent index -# exists or might be unknown. -# WfilePattern = (^|.*?/)(Release|InRelease|Release\.gpg|(Packages|Sources)(\.gz|\.bz2|\.lzma|\.xz)?|Translation[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|MD5SUMS|SHA1SUMS|.*\.xml|.*\.db\.tar\.gz|.*\.files\.tar\.gz|.*\.abs\.tar\.gz|[a-z]+32.exe)$|/dists/.*/installer-.*/images/.* - -# Higher modes only working with the debug version -# Warning, writes a lot into apt-cacher.err logfile -# Value overwrites UnbufferLogs setting (aliased) -# Debug:3 - -# Usually, general purpose proxies like Squid expose the IP address of the -# client user to the remote server using the X-Forwarded-For HTTP header. This -# behaviour can be optionally turned on with the Expose-Origin option. -# ExposeOrigin: 0 - -# When logging the originating IP address, trust the information supplied by -# the client in the X-Forwarded-For header. -# LogSubmittedOrigin: 0 - -# The version string reported to the peer, to be displayed as HTTP client (and -# version) in the logs of the mirror. -# WARNING: some archives use this header to detect/guess capabilities of the -# client (i.e. redirection support) and change the behaviour accordingly, while -# ACNG might not support the expected features. Expect side effects. -# -# UserAgent: Yet Another HTTP Client/1.2.3p4 - -# In some cases the Import and Expiration tasks might create fresh volatile -# data for internal use by reconstructing them using patch files. This -# by-product might be recompressed with bzip2 and with some luck the resulting -# file becomes identical to the *.bz2 file on the server, usable for APT -# clients trying to fetch the full .bz2 compressed version. Injection of the -# generated files into the cache has however a disadvantage on underpowered -# servers: bzip2 compression can create high load on the server system and the -# visible download of the busy .bz2 files also becomes slower. -# -# RecompBz2: 0 - -# Network timeout for outgoing connections. -# NetworkTimeout: 60 - -# Sometimes it makes sense to not store the data in cache and just return the -# package data to client as it comes in. DontCache parameters can enable this -# behaviour for certain URL types. The tokens are extended regular expressions -# that URLs are matched against. -# -# DontCacheRequested is applied to the URL as it comes in from the client. -# Example: exclude packages built with kernel-package for x86 -# DontCacheRequested: linux-.*_10\...\.Custo._i386 -# Example usecase: exclude popular private IP ranges from caching -# DontCacheRequested: 192.168.0 ^10\..* 172.30 -# -# DontCacheResolved is applied to URLs after mapping to the target server. If -# multiple backend servers are specified then it's only matched against the -# download link for the FIRST possible source (due to implementation limits). -# Example usecase: all Ubuntu stuff comes from a local mirror (specified as -# backend), don't cache it again: -# DontCacheResolved: ubuntumirror.local.net -# -# DontCache directive sets (overrides) both, DontCacheResolved and -# DontCacheRequested. Provided for convenience, see those directives for -# details. -# -# Default permission set of freshly created files and directories, as octal -# numbers (see chmod(1) for details). -# Can by limited by the umask value (see umask(2) for details) if it's set in -# the environment of the starting shell, e.g. in apt-cacher-ng init script or -# in its configuration file. -# DirPerms: 00755 -# FilePerms: 00664 -# -# -# It's possible to use use apt-cacher-ng as a regular web server with limited -# feature set, i.e. -# including directory browsing and download of any file; -# excluding sorting, mime types/encodings, CGI execution, index page -# redirection and other funny things. -# To get this