sous-chefs / apt Goto Github PK

View Code? Open in Web Editor NEW

203.0 57.0 266.0 694 KB

Development repository for the apt cookbook

Home Page: https://supermarket.chef.io/cookbooks/apt

License: Apache License 2.0

Ruby 52.02% HTML 47.98%

chef apt hacktoberfest chef-cookbook chef-resource managed-by-terraform

apt's Introduction

apt Cookbook

This cookbook includes recipes to execute apt-get update to ensure the local APT package cache is up to date. There are recipes for managing the apt-cacher-ng caching proxy and proxy clients. It also includes a custom resource for pinning packages via /etc/apt/preferences.d.

Maintainers

This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit sous-chefs.org or come chat with us on the Chef Community Slack in #sous-chefs.

Requirements

Platforms

Ubuntu 12.04+
Debian 7+

May work with or without modification on other Debian derivatives.

Chef

Chef 13.3+

Cookbooks

None

Recipes

default

This recipe manually updates the timestamp file used to only run apt-get update if the cache is more than one day old.

This recipe should appear first in the run list of Debian or Ubuntu nodes to ensure that the package cache is up to date before managing any package resources with Chef.

This recipe also sets up a local cache directory for preseeding packages.

Including the default recipe on a node that does not support apt (such as Windows or RHEL) results in a noop.

cacher-client

Configures the node to use a apt-cacher-ng server to cache apt requests. Configuration of the server to use is located in default['apt']['cacher_client']['cacher_server'] which is a hash containing host, port, proxy_ssl, and bypass keys. Example:

{
  "apt": {
    "cacher_client": {
      "cacher_server": {
        "host": "cache_server.mycorp.dmz",
        "port": 1234,
        "proxy_ssl": true,
        "cache_bypass": {
          "download.oracle.com": "http"
        }
      }
    }
  }
}

Bypassing the cache

Occasionally you may come across repositories that do not play nicely when the node is using an apt-cacher-ng server. You can configure cacher-client to bypass the server and connect directly to the repository with the cache_bypass attribute.

To do this, you need to override the cache_bypass attribute with an hash of repositories, with each key as the repository URL and value as the protocol to use:

{
  "apt": {
    "cacher_client": {
      "cacher_server": {
        "cache_bypass": {
          "URL": "PROTOCOL"
        }
      }
    }
  }
}

For example, to prevent caching and directly connect to the repository at download.oracle.com via http and the repo at nginx.org via https

{
  "apt": {
    "cacher_client": {
      "cacher_server": {
        "cache_bypass": {
          "download.oracle.com": "http",
          "nginx.org": "https"
        }
      }
    }
  }
}

cacher-ng

Installs the apt-cacher-ng package and service so the system can provide APT caching. You can check the usage report at http://{hostname}:3142/acng-report.html.

If you wish to help the cacher-ng recipe seed itself, you must now explicitly include the cacher-client recipe in your run list after cacher-ng or you will block your ability to install any packages (ie. apt-cacher-ng).

unattended-upgrades

Installs and configures the unattended-upgrades package to provide automatic package updates. This can be configured to upgrade all packages or to just install security updates by setting ['apt']['unattended_upgrades']['allowed_origins'].

To pull just security updates, set origins_patterns to something like ["origin=Ubuntu,archive=trusty-security"] (for Ubuntu trusty) or ["origin=Debian,label=Debian-Security"] (for Debian).

Attributes

General

['apt']['compile_time_update'] - force the default recipe to run apt-get update at compile time.
['apt']['periodic_update_min_delay'] - minimum delay (in seconds) between two actual executions of apt-get update by the execute[apt-get-update-periodic] resource, default is '86400' (24 hours)

Caching

['apt']['cacher_client']['cacher_server'] - Hash containing server information used by clients for caching. See the example in the recipes section above for the full format of the hash.
['apt']['cacher_interface'] - interface to connect to the cacher-ng service, no default.
['apt']['cacher_port'] - port for the cacher-ng service (used by server recipe only), default is '3142'
['apt']['cacher_dir'] - directory used by cacher-ng service, default is '/var/cache/apt-cacher-ng'
['apt']['compiletime'] - force the cacher-client recipe to run before other recipes. It forces apt to use the proxy before other recipes run. Useful if your nodes have limited access to public apt repositories. This is overridden if the cacher-ng recipe is in your run list. Default is 'false'

