2020-06-22 13:07:20 +00:00
14 changed files with 117 additions and 30 deletions
--- a/2
+++ b/2
@ -31,7 +31,7 @@ cookbook 'nginx',                  '= 9.0.0'
 cookbook 'build-essential',        '~> 8.2.1'
 cookbook 'mysql',                  '~> 8.5.1'
 # cookbook 'postgresql',             '= 7.1.8'
-cookbook 'apt',                    '~> 7.0.0'
+cookbook 'apt',                    '~> 7.3.0'
 cookbook 'git',                    '= 6.0.0'
 cookbook 'hostsfile',              '= 2.4.5'
 cookbook 'ohai',                   '~> 5.2.5'
--- a/Berksfile.lock
+++ b/Berksfile.lock
@ -3,7 +3,7 @@ DEPENDENCIES
  application (~> 5.2.0)
  application_git (= 1.1.0)
  application_javascript (~> 1.0.0)
-  apt (~> 7.0.0)
+  apt (~> 7.3.0)
  ark (= 3.1.0)
  build-essential (~> 8.2.1)
  chef-sugar (= 3.3.0)
@ -66,7 +66,7 @@ GRAPH
    poise (~> 2.0)
    poise-javascript (~> 1.0)
    poise-service (~> 1.0)
-  apt (7.0.0)
+  apt (7.3.0)
  ark (3.1.0)
    build-essential (>= 0.0.0)
    seven_zip (>= 0.0.0)
--- a/cookbooks/apt/CHANGELOG.md
+++ b/cookbooks/apt/CHANGELOG.md
@ -2,6 +2,34 @@

 This file is used to list changes made in each version of the apt cookbook.

+## 7.3.0 (2020-05-01)
+
+- Cookstyle fixes - [@tas50](https://github.com/tas50)
+- Remove unnecessary Foodcritic comments - [@tas50](https://github.com/tas50)
+- Simplify the metadata.rb to resolve cookstyle warnings - [@tas50](https://github.com/tas50)
+- Prevent helper collisions in Chef Infra Client 16 - [@tas50](https://github.com/tas50)
+
+## 7.2.0 (2019-08-05)
+
+- Allow you to specify dpkg options just for unattended upgrades - [@majormoses](https://github.com/majormoses)
+- Adding documentation and tests for setting dpkg options unattended upgrades - [@majormoses](https://github.com/majormoses)
+- Test on Chef 15 + Chef Workstation - [@tas50](https://github.com/tas50)
+- Remove tests of the resources now built into Chef - [@tas50](https://github.com/tas50)
+- Remove respond_to from the metadata - [@tas50](https://github.com/tas50)
+- Remove the recipe description from the metadata as these aren't used - [@tas50](https://github.com/tas50)
+- Replace Chef 12 testing with 13.3 - [@tas50](https://github.com/tas50)
+- Remove Ubuntu 14.04 / Debian 8 testing and add Debian 10 testing - [@tas50](https://github.com/tas50)
+
+## 7.1.1 (2018-10-11)
+
+- Allow to customize sender email for unattended-upgrades
+
+## 7.1.0 (2018-09-05)
+
+- Add the installation of dirmngr and gnupg to the apt default cookbook to support secure repositories
+- Added support for the unattended-upgrade SyslogEnable configuration feature
+- Added support for the unattended-upgrade SyslogFacility configuration feature
+
 ## 7.0.0 (2018-04-06)

 ### Breaking Change
@ -16,7 +44,7 @@ This file is used to list changes made in each version of the apt cookbook.
 ## 6.1.3 (2017-07-19)

 - Fixed typo in readme
- Fixed config namespace in the 10dpkg-options file 
+- Fixed config namespace in the 10dpkg-options file