behavior, mappings between virtual directories and real -# directories on the server must be defined with the LocalDirs directive. -# Virtual and real dirs are separated by spaces, multiple pairs are separated -# by semi-colons. Real directories must be absolute paths. -# NOTE: Since the names of that key directories share the same namespace as -# repository names (see Remap-...) it's administrators job to avoid such -# collisions on them (unless created deliberately). -# -# LocalDirs: woo /data/debarchive/woody ; hamm /data/debarchive/hamm - -# Precache a set of files referenced by specified index files. This can be used -# to create a partial mirror usable for offline work. There are certain limits -# and restrictions on the path specification, see manual for details. A list of -# (maybe) relevant index files could be retrieved via -# "apt-get --print-uris update" on a client machine. -# -# PrecacheFor: debrep/dists/unstable/*/source/Sources* debrep/dists/unstable/*/binary-amd64/Packages* - -# Arbitrary set of data to append to request headers sent over the wire. Should -# be a well formated HTTP headers part including newlines (DOS style) which -# can be entered as escape sequences (\r\n). -# RequestAppendix: X-Tracking-Choice: do-not-track\r\n - -# Specifies the IP protocol families to use for remote connections. Order does -# matter, first specified are considered first. Possible combinations: -# v6 v4 -# v4 v6 -# v6 -# v4 -# (empty or not set: use system default) -# -# ConnectProto: v6 v4 - -# Regular expiration algorithm finds package files which are no longer listed -# in any index file and removes them of them after a safety period. -# This option allows to keep more versions of a package in the cache after -# safety period is over. -# KeepExtraVersions: 1 - -# Optionally uses TCP access control provided by libwrap, see hosts_access(5) -# for details. Daemon name is apt-cacher-ng. Default if not set: decided on -# startup by looking for explicit mentioning of apt-cacher-ng in -# /etc/hosts.allow or /etc/hosts.deny files. -# UseWrap: 0 - -# If many machines from the same local network attempt to update index files -# (apt-get update) at nearly the same time, the known state of these index file -# is temporarily frozen and multiple requests receive the cached response -# without contacting the server. This parameter (in seconds) specifies the -# length of this period before the files are considered outdated. -# Setting it too low transfers more data and increases remote server load, -# setting it too high (more than a couple of minutes) increases the risk of -# delivering inconsistent responses to the clients. -# FreshIndexMaxAge: 27 - -# Usually the users are not allowed to specify custom TCP ports of remote -# mirrors in the requests, only the default HTTP port can be used (instead, -# proxy administrator can create Remap- rules with custom ports). This -# restriction can be disabled by specifying a list of allowed ports or 0 for -# any port. -# -# AllowUserPorts: 80 - -# Normally the HTTP redirection responses are forwarded to the original caller -# (i.e. APT) which starts a new download attempt from the new URL. This -# solution is ok for client configurations with proxy mode but doesn't work -# well with configurations using URL prefixes. To work around this the server -# can restart its own download with another URL. However, this might be used to -# circumvent download source policies by malicious users. -# The RedirMax option specifies how many such redirects the server should -# follow per request, 0 disables the internal redirection. If not set, -# default value is 0 if ForceManaged is used and 5 otherwise. -# -# RedirMax: 5 diff --git a/cookbooks/apt/templates/default/unattended-upgrades.seed.erb b/cookbooks/apt/templates/default/unattended-upgrades.seed.erb deleted file mode 100644 index 5ee5e939..00000000 --- a/cookbooks/apt/templates/default/unattended-upgrades.seed.erb +++ /dev/null @@ -1 +0,0 @@ -unattended-upgrades unattended-upgrades/enable_auto_updates boolean <%= node['apt']['unattended_upgrades']['enable'] ? 