From d239f9b224a7ffbc5cd9650d3c18eb58e5ee8182 Mon Sep 17 00:00:00 2001 From: laddanki Date: Wed, 29 May 2019 16:16:13 +0800 Subject: [PATCH 1/2] upgraded apt --- CHANGELOG.md | 16 ++++ Gemfile | 1 - README.md | 66 +++----------- attributes/default.rb | 5 ++ chefignore | 16 +--- kitchen.dokken.yml | 45 ++++++++++ kitchen.yml | 61 +++++++++++++ libraries/matchers.rb | 16 ---- metadata.rb | 4 +- recipes/default.rb | 2 +- resources/preference.rb | 90 ------------------- spec/unit/recipes/default_spec.rb | 4 +- templates/50unattended-upgrades.erb | 45 ++++++++-- test/fixtures/cookbooks/test/metadata.rb | 2 +- test/integration/resources/resources_spec.rb | 2 +- .../resources/unattended_upgrades_spec.rb | 10 +++ 16 files changed, 196 insertions(+), 189 deletions(-) create mode 100644 kitchen.dokken.yml create mode 100644 kitchen.yml delete mode 100644 libraries/matchers.rb delete mode 100644 resources/preference.rb create mode 100644 test/integration/resources/unattended_upgrades_spec.rb diff --git a/CHANGELOG.md b/CHANGELOG.md index 32f93692..d2cf320b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,22 @@ This file is used to list changes made in each version of the apt cookbook. +## 7.1.1 (2018-10-11) + +- Allow to customize sender email for unattended-upgrades + +## 7.1.0 (2018-09-05) + +- Add the installation of dirmngr and gnupg to the apt default cookbook to support secure repositories +- Added support for the unattended-upgrade SyslogEnable configuration feature +- Added support for the unattended-upgrade SyslogFacility configuration feature + +## 7.0.0 (2018-04-06) + +### Breaking Change + +- This cookbook no longer includes apt_preference as that resource was moved into Chef Client 13.3. The cookbook now also requires Chef 13.3 or later. If you require support for an older release of Chef you will need to pin to a 6.X release. + ## 6.1.4 (2017-08-31) - Restores ignore_failure true on compile time update. diff --git a/Gemfile b/Gemfile index c3bc0d1a..c1dbddd8 100644 --- a/Gemfile +++ b/Gemfile @@ -6,5 +6,4 @@ source 'https://rubygems.org' -gem 'stove' gem 'community_cookbook_releaser' diff --git a/README.md b/README.md index bbf4fecd..d54e58a6 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ May work with or without modification on other Debian derivatives. ### Chef -- Chef 12.9+ +- Chef 13.3+ ### Cookbooks @@ -83,7 +83,7 @@ For example, to prevent caching and directly connect to the repository at `downl "cacher_server": { "cache_bypass": { "download.oracle.com": "http", - "nginx.org": "https" + "nginx.org": "https" } } } @@ -129,11 +129,15 @@ To pull just security updates, set `origins_patterns` to something like `["origi - `['apt']['unattended_upgrades']['minimal_steps']` - Split the upgrade into the smallest possible chunks. This makes the upgrade a bit slower but it has the benefit that shutdown while a upgrade is running is possible (with a small delay). Defaults to false. - `['apt']['unattended_upgrades']['install_on_shutdown']` - Install upgrades when the machine is shuting down instead of doing it in the background while the machine is running. This will (obviously) make shutdown slower. Defaults to false. - `['apt']['unattended_upgrades']['mail']` - Send email to this address for problems or packages upgrades. Defaults to no email. +- `['apt']['unattended_upgrades']['sender']` - Send email from this address for problems or packages upgrades. Defaults to 'root'. - `['apt']['unattended_upgrades']['mail_only_on_error']` - If set, email will only be set on upgrade errors. Otherwise, an email will be sent after each upgrade. Defaults to true. - `['apt']['unattended_upgrades']['remove_unused_dependencies']` Do automatic