Unattended Upgrades

['apt']['unattended_upgrades']['enable'] - enables unattended upgrades, default is false
['apt']['unattended_upgrades']['update_package_lists'] - automatically update package list (apt-get update) daily, default is true
['apt']['unattended_upgrades']['allowed_origins'] - array of allowed apt origins from which to pull automatic upgrades, defaults to a guess at the system's main origin and should almost always be overridden
['apt']['unattended_upgrades']['origins_patterns'] - array of allowed apt origin patterns from which to pull automatic upgrades, defaults to none.
['apt']['unattended_upgrades']['package_blacklist'] - an array of package which should never be automatically upgraded, defaults to none
['apt']['unattended_upgrades']['auto_fix_interrupted_dpkg'] - attempts to repair dpkg state with dpkg --force-confold --configure -a if it exits uncleanly, defaults to false (contrary to the unattended-upgrades default)
['apt']['unattended_upgrades']['minimal_steps'] - Split the upgrade into the smallest possible chunks. This makes the upgrade a bit slower but it has the benefit that shutdown while a upgrade is running is possible (with a small delay). Defaults to false.
['apt']['unattended_upgrades']['install_on_shutdown'] - Install upgrades when the machine is shuting down instead of doing it in the background while the machine is running. This will (obviously) make shutdown slower. Defaults to false.
['apt']['unattended_upgrades']['mail'] - Send email to this address for problems or packages upgrades. Defaults to no email.
['apt']['unattended_upgrades']['sender'] - Send email from this address for problems or packages upgrades. Defaults to 'root'.
['apt']['unattended_upgrades']['mail_only_on_error'] - If set, email will only be set on upgrade errors. Otherwise, an email will be sent after each upgrade. Defaults to true.
['apt']['unattended_upgrades']['remove_unused_dependencies'] Do automatic removal of new unused dependencies after the upgrade. Defaults to false.
['apt']['unattended_upgrades']['automatic_reboot'] - Automatically reboots without confirmation if a restart is required after the upgrade. Defaults to false.
['apt']['unattended_upgrades']['dl_limit'] - Limits the bandwidth used by apt to download packages. Value given as an integer in kb/sec. Defaults to nil (no limit).
['apt']['unattended_upgrades']['random_sleep'] - Wait a random number of seconds up to this value before running daily periodic apt actions. System default is 1800 seconds (30 minutes).
['apt']['unattended_upgrades']['syslog_enable'] - Enable logging to syslog. Defaults to false.
['apt']['unattended_upgrades']['syslog_facility'] - Specify syslog facility. Defaults to 'daemon'.
['apt']['unattended_upgrades']['dpkg_options'] An array of dpkg options to be used specifically only for unattended upgrades. Defaults to [] which will prevent it from being rendered from the template in the resulting file.

Configuration for APT

['apt']['confd']['force_confask'] - Prompt when overwriting configuration files. (default: false)
['apt']['confd']['force_confdef'] - Don't prompt when overwriting configuration files. (default: false)
['apt']['confd']['force_confmiss'] - Install removed configuration files when upgrading packages. (default: false)
['apt']['confd']['force_confnew'] - Overwrite configuration files when installing packages. (default: false)
['apt']['confd']['force_confold'] - Keep modified configuration files when installing packages. (default: false)
['apt']['confd']['install_recommends'] - Consider recommended packages as a dependency for installing. (default: true)
['apt']['confd']['install_suggests'] - Consider suggested packages as a dependency for installing. (default: false)

Libraries

There is an interface_ipaddress method that returns the IP address for a particular host and interface, used by the cacher-client recipe. To enable it on the server use the ['apt']['cacher_interface'] attribute.

Usage

Put recipe[apt] first in the run list. If you have other recipes that you want to use to configure how apt behaves, like new sources, notify the execute resource to run, e.g.:

template '/etc/apt/sources.list.d/my_apt_sources.list' do
  notifies :run, 'execute[apt-get update]', :immediately
end

The above will run during execution phase since it is a normal template resource, and should appear before other package resources that need the sources in the template.

Put recipe[apt::cacher-ng] in the run_list for a server to provide APT caching and add recipe[apt::cacher-client] on the rest of the Debian-based nodes to take advantage of the caching server.

If you want to cleanup unused packages, there is also the apt-get autoclean and apt-get autoremove resources provided for automated cleanup.

Resources

apt_preference

The apt_preference resource has been moved into chef-client in Chef 13.3.

See https://docs.chef.io/resource_apt_preference.html for usage details

apt_repository

The apt_repository resource has been moved into chef-client in Chef 12.9.

See https://docs.chef.io/resource_apt_repository.html for usage details

apt_update

The apt_update resource has been moved into chef-client in Chef 12.7.

See https://docs.chef.io/resource_apt_update.html for usage details

Contributors

This project exists thanks to all the people who contribute.

Backers

Thank you to all our backers!

apt's People

Stargazers

Watchers

Forkers

hosh kotiri entropyworks babar miketheman lewg youscribe chrisroberts nocash julia-ci rgeyer-rs-cookbooks gilles paulschwarz nilsga tealium llaurent juanje kramfs giosakti twigtek mrdavidlaing servana-cookbooks tomdz rockaboxmedia mulvaney knuckolls atomic-penguin bigbosst hw-cookbooks 14im damrheinbp gokr switzer lostintime zz-cookbooks tmatilai mpasternacki alexandre-melard culturejam josephholsten gravitystorm portertech appliedcode phlipper brocksamson andrewgross vertipub kwarter-cookbooks foundsoftware elon ouranos mariussturm samstokes shopify protec-cookbooks mattmencel asherbond markroddy banno d34dh0r53 ninefold trinitronx andy-leonard gswallow skamithi fer-ht ortoo yola dohoangkhiem sabcio trentonstrong rackspace-cookbooks gondo nrel-cookbooks whiteley tomasliubinas uran1980 imtapps-cookbooks mchesnut rtkwlf alff akalaytra morpheus-med johnick hopeofpaagrio oboyma onadrenaline 1anastaska dwolla bijaybisht qyi leehosung amarmishra nyashkablin profkhil elhsmart cflynn07 iboargun eteeselink yingzhixue228

apt's Issues

chef10, apt/providers/repository.rb:56: syntax error, unexpected ':', expecting ')'

On chef version 10.18.0-1 OS Ubuntu 12.04.1 LTS I'm getting the following error:

