manage /etc/apt, use keyring dir

2023-07-31 11:47:58 +02:00 · 2023-07-31 11:47:58 +02:00 · 594b7d3c86
commit 594b7d3c86
parent 49b05fe8b8
2 changed files with 38 additions and 5 deletions
--- a/bundles/apt/items.py
+++ b/bundles/apt/items.py
@ -5,13 +5,25 @@ from glob import glob
 from os.path import join, basename

 directories = {
-    '/etc/apt/sources.list.d': {
+    '/etc/apt': {
        'purge': True,
        'triggers': {
            'action:apt_update',
        },
    },
-    '/etc/apt/trusted.gpg.d': {
+    '/etc/apt/apt.conf.d': {
+        'triggers': {
+            'action:apt_update',
+        },
+    },
+    '/etc/apt/keyrings': {
+        # https://askubuntu.com/a/1307181
+        'purge': True,
+        'triggers': {
+            'action:apt_update',
+        },
+    },
+    '/etc/apt/listchanges.conf.d': {
        'purge': True,
        'triggers': {
            'action:apt_update',
@ -23,11 +35,20 @@ directories = {
            'action:apt_update',
        },
    },
+    '/etc/apt/sources.list.d': {
+        'purge': True,
+        'triggers': {
+            'action:apt_update',
+        },
+    },
 }

 files = {
-    '/etc/apt/sources.list': {
-        'content': '# managed'
+    '/etc/apt/listchanges.conf.d/managed.conf': {
+        'content': repo.libs.ini.dumps(node.metadata.get('apt/list_changes')),
+    },
+    '/etc/apt/trusted.gpg.d': {
+        'delete': True,
    },
    '/usr/lib/nagios/plugins/check_apt_upgradable': {
        'mode': '0755',
@ -61,7 +82,7 @@ for host, sources in hosts.items():
    paths = glob(join(repo.path, 'data', 'apt', 'keys', f'{host}.*'))
    assert len(paths) == 1
    keyfile = basename(paths[0])
-    destination_path = f'/etc/apt/trusted.gpg.d/{keyfile}'
+    destination_path = f'/etc/apt/keyrings/{keyfile}'

    for source in sources:
        source.options['signed-by'] = [destination_path]
--- a/bundles/apt/metadata.py
+++ b/bundles/apt/metadata.py
@ -4,6 +4,18 @@ defaults = {
            'unattended-upgrades': {},
        },
        'sources': set(),
+        'list_changes': {
+            'apt': {
+                'frontend': 'pager',
+                'which': 'news',
+                'email_address': 'root',
+                'email_format': 'text',
+                'confirm': 'false',
+                'headers': 'false',
+                'reverse': 'false',
+                'save_seen': '/var/lib/apt/listchanges.db',
+            },
+        },
    },
    'monitoring': {
        'services': {