removal of new unused dependencies after the upgrade. Defaults to false. - `['apt']['unattended_upgrades']['automatic_reboot']` - Automatically reboots _without confirmation_ if a restart is required after the upgrade. Defaults to false. - `['apt']['unattended_upgrades']['dl_limit']` - Limits the bandwidth used by apt to download packages. Value given as an integer in kb/sec. Defaults to nil (no limit). - `['apt']['unattended_upgrades']['random_sleep']` - Wait a random number of seconds up to this value before running daily periodic apt actions. System default is 1800 seconds (30 minutes). +- `['apt']['unattended_upgrades']['syslog_enable']` - Enable logging to syslog. Defaults to false. +- `['apt']['unattended_upgrades']['syslog_facility']` - Specify syslog facility. Defaults to 'daemon'. +- `['apt']['unattended_upgrades']['dpkg_options']` An array of dpkg options to be used specifically only for unattended upgrades. Defaults to `[]` which will prevent it from being rendered from the template in the resulting file. ### Configuration for APT @@ -149,55 +153,6 @@ To pull just security updates, set `origins_patterns` to something like `["origi There is an `interface_ipaddress` method that returns the IP address for a particular host and interface, used by the `cacher-client` recipe. To enable it on the server use the `['apt']['cacher_interface']` attribute. -## Resources/Providers - -### apt_preference - -This resource provides an easy way to pin packages in /etc/apt/preferences.d. Although apt-pinning is quite helpful from time to time please note that Debian does not encourage its use without thorough consideration. - -Further information regarding apt-pinning is available via . - -#### Actions - -- `:add`: creates a preferences file under /etc/apt/preferences.d -- `:remove`: Removes the file, therefore unpin the package - -#### Attribute Parameters - -- package_name: name attribute. The name of the package -- glob: Pin by glob() expression or regexp surrounded by /. -- pin: The package version/repository to pin -- pin_priority: The pinning priority aka "the highest package version wins" (required) - -#### Examples - -Pin libmysqlclient16 to version 5.1.49-3: - -```ruby -apt_preference 'libmysqlclient16' do - pin 'version 5.1.49-3' - pin_priority '700' -end -``` - -Unpin libmysqlclient16: - -```ruby -apt_preference 'libmysqlclient16' do - action :remove -end -``` - -Pin all packages from dotdeb.org: - -```ruby -apt_preference 'dotdeb' do - glob '*' - pin 'origin packages.dotdeb.org' - pin_priority '700' -end -``` - ## Usage Put `recipe[apt]` first in the run list. If you have other recipes that you want to use to configure how apt behaves, like new sources, notify the execute resource to run, e.g.: @@ -214,6 +169,14 @@ Put `recipe[apt::cacher-ng]` in the run_list for a server to provide APT caching If you want to cleanup unused packages, there is also the `apt-get autoclean` and `apt-get autoremove` resources provided for automated cleanup. +## Resources + +### apt_preference + +The apt_preference resource has been moved into chef-client in Chef 13.3. + +See for usage details + ### apt_repository The apt_repository resource has been moved into chef-client in Chef 12.9. @@ -232,7 +195,6 @@ This cookbook is maintained by Chef's Community Cookbook Engineering team. Our g ## License - **Copyright:** 2009-2017, Chef Software, Inc. ``` diff --git a/attributes/default.rb b/attributes/default.rb index b382ab52..2d3e6734 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -41,12 +41,17 @@ default['apt']['unattended_upgrades']['minimal_steps'] = false default['apt']['unattended_upgrades']['install_on_shutdown'] = false default['apt']['unattended_upgrades']['mail'] = nil +default['apt']['unattended_upgrades']['sender'] = nil default['apt']['unattended_upgrades']['mail_only_on_error'] = true default['apt']['unattended_upgrades']['remove_unused_dependencies'] = false default['apt']['unattended_upgrades']['automatic_reboot'] = false default['apt']['unattended_upgrades']['automatic_reboot_time'] = 'now' default['apt']['unattended_upgrades']['dl_limit'] = nil default['apt']['unattended_upgrades']['random_sleep'] = nil +default['apt']['unattended_upgrades']['syslog_enable'] = false +default['apt']['unattended_upgrades']['syslog_facility'] = 'daemon' + +default['apt']['unattended_upgrades']['dpkg_options'] = [] default['apt']['confd']['force_confask'] = false default['apt']['confd']['force_confdef'] = false diff --git a/chefignore b/chefignore index cd4830c3..7e4ab407 100644 --- a/chefignore +++ b/chefignore @@ -45,22 +45,19 @@ a.out # Testing # ########### -.watchr .rspec spec/* spec/fixtures/* test/* features/* examples/* -Guardfile Procfile .kitchen* .rubocop.yml spec/* -Rakefile .travis.yml .foodcritic -.codeclimate.yml +appveyor.yml # SCM # ####### @@ -93,14 +90,3 @@ CONTRIBUTING* CHANGELOG* TESTING* -# Strainer # -############ -Colanderfile -Strainerfile -.colander -.strainer - -# Vagrant # -########### -.vagrant -Vagrantfile diff --git a/kitchen.dokken.yml b/kitchen.dokken.yml new file mode 100644 index 00000000..4a3216a1 --- /dev/null +++ b/kitchen.dokken.yml @@ -0,0 +1,45 @@ +driver: + name: dokken + privileged: true # because Docker and SystemD/Upstart + chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> + +transport: + name: dokken + +provisioner: + name: dokken + deprecations_as_errors: true + +verifier: + name: inspec + +platforms: +- name: debian-8 + driver: + image: dokken/debian-8 + pid_one_command: /bin/systemd + +- name: debian-9 + driver: + # Need a custom Stretch image as dokken one contains extra packages and then we hit https://github.com/chef-cookbooks/apt/issues/234 + image: debian:9 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + - RUN /usr/bin/apt-get install -y systemd + - RUN rm /etc/systemd/system/getty.target.wants/getty\@tty1.service + +- name: centos-7 + driver: + image: dokken/centos-7 + pid_one_command: /usr/lib/systemd/systemd + +- name: ubuntu-16.04 + driver: + image: dokken/ubuntu-16.04 + pid_one_command: /bin/systemd + +- name: ubuntu-18.04 + driver: + image: dokken/ubuntu-18.04 + pid_one_command: /bin/systemd diff --git a/kitchen.yml b/kitchen.yml new file mode 100644 index 00000000..18f4e6d4 --- /dev/null +++ b/kitchen.yml @@ -0,0 +1,61 @@ +driver: + name: vagrant + +provisioner: + name: chef_zero + deprecations_as_errors: true + +verifier: + name: inspec + +platforms: + - name: centos-7 + - name: debian-8 + - name: debian-9 + - name: ubuntu-16.04 + - name: ubuntu-18.04 + - name: ubuntu-16.04-chef-12.9 + driver_config: + box: bento/ubuntu-16.04 + provisioner: + require_chef_omnibus: 12.9.41 + +suites: + - name: default + run_list: + - recipe[apt] + + - name: cacher + run_list: + - recipe[test::cacher] + excludes: centos-7 + + - name: compile-time + run_list: + - recipe[apt::default] + attributes: + apt: + compile_time_update: true + excludes: centos-7 + + - name: resources + run_list: + - recipe[test::resources] + # test that you can specifically modify some unattended upgrades options but leave the majority in place + - recipe[test::unattended-upgrades] + excludes: centos-7 + attributes: + apt: + unattended_upgrades: + dpkg_options: + - --force-confdef + - --force-confold + + - name: unattended-upgrades + run_list: + - recipe[test::unattended-upgrades] + attributes: + apt: + unattended_upgrades: + enable: true + excludes: centos-7 diff --git a/libraries/matchers.rb b/libraries/matchers.rb deleted file mode 100644 index 82c97b3a..00000000 --- a/libraries/matchers.rb +++ /dev/null @@ -1,16 +0,0 @@ -if defined?