[Thu, 08 Oct 2015 17:12:22 +0500] ERROR: Running exception handlers
[Thu, 08 Oct 2015 17:12:22 +0500] FATAL: Saving node information to /var/cache/chef/failed-run-data.json
[Thu, 08 Oct 2015 17:12:22 +0500] ERROR: Exception handlers complete
[Thu, 08 Oct 2015 17:12:22 +0500] ERROR: SyntaxError: compile error
/var/cache/chef/cookbooks/apt/providers/repository.rb:56: syntax error, unexpected ':', expecting ')'
...Mixlib::ShellOut.new(cmd, env: { 'LANG' => 'en_US', 'LANGUAG...
                              ^
/var/cache/chef/cookbooks/apt/providers/repository.rb:56: syntax error, unexpected ')', expecting kEND
/var/cache/chef/cookbooks/apt/providers/repository.rb:69: syntax error, unexpected ':', expecting ')'
...Mixlib::ShellOut.new(cmd, env: { 'LANG' => 'en_US', 'LANGUAG...
                              ^
/var/cache/chef/cookbooks/apt/providers/repository.rb:69: syntax error, unexpected ')', expecting kEND
[Thu, 08 Oct 2015 17:12:22 +0500] FATAL: Stacktrace dumped to /var/cache/chef/chef-stacktrace.out
[Thu, 08 Oct 2015 17:12:22 +0500] ERROR: Sleeping for 1800 seconds before trying again

ubuntu creates invalid apt

The following recipe creates the following apt repository

apt_repository 'sbt' do
  uri 'https://dl.bintray.com/sbt/debian /'
  key '642AC823'
  keyserver 'keyserver.ubuntu.com'
  action :add
end

deb     "https://dl.bintray.com/sbt/debian /"

However this is not a valid repository because of the double quotes.

root@default-ubuntu-1404:~# apt-get update
E: Malformed line 1 in source list /etc/apt/sources.list.d/sbt.list (dist)
E: The list of sources could not be read.

Manually editing the /etc/sources.d/apt/sbt.list to look like the following fixes the problem.

deb     https://dl.bintray.com/sbt/debian /

How can I make the cookbook not add the double quotes?

Additional information

http://www.scala-sbt.org/0.13/tutorial/Installing-sbt-on-Linux.html

:repo_name attribute for apt_repository LWRP not used

The name attribute :repo_name defined in repository resource is not actually used in the provider class. I found this confusing since the attribute is documented in the README.md.

apt_repository before apt causes unexpected behaviour

Adding a repository via apt_repository triggers an apt-get update to be executed which only includes the newly added source list. The documentation could be misleading as it states that execute[apt-get-update] is triggered immediately. An additional note in the documentation might be helpful to point out the implications of the partial update that is triggered by apt_repository. It is still necessary to add apt to the first position of the run-list when adding repositories.

This partial update touches /var/lib/apt/periodic/update-success-stamp and /var/lib/apt/periodic/update-stamp. As a result helpers.rb/apt_up_to_date? returns true even though only a partial update has been done and the rest of the index might be outdated.
In some cases this can lead to unexpected issues, as demonstrated in the example below:

apt_repository "nodejs" do
  uri "https://deb.nodesource.com/node"
  distribution node['lsb']['codename']
  components ["main"]
  key "https://deb.nodesource.com/gpgkey/nodesource.gpg.key"
end

include_recipe 'apt'

package nginx
package nodejs

The example above might fail due to an outdated index which won't be updated. Apt-get might attempt to install a package version which no longer exists (currently the case on ec2 ubuntu 14.04 instances).

undefined method 'start_with?' for nil:NilClass

Hello. I am using the apt cookbook in one of my cookbooks. Whenever I am running the cookbook against Test Kitchen, I am receiving the "undefined method 'start_with?' for nil:NilClass" error.

ppa "launchpad-username/ppa-name"

I was trying to setup https://launchpad.net/~chris-lea/+archive/ubuntu/python-geoip2 ppa but getting following error:

Error executing action add on resource 'apt_repository[ppa:chris-lea/python-geoip2]'
Chef::Exceptions::EnclosingDirectoryDoesNotExist
------------------------------------------------
file[/etc/apt/sources.list.d/ppa:chris-lea/python-geoip2.list](/tmp/kitchen/cache/cookbooks/apt/providers/repository.rb line 132) had an error: Chef::Exceptions::EnclosingDirectoryDoesNotExist: Parent directory /etc/apt/sources.list.d/ppa:chris-lea does not exist.

As I google solutions, I found a cookbook (https://github.com/sometimesfood/chef-apt-repo) providing simple way to setup individually hosted ppa from launchpad like following:

ppa "launchpad-username/ppa-name"

source code is here :https://github.com/sometimesfood/chef-apt-repo/blob/master/definitions/ppa.rb

It would be beneficial to add this to official community cookbook.

Ability to set `sensitive` attribute.

It would be nice to be able to specify sensitive attribute with apt_repository so that it will be handed down to the underlying file resource. Sometimes you need to add user and password when having to setup a vendor repository that used simple HTTP authentication. Hiding these would be a splendid feature to have.

Let me know @thommay, if you fancy a pull request for this.

unattended-upgrades template and Debian

Preface

unattended-upgrades has two ways to limit the scope of sources that will be considered for automatic upgrades

`Unattended-Upgrade::Allowed-Origins`

This is currently implemented in this cookbook, but allows only the specification of one or more "origin:archive" scopes.

`Unattended-Upgrade::Origins-Pattern`

This is currently not implemented but allows a much more flexible configuration, like:

Unattended-Upgrade::Origins-Pattern {
        "origin=Google\, Inc.,suite=contrib";
        "site=www.example.com,component=main";
 };

see:
https://github.com/mvo5/unattended-upgrades
https://github.com/mvo5/unattended-upgrades/blob/debian/jessie/data/50unattended-upgrades.Debian

Problem

We want to auto-upgrade only security upgrades. Debian, contrary to Ubuntu, does not use a specifc archive name. All security updates are part of the "stable" archive hence Unattended-Upgrade::Allowed-Origins has no way to limit the scope to security updates.

