from-scratch 0.1.0 → 0.1.1

data/cookbooks/apt/attributes/default.rb

@@ -0,0 +1,51 @@
+#
+# Cookbook Name:: apt
+# Attributes:: default
+#
+# Copyright 2009-2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+default['apt']['cacher-client']['restrict_environment'] = false
+default['apt']['cacher_dir'] = '/var/cache/apt-cacher-ng'
+default['apt']['cacher_interface'] = nil
+default['apt']['cacher_port'] = 3142
+default['apt']['cacher_ssl_support'] = false
+default['apt']['caching_server'] = false
+default['apt']['compiletime'] = false
+default['apt']['compile_time_update'] = false
+default['apt']['key_proxy'] = ''
+default['apt']['cache_bypass'] = {}
+default['apt']['periodic_update_min_delay'] = 86_400
+default['apt']['launchpad_api_version'] = '1.0'
+default['apt']['unattended_upgrades']['enable'] = false
+default['apt']['unattended_upgrades']['update_package_lists'] = true
+# this needs a good default
+codename = node.attribute?('lsb') ? node['lsb']['codename'] : 'notlinux'
+default['apt']['unattended_upgrades']['allowed_origins'] = [
+  "#{node['platform'].capitalize} #{codename}"
+]
+default['apt']['unattended_upgrades']['package_blacklist'] = []
+default['apt']['unattended_upgrades']['auto_fix_interrupted_dpkg'] = false
+default['apt']['unattended_upgrades']['minimal_steps'] = false
+default['apt']['unattended_upgrades']['install_on_shutdown'] = false
+default['apt']['unattended_upgrades']['mail'] = nil
+default['apt']['unattended_upgrades']['mail_only_on_error'] = true
+default['apt']['unattended_upgrades']['remove_unused_dependencies'] = false
+default['apt']['unattended_upgrades']['automatic_reboot'] = false
+default['apt']['unattended_upgrades']['automatic_reboot_time'] = 'now'
+default['apt']['unattended_upgrades']['dl_limit'] = nil
+
+default['apt']['confd']['install_recommends'] = true
+default['apt']['confd']['install_suggests'] = false

data/cookbooks/apt/files/default/15update-stamp

@@ -0,0 +1 @@
+APT::Update::Post-Invoke-Success {"touch /var/lib/apt/periodic/update-success-stamp 2>/dev/null || true";};

data/cookbooks/apt/files/default/apt-proxy-v2.conf

@@ -0,0 +1,50 @@
+[DEFAULT]
+;; All times are in seconds, but you can add a suffix
+;; for minutes(m), hours(h) or days(d)
+
+;; commented out address so apt-proxy will listen on all IPs
+;; address = 127.0.0.1
+port = 9999
+cache_dir = /var/cache/apt-proxy
+
+;; Control files (Packages/Sources/Contents) refresh rate
+min_refresh_delay = 1s
+complete_clientless_downloads = 1
+
+;; Debugging settings.
+debug = all:4 db:0
+
+time = 30
+passive_ftp = on
+
+;;--------------------------------------------------------------
+;; Cache housekeeping
+
+cleanup_freq = 1d
+max_age = 120d
+max_versions = 3
+
+;;---------------------------------------------------------------
+;; Backend servers
+;;
+;; Place each server in its own [section]
+
+[ubuntu]
+; Ubuntu archive
+backends =
+        http://us.archive.ubuntu.com/ubuntu
+
+[ubuntu-security]
+; Ubuntu security updates
+backends = http://security.ubuntu.com/ubuntu
+
+[debian]
+;; Backend servers, in order of preference
+backends =
+        http://debian.osuosl.org/debian/
+
+[security]
+;; Debian security archive
+backends =
+        http://security.debian.org/debian-security
+        http://ftp2.de.debian.org/debian-security

data/cookbooks/apt/libraries/helpers.rb

@@ -0,0 +1,61 @@
+#
+# Cookbook Name:: apt
+# Library:: helpers
+#
+# Copyright 2013 Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module Apt
+  # Helpers for apt
+  module Helpers
+    # Determines if apt is installed on a system.
+    #
+    # @return [Boolean]
+    def apt_installed?
+      !which('apt-get').nil?
+    end
+
+    # Determines whether we need to run `apt-get update`
+    #
+    # @return [Boolean]
+    def apt_up_to_date?
+      if ::File.exist?('/var/lib/apt/periodic/update-success-stamp') &&
+         ::File.mtime('/var/lib/apt/periodic/update-success-stamp') > Time.now - node['apt']['periodic_update_min_delay']
+        true
+      else
+        false
+      end
+    end
+
+    # Finds a command in $PATH
+    #
+    # @return [String, nil]
+    def which(cmd)
+      ENV['PATH'] = '' if ENV['PATH'].nil?
+      paths = (ENV['PATH'].split(::File::PATH_SEPARATOR) + %w(/bin /usr/bin /sbin /usr/sbin))
+
+      paths.each do |path|
+        possible = File.join(path, cmd)
+        return possible if File.executable?(possible)
+      end
+
+      nil
+    end
+  end
+end
+
+Chef::Recipe.send(:include, ::Apt::Helpers)
+Chef::Resource.send(:include, ::Apt::Helpers)
+Chef::Provider.send(:include, ::Apt::Helpers)

