diff --git a/bundles/apt/items.py b/bundles/apt/items.py index 2032dd9..241c4b8 100644 --- a/bundles/apt/items.py +++ b/bundles/apt/items.py @@ -5,13 +5,25 @@ from glob import glob from os.path import join, basename directories = { - '/etc/apt/sources.list.d': { + '/etc/apt': { 'purge': True, 'triggers': { 'action:apt_update', }, }, - '/etc/apt/trusted.gpg.d': { + '/etc/apt/apt.conf.d': { + 'triggers': { + 'action:apt_update', + }, + }, + '/etc/apt/keyrings': { + # https://askubuntu.com/a/1307181 + 'purge': True, + 'triggers': { + 'action:apt_update', + }, + }, + '/etc/apt/listchanges.conf.d': { 'purge': True, 'triggers': { 'action:apt_update', @@ -23,11 +35,20 @@ directories = { 'action:apt_update', }, }, + '/etc/apt/sources.list.d': { + 'purge': True, + 'triggers': { + 'action:apt_update', + }, + }, } files = { - '/etc/apt/sources.list': { - 'content': '# managed' + '/etc/apt/listchanges.conf.d/managed.conf': { + 'content': repo.libs.ini.dumps(node.metadata.get('apt/list_changes')), + }, + '/etc/apt/trusted.gpg.d': { + 'delete': True, }, '/usr/lib/nagios/plugins/check_apt_upgradable': { 'mode': '0755', @@ -61,7 +82,7 @@ for host, sources in hosts.items(): paths = glob(join(repo.path, 'data', 'apt', 'keys', f'{host}.*')) assert len(paths) == 1 keyfile = basename(paths[0]) - destination_path = f'/etc/apt/trusted.gpg.d/{keyfile}' + destination_path = f'/etc/apt/keyrings/{keyfile}' for source in sources: source.options['signed-by'] = [destination_path] diff --git a/bundles/apt/metadata.py b/bundles/apt/metadata.py index 7d510de..8e44df4 100644 --- a/bundles/apt/metadata.py +++ b/bundles/apt/metadata.py @@ -4,6 +4,18 @@ defaults = { 'unattended-upgrades': {}, }, 'sources': set(), + 'list_changes': { + 'apt': { + 'frontend': 'pager', + 'which': 'news', + 'email_address': 'root', + 'email_format': 'text', + 'confirm': 'false', + 'headers': 'false', + 'reverse': 'false', + 'save_seen': '/var/lib/apt/listchanges.db', + }, + }, }, 'monitoring': { 'services': {