X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/28af965bd1a4b0d21965435bd94ed9355341b4a9..b7c12630cb9de017d76fe60ff296534d6d061399:/cookbooks/apt/recipes/default.rb?ds=sidebyside diff --git a/cookbooks/apt/recipes/default.rb b/cookbooks/apt/recipes/default.rb index e3787470a..2699b6a66 100644 --- a/cookbooks/apt/recipes/default.rb +++ b/cookbooks/apt/recipes/default.rb @@ -1,14 +1,14 @@ # -# Cookbook Name:: apt +# Cookbook:: apt # Recipe:: default # -# Copyright 2010, Tom Hughes +# Copyright:: 2010, Tom Hughes # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, @@ -17,128 +17,121 @@ # limitations under the License. # -package "apt" -package "update-notifier-common" +package %w[ + apt + apt-transport-https + gnupg +] + +package "update-notifier-common" if platform?("ubuntu") file "/etc/motd.tail" do action :delete end -execute "apt-update" do +apt_preference "cciss-vol-status" do + pin "origin *.ubuntu.com" + pin_priority "1100" +end + +apt_update "/etc/apt/sources.list" do action :nothing - command "/usr/bin/apt-get update" +end + +dpkg_arch = node[:packages][:systemd][:arch] + +if platform?("debian") + archive_host = "deb.debian.org" + archive_security_host = archive_host + archive_distro = "debian" + archive_security_distro = "debian-security" + archive_suites = %w[main updates backports security] + archive_components = %w[main contrib non-free non-free-firmware] + backport_packages = case node[:lsb][:codename] + when "bookworm" then %W[amd64-microcode exim4 firmware-free firmware-nonfree intel-microcode libosmium linux-signed-#{dpkg_arch} osm2pgsql otrs2 pyosmium smartmontools systemd] + else %W[] + end +elsif intel? + archive_host = if node[:country] + "#{node[:country]}.archive.ubuntu.com" + else + "archive.ubuntu.com" + end + archive_security_host = "security.ubuntu.com" + archive_distro = "ubuntu" + archive_security_distro = archive_distro + archive_suites = %w[main updates backports security] + archive_components = %w[main restricted universe multiverse] + backport_packages = %w[] +else + archive_host = "ports.ubuntu.com" + archive_security_host = archive_host + archive_distro = "ubuntu-ports" + archive_security_distro = archive_distro + archive_suites = %w[main updates backports security] + archive_components = %w[main restricted universe multiverse] + backport_packages = %w[] end template "/etc/apt/sources.list" do source "sources.list.erb" owner "root" group "root" - mode 0644 - notifies :run, "execute[apt-update]", :immediately -end - -if node[:lsb][:release].to_f >= 16.04 - apt_source "brightbox-ruby-ng" do - action :delete + mode "644" + variables :archive_host => archive_host, + :archive_security_host => archive_security_host, + :archive_distro => archive_distro, + :archive_security_distro => archive_security_distro, + :archive_suites => archive_suites, + :archive_components => archive_components, + :codename => node[:lsb][:codename] + notifies :update, "apt_update[/etc/apt/sources.list]", :immediately +end + +if backport_packages.empty? + apt_preference "backports" do + action :remove end else - apt_source "brightbox-ruby-ng" do - url "http://ppa.launchpad.net/brightbox/ruby-ng/ubuntu" - key "C3173AA6" + apt_preference "backports" do + glob backport_packages.sort.map { |p| "src:#{p}" }.join(" ") + pin "release n=#{node[:lsb][:codename]}-backports" + pin_priority "500" end end -apt_source "ubuntugis-stable" do - url "http://ppa.launchpad.net/ubuntugis/ppa/ubuntu" - key "314DF160" -end - -apt_source "ubuntugis-unstable" do - url "http://ppa.launchpad.net/ubuntugis/ubuntugis-unstable/ubuntu" - key "314DF160" -end - -apt_source "openstreetmap" do - url "http://ppa.launchpad.net/osmadmins/ppa/ubuntu" - key "0AC4F2CB" -end - -apt_source "management-component-pack" do - template "hp.list.erb" - url "http://downloads.linux.hpe.com/SDR/repo/mcp" - key "B1275EA3" -end - -apt_source "hwraid" do - template "hwraid.list.erb" - url "http://hwraid.le-vert.net/ubuntu" - key "23B3D3B4" -end - -apt_source "mapnik-v210" do - url "http://ppa.launchpad.net/mapnik/v2.1.0/ubuntu" - key "5D50B6BA" -end - -apt_source "nginx" do - template "nginx.list.erb" - url "http://nginx.org/packages/ubuntu" - key "7BD9BF62" -end - -apt_source "elasticsearch" do - template "elasticsearch.list.erb" - url "http://packages.elasticsearch.org/elasticsearch/1.7/debian" - key "D88E42B4" -end - -apt_source "logstash" do - template "elasticsearch.list.erb" - url "http://packages.elasticsearch.org/logstash/1.5/debian" - key "D88E42B4" -end - -apt_source "logstash-forwarder" do - template "elasticsearch.list.erb" - url "http://packages.elasticsearch.org/logstashforwarder/debian" - key "D88E42B4" -end - -apt_source "passenger" do - url "https://oss-binaries.phusionpassenger.com/apt/passenger" - key "AC40B2F7" -end - -apt_source "postgresql" do - template "postgresql.list.erb" - url "http://apt.postgresql.org/pub/repos/apt" - key "ACCC4CF8" +execute "apt-cache-gencaches" do + action :nothing + command "apt-cache gencaches" + subscribes :run, "apt_preference[backports]", :immediately end -apt_source "mediawiki" do - template "mediawiki.list.erb" - url "https://releases.wikimedia.org/debian" - key "664C383A3566A3481B942F007A322AC6E84AFDD2" +apt_repository "openstreetmap" do + uri "https://apt.openstreetmap.org" + components ["main"] + key "https://apt.openstreetmap.org/gpg.key" end package "unattended-upgrades" -auto_upgrades = if node[:apt][:unattended_upgrades][:enable] - IO.read("/usr/share/unattended-upgrades/20auto-upgrades") - else - IO.read("/usr/share/unattended-upgrades/20auto-upgrades-disabled") - end - -file "/etc/apt/apt.conf.d/20auto-upgrades" do - user "root" - group "root" - mode 0644 - content auto_upgrades +if Dir.exist?("/usr/share/unattended-upgrades") + auto_upgrades = if node[:apt][:unattended_upgrades][:enable] + IO.read("/usr/share/unattended-upgrades/20auto-upgrades") + else + IO.read("/usr/share/unattended-upgrades/20auto-upgrades-disabled") + end + + file "/etc/apt/apt.conf.d/20auto-upgrades" do + user "root" + group "root" + mode "644" + content auto_upgrades + end end template "/etc/apt/apt.conf.d/60chef" do source "apt.conf.erb" owner "root" group "root" - mode 0644 + mode "644" end