(ChefSpec) - - ################# - # apt_preference - ################# - - ChefSpec.define_matcher :apt_preference - - def add_apt_preference(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:apt_preference, :add, resource_name) - end - - def remove_apt_preference(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:apt_preference, :remove, resource_name) - end -end diff --git a/metadata.rb b/metadata.rb index 890818ff..f0458449 100644 --- a/metadata.rb +++ b/metadata.rb @@ -4,7 +4,7 @@ license 'Apache-2.0' description 'Configures apt and apt caching.' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version '6.1.4' +version '7.1.1' recipe 'apt::default', 'Runs apt-get update during compile phase and sets up preseed directories' recipe 'apt::cacher-ng', 'Set up an apt-cacher-ng caching proxy' @@ -16,4 +16,4 @@ source_url 'https://github.com/chef-cookbooks/apt' issues_url 'https://github.com/chef-cookbooks/apt/issues' -chef_version '>= 12.9' if respond_to?(:chef_version) +chef_version '>= 13.3' if respond_to?(:chef_version) diff --git a/recipes/default.rb b/recipes/default.rb index 23e54a2d..e8c9e8cd 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -93,6 +93,6 @@ only_if { apt_installed? } end -package 'apt-transport-https' do +package %w(apt-transport-https gnupg dirmngr) do only_if { apt_installed? } end diff --git a/resources/preference.rb b/resources/preference.rb deleted file mode 100644 index 1c4337ca..00000000 --- a/resources/preference.rb +++ /dev/null @@ -1,90 +0,0 @@ -# -# Cookbook:: apt -# Resource:: preference -# -# Copyright:: 2010-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -property :package_name, String, name_property: true, regex: [/^([a-z]|[A-Z]|[0-9]|_|-|\.|\*|\+)+$/] -property :glob, String -property :pin, String -property :pin_priority, String, required: true - -action :add do - preference = build_pref( - new_resource.glob || new_resource.package_name, - new_resource.pin, - new_resource.pin_priority - ) - - directory '/etc/apt/preferences.d' do - owner 'root' - group 'root' - mode '0755' - recursive true - action :create - end - - name = safe_name(new_resource.name) - - file "cleanup_#{new_resource.name}.pref" do - path "/etc/apt/preferences.d/#{new_resource.name}.pref" - action :delete - if ::File.exist?("/etc/apt/preferences.d/#{new_resource.name}.pref") && name != new_resource.name - Chef::Log.warn "Replacing #{new_resource.name}.pref with #{name}.pref in /etc/apt/preferences.d/" - end - only_if { name != new_resource.name } - end - - file "cleanup_#{new_resource.name}" do - path "/etc/apt/preferences.d/#{new_resource.name}" - action :delete - if ::File.exist?("/etc/apt/preferences.d/#{new_resource.name}") - Chef::Log.warn "Replacing #{new_resource.name} with #{name}.pref in /etc/apt/preferences.d/" - end - end - - file "/etc/apt/preferences.d/#{name}.pref" do - owner 'root' - group 'root' - mode '0644' - content preference - action :create - end -end - -action :remove do - name = safe_name(new_resource.name) - if ::File.exist?