Making use of the apt-check command from the 'update-notifier-common'
package (if available) display the number of available updates, number of
security updates as well as the update package names.
Quoting https://wiki.debian.org/LTS
Official security support for Debian GNU/Linux 6.0
(code name "Squeeze") has ended on 31 May 2014.
However long term support for the distribution
is going to be extended until February 2016,
i.e. five years after the initial release.
See https://wiki.debian.org/LTS for more details.
As some places dont have port 11371 open, they are required to use URL as
key_server instead of domain name therefore adding the capability to use URL or
domain name as key_server parameter
Ubuntu 14.04 ships with apt 0.9.15, has a ``fancy progress bar'', which
is a green bar that shows at the bottom of the terminal showing progress
throughout install.
This patch enables the progress bar, which is usually done by running
echo 'Dpkg::Progress-Fancy "1";' > /etc/apt/apt.conf.d/99progressbar
This commit changes the proxy file name to be more consistent with other files
in `apt.conf.d`. The old file (`apt.conf.d/proxy`) is removed.
Tests has been updated.
Because Squeeze is now oldstable we need to add an oldstable line too
otherwise security updates won't be picked up. This is still because we
can't match on codename.
In APT preferences files the only allowed comments are lines that start
with `Explanation:`, commented lines that start with a # trigger a
myriad of interesting bugs. This is considered a feature of APT.
Because we're only ever writing a single file at a time with only a #
comment at the top we were getting away with this but it shouldn't be
there in the first place.
The default configuration we were writing for Debian was only working
for Squeeze, from Wheezy and onwards this wasn't working anymore. This
has to do with the fact that we should now be using Origins-Pattern
according to the unattended-upgrades docs. However, Ubuntu didn't
entirely get with the program yet...
This change reflects the defaults that unattended-upgrade installs on
every platform we support. In order to do so the unattended-upgrades
Debian archive for Squeeze, Wheezy, Lucid, Precise and Trusty were
downloaded and the default /etc/apt/apt.conf.d/50unattended-upgrades
checked for its content with regard to using Allow-Origins or
Origins-Pattern.
Fixes#277
The module used to always pin backports to a priority of 200. This
default is still retained but is now configurable.
Additionally the default is now an Integer, not a 'quoted Integer' and
the tests have been updated to reflect this. This matters for future
parser as it will now kick people if they pass in a stringified integer
as priority.
I am aware this can be done with `dpkg --set-selections`, `apt-mark`
or `ensure => 'held'` on a package resource. The changes to the README
include the full rationale for wanting another mechanism.
Introducing a totally rewritten and tested apt::key. This commit also
patches the spec's of apt::source because it was passing in data that
is no longer allowed by the new validation rules in apt::key.
It does its best to not touch any other specs and where we touch them
only minimally to ensure that we're not introducing breaking changes.
We already had a feature to manage and purge entries in preferences.d
but not the preferences file in /etc/apt. This commit adds that
capability.
Fixes#199
Lucid (10.04) has `add-apt-repository` but it doesn't accept any
options. The define defaulted to `-y` but this changes that on lucid.
This was made 7 months ago, so apparently no one cares about 10.04 any
more.
This commits introduces:
* The apt_key type;
* The apt_key provider;
* Unit tests for the type;
* Beaker/acceptance tests for the type/provider.
The idea behind apt_key is that apt::key will simply become a wrapper
that uses apt_key. Being a native type/provider apt_key is a lot less
error prone than the current exec behaviour of apt::key and adds a few
nice bonuses like inventory capabilities for mcollective users.
We actually expect an extra space. The previous build failed because a test is issued for location='', which indeed results in 2 spaces between the architecture specification and the release. According to the sources.list man page a location is always required though (unlike the missing/empty location in the :default_params of the source_spec test).
The two forms of APT preferences records (general & specific) can now be
completely and not partially defined. All distribution properties can be passed
as resource parameters. This change is totally backward-compatible.
This is necessary when required_packages contains GPG keys that are used for
authenticating other packages. Tested with package ubuntu-cloud-keyring which
is included in Ubuntu main and used by the Ubuntu Cloud Archive.
I think the same problem applies to other *-keyring packages as well.
As the apt pinnings are parsed in ascending alphabetical order with
first match wins within a given scope it is useful to be able to specify
a ordering parameter. Then the name parameter can be kept to something
meaningful.
apt::ppa and apt::builddep requires apt class. The anchor introduced for
containment of apt-get update causes a dependency loop. apt::ppa appears
to depend on apt class sources.d direcory. While apt::builddep have no
clear reason for a dependency on apt class. This change refactor both
define type, so they no longer cause a dependency loop.
apt::pin release should default to title, but should be able to
override. This update removes unnecessary "" around $name, and add spec
tests.
Conflicts:
spec/defines/pin_spec.rb
Move apt-get update exec to a seperate class to minimize the number of
apt-get updates invoked by configuration changes.
* remove apt_update exec resource in apt class.
* remove apt-get-${name} in defines.
* apt::source notify Exec['apt update'].
* Remove dependency to Exec['apt_update'].
* fix rspec-puppet tests.
Conflicts:
manifests/source.pp
Several apt::* define resource type does not support ensurable. This
update allows ensure=>absent to support the removal of these
configuration files.
* apt::conf
* apt::pin
* apt::source
This patch adds the appropriate spec tests to validate the changes
introduced by e5f2dfe. As a bonus it includes fixes to the manifests
that were discovered while writing the tests.