'true' : 'false' %> diff --git a/cookbooks/apt/test/fixtures/cookbooks/apt_test/README.md b/cookbooks/apt/test/fixtures/cookbooks/apt_test/README.md deleted file mode 100644 index 6e1f5788..00000000 --- a/cookbooks/apt/test/fixtures/cookbooks/apt_test/README.md +++ /dev/null @@ -1 +0,0 @@ -This cookbook is used with test-kitchen to test the parent, apt cookbok diff --git a/cookbooks/apt/test/fixtures/cookbooks/apt_test/metadata.rb b/cookbooks/apt/test/fixtures/cookbooks/apt_test/metadata.rb deleted file mode 100644 index 95448c80..00000000 --- a/cookbooks/apt/test/fixtures/cookbooks/apt_test/metadata.rb +++ /dev/null @@ -1,7 +0,0 @@ -name 'apt_test' -maintainer 'Chef Software, Inc.' -maintainer_email 'cookbooks@chef.io' -license 'Apache 2.0' -description 'This cookbook is used with test-kitchen to test the parent, apt cookbok' -version '1.0.0' -depends 'apt' diff --git a/cookbooks/apt/test/fixtures/cookbooks/apt_test/recipes/cacher-ng-client.rb b/cookbooks/apt/test/fixtures/cookbooks/apt_test/recipes/cacher-ng-client.rb deleted file mode 100644 index b03382e9..00000000 --- a/cookbooks/apt/test/fixtures/cookbooks/apt_test/recipes/cacher-ng-client.rb +++ /dev/null @@ -1,24 +0,0 @@ -# -# Cookbook Name:: apt_test -# Recipe:: cacher-ng-client -# -# Copyright 2013, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe 'apt::cacher-ng' -include_recipe 'apt::cacher-client' - -# install a small, innocuous application to verify this works -package 'colordiff' diff --git a/cookbooks/apt/test/fixtures/cookbooks/apt_test/recipes/lwrps.rb b/cookbooks/apt/test/fixtures/cookbooks/apt_test/recipes/lwrps.rb deleted file mode 100644 index 55041007..00000000 --- a/cookbooks/apt/test/fixtures/cookbooks/apt_test/recipes/lwrps.rb +++ /dev/null @@ -1,121 +0,0 @@ -# -# Cookbook Name:: apt_test -# Recipe:: lwrps -# -# Copyright 2012-2016, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe 'apt' - -# Apt Repository -apt_repository 'juju' do - uri '"http://ppa.launchpad.net/juju/stable/ubuntu"' - components ['main'] - distribution 'trusty' - key 'C8068B11' - keyserver 'keyserver.ubuntu.com' - action :add -end - -# Apt Repository -apt_repository 'nodejs' do - uri 'http://ppa.launchpad.net/chris-lea/node.js/ubuntu' - components ['main'] - distribution 'trusty' - key 'C7917B12' - keyserver 'hkp://keyserver.ubuntu.com:80' - action :add -end - -# PPA Repository -apt_repository 'rust' do - uri 'ppa:hansjorg/rust' - distribution node['lsb']['codename'] - not_if { node['platform'] == 'debian' } -end - -# Apt Repository with arch -apt_repository 'cloudera' do - uri 'http://archive.cloudera.com/cdh4/ubuntu/precise/amd64/cdh' - arch 'amd64' - distribution 'precise-cdh4' - components ['contrib'] - key 'http://archive.cloudera.com/debian/archive.key' - action :add -end - -# Apt repository and install a package it contains -apt_repository 'nginx' do - uri "http://nginx.org/packages/#{node['platform']}" - distribution node['lsb']['codename'] - components ['nginx'] - key 'http://nginx.org/keys/nginx_signing.key' - deb_src true -end - -# Apt repository that suppresses output for sensitive resources. -apt_repository 'haproxy' do - uri 'http://ppa.launchpad.net/vbernat/haproxy-1.5/ubuntu' - distribution node['lsb']['codename'] - components ['main'] - keyserver 'keyserver.ubuntu.com' - key '1C61B9CD' - sensitive true - action :add -end - -package 'nginx' do - action :upgrade -end - -# Apt Preferences -apt_preference 