("/etc/apt/preferences.d/#{name}.pref") - Chef::Log.info "Un-pinning #{name} from /etc/apt/preferences.d/" - file "remove_#{name}.pref" do - path "/etc/apt/preferences.d/#{name}.pref" - action :delete - end - end -end - -action_class do - # Build preferences.d file contents - def build_pref(package_name, pin, pin_priority) - pref = "Package: #{package_name}\nPin: #{pin}\n" - pref << "Pin-Priority: #{pin_priority}\n" unless pin_priority.nil? - pref - end - - def safe_name(name) - name.tr('.', '_').gsub('*', 'wildcard') - end -end diff --git a/spec/unit/recipes/default_spec.rb b/spec/unit/recipes/default_spec.rb index eecfcf0f..6e8f0248 100644 --- a/spec/unit/recipes/default_spec.rb +++ b/spec/unit/recipes/default_spec.rb @@ -14,8 +14,8 @@ expect(chef_run).to render_file('/etc/apt/apt.conf.d/10recommends').with_content('APT::Install-Suggests "0";') end - it 'installs apt-transport-https' do - expect(chef_run).to install_package('apt-transport-https') + it 'installs apt-transport-https, gnupg and dirmngr' do + expect(chef_run).to install_package(['apt-transport-https', 'gnupg', 'dirmngr']) end it 'creates preseeding directory' do diff --git a/templates/50unattended-upgrades.erb b/templates/50unattended-upgrades.erb index 9bf0380d..de9cd825 100644 --- a/templates/50unattended-upgrades.erb +++ b/templates/50unattended-upgrades.erb @@ -25,7 +25,7 @@ Unattended-Upgrade::Package-Blacklist { }; // This option allows you to control if on a unclean dpkg exit -// unattended-upgrades will automatically run +// unattended-upgrades will automatically run // dpkg --force-confold --configure -a // The default is true, to ensure updates keep getting installed Unattended-Upgrade::AutoFixInterruptedDpkg "<%= node['apt']['unattended_upgrades']['auto_fix_interrupted_dpkg'] ? 'true' : 'false' %>"; @@ -41,14 +41,20 @@ Unattended-Upgrade::MinimalSteps "<%= node['apt']['unattended_upgrades']['minima // This will (obviously) make shutdown slower Unattended-Upgrade::InstallOnShutdown "<%= node['apt']['unattended_upgrades']['install_on_shutdown'] ? 'true' : 'false' %>"; +<% if node['apt']['unattended_upgrades']['mail'] -%> // Send email to this address for problems or packages upgrades // If empty or unset then no email is sent, make sure that you // have a working mail setup on your system. A package that provides // 'mailx' must be installed. -<% if node['apt']['unattended_upgrades']['mail'] -%> Unattended-Upgrade::Mail "<%= node['apt']['unattended_upgrades']['mail'] %>"; <% end -%> +<% if node['apt']['unattended_upgrades']['sender'] -%> +// This option allows to customize the email address used in the +// 'From' header. unattended-upgrades will use "root" if unset. +Unattended-Upgrade::Sender "<%= node['apt']['unattended_upgrades']['sender'] %>"; +<% end -%> + // Set this value to "true" to get emails only on errors. Default // is to always send a mail if Unattended-Upgrade::Mail is set Unattended-Upgrade::MailOnlyOnError "<%= node['apt']['unattended_upgrades']['mail_only_on_error'] ? 'true' : 'false' %>"; @@ -57,19 +63,42 @@ Unattended-Upgrade::MailOnlyOnError "<%= node['apt']['unattended_upgrades']['mai // (equivalent to apt-get autoremove) Unattended-Upgrade::Remove-Unused-Dependencies "<%= node['apt']['unattended_upgrades']['remove_unused_dependencies'] ? 'true' : 'false' %>"; -// Automatically reboot *WITHOUT CONFIRMATION* if a -// the file /var/run/reboot-required is found after the upgrade +// Automatically reboot *WITHOUT CONFIRMATION* if a +// the file /var/run/reboot-required is found after the upgrade Unattended-Upgrade::Automatic-Reboot "<%= node['apt']['unattended_upgrades']['automatic_reboot'] ? 'true' : 'false' %>"; -// If automatic reboot is enabled and needed, reboot at the specific -// time instead of immediately -// Default: "now" <% if node['apt']['unattended_upgrades']['automatic_reboot'] -%> +// If automatic reboot is enabled and needed, reboot at the specific +// time instead of immediately. Default is "now" Unattended-Upgrade::Automatic-Reboot-Time "<%= node['apt']['unattended_upgrades']['automatic_reboot_time'] %>"; <% end %> +<% if node['apt']['unattended_upgrades']['dl_limit'] -%> // Use apt bandwidth limit feature, this example limits the download // speed to 70kb/sec -<% if node['apt']['unattended_upgrades']['dl_limit'] -%> +// Acquire::http::Dl-Limit "70"; Acquire::http::Dl-Limit "<%= node['apt']['unattended_upgrades']['dl_limit'] %>"; <% end -%> + +// Enable logging to syslog. Default is False +Unattended-Upgrade::SyslogEnable "<%= node['apt']['unattended_upgrades']['syslog_enable'] ? 'true' : 'false' %>"; + +// Specify syslog facility. Default is daemon +Unattended-Upgrade::SyslogFacility "<%= node['apt']['unattended_upgrades']['syslog_facility'] %>"; + +// specify any dpkg options you want to run +// for example if you wanted to upgrade and use +// the installed version of config files when +// resolving conflicts during an upgrade you +// typically need: +// Dpkg::Options { +// "--force-confdef"; +// "--force-confold"; +//}; +<% unless node['apt']['unattended_upgrades']['dpkg_options'].empty? -%> +Dpkg::Options { +<% node['apt']['unattended_upgrades']['dpkg_options'].each do |option|%> + "<%= option %>"; +<% end -%> +}; +<% end -%> diff --git a/test/fixtures/cookbooks/test/metadata.rb b/test/fixtures/cookbooks/test/metadata.rb index abc61e57..75706ef1 100644 --- a/test/fixtures/cookbooks/test/metadata.rb +++ b/test/fixtures/cookbooks/test/metadata.rb @@ -2,6 +2,6 @@ maintainer 'Chef Software, Inc.' maintainer_email 'cookbooks@chef.io' license 'Apache-2.0' -description 'This cookbook is used with test-kitchen to test the parent, apt cookbok' +description 'This cookbook is used with test-kitchen to test the parent, apt cookbook' version '1.0.0' depends 'apt' diff --git a/test/integration/resources/resources_spec.rb b/test/integration/resources/resources_spec.rb index 9a13ba2e..3f34f4e6 100644 --- a/test/integration/resources/resources_spec.rb +++ b/test/integration/resources/resources_spec.rb @@ -40,7 +40,7 @@ it 'adds the JuJu package signing key' do skip('not on ubuntu') unless os.name == 'ubuntu' - expect(command('apt-key list').stdout).to contain('Launchpad Ensemble PPA') + expect(command('apt-key list').stdout).to include('Launchpad Ensemble PPA') end it 'creates the correct pinning preferences for chef' do diff --git a/test/integration/resources/unattended_upgrades_spec.rb b/test/integration/resources/unattended_upgrades_spec.rb new file mode 100644 index 00000000..61902a15 --- /dev/null +++ b/test/integration/resources/unattended_upgrades_spec.rb @@ -0,0 +1,10 @@ +if os.name == 'debian' || os.name == 'ubuntu' + + describe file('/etc/apt/apt.conf.d/50unattended-upgrades') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + it { should be_mode 0644 } + its(:content) { should match(/"--force-confold";/) } + end +end From 816abed5e69c3540379a49fb359aed655e746fb3 Mon Sep 17 00:00:00 2001 From: laddanki Date: Wed, 23 Oct 2019 13:57:07 +0800 Subject: [PATCH 2/2] upgrade to apt v7.2.0 --- CHANGELOG.md | 13 +- Gemfile | 2 +- kitchen.dokken.yml | 13 +- kitchen.yml | 20 +-- metadata.rb | 8 +- recipes/unattended-upgrades.rb | 2 +- spec/unit/recipes/default_spec.rb | 2 +- .../cookbooks/test/recipes/resources.rb | 121 ------------------ 8 files changed, 30 insertions(+), 151 deletions(-) delete mode 100644 test/fixtures/cookbooks/test/recipes/resources.rb diff --git a/CHANGELOG.md b/CHANGELOG.md index d2cf320b..6b9b2b45 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,17 @@ This file is used to list changes made in each version of the apt cookbook. +## 7.2.0 (2019-08-05) + +- Allow you to specify dpkg options just for unattended upgrades - [@majormoses](https://github.com/majormoses) +- Adding documentation and tests for setting dpkg options unattended upgrades - [@majormoses](https://github.com/majormoses) +- Test on Chef 15 + Chef Workstation - [@tas50](https://github.com/tas50) +- Remove tests of the resources now built into Chef - [@tas50](https://github.com/tas50) +- Remove respond_to from the metadata - [@tas50](https://github.com/tas50) +- Remove the recipe description from the metadata as these aren't used - [@tas50](https://github.com/tas50) +- Replace Chef 12 testing with 13.3 - [@tas50](https://github.com/tas50) +- Remove Ubuntu 14.04 / Debian 8 testing and add Debian 10 testing - [@tas50](https://github.com/tas50) + ## 7.1.1 (2018-10-11) - Allow to customize sender email for unattended-upgrades @@ -26,7 +37,7 @@ This file is used to list changes made in each version of the apt cookbook. ## 6.1.3 (2017-07-19) - Fixed typo in readme -- Fixed config namespace in the 10dpkg-options file +- Fixed config namespace in the 10dpkg-options file ## 6.1.2 (2017-06-20) diff --git a/Gemfile b/Gemfile index c1dbddd8..ee4a8a39 100644 --- a/Gemfile +++ b/Gemfile @@ -1,5 +1,5 @@ # This gemfile provides additional gems for testing and releasing this cookbook -# It is meant to be installed on top of ChefDK which provides the majority +# It is meant to be installed on top of ChefDK / Chef Workstationo which provide the majority # of the necessary gems for testing this cookbook # # Run 'chef exec bundle install' to install these dependencies diff --git a/kitchen.dokken.yml b/kitchen.dokken.yml index 4a3216a1..9cb90ee4 100644 --- a/kitchen.dokken.yml +++ b/kitchen.dokken.yml @@ -2,6 +2,7 @@ driver: name: dokken privileged: true # because Docker and SystemD/Upstart chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> + chef_license: accept-no-persist transport: name: dokken @@ -14,15 +15,19 @@ verifier: name: inspec platforms: -- name: debian-8 +- name: debian-9 driver: - image: dokken/debian-8 + image: debian:9 pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + - RUN /usr/bin/apt-get install -y systemd + - RUN rm /etc/systemd/system/getty.target.wants/getty\@tty1.service -- name: debian-9 +- name: debian-10 driver: # Need a custom Stretch image as dokken one contains extra packages and then we hit https://github.com/chef-cookbooks/apt/issues/234 - image: debian:9 + image: debian:10 pid_one_command: /bin/systemd intermediate_instructions: - RUN /usr/bin/apt-get update diff --git a/kitchen.yml b/kitchen.yml index 18f4e6d4..15b6da16 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -4,21 +4,22 @@ driver: provisioner: name: chef_zero deprecations_as_errors: true + chef_license: accept-no-persist verifier: name: inspec platforms: - name: centos-7 - - name: debian-8 - name: debian-9 + - name: debian-10 - name: ubuntu-16.04 - name: ubuntu-18.04 - - name: ubuntu-16.04-chef-12.9 + - name: ubuntu-16.04-chef-13.3 driver_config: box: bento/ubuntu-16.04 provisioner: - require_chef_omnibus: 12.9.41 + require_chef_omnibus: 13.3 suites: - name: default @@ -38,19 +39,6 @@ suites: compile_time_update: true excludes: centos-7 - - name: resources - run_list: - - recipe[test::resources] - # test that you can specifically modify some unattended upgrades options but leave the majority in place - - recipe[test::unattended-upgrades] - excludes: centos-7 - attributes: - apt: - unattended_upgrades: - dpkg_options: - - --force-confdef - - --force-confold - - name: unattended-upgrades run_list: - recipe[test::unattended-upgrades] diff --git a/metadata.rb b/metadata.rb index f0458449..05fbd219 100644 --- a/metadata.rb +++ b/metadata.rb @@ -4,11 +4,7 @@ license 'Apache-2.0' description 'Configures apt and apt caching.' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version '7.1.1' - -recipe 'apt::default', 'Runs apt-get update during compile phase and sets up preseed directories' -recipe 'apt::cacher-ng', 'Set up an apt-cacher-ng caching proxy' -recipe 'apt::cacher-client', 'Client for the apt::cacher-ng caching proxy' +version '7.2.0' %w(ubuntu debian).each do |os| supports os @@ -16,4 +12,4 @@ source_url 'https://github.com/chef-cookbooks/apt' issues_url 'https://github.com/chef-cookbooks/apt/issues' -chef_version '>= 13.3' if respond_to?(:chef_version) +chef_version '>= 13.3' diff --git a/recipes/unattended-upgrades.rb b/recipes/unattended-upgrades.rb index ee2cb6e8..05c3b89d 100644 --- a/recipes/unattended-upgrades.rb +++ b/recipes/unattended-upgrades.rb @@ -23,7 +23,7 @@ # systems. # -package 'unattended-upgrades' do +package 'unattended-upgrades' do # ~FC009 response_file 'unattended-upgrades.seed.erb' action :install end diff --git a/spec/unit/recipes/default_spec.rb b/spec/unit/recipes/default_spec.rb index 6e8f0248..47252504 100644 --- a/spec/unit/recipes/default_spec.rb +++ b/spec/unit/recipes/default_spec.rb @@ -15,7 +15,7 @@ end it 'installs apt-transport-https, gnupg and dirmngr' do - expect(chef_run).to install_package(['apt-transport-https', 'gnupg', 'dirmngr']) + expect(chef_run).to install_package(%w(apt-transport-https gnupg dirmngr)) end it 'creates preseeding directory' do diff --git a/test/fixtures/cookbooks/test/recipes/resources.rb b/test/fixtures/cookbooks/test/recipes/resources.rb deleted file mode 100644 index dbb27e9f..00000000 --- a/test/fixtures/cookbooks/test/recipes/resources.rb +++ /dev/null @@ -1,121 +0,0 @@ -# -# Cookbook:: test -# Recipe:: resources -# -# Copyright:: 2012-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe 'test::base' - -if node['platform'] == 'ubuntu' - # Apt Repository - apt_repository 'juju' do - uri '"http://ppa.launchpad.net/juju/stable/ubuntu"' - components ['main'] - distribution 'trusty' - key 'C8068B11' - keyserver 'keyserver.ubuntu.com' - action :add - end - - # Apt Repository - apt_repository 'nodejs' do - uri 'http://ppa.launchpad.net/chris-lea/node.js/ubuntu' - components ['main'] - distribution 'trusty' - key 'C7917B12' - keyserver 'hkp://keyserver.ubuntu.com:80' - action :add - end - - # PPA Repository w/o key specified - apt_repository 'gimp' do - uri 'ppa:otto-kesselgulasch/gimp' - end - - # Apt repository that suppresses output for sensitive resources. - apt_repository 'haproxy' do - uri 'http://ppa.launchpad.net/vbernat/haproxy-1.5/ubuntu' - components ['main'] - keyserver 'keyserver.ubuntu.com' - key '1C61B9CD' - sensitive true - action :add - end -end - -# Apt Repository with arch -apt_repository 'cloudera' do - uri 'http://archive.cloudera.com/cdh4/ubuntu/precise/amd64/cdh' - arch 'amd64' - distribution 'precise-cdh4' - components ['contrib'] - key 'http://archive.cloudera.com/debian/archive.key' - action :add -end - -# Apt repository and install a package it contains -apt_repository 'nginx' do - uri "http://nginx.org/packages/#{node['platform']}" - components ['nginx'] - key 'http://nginx.org/keys/nginx_signing.key' - deb_src true -end - -package 'nginx' do - action :install -end - -# Apt Preferences -apt_preference 'chef' do - pin 'version 12.7.2-1' - pin_priority '700' -end - -# Preference file renaming -file '/etc/apt/preferences.d/wget' do - action :touch -end - -apt_preference 'wget' do - pin 'version 1.13.4-3' - pin_priority '1001' -end - -# COOK-2338 -apt_preference 'dotdeb' do - glob '*' - pin 'origin packages.dotdeb.org ' - pin_priority '700' -end - -# rename preferences with wildcards -file '/etc/apt/preferences.d/*.pref' do - action :touch -end - -apt_preference '*' do - pin 'origin nginx.org' - pin_priority '1001' -end - -# Preference file removal -file '/etc/apt/preferences.d/camel.pref' do - action :touch -end - -apt_preference 'camel' do - action :remove -end