Possible Solution

update the template + support Unattended-Upgrade::Origins-Pattern

Looks like support was added in Debian 7.

Unsetting defaults for package install not documented

I am trying to unset flags in a package install. My command:

package "apache2-utils" do
action :install
options '--force=yes'
end

Output from the run:

---- Begin output of apt-get -q -y --force=yes install apache2-utils=2.4.7-1ubuntu4.8 ----

STDERR: E: Command line option --force=yes is not understood
---- End output of apt-get -q -y --force=yes install apache2-utils=2.4.7-1ubuntu4.8 ----
Ran apt-get -q -y --force=yes install apache2-utils=2.4.7-1ubuntu4.8 returned 100

What i need to do is apt-get -q --force=yes since apt-get seems to be getting confused if it has both -y and --force=yes. So how do I unset the -y, none of the documentation seems to say and the -q -y seems to be a default.

Thoughts?

package name '*' in preferences not allowed by regex

the debian-cookbook sets package_name '*' in apt/preferences. The regex validation in apt/resources/preference.rb for the attribute package_name does not allow this.

Doesn't work on modern debian (jessie)

================================================================================
Error executing action `install` on resource 'package[update-notifier-common]'

================================================================================

Chef::Exceptions::Package
-------------------------
update-notifier-common has no candidate in the apt-cache

Resource Declaration:

---------------------
# In /tmp/kitchen/cache/cookbooks/apt/recipes/default.rb

68: package 'update-notifier-common' do
69:notifies :run, 'execute[apt-get-update]', :immediately
70:only_if { apt_installed? }

71: end
72:

Seems like package update-notifier-common has been removed.
Or I missed something?

apt_add_repository annoyances

why is distribution node['lsb']['codename'] not the default with an option to remove it?
why is the default when given a 'key' not to use keyserver 'keyserver.ubuntu.com' instead of going to a template?

apt-get update: retries and error handling

Sometimes, for whatever reasons, apt-get update fails. This might be caused by mirrors that are updated right in the moment when apt-get update was executed or due to network issues. Usually this later causes various obscure problems like "WARNING: The following packages cannot be authenticated!" and crash the chef run.

I suggest to implement some shell logic to retry apt-get update if it fails (retries: attribute, maybe 3?) in all resources that have the command 'apt-get update'`.

I'm also not sure if the ignorance of errors (ignore_failure true) is a good idea, but at least a retry would probably reduce errors a lot.

The Debian/Ubuntu autopkgtest maintainers had the same issue and implemented a very simple static solution: http://anonscm.debian.org/cgit/autopkgtest/autopkgtest.git/diff/?id=7f667754

Add ability to control `ignore_failure` for a specific `apt_repository` LWRP use

Environment:

Debian

Scenario:

If some of your apt_repository 'foo' do blocks are critical (any failure should fail the entire run), but others are non-critical (OK to ignore), you have to choose to either fail when you don't need to or continue when you wanted to fail.

Steps to Reproduce:

apt_repository 'juju' do
  uri 'http://ppa.launchpad.net/juju/stable/ubuntu'
  components ['main']
  distribution 'trusty'
  key 'C8068B11'
  keyserver 'keyserver.ubuntu.com'
  action :add
  deb_src true
  ignore_failure true
end

apt_repository 'cloudera' do
  uri          'http://archive.cloudera.com/cdh4/ubuntu/precise/amd64/cdh'
  arch         'amd64'
  distribution 'precise-cdh4'
  components   ['contrib']
  key          'http://archive.cloudera.com/debian/archive.key'
  ignore_failure false
end

Expected Result:

A failure to add the juju repo shouldn't fail the build, while a failure to add the cloudera repo should.

Cookbook tags are not getting annotated as 'releases' in github

According to github the last release was 'v2.3.10.' However supermarket and the tags suggest the latest version if 2.6.0.

Add chefspec matcher for the new library

We just added a new apt_update resource which will need a matcher

Cookbook creating malformed sources.list files

I was running version 2.7.0 of the apt cookbook with this code in one of my cookbooks

#Add the Jenkins repo
      apt_repository 'jenkins' do
        uri 'http://pkg.jenkins-ci.org/debian binary/'
        key 'https://jenkins-ci.org/debian/jenkins-ci.org.key'
        notifies :run, 'execute[apt-refresh]', :immediately
      end

Now a berks update to apt 2.8.1 gives me malformed sources.list files such as the below output of my jenkins.list

deb     "http://pkg.jenkins-ci.org/debian binary/"

This results in a "Malformed line 1 in source list /etc/apt/sources.list.d/jenkins.list (dist parse)" error. This cookbook worked before the version update, and this repo already functioned on this server properly before the apt cookbook updated. What can be done to correct this? It overwrote a functioning repo and completely broke apt.

Edit: I'd like to add that the jenkins.list file used to look and work like this:

deb     http://pkg.jenkins-ci.org/debian binary/

Guard misses installed keys specified with "0x"

In the repository provider, install_key_from_keyserver will accept a key starting with "0x" and install it successfully with the apt-key command but the logic in the not_if guard will fail causing it to be installed on every Chef run.

Should the repository resource validate the attribute to not contain "0x"?
Should "0x" be stripped from the string before the end_with? check?

Cut a release, please!

There are [pretty important] bug fixes that have been in here since March and still aren't available in the supermarket. Particularly 9f69c17 without which apt cannot handle expired keys (and consequently bails).