'chef' do - pin 'version 12.7.2-1' - pin_priority '700' -end - -# Preference file renaming -file '/etc/apt/preferences.d/wget' do - action :touch -end - -apt_preference 'wget' do - pin 'version 1.13.4-3' -end - -# COOK-2338 -apt_preference 'dotdeb' do - glob '*' - pin 'origin packages.dotdeb.org ' - pin_priority '700' -end - -# rename preferences with wildcards -file '/etc/apt/preferences.d/*.pref' do - action :touch -end - -apt_preference '*' do - pin 'origin nginx.org' -end - -# Preference file removal -file '/etc/apt/preferences.d/camel.pref' do - action :touch -end - -apt_preference 'camel' do - action :remove -end diff --git a/cookbooks/apt/test/integration/cacher-client/serverspec/cacher-client_spec.rb b/cookbooks/apt/test/integration/cacher-client/serverspec/cacher-client_spec.rb deleted file mode 100644 index 2f50dd44..00000000 --- a/cookbooks/apt/test/integration/cacher-client/serverspec/cacher-client_spec.rb +++ /dev/null @@ -1,26 +0,0 @@ -# -# Cookbook Name:: apt_test -# Recipe:: cacher-client_test -# -# Copyright 2013, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require_relative './spec_helper' - -describe 'apt_test::cacher-client' do - it 'does not create 01proxy' do - expect(file('/etc/apt/apt.conf.d/01proxy')).to_not exist - end -end diff --git a/cookbooks/apt/test/integration/cacher-ng-client/serverspec/cacher-ng-client_spec.rb b/cookbooks/apt/test/integration/cacher-ng-client/serverspec/cacher-ng-client_spec.rb deleted file mode 100644 index 6dd15d6d..00000000 --- a/cookbooks/apt/test/integration/cacher-ng-client/serverspec/cacher-ng-client_spec.rb +++ /dev/null @@ -1,39 +0,0 @@ -# -# Cookbook Name:: apt_test -# Recipe:: cacher-ng-client_test.rb -# -# Copyright 2013, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require_relative './spec_helper' - -describe 'apt_test::cacher-ng-client' do - it 'creates the cacher_dir' do - expect(file('/var/cache/apt-cacher-ng')).to be_directory - expect(file('/var/cache/apt-cacher-ng')).to be_owned_by('apt-cacher-ng') - end - - it 'runs the cacher service' do - expect(service('apt-cacher-ng')).to be_running - end - - it 'creates 01proxy' do - expect(file('/etc/apt/apt.conf.d/01proxy').content).to match(%r{Acquire::http::Proxy "http://.*:9876";}) - end - - it 'installed colordiff' do - expect(package('colordiff')).to be_installed - end -end diff --git a/cookbooks/apt/test/integration/cacher-ng/serverspec/cacher-ng_spec.rb b/cookbooks/apt/test/integration/cacher-ng/serverspec/cacher-ng_spec.rb deleted file mode 100644 index 07192fbe..00000000 --- a/cookbooks/apt/test/integration/cacher-ng/serverspec/cacher-ng_spec.rb +++ /dev/null @@ -1,26 +0,0 @@ -# -# Cookbook Name:: apt_test -# Recipe:: default -# -# Copyright 2012, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require_relative './spec_helper' - -describe 'apt_test::default' do - it 'runs the cacher service' do - expect(service('apt-cacher-ng')).to be_running - end -end diff --git a/cookbooks/apt/test/integration/compile_time/serverspec/default_spec.rb b/cookbooks/apt/test/integration/compile_time/serverspec/default_spec.rb deleted file mode 100644 index cc5e23dd..00000000 --- a/cookbooks/apt/test/integration/compile_time/serverspec/default_spec.rb +++ /dev/null @@ -1,9 +0,0 @@ -require_relative './spec_helper' - -describe 'apt::default' do - describe file('/tmp/kitchen/cache/apt_compile_time_update_first_run') do - it 'exists' do - expect(subject).to exist - end - end -end diff --git a/cookbooks/apt/test/integration/default/serverspec/default_spec.rb b/cookbooks/apt/test/integration/default/serverspec/default_spec.rb deleted file mode 100644 index c6b885a7..00000000 --- a/cookbooks/apt/test/integration/default/serverspec/default_spec.rb +++ /dev/null @@ -1,37 +0,0 @@ -require_relative './spec_helper' - -if %w(debian ubuntu).include?