X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/b73176eda2a83b7fc0170a5639ad036b1c897773..8273ef2eea66bd68ce328ebc78b1c5f49513e35c:/cookbooks/apt/recipes/default.rb diff --git a/cookbooks/apt/recipes/default.rb b/cookbooks/apt/recipes/default.rb index 1d73a4d9b..2ead9baf2 100644 --- a/cookbooks/apt/recipes/default.rb +++ b/cookbooks/apt/recipes/default.rb @@ -21,25 +21,37 @@ package %w[ apt apt-transport-https gnupg - update-notifier-common ] +package "update-notifier-common" if platform?("ubuntu") + file "/etc/motd.tail" do action :delete end -template "/etc/apt/preferences.d/99-chef" do - source "preferences.erb" - owner "root" - group "root" - mode "644" +apt_preference "cciss-vol-status" do + pin "origin *.ubuntu.com" + pin_priority "1100" end apt_update "/etc/apt/sources.list" do action :nothing end -if intel? +dpkg_arch = node[:packages][:systemd][:arch] + +if platform?("debian") + archive_host = "deb.debian.org" + archive_security_host = archive_host + archive_distro = "debian" + archive_security_distro = "debian-security" + archive_suites = %w[main updates backports security] + archive_components = %w[main contrib non-free non-free-firmware] + backport_packages = case node[:lsb][:codename] + when "bookworm" then %W[amd64-microcode exim4 firmware-free firmware-nonfree intel-microcode libosmium linux-signed-#{dpkg_arch} osm2pgsql otrs2 pyosmium smartmontools systemd cgi-mapserver] + else %W[] + end +elsif intel? archive_host = if node[:country] "#{node[:country]}.archive.ubuntu.com" else @@ -47,10 +59,18 @@ if intel? end archive_security_host = "security.ubuntu.com" archive_distro = "ubuntu" + archive_security_distro = archive_distro + archive_suites = %w[main updates backports security] + archive_components = %w[main restricted universe multiverse] + backport_packages = %w[] else archive_host = "ports.ubuntu.com" archive_security_host = archive_host archive_distro = "ubuntu-ports" + archive_security_distro = archive_distro + archive_suites = %w[main updates backports security] + archive_components = %w[main restricted universe multiverse] + backport_packages = %w[] end template "/etc/apt/sources.list" do @@ -58,12 +78,38 @@ template "/etc/apt/sources.list" do owner "root" group "root" mode "644" - variables :archive_host => archive_host, :archive_security_host => archive_security_host, :archive_distro => archive_distro, :codename => node[:lsb][:codename] + variables :archive_host => archive_host, + :archive_security_host => archive_security_host, + :archive_distro => archive_distro, + :archive_security_distro => archive_security_distro, + :archive_suites => archive_suites, + :archive_components => archive_components, + :codename => node[:lsb][:codename] notifies :update, "apt_update[/etc/apt/sources.list]", :immediately end +if backport_packages.empty? + apt_preference "backports" do + action :remove + end +else + apt_preference "backports" do + glob backport_packages.sort.map { |p| "src:#{p}" }.join(" ") + pin "release n=#{node[:lsb][:codename]}-backports" + pin_priority "500" + end +end + +execute "apt-cache-gencaches" do + action :nothing + command "apt-cache gencaches" + subscribes :run, "apt_preference[backports]", :immediately +end + apt_repository "openstreetmap" do - uri "ppa:osmadmins/ppa" + uri "https://apt.openstreetmap.org" + components ["main"] + key "https://apt.openstreetmap.org/gpg.key" end package "unattended-upgrades"