cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

apt conf in metadata

Browse source
This commit is contained in:
cronekorkn 2023-07-31 18:41:52 +02:00
parent 594b7d3c86
commit 34d55f0849
Signed by: cronekorkn
SSH key fingerprint: SHA256:v0410ZKfuO1QHdgKBsdQNF64xmTxOF8osF1LIqwTcVw
6 changed files with 135 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
bundles/apt/files/00disable-package-cache
View file

@ -1,21 +0,0 @@
# ACHTUNG!
# KATASTROPHALER BUG IN APT!
# UNBEDINGT GENAU LESEN!
#
# Der offizielle Weg zum abschalten des Caches hat einen katastrophalen Bug, welcher in jedem Fall zum Verlust des
# gesamten Servers führt. Und zwar deaktivieren folgende Direktiven den Cache nicht, sondern legen ihn ins Root-
# Verzeichnis ("/"):
#
# Dir::Cache "";
# Dir::Cache::archives "";
#
# Führt man danach "apt clean" aus, wird des Cache-Verzeichnis gelöscht. Es wird also der gesamte Verzeichnisbaum
# gelöscht!
#
# siehe auch:
# https://askubuntu.com/questions/81179/how-to-prevent-apt-get-aptitude-keeping-a-cache
# https://superuser.com/questions/1405001/why-does-apt-do-not-store-downloaded-packages-anymore
#
# Als Alternative löschen wir also lieber alle "*.deb" im Standard-Cache-Verzeichnis:
DPkg::Post-Invoke {"/bin/rm -f /var/cache/apt/archives/*.deb || true";};

2
bundles/apt/files/20auto-upgrades
View file

@ -1,2 +0,0 @@
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

3
bundles/apt/files/50unattended-upgrades
View file

@ -1,3 +0,0 @@
Unattended-Upgrade::Origins-Pattern {
"origin=*";
};

16
bundles/apt/items.py
View file

@ -12,6 +12,8 @@ directories = {
}, },
}, },
'/etc/apt/apt.conf.d': { '/etc/apt/apt.conf.d': {
# existance is expected
'purge': True,
'triggers': { 'triggers': {
'action:apt_update', 'action:apt_update',
}, },
@ -44,11 +46,14 @@ directories = {
} }
files = { files = {
'/etc/apt/listchanges.conf.d/managed.conf': { '/etc/apt/apt.conf': {
'content': repo.libs.ini.dumps(node.metadata.get('apt/list_changes')), 'content': repo.libs.apt.render_apt_conf(node.metadata.get('apt/config')),
'triggers': {
'action:apt_update',
},
}, },
'/etc/apt/trusted.gpg.d': { '/etc/apt/listchanges.conf': {
'delete': True, 'content': repo.libs.ini.dumps(node.metadata.get('apt/list_changes')),
}, },
'/usr/lib/nagios/plugins/check_apt_upgradable': { '/usr/lib/nagios/plugins/check_apt_upgradable': {
'mode': '0755', 'mode': '0755',
@ -134,9 +139,6 @@ for package, options in node.metadata.get('apt/packages', {}).items():
# apt-daily.timer: performs apt update # apt-daily.timer: performs apt update
# apt-daily-upgrade.timer: performs apt upgrade # apt-daily-upgrade.timer: performs apt upgrade
files['/etc/apt/apt.conf.d/00disable-package-cache'] = {}
files['/etc/apt/apt.conf.d/20auto-upgrades'] = {}
files['/etc/apt/apt.conf.d/50unattended-upgrades'] = {}
svc_systemd['unattended-upgrades.service'] = { svc_systemd['unattended-upgrades.service'] = {
'needs': [ 'needs': [
'pkg_apt:unattended-upgrades', 'pkg_apt:unattended-upgrades',

116
bundles/apt/metadata.py
View file

@ -1,21 +1,38 @@
defaults = { defaults = {
'apt': { 'apt': {
'packages': { 'config': {
'unattended-upgrades': {}, 'DPkg': {
}, 'Pre-Install-Pkgs': {
'sources': set(), '/usr/sbin/dpkg-preconfigure --apt || true',
'list_changes': { },
'apt': { 'Post-Invoke': {
'frontend': 'pager', '/bin/rm -f /var/cache/apt/archives/*.deb || true',
'which': 'news', },
'email_address': 'root', },
'email_format': 'text', 'APT': {
'confirm': 'false', 'NeverAutoRemove': {
'headers': 'false', '^firmware-linux.*',
'reverse': 'false', '^linux-firmware$',
'save_seen': '/var/lib/apt/listchanges.db', '^linux-image-[a-z0-9]*$',
'^linux-image-[a-z0-9]*-[a-z0-9]*$',
},
'VersionedKernelPackages': {
# kernels
'linux-.*',
'kfreebsd-.*',
'gnumach-.*',
# (out-of-tree) modules
'.*-modules',
'.*-kernel',
},
'Never-MarkAuto-Sections': {
'metapackages',
'tasks',
},
'Move-Autobit-Sections': 'oldlibs',
}, },
}, },
'sources': set(),
}, },
'monitoring': { 'monitoring': {
'services': { 'services': {
@ -35,3 +52,74 @@ defaults = {
}, },
}, },
} }
@metadata_reactor.provides(
'apt/config',
'apt/packages',
)
def unattended_upgrades(metadata):
return {
'apt': {
'config': {
'APT': {
'Periodic': {
'Update-Package-Lists': '1',
'Unattended-Upgrade': '1',
},
},
'Unattended-Upgrade': {
'Origins-Pattern': {
"origin=*",
},
},
},
'packages': {
'unattended-upgrades': {},
},
},
}
@metadata_reactor.provides(
'apt/config',
'apt/list_changes',
)
def listchanges(metadata):
return {
'apt': {
'config': {
'DPkg': {
'Pre-Install-Pkgs': {
'/usr/bin/apt-listchanges --apt || test $? -lt 10',
},
},
'Tools': {
'Options': {
'/usr/bin/apt-listchanges': {
'Version': '2',
'InfoFD': '20',
},
},
},
'Dir': {
'Etc': {
'apt-listchanges-main': 'listchanges.conf',
'apt-listchanges-parts': 'listchanges.conf.d',
},
},
},
'list_changes': {
'apt': {
'frontend': 'pager',
'which': 'news',
'email_address': 'root',
'email_format': 'text',
'confirm': 'false',
'headers': 'false',
'reverse': 'false',
'save_seen': '/var/lib/apt/listchanges.db',
},
},
},
}

24
libs/apt.py
View file

@ -3,6 +3,30 @@
from urllib.parse import urlparse from urllib.parse import urlparse
from re import search, sub from re import search, sub
from functools import total_ordering from functools import total_ordering
from re import match
def render_apt_conf(section, depth=0):
buffer = ""
for k,v in sorted(section.items()):
if isinstance(v, dict):
# element is a sub section
assert match(r'^[a-zA-Z/\-\:\.\_\+]*$', k) and not match(r'::', k)
buffer += ' '*4*depth + k + ' {\n'
buffer += render_apt_conf(v, depth=depth+1)
buffer += ' '*4*depth + '}\n'
elif isinstance(v, (set, list)):
# element is a value list
buffer += ' '*4*depth + k + ' {\n'
for e in sorted(v):
buffer += ' '*4*(depth+1) + '"' + e + '";\n'
buffer += ' '*4*depth + '}\n'
else:
# element is a single value
buffer += ' '*4*depth + k + ' "' + v + '";\n'
return buffer
@total_ordering @total_ordering