data/cookbooks/apt/libraries/matchers.rb

@@ -0,0 +1,17 @@
+if defined?(ChefSpec)
+  def add_apt_preference(resource_name)
+    ChefSpec::Matchers::ResourceMatcher.new(:apt_preference, :add, resource_name)
+  end
+
+  def remove_apt_preference(resource_name)
+    ChefSpec::Matchers::ResourceMatcher.new(:apt_preference, :remove, resource_name)
+  end
+
+  def add_apt_repository(resource_name)
+    ChefSpec::Matchers::ResourceMatcher.new(:apt_repository, :add, resource_name)
+  end
+
+  def remove_apt_repository(resource_name)
+    ChefSpec::Matchers::ResourceMatcher.new(:apt_repository, :remove, resource_name)
+  end
+end

data/cookbooks/apt/libraries/network.rb

@@ -0,0 +1,31 @@
+#
+# Cookbook Name:: apt
+# library:: network
+#
+# Copyright 2013, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module ::Apt
+  def interface_ipaddress(host, interface)
+    if interface
+      addresses = host['network']['interfaces'][interface]['addresses']
+      addresses.select do |ip, data|
+        return ip if data['family'].eql?('inet')
+      end
+    else
+      return host.ipaddress
+    end
+  end
+end

data/cookbooks/apt/metadata.json

@@ -0,0 +1 @@
+{"name":"apt","version":"2.9.2","description":"Configures apt and apt services. Ships resources for managing apt repositories","long_description":"","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache 2.0","platforms":{"ubuntu":">= 0.0.0","debian":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{"apt::default":"Runs apt-get update during compile phase and sets up preseed directories","apt::cacher-ng":"Set up an apt-cacher-ng caching proxy","apt::cacher-client":"Client for the apt::cacher-ng caching proxy"}}

data/cookbooks/apt/providers/preference.rb

@@ -0,0 +1,84 @@
+#
+# Cookbook Name:: apt
+# Provider:: preference
+#
+# Copyright 2010-2011, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+use_inline_resources if defined?(use_inline_resources)
+
+def whyrun_supported?
+  true
+end
+
+# Build preferences.d file contents
+def build_pref(package_name, pin, pin_priority)
+  "Package: #{package_name}\nPin: #{pin}\nPin-Priority: #{pin_priority}\n"
+end
+
+def safe_name(name)
+  name.tr('.', '_').gsub('*', 'wildcard')
+end
+
+action :add do
+  preference = build_pref(
+    new_resource.glob || new_resource.package_name,
+    new_resource.pin,
+    new_resource.pin_priority
+  )
+
+  directory '/etc/apt/preferences.d' do
+    owner 'root'
+    group 'root'
+    mode 00755
+    recursive true
+    action :create
+  end
+
+  name = safe_name(new_resource.name)
+
+  file "/etc/apt/preferences.d/#{new_resource.name}.pref" do
+    action :delete
+    if ::File.exist?("/etc/apt/preferences.d/#{new_resource.name}.pref")
+      Chef::Log.warn "Replacing #{new_resource.name}.pref with #{name}.pref in /etc/apt/preferences.d/"
+    end
+    only_if { name != new_resource.name }
+  end
+
+  file "/etc/apt/preferences.d/#{new_resource.name}" do
+    action :delete
+    if ::File.exist?("/etc/apt/preferences.d/#{new_resource.name}")
+      Chef::Log.warn "Replacing #{new_resource.name} with #{new_resource.name}.pref in /etc/apt/preferences.d/"
+    end
+  end
+
+  file "/etc/apt/preferences.d/#{name}.pref" do
+    owner 'root'
+    group 'root'
+    mode 00644
+    content preference
+    action :create
+  end
+end
+
+action :remove do
+  name = safe_name(new_resource.name)
+  if ::File.exist?("/etc/apt/preferences.d/#{name}.pref")
+    Chef::Log.info "Un-pinning #{name} from /etc/apt/preferences.d/"
+    file "/etc/apt/preferences.d/#{name}.pref" do
+      action :delete
+    end
+  end
+end