(os[:family]) - describe 'apt::default' do - describe file('/var/cache/local/preseeding') do - it 'is a directory' do - expect(subject).to be_a_directory - end - end - - content = [ - '# Managed by Chef', - 'APT::Install-Recommends "1";', - 'APT::Install-Suggests "0";' - ].join("\n") << "\n" - - describe file('/etc/apt/apt.conf.d/10recommends') do - it { should be_file } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - it { should be_mode 644 } - its(:content) { should eq content } - end - end -else - describe file('/etc/apt/') do - it { should_not exist } - end - - describe file('/var/lib/apt/periodic/update-success-stamp') do - it { should_not exist } - end - - describe file('/var/cache/local/preseeding') do - it { should_not exist } - end -end diff --git a/cookbooks/apt/test/integration/helpers/serverspec/spec_helper.rb b/cookbooks/apt/test/integration/helpers/serverspec/spec_helper.rb deleted file mode 100644 index 5f07c486..00000000 --- a/cookbooks/apt/test/integration/helpers/serverspec/spec_helper.rb +++ /dev/null @@ -1,4 +0,0 @@ -require 'serverspec' - -set :backend, :exec -set :path, '/sbin:/usr/sbin:$PATH' diff --git a/cookbooks/apt/test/integration/lwrps/serverspec/lwrps_spec.rb b/cookbooks/apt/test/integration/lwrps/serverspec/lwrps_spec.rb deleted file mode 100644 index 2105bddb..00000000 --- a/cookbooks/apt/test/integration/lwrps/serverspec/lwrps_spec.rb +++ /dev/null @@ -1,78 +0,0 @@ -# -# Cookbook Name:: apt_test -# Recipe:: lwrps -# -# Copyright 2012, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require_relative './spec_helper' - -describe 'apt_test::lwrps' do - it 'creates the JuJu sources.list' do - expect(file('/etc/apt/sources.list.d/juju.list')).to exist - end - - it 'creates the NodeJS sources.list' do - expect(file('/etc/apt/sources.list.d/nodejs.list')).to exist - end - - it 'creates the HAProxy sources.list' do - expect(file('/etc/apt/sources.list.d/haproxy.list')).to exist - end - - it 'creates a repo with a url that is already quoted' do - src = 'deb\s+\"http://ppa.launchpad.net/juju/stable/ubuntu\" trusty main' - expect(file('/etc/apt/sources.list.d/juju.list').content).to match(/#{src}/) - end - - it 'adds the JuJu package signing key' do - expect(command('apt-key list').stdout).to contain('Launchpad Ensemble PPA') - end - - it 'creates the correct pinning preferences for chef' do - pinning_prefs = 'Package: chef\nPin: version 12.7.2-1' - expect(file('/etc/apt/preferences.d/chef.pref').content).to match(/#{pinning_prefs}/) - end - - it 'correctly handles a ppa: repository' do - skip('not on ubuntu') unless os[:family] == 'ubuntu' - rust = 'http://ppa.launchpad.net/hansjorg/rust/ubuntu' - expect(file('/etc/apt/sources.list.d/rust.list').content).to match(/#{rust}/) - end - - it 'renames an old preferences file' do - expect(file('/etc/apt/preferences.d/wget')).to_not exist - expect(file('/etc/apt/preferences.d/wget.pref')).to exist - end - - it 'renames an invalid preferences file' do - expect(file('/etc/apt/preferences.d/*.pref')).to_not exist - expect(file('/etc/apt/preferences.d/wildcard.pref')).to exist - end - - it 'removes a preferences file' do - expect(file('/etc/apt/preferences.d/camel.pref')).to_not exist - end - - it 'creates a repo with an architecture' do - cloudera = 'deb\s+\[arch=amd64 \] \"http:\/\/archive.cloudera.com\/cdh4\/ubuntu\/precise\/amd64\/cdh\" precise-cdh4 contrib' - expect(file('/etc/apt/sources.list.d/cloudera.list').content).to match(/#{cloudera}/) - end - - it 'creates the correct pinning preferences with a glob' do - pinning_prefs = 'Package: \\*\nPin: origin packages.dotdeb.org' - expect(file('/etc/apt/preferences.d/dotdeb.pref').content).to match(/#{pinning_prefs}/) - end -end