Run 'apt-cache gencaches' after adding key?

setup is that i had /etc/apt/soures.list.d/mono.list created, and added a key to it.

the first run it actually adds the new key via apt-key adv but explodes with "package cannot be authenticated!" error:

         * apt_repository[mono] action add
           * execute[install-key 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF] action run
             - execute apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
           * ruby_block[validate-key 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF] action run (skipped due to not_if)
           * file[/var/lib/apt/periodic/update-success-stamp] action nothing (skipped due to action :nothing)
           * execute[apt-cache gencaches] action nothing (skipped due to action :nothing)
           * execute[apt-get update] action nothing (skipped due to action :nothing)
           * file[/etc/apt/sources.list.d/mono.list] action create (up to date)

         * apt_update[grrr] action periodic (up to date)
         * apt_package[git, inotify-tools, librsvg2-bin, libxml2-dev, libxslt1-dev, lua5.1, liblua5.1-0-dev, luarocks, mono-complete, mono-devel, pkg-config, python, python-dev, python-pip, python-virtualenv, texlive-fonts-recommended, texlive-latex-base, texlive-latex-extra, texlive-latex-recommended, librsvg2-bin, unzip, wget, zip, zsh, zlib1g-dev] action upgrade

           ================================================================================
           Error executing action `upgrade` on resource 'apt_package[git, inotify-tools, librsvg2-bin, libxml2-dev, libxslt1-dev, lua5.1, liblua5.1-0-dev, luarocks, mono-complete, mono-devel, pkg-config, python, python-dev, python-pip, python-virtualenv, texlive-fonts-recommended, texlive-latex-base, texlive-latex-extra, texlive-latex-recommended, librsvg2-bin, unzip, wget, zip, zsh, zlib1g-dev]'
           ================================================================================

           Mixlib::ShellOut::ShellCommandFailed
           ------------------------------------
           Expected process to exit with [0], but received '100'
           ---- Begin output of apt-get -q -y install mono-complete=4.2.2.30-0xamarin2 mono-devel=4.2.2.30-0xamarin2 ----
[....]
           WARNING: The following packages cannot be authenticated!
             mono-complete libmono-c5-1.1-cil libmono-cairo4.0-cil
[...]

then i nuked the mono.list file thinking "shitty code, doesn't add the key if the sources file exists" (which i could have seen was the incorrect conclusion to jump to if i'd read the output closer, but its still before noon for me). but then it works:

         * apt_repository[mono] action add
           * execute[install-key 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF] action run (skipped due to not_if)
           * ruby_block[validate-key 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF] action run (skipped due to not_if)
           * file[/var/lib/apt/periodic/update-success-stamp] action nothing (skipped due to action :nothing)
           * execute[apt-cache gencaches] action nothing (skipped due to action :nothing)
           * execute[apt-get update] action nothing (skipped due to action :nothing)
           * file[/etc/apt/sources.list.d/mono.list] action create
             - create new file /etc/apt/sources.list.d/mono.list
             - update content in file /etc/apt/sources.list.d/mono.list from none to efc271
             (diff output suppressed by config)
             - change mode from '' to '0644'
             - change owner from '' to 'root'
             - change group from '' to 'root'
           * file[/var/lib/apt/periodic/update-success-stamp] action delete
             - delete file /var/lib/apt/periodic/update-success-stamp
           * execute[apt-get update] action run
             - execute apt-get update -o Dir::Etc::sourcelist='sources.list.d/mono.list' -o Dir::Etc::sourceparts='-' -o APT::Get::List-Cleanup='0'
           * execute[apt-cache gencaches] action run
             - execute apt-cache gencaches

         * apt_update[grrr] action periodic (up to date)
         * apt_package[git, inotify-tools, librsvg2-bin, libxml2-dev, libxslt1-dev, lua5.1, liblua5.1-0-dev, luarocks, mono-complete, mono-devel, pkg-config, python, python-dev, python-pip, python-virtualenv, texlive-fonts-recommended, texlive-latex-base, texlive-latex-extra, texlive-latex-recommended, librsvg2-bin, unzip, wget, zip, zsh, zlib1g-dev] action upgrade
           - upgrade package mono-complete from 3.2.8+dfsg-4ubuntu1.1 to 4.2.2.30-0xamarin2
           - upgrade package mono-devel from 3.2.8+dfsg-4ubuntu1.1 to 4.2.2.30-0xamarin2

it skips adding the keys, the mono.list didn't change, i just nuked it before running it again. i'm speculating that apt-cache gencaches need to be run or something.

Adding key and keyserver to existing repo doesn't work

If the repository has already been added in an early invocation of chef-client, adding a key to the resource does not work.

The repository must first be removed and then chef must be re-run for the key to be added.

pull request and bot named Curry

There is pull request — #81
And I want to get any answer for my messages.
But i tired to get email from "bot named Curry".
You can see that I have already signed ICLA and authorized to contribute — https://supermarket.getchef.com/users/alukardd

Extract gpg ids fails when locale is not en-XX

extract_fingerprints_from_cmd extracts keys by matching the string Key fingerprint but commands such as apt-key finger or gpg --with-fingerprint will output a different string if LANG is not set to english. For example, in a system configured with LANG=es_ES the actual string is Huella de clave, and so the function always returns an empty list, which causes new keys not being installed.

repository resource/sources.list.d names should be validated (to exclude spaces)

I was trying to install tmux 1.9a on some Ubuntu 14.04 machines and wrote

apt_repository 'tmux PPA' do
  uri 'ppa:pi-rho/dev'
  distribution node['lsb']['codename']
end

package 'tmux'

it wasn't working, and when I manually ran apt-get update the PPA wasn't even in the output and I couldn't figure out why;

changing apt_repository 'tmux PPA' to apt_repository 'tmux_ppa' fixed the issue (I didn't originally realize it was gonna get used as the file name in /etc/sources.list.d/ and that apt would silently ignore it with spaces)