data/cookbooks/apt/providers/repository.rb

@@ -0,0 +1,246 @@
+#
+# Cookbook Name:: apt
+# Provider:: repository
+#
+# Copyright 2010-2011, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+use_inline_resources if defined?(use_inline_resources)
+
+def whyrun_supported?
+  true
+end
+
+# install apt key from keyserver
+def install_key_from_keyserver(key, keyserver, key_proxy)
+  execute "install-key #{key}" do
+    if keyserver.start_with?('hkp://')
+      command "apt-key adv --keyserver #{keyserver} --recv #{key}"
+    elsif key_proxy.empty?
+      command "apt-key adv --keyserver hkp://#{keyserver}:80 --recv #{key}"
+    else
+      command "apt-key adv --keyserver-options http-proxy=#{key_proxy} --keyserver hkp://#{keyserver}:80 --recv #{key}"
+    end
+    sensitive new_resource.sensitive if respond_to?(:sensitive)
+    action :run
+    not_if do
+      key_present = extract_fingerprints_from_cmd('apt-key finger').any? do |fingerprint|
+        fingerprint.end_with?(key.upcase)
+      end
+
+      key_present && key_is_valid('apt-key list', key.upcase)
+    end
+  end
+
+  ruby_block "validate-key #{key}" do
+    block do
+      fail "The key #{key} is no longer valid and cannot be used for an apt repository."
+    end
+    not_if { key_is_valid('apt-key list', key.upcase) }
+  end
+end
+
+# run command and extract gpg ids
+def extract_fingerprints_from_cmd(cmd)
+  so = Mixlib::ShellOut.new(cmd, env: { 'LANG' => 'en_US', 'LANGUAGE' => 'en_US' })
+  so.run_command
+  so.stdout.split(/\n/).map do |t|
+    if z = t.match(/^ +Key fingerprint = ([0-9A-F ]+)/)
+      z[1].split.join
+    end
+  end.compact
+end
+
+# determine whether apt thinks the key is still valid
+def key_is_valid(cmd, key)
+  valid = true
+
+  so = Mixlib::ShellOut.new(cmd, env: { 'LANG' => 'en_US', 'LANGUAGE' => 'en_US' })
+  so.run_command
+  # rubocop:disable Style/Next
+  so.stdout.split(/\n/).map do |t|
+    if t.match(%r{^\/#{key}.*\[expired: .*\]$})
+      Chef::Log.debug "Found expired key: #{t}"
+      valid = false
+      break
+    end
+  end
+
+  Chef::Log.debug "key #{key} validity: #{valid}"
+  valid
+end
+
+# install apt key from URI
+def install_key_from_uri(uri)
+  key_name = uri.split(%r{\/}).last
+  cached_keyfile = "#{Chef::Config[:file_cache_path]}/#{key_name}"
+  if new_resource.key =~ /http/
+    remote_file cached_keyfile do
+      source new_resource.key
+      mode 00644
+      sensitive new_resource.sensitive if respond_to?(:sensitive)
+      action :create
+    end
+  else
+    cookbook_file cached_keyfile do
+      source new_resource.key
+      cookbook new_resource.cookbook
+      mode 00644
+      sensitive new_resource.sensitive if respond_to?(:sensitive)
+      action :create
+    end
+
+    ruby_block "validate-key #{cached_keyfile}" do
+      block do
+        fail "The key #{cached_keyfile} is no longer valid and cannot be used for an apt repository." unless key_is_valid("gpg #{cached_keyfile}", '')
+      end
+    end
+  end
+
+  execute "install-key #{key_name}" do
+    command "apt-key add #{cached_keyfile}"
+    sensitive new_resource.sensitive if respond_to?(:sensitive)
+    action :run
+    not_if do
+      installed_keys = extract_fingerprints_from_cmd('apt-key finger')
+      proposed_keys = extract_fingerprints_from_cmd("gpg --with-fingerprint #{cached_keyfile}")
+      (installed_keys & proposed_keys).sort == proposed_keys.sort
+    end
+  end
+end
+
+# build repo file contents
+def build_repo(uri, distribution, components, trusted, arch, add_deb_src)
+  uri = '"' + uri + '"' unless uri.start_with?("\"", "'")
+  components = components.join(' ') if components.respond_to?(:join)
+  repo_options = []
+  repo_options << "arch=#{arch}" if arch
+  repo_options << 'trusted=yes' if trusted
+  repo_opts = '[' + repo_options.join(' ') + ']' unless repo_options.empty?