 ## 6.1.2 (2017-06-20)

--- a/cookbooks/apt/README.md
+++ b/cookbooks/apt/README.md
@ -83,7 +83,7 @@ For example, to prevent caching and directly connect to the repository at `downl
            "cacher_server": {
                "cache_bypass": {
                    "download.oracle.com": "http",
-                    "nginx.org": "https"  
+                    "nginx.org": "https"
                }
            }
        }
@ -129,11 +129,15 @@ To pull just security updates, set `origins_patterns` to something like `["origi
 - `['apt']['unattended_upgrades']['minimal_steps']` - Split the upgrade into the smallest possible chunks. This makes the upgrade a bit slower but it has the benefit that shutdown while a upgrade is running is possible (with a small delay). Defaults to false.
 - `['apt']['unattended_upgrades']['install_on_shutdown']` - Install upgrades when the machine is shuting down instead of doing it in the background while the machine is running. This will (obviously) make shutdown slower. Defaults to false.
 - `['apt']['unattended_upgrades']['mail']` - Send email to this address for problems or packages upgrades. Defaults to no email.
+- `['apt']['unattended_upgrades']['sender']` - Send email from this address for problems or packages upgrades. Defaults to 'root'.
 - `['apt']['unattended_upgrades']['mail_only_on_error']` - If set, email will only be set on upgrade errors. Otherwise, an email will be sent after each upgrade. Defaults to true.
 - `['apt']['unattended_upgrades']['remove_unused_dependencies']` Do automatic removal of new unused dependencies after the upgrade. Defaults to false.
 - `['apt']['unattended_upgrades']['automatic_reboot']` - Automatically reboots _without confirmation_ if a restart is required after the upgrade. Defaults to false.
 - `['apt']['unattended_upgrades']['dl_limit']` - Limits the bandwidth used by apt to download packages. Value given as an integer in kb/sec. Defaults to nil (no limit).
 - `['apt']['unattended_upgrades']['random_sleep']` - Wait a random number of seconds up to this value before running daily periodic apt actions. System default is 1800 seconds (30 minutes).
+- `['apt']['unattended_upgrades']['syslog_enable']` - Enable logging to syslog. Defaults to false.
+- `['apt']['unattended_upgrades']['syslog_facility']` - Specify syslog facility. Defaults to 'daemon'.
+- `['apt']['unattended_upgrades']['dpkg_options']` An array of dpkg options to be used specifically only for unattended upgrades. Defaults to `[]` which will prevent it from being rendered from the template in the resulting file.

 ### Configuration for APT

--- a/cookbooks/apt/attributes/default.rb
+++ b/cookbooks/apt/attributes/default.rb
@ -2,7 +2,7 @@
 # Cookbook:: apt
 # Attributes:: default
 #
-# Copyright:: 2009-2017, Chef Software, Inc.
+# Copyright:: 2009-2019, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -41,12 +41,17 @@ default['apt']['unattended_upgrades']['auto_fix_interrupted_dpkg'] = false
 default['apt']['unattended_upgrades']['minimal_steps'] = false
 default['apt']['unattended_upgrades']['install_on_shutdown'] = false
 default['apt']['unattended_upgrades']['mail'] = nil
+default['apt']['unattended_upgrades']['sender'] = nil
 default['apt']['unattended_upgrades']['mail_only_on_error'] = true
 default['apt']['unattended_upgrades']['remove_unused_dependencies'] = false
 default['apt']['unattended_upgrades']['automatic_reboot'] = false
 default['apt']['unattended_upgrades']['automatic_reboot_time'] = 'now'
 default['apt']['unattended_upgrades']['dl_limit'] = nil
 default['apt']['unattended_upgrades']['random_sleep'] = nil
+default['apt']['unattended_upgrades']['syslog_enable'] = false
+default['apt']['unattended_upgrades']['syslog_facility'] = 'daemon'
+
+default['apt']['unattended_upgrades']['dpkg_options'] = []

 default['apt']['confd']['force_confask'] = false
 default['apt']['confd']['force_confdef'] = false
--- a/cookbooks/apt/libraries/helpers.rb
+++ b/cookbooks/apt/libraries/helpers.rb
@ -2,7 +2,7 @@
 # Cookbook:: apt
 # Library:: helpers
 #
-# Copyright:: 2013-2017, Chef Software, Inc.
+# Copyright:: 2013-2019, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -24,13 +24,13 @@ module Apt
    #
    # @return [Boolean]
    def apt_installed?
-      !which('apt-get').nil?
+      !apt_which('apt-get').nil?
    end

    # Finds a command in $PATH
    #
    # @return [String, nil]
-    def which(cmd)
+    def apt_which(cmd)
      ENV['PATH'] = '' if ENV['PATH'].nil?
      paths = (ENV['PATH'].split(::File::PATH_SEPARATOR) + %w(/bin /usr/bin /sbin /usr/sbin))

@ -44,6 +44,6 @@ module Apt
  end
 end

-Chef::Recipe.send(:include, ::Apt::Helpers)
-Chef::Resource.send(:include, ::Apt::Helpers)
-Chef::Provider.send(:include, ::Apt::Helpers)
+Chef::Recipe.include ::Apt::Helpers
+Chef::Resource.include ::Apt::Helpers
+Chef::Provider.include ::Apt::Helpers
--- a/cookbooks/apt/metadata.json
+++ b/cookbooks/apt/metadata.json
--- a/cookbooks/apt/metadata.rb
+++ b/cookbooks/apt/metadata.rb
@ -0,0 +1,13 @@
+name 'apt'
+maintainer 'Chef Software, Inc.'
+maintainer_email 'cookbooks@chef.io'
+license 'Apache-2.0'
+description 'Configures apt and apt caching.'
+version '7.3.0'
+
+supports 'ubuntu'
+supports 'debian'
+
+source_url 'https://github.com/chef-cookbooks/apt'
+issues_url 'https://github.com/chef-cookbooks/apt/issues'
+chef_version '>= 13.3'
--- a/cookbooks/apt/recipes/cacher-client.rb
+++ b/cookbooks/apt/recipes/cacher-client.rb
@ -2,7 +2,7 @@
 # Cookbook:: apt
 # Recipe:: cacher-client
 #
-# Copyright:: 2011-2017, Chef Software, Inc.
+# Copyright:: 2011-2019, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -49,4 +49,4 @@ else
  t.run_action(:create) if node['apt']['compiletime']
 end