Lots of log WARNings when using apt cookbook ("Deprecation class overwrites LWRP resource apt_preference from cookbook apt")

I recently noticed that I'm getting lots of these warnings when using the apt cookbook:

[2015-09-22T21:35:22+00:00] WARN: You declared a new resource #<Class:0x0000000641b418> for resource apt_preference, but it comes alphabetically after LWRP resource apt_preference from cookbook apt and has the same filters ({}), so it will not be used. Use override: true if you want to use it for apt_preference.
[2015-09-22T21:35:22+00:00] WARN: AptPreference already exists!  Deprecation class overwrites LWRP resource apt_preference from cookbook apt
[2015-09-22T21:35:22+00:00] WARN: You declared a new resource #<Class:0x00000006412368> for resource apt_repository, but it comes alphabetically after LWRP resource apt_repository from cookbook apt and has the same filters ({}), so it will not be used. Use override: true if you want to use it for apt_repository.
[2015-09-22T21:35:22+00:00] WARN: AptRepository already exists!  Deprecation class overwrites LWRP resource apt_repository from cookbook apt

This is using Chef 12.4.1 with chef zero provisioner, happening during a chefspec run

File files/default/15update-stamp does not exist for cookbook apt

Recipe cacher-client fails with compiletime

The cacher-client recipe fails to compile if:

node['apt']['compiletime'] == true
apt::cacher-client is in the run_list before apt::default

apt::default must be in the run_list before apt::cacher-client, but this executes apt-get update without the proxy.

Recipe: apt::cacher-client
  * template[/etc/apt/apt.conf.d/01proxy] action create

    ================================================================================
    Recipe Compile Error in .../cookbooks/apt/recipes/cacher-client.rb
    ================================================================================

    Chef::Exceptions::ResourceNotFound
    ----------------------------------
    resource template[/etc/apt/apt.conf.d/01proxy] is configured to notify
    resource execute[apt-get update] with action run, but
    execute[apt-get update] cannot be found in the resource collection.
    template[/etc/apt/apt.conf.d/01proxy] is defined in
    /var/chef/cache/cookbooks/apt/recipes/cacher-client.rb:60:in `from_file'

    Cookbook Trace:
    ---------------
      /var/chef/cache/cookbooks/apt/recipes/cacher-client.rb:73:in `from_file'

    Relevant File Content:
    ----------------------
    /var/chef/cache/cookbooks/apt/recipes/cacher-client.rb:

     66:        :proxy => cacher_ipaddress,
     67:        :port => servers[0]['apt']['cacher_port'],
     68:        :bypass => node['apt']['cache_bypass']
     69:        )
     70:      action(node['apt']['compiletime'] ? :nothing : :create)
     71:      notifies :run, 'execute[apt-get update]', :immediately
     72:    end
     73>>   t.run_action(:create) if node['apt']['compiletime']
     74:  else
     75:    Chef::Log.info('No apt-cacher-ng server found.')
     76:    file '/etc/apt/apt.conf.d/01proxy' do
     77:      action :delete
     78:    end
     79:  end
     80:
     81:  include_recipe 'apt::default'
     82:

discrepancy between repository and cookbook through supermarket api

If you look here, you'll see package mailutils being set:
https://github.com/opscode-cookbooks/apt/blob/master/recipes/unattended-upgrades.rb#L32

However, if you fetch apt cookbook through https://supermarket.getchef.com, you'll see the package resource is not there.

Both are apt cookbook version 2.6.0.

This seems like a version bump or cookbook upload gone wrong or something? Or how does this work?

metadata.rb missing

Hi guys, I'm unable to install version 2.6.1 because metadata.rb is missing, see: https://supermarket.chef.io/cookbooks/apt/versions/2.6.1#foodcritic

Backwards Compatibility Break

ea17f0b introduced a potential backwards compatibility break when using the apt_repository lwrp.

Before, the full protocol and port were required to be defined (only when no proxy was used it seems), now that they are automatically added this is causing duplicate protocols and ports to be added causing converge failures.

Cloning Resource

WARN: Cloning resource attributes for file[/etc/apt/preferences.d/my_packages.pref] from prior resource (CHEF-3694)

I'm using the following

apt_preference 'my_packages' do
  glob         '*'
  pin          'repo.mypackages.com'
  pin_priority '700'
end

undefined method 'key_proxy' for LWRP resource apt_repository from cookbook apt

I am receiving the above error when trying to key the key_proxy in an apt-repository using the apt cookbook. Please let me know what debugging information you need to troubleshoot the issue. Thanks!

Fix the badges on the README to use https

See: chef/supermarket#528 for more details.

execute 'apt-get update' block removed in 2.4.x

The removal of the following block (last appeared in 2.3.10) has broken several cookbooks that rely on hooking this event in their recipes. I found out the hard way after installing a newer cookbook that depends on apt. I was able to fix the issue by pinning to 2.3.x in my environment, but its worth mentioning since many cookbook developers do not pin the cookbook versions in their metadata.

What was the reason for the removal?

# For other recipes to call to force an update
execute 'apt-get update' do
  command 'apt-get update'
  ignore_failure true
  only_if { apt_installed? }
  action :nothing
end

README example of apt_repository should be updated

The example for apt_repository that adds 'nginx-php' should be updated. The URI specified (http://ppa.launchpad.net/nginx/php5/ubuntu) is not available and gives a 404.