This removes the need for depending on a global site.pp, and depending on the
checked out apt module to be called 'apt' as well.
It pulls in stdlib via sub-modules as I don't have a better way to deal with
dependencies yet. It has pinned the revision for stdlib to 2.2.1 which is the
minimum required version for apt to work.
Previously lowercase keys would be installed every
puppet run because apt-key list returns an uppercase
key. This commit makes the comparison case insensitive.
Previously, apt::key used a noop exec hack to do exactly what anchors were
intended to be used for. This commit removes the exec hack and achieves the
same end using Anchor resources from the puppetlabs/stdlib module.
This commit modifies the release parameter test in apt::source to work
correctly within puppet-rspec for edge-case resource definitions. Previously,
the test for the $release parameter was written as
`if ! $release { fail() }`
This commit updates the test to be written as
`if $release == undef { fail() }`
Additionally, the tests for correct behavior in the presence or absence of a
$release parameter have been beefed up.
The reason for making this change relates to examples such as the following
resource definition:
apt::source { "jenkins":
location => "http://pkg.jenkins-ci.org/debian",
release => "",
repos => "binary/",
key => "D50582E6",
key_source => "http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key",
include_src => false,
}
Note that the $release parameter is given as the empty string. In practice,
this is perfectly valid and everything will work great. However, it seems that
the empty string gets interpreted by something in puppet-rspec as something
equivalent to "False", and thus when testing, the above resource definition
would fail with "Puppet::Error: lsbdistcodename fact not available: release
parameter required" even though the $release parameter has been explicitely
specified (as the empty string).
See also: https://github.com/rtyler/puppet-jenkins/issues/9
Adding this defined type allows puppet to add keys to the apt keystore without
needing to add a corresponding source; it also adds the "key_source" parameter
for wget'ing keys from arbitrary URLs, and allows for keys to be explicity
removed.
apt::key allows a key to be ensured present multiple times to account for
apt::source resources that all reference the same key. However, this means
that it is possible for a given key to be defined multiple times with
differing source parameters. e.g.
apt::key { "Add key: 4BD6EC30 from Apt::Source bunny":
key => "4BD6EC30",
key_server => "pgp.mit.edu",
}
apt::key { "Add key: 4BD6EC30 from Apt::Source rabbit":
key => "4BD6EC30",
key_server => "keyserver.ubuntu.com",
}
The defined type will accept both definitions and will create multiple exec
resources. This was deemed preferable to the alternative (creating only one
exec resource) in that one broken definition won't hose an entire catalog. If
one definition fails to install the key because of a bad "key_server", the
next apt::key that uses the key will get it done.
This commit changes $release to default to Facter's $lsbdistcodename
and fall back to a Parse Error if $release is not set and $lsbdistcodename
does not exist. Previously $release was hardcoded to karmic.
This commit also modifies apt::ppa to use $release and sets the
files to be ensured so that they are not purged when purge_sources_list_d
is set to true.
Previously only one should in each block was being evaluated. This moves each
should to its own block so that all values are tested. It also adds another set
of params so that all useful permutations of key, key_server, and key_content
are generated. It also replaces the previous ternary assignment for param_set
with a hash merge.
This test adds the precondition that the python-software-packages package be
installed before the apt class is synced. If the defined function were not
called around the package resource, this test would fail with a duplicate
package resource error.
This update reflects the changes to the apt module to allow duplicate keys. It
mostly involves tests for changes to the resource names to make them unique
between defines.
The setting `disable_keys => true` parameter in the apt module creates
/etc/apt/apt.conf.d/99unauth with the contents
"APT::Get::AllowUnauthenticated 1;". Changing `disable_keys`
does not remove this file. This patch makes it so that
`disable_keys => false` will remove /etc/apt/apt.conf.d/99unauth.
This commit adds unit tests to validate that the
apt proxy is configured as expected when the class
parameter proxy_host is set as a class parameter for
the apt class.
The hash passing to the with method is cleaner and closer to puppet code, so
all of the with_$param have been replaced with with($hash). This also
includes two minor whitspace changes to unstable.pp and source.pp.
This also replaces the ternary switch on param_set with a hash merge,
which is cleaner and will support more use cases.
Rspec no longer uses the spec.opts file, and this particular file also uses
options for rspec that are no longer honored or available, like loadby. So this
commit removes the file. Users that want to customize rspec behavior should use
a .rspec file in the repository root or in their home directory.
This commit adds full coverage for the apt module as it currently exists. It
adds rspec-puppet tests for the defines (apt::builddep, apt::force, apt::pin,
apt::ppa, apt::source) and classes (apt, debian::testing, debian::unstable,
apt::params, apt::release).
Previously, even if $version were passed to apt::force, aptitude would just
install the default version of the package available. This updates the aptitude
call to use the version string if it exists. If no version is passed, or if it
is false, no version is added to the aptitude call. This also updates the
rspec-puppet tests for the define, to reflect the changes to the exec.
In the Previous commits, the query being done by the
apt::force install command was not strict enough and
could lead to false positives.
These queries represented by the unless parameter have been
resolved in another commit. This commit accompanies that commit
and adds basic unit tests to correspond to the changes.
This commit adds test coverage for apt::ppa.
This test coverage is suficient to verify the
code changes that resolve the issue with
aptitude update not being called when ppas were
added (#10451).