-include_recipe 'apt::default'
+include_recipe 'apt::default' # rubocop: disable ChefModernize/IncludingAptDefaultRecipe
--- a/cookbooks/apt/recipes/cacher-ng.rb
+++ b/cookbooks/apt/recipes/cacher-ng.rb
@ -2,7 +2,7 @@
 # Cookbook:: apt
 # Recipe:: cacher-ng
 #
-# Copyright:: 2008-2017, Chef Software, Inc.
+# Copyright:: 2008-2019, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the 'License');
 # you may not use this file except in compliance with the License.
--- a/cookbooks/apt/recipes/default.rb
+++ b/cookbooks/apt/recipes/default.rb
@ -2,8 +2,8 @@
 # Cookbook:: apt
 # Recipe:: default
 #
-# Copyright:: 2008-2017, Chef Software, Inc.
-# Copyright:: 2009-2017, Bryan McLellan <btm@loftninjas.org>
+# Copyright:: 2008-2019, Chef Software, Inc.
+# Copyright:: 2009-2019, Bryan McLellan <btm@loftninjas.org>
 #
 # Licensed under the Apache License, Version 2.0 (the 'License');
 # you may not use this file except in compliance with the License.
@ -42,8 +42,7 @@ apt_update 'periodic' do
 end

 # For other recipes to call to force an update
-execute 'apt-get update' do
-  command 'apt-get update'
+execute 'apt-get update' do # rubocop: disable ChefModernize/ExecuteAptUpdate
  ignore_failure true
  action :nothing
  notifies :touch, 'file[/var/lib/apt/periodic/update-success-stamp]', :immediately
@ -93,6 +92,6 @@ template '/etc/apt/apt.conf.d/10recommends' do
  only_if { apt_installed? }
 end

-package 'apt-transport-https' do
+package %w(apt-transport-https gnupg dirmngr) do
  only_if { apt_installed? }
 end
--- a/cookbooks/apt/recipes/unattended-upgrades.rb
+++ b/cookbooks/apt/recipes/unattended-upgrades.rb
@ -2,7 +2,7 @@
 # Cookbook:: apt
 # Recipe:: unattended-upgrades
 #
-# Copyright:: 2014-2017, Chef Software, Inc.
+# Copyright:: 2014-2019, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the 'License');
 # you may not use this file except in compliance with the License.
--- a/cookbooks/apt/templates/50unattended-upgrades.erb
+++ b/cookbooks/apt/templates/50unattended-upgrades.erb
@ -25,7 +25,7 @@ Unattended-Upgrade::Package-Blacklist {
 };

 // This option allows you to control if on a unclean dpkg exit
-// unattended-upgrades will automatically run 
+// unattended-upgrades will automatically run
 //   dpkg --force-confold --configure -a
 // The default is true, to ensure updates keep getting installed
 Unattended-Upgrade::AutoFixInterruptedDpkg "<%= node['apt']['unattended_upgrades']['auto_fix_interrupted_dpkg'] ? 'true' : 'false' %>";
@ -41,14 +41,20 @@ Unattended-Upgrade::MinimalSteps "<%= node['apt']['unattended_upgrades']['minima
 // This will (obviously) make shutdown slower
 Unattended-Upgrade::InstallOnShutdown "<%= node['apt']['unattended_upgrades']['install_on_shutdown'] ? 'true' : 'false' %>";

+<% if node['apt']['unattended_upgrades']['mail'] -%>
 // Send email to this address for problems or packages upgrades
 // If empty or unset then no email is sent, make sure that you
 // have a working mail setup on your system. A package that provides
 // 'mailx' must be installed.
-<% if node['apt']['unattended_upgrades']['mail'] -%>
 Unattended-Upgrade::Mail "<%= node['apt']['unattended_upgrades']['mail'] %>";
 <% end -%>

+<% if node['apt']['unattended_upgrades']['sender'] -%>
+// This option allows to customize the email address used in the
+// 'From' header. unattended-upgrades will use "root" if unset.
+Unattended-Upgrade::Sender "<%= node['apt']['unattended_upgrades']['sender'] %>";
+<% end -%>
+
 // Set this value to "true" to get emails only on errors. Default
 // is to always send a mail if Unattended-Upgrade::Mail is set
 Unattended-Upgrade::MailOnlyOnError "<%= node['apt']['unattended_upgrades']['mail_only_on_error'] ? 'true' : 'false' %>";
@ -57,19 +