It would be easier to figure out how to use apt_repository by starting from a working example.

unattended-upgrades and debconf

If the unattended_upgrades package is already installed, the debconf seed never gets seeded and auto-updates will never get enabled:

https://github.com/chef-cookbooks/apt/blob/master/recipes/unattended-upgrades.rb#L27

Systems initially provisioned by cloud-init (like recently at DigitalOcean) already have unattended_upgrades installed and auto-update disabled.

/etc/apt/apt.conf.d does not exist.

With the latest sources I get

ERROR: cookbook_file[/etc/apt/apt.conf.d/15update-stamp](apt::default line 53) had an error: Chef::Exceptions::EnclosingDirectoryDoesNotExist: Parent directory /etc/apt/apt.conf.d does not exist.

It used to work until a week ago or so

gitter.im link in README.md is invalid

I get a 404 when clicking on the gitter icon/link in the README.md.

apt_repository LWRP does not accept http_proxy

The documentation appears to indicate that apt_repository LWRP accepts an attribute parameter named key_proxy. It does not and trying to do so produces the expected error:

ERROR: undefined methodkey_proxy' for Chef::Resource::AptRepository`

You can use a proxy by setting the node['apt']['key_proxy'] attribute; you just can't pass the attribute directly to the apt_repository LWRP.

At a minimum, the documentation should be updated but, ideally, the apt_repository should be enhanced to accept the key_proxy parameter.

Looking at wrong source.list file in Ubuntu

I'm trying to get this plugin working for Ubuntu 14.04 trusty.

I suppose my question is, why is chef complaining about /etc/apt/sources.list.d/nginx.list when the docs at nginx tell you to format the etc/apt/sources.list?

This is the code from my recipe:

apt_repository 'nginx' do
  uri           'http://nginx.org/packages/ubuntu/'
  key           'http://nginx.org/keys/nginx_signing.key'
  distribution  'trusty'
  deb_src       true
  action        :add
end

apt_package "nginx" do
  provider Chef::Provider::Package::Apt
  action   :install
end

And here is the error message from chef:

* execute[apt-get update] action run[2014-10-31T15:45:40+00:00] ERROR: execute[apt-get update] (/tmp/kitchen/cookbooks/apt/providers/repository.rb line 156) had an error: Expected process to exit with [0], but received '100'
       ---- Begin output of apt-get update -o Dir::Etc::sourcelist='sources.list.d/nginx.list' -o Dir::Etc::sourceparts='-' -o APT::Get::List-Cleanup='0' ----
       STDOUT:
       STDERR: E: Malformed line 1 in source list /etc/apt/sources.list.d/nginx.list (dist parse)
       E: The list of sources could not be read.
       ---- End output of apt-get update -o Dir::Etc::sourcelist='sources.list.d/nginx.list' -o Dir::Etc::sourceparts='-' -o APT::Get::List-Cleanup='0' ----
       Ran apt-get update -o Dir::Etc::sourcelist='sources.list.d/nginx.list' -o Dir::Etc::sourceparts='-' -o APT::Get::List-Cleanup='0' returned 100; ignore_failure is set, continuing

       ================================================================================
       Error executing action `run` on resource 'execute[apt-get update]'
       ================================================================================

       Mixlib::ShellOut::ShellCommandFailed
       ------------------------------------
       Expected process to exit with [0], but received '100'
       ---- Begin output of apt-get update -o Dir::Etc::sourcelist='sources.list.d/nginx.list' -o Dir::Etc::sourceparts='-' -o APT::Get::List-Cleanup='0' ----
       STDOUT:
       STDERR: E: Malformed line 1 in source list /etc/apt/sources.list.d/nginx.list (dist parse)
       E: The list of sources could not be read.
       ---- End output of apt-get update -o Dir::Etc::sourcelist='sources.list.d/nginx.list' -o Dir::Etc::sourceparts='-' -o APT::Get::List-Cleanup='0' ----
       Ran apt-get update -o Dir::Etc::sourcelist='sources.list.d/nginx.list' -o Dir::Etc::sourceparts='-' -o APT::Get::List-Cleanup='0' returned 100

       Resource Declaration:
       ---------------------
       # In /tmp/kitchen/cookbooks/apt/providers/repository.rb

       156:   execute 'apt-get update' do
       157:     command "apt-get update -o Dir::Etc::sourcelist='sources.list.d/#{new_resource.name}.list' -o Dir::Etc::sourceparts='-' -o APT::Get::List-Cleanup='0'"
       158:     ignore_failure true
       159:     action :nothing
       160:     notifies :run, 'execute[apt-cache gencaches]', :immediately
       161:   end
       162:

       Compiled Resource:
       ------------------
       # Declared in /tmp/kitchen/cookbooks/apt/providers/repository.rb:156:in `block in class_from_file'

       execute("apt-get update") do
         action [:nothing]
         ignore_failure true
         retries 0
         retry_delay 2
         command "apt-get update -o Dir::Etc::sourcelist='sources.list.d/nginx.list' -o Dir::Etc::sourceparts='-' -o APT::Get::List-Cleanup='0'"
         backup 5
         returns 0
         cookbook_name :"touchbistro-rails"
       end


       Recipe: touchbistro-rails::newrelic_nginx_agent

       ================================================================================
       Error executing action `install` on resource 'apt_package[nginx]'
       ================================================================================

       Mixlib::ShellOut::ShellCommandFailed
       ------------------------------------
       Expected process to exit with [0], but received '100'
       ---- Begin output of apt-cache policy nginx ----
       STDOUT:
       STDERR: E: Malformed line 1 in source list /etc/apt/sources.list.d/nginx.list (dist parse)
       E: The list of sources could not be read.
       E: The package lists or status file could not be parsed or opened.
       ---- End output of apt-cache policy nginx ----
       Ran apt-cache policy nginx returned 100