+  repo_info = "#{repo_opts} #{uri} #{distribution} #{components}\n".lstrip
+  repo =  "deb     #{repo_info}"
+  repo << "deb-src #{repo_info}" if add_deb_src
+  repo
+end
+
+def get_ppa_key(ppa_owner, ppa_repo, key_proxy)
+  # Launchpad has currently only one stable API which is marked as EOL April 2015.
+  # The new api in devel still uses the same api call for +archive, so I made the version
+  # configurable to provide some sort of workaround if api 1.0 ceases to exist.
+  # See https://launchpad.net/+apidoc/
+  launchpad_ppa_api = "https://launchpad.net/api/#{node['apt']['launchpad_api_version']}/~%s/+archive/%s"
+  default_keyserver = 'keyserver.ubuntu.com'
+
+  require 'open-uri'
+  api_query = format("#{launchpad_ppa_api}/signing_key_fingerprint", ppa_owner, ppa_repo)
+  begin
+    key_id = open(api_query).read.delete('"')
+  rescue OpenURI::HTTPError => e
+    error = 'Could not access launchpad ppa key api: HttpError: ' + e.message
+    raise error
+  rescue SocketError => e
+    error = 'Could not access launchpad ppa key api: SocketError: ' + e.message
+    raise error
+  end
+
+  install_key_from_keyserver(key_id, default_keyserver, key_proxy)
+end
+
+# fetch ppa key, return full repo url
+def get_ppa_url(ppa, key_proxy)
+  repo_schema = 'http://ppa.launchpad.net/%s/%s/ubuntu'
+
+  # ppa:user/repo logic ported from
+  # http://bazaar.launchpad.net/~ubuntu-core-dev/software-properties/main/view/head:/softwareproperties/ppa.py#L86
+  return false unless ppa.start_with?('ppa:')
+
+  ppa_name = ppa.split(':')[1]
+  ppa_owner = ppa_name.split('/')[0]
+  ppa_repo  = ppa_name.split('/')[1]
+  ppa_repo  = 'ppa' if ppa_repo.nil?
+
+  get_ppa_key(ppa_owner, ppa_repo, key_proxy)
+
+  format(repo_schema, ppa_owner, ppa_repo)
+end
+
+action :add do
+  # add key
+  if new_resource.keyserver && new_resource.key
+    install_key_from_keyserver(new_resource.key, new_resource.keyserver, new_resource.key_proxy)
+  elsif new_resource.key
+    install_key_from_uri(new_resource.key)
+  end
+
+  file '/var/lib/apt/periodic/update-success-stamp' do
+    action :nothing
+  end
+
+  execute 'apt-cache gencaches' do
+    ignore_failure true
+    action :nothing
+  end
+
+  execute 'apt-get update' do
+    command "apt-get update -o Dir::Etc::sourcelist='sources.list.d/#{new_resource.name}.list' -o Dir::Etc::sourceparts='-' -o APT::Get::List-Cleanup='0'"
+    ignore_failure true
+    sensitive new_resource.sensitive if respond_to?(:sensitive)
+    action :nothing
+    notifies :run, 'execute[apt-cache gencaches]', :immediately
+  end
+
+  if new_resource.uri.start_with?('ppa:')
+    # build ppa repo file
+    repository = build_repo(
+      get_ppa_url(new_resource.uri, new_resource.key_proxy),
+      new_resource.distribution,
+      'main',
+      new_resource.trusted,
+      new_resource.arch,
+      new_resource.deb_src
+    )
+  else
+    # build repo file
+    repository = build_repo(
+      new_resource.uri,
+      new_resource.distribution,
+      new_resource.components,
+      new_resource.trusted,
+      new_resource.arch,
+      new_resource.deb_src
+    )
+  end
+
+  file "/etc/apt/sources.list.d/#{new_resource.name}.list" do
+    owner 'root'
+    group 'root'
+    mode 00644
+    content repository
+    sensitive new_resource.sensitive if respond_to?(:sensitive)
+    action :create
+    notifies :delete, 'file[/var/lib/apt/periodic/update-success-stamp]', :immediately
+    notifies :run, 'execute[apt-get update]', :immediately if new_resource.cache_rebuild
+  end
+end
+
+action :remove do
+  if ::File.exist?("/etc/apt/sources.list.d/#{new_resource.name}.list")
+    Chef::Log.info "Removing #{new_resource.name} repository from /etc/apt/sources.list.d/"
+    file "/etc/apt/sources.list.d/#{new_resource.name}.list" do
+      sensitive new_resource.sensitive if respond_to?(:sensitive)
+      action :delete
+    end
+  end
+end