       ---------------------
       # In /tmp/kitchen/cookbooks/touchbistro-rails/recipes/newrelic_nginx_agent.rb

        23: apt_package "nginx" do
        24:   provider Chef::Provider::Package::Apt
        25:   action   :install

        27:

       Compiled Resource:
       ------------------
       # Declared in /tmp/kitchen/cookbooks/touchbistro-rails/recipes/newrelic_nginx_agent.rb:23:in `from_file'

       apt_package("nginx") do
         provider Chef::Provider::Package::Apt
         action [:install]
         retries 0
         retry_delay 2
         package_name "nginx"
         cookbook_name :"touchbistro-rails"
         recipe_name "newrelic_nginx_agent"
       end



           - reload service service[nginx]
         * service[nginx] action restart
           - restart service service[nginx]

       Running handlers:
       [2014-10-31T15:45:40+00:00] ERROR: Running exception handlers
       Running handlers complete


       Chef Client failed. 87 resources updated in 631.862846189 seconds
       [2014-10-31T15:45:40+00:00] ERROR: apt_package[nginx] (touchbistro-rails::newrelic_nginx_agent line 23) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '100'
       ---- Begin output of apt-cache policy nginx ----
       STDOUT:
       STDERR: E: Malformed line 1 in source list /etc/apt/sources.list.d/nginx.list (dist parse)
       E: The list of sources could not be read.
       E: The package lists or status file could not be parsed or opened.
       ---- End output of apt-cache policy nginx ----
       Ran apt-cache policy nginx returned 100
       [2014-10-31T15:45:40+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)

Non apt based systems attempting to install apt-transport-https

Commit 818ae9f added install of apt-transport-https with no guard. This cookbooks default recipe is included by many other cookbooks and this breaks the chef run when pulling in version 2.9.1 of this cookbook.

CONTRIBUTING is old

The CONTRIBUTING file refers to the old JIRA issues requirements, it needs to be changed or removed at all.

apt::default tricked by old update-success_stamp

apt:default intentionally does not run apt-get update if /var/lib/apt/periodic/update-success-stamp is present.

This can be a bit of a problem if a system is being bootstrapped for the first time and apt-get update has not been run in some time. This can often be the case with hosted providers such as digital ocean.

$ date
Sun Feb 1 14:34:12 PST 2015
$ cd /var/lib/apt/periodic
$ ls -al update-success-stamp
-rw-r--r-- 1 root root 0 Jan 8 13:33 update-success-stamp

Expired signing keys not automatically refreshed

If a package signing key expires, the repository provider never attempts to obtain a renewed key, due to the guard in recipes/repository.rb:

    not_if do
      extract_fingerprints_from_cmd('apt-key finger').any? do |fingerprint|
        fingerprint.end_with?(key.upcase)
      end
    end

This guard needs to return false if the key has expired.

preference lwrp doesn't support why-run

apt_preference[sensu] action add
- Whyrun not supported for apt_preference[sensu], bypassing load.
  (Skipped: whyrun not supported by provider Chef::Provider::AptPreference)
  (up to date)

It would be nice to get why-run on this LWRP

APT key not installed

I've report a bug on another cookbooks and it seems it comes from this one.
chef/chef#2866
Could you take a look ?

Windows attempts to create '/etc/apt/apt.conf.d/10recommends'

Running the default recipe on a Windows node isn't a no-op - it tries to create the /etc/apt/apt.conf.d/10recommends file and explodes with:

 Chef::Exceptions::Win32APIError
           -------------------------------
           No mapping between account names and security IDs was done.
           ---- Begin Win32 API output ----
           System Error Code: 1332
           System Error Message: No mapping between account names and security IDs was done.
           ---- End Win32 API output ----

I'm guessing it's because this part of the recipe is missing the only_if { apt_installed? } guard.

template '/etc/apt/apt.conf.d/10recommends' do
  owner 'root'
  group 'root'
  mode '644'
  source '10recommends.erb'
end

Deprecate the use of short key IDs

Some discussion here: http://security.stackexchange.com/questions/74009/what-is-an-openpgp-key-id-collision

With a link to the key take away at: http://tools.ietf.org/html/rfc4880#section-3.3

The long IDs already work fin but it would be nice to start throwing a warning message when the apt_repository resource is used with a short ID.

undefined method `tr' for nil:NilClass

2.8.1


      NoMethodError
      -------------
      undefined method `tr' for nil:NilClass

      Cookbook Trace:
      ---------------
      /home/rmoriz/chef-solo/cookbooks-2/apt/providers/preference.rb:32:in `safe_name'
      /home/rmoriz/chef-solo/cookbooks-2/apt/providers/preference.rb:77:in `block in class_from_file'

      Resource Declaration:
      ---------------------

       43:     apt_preference 'nginx' do
       44:       action :remove
       45:     end

Version Pinning breaks if dot is in package name

Hi there,

I've encountered a problem when my package names got a dot in their name. apt-get will ignore the pin file with this notice:

N: Ignoring file 'my-package.1.0-final' in directory '/etc/apt/preferences.d/' as it has an invalid filename extension

I would suggest to add the extension .pref at the end of the package filename, if there is a dot in the name. This would still support backward compatibility, as package names without dot will not be changed.

What do you think? If you like I can prepare a PR, but wanted to check first if this should be covered by the apt-cookbook or the application wrapper cookbook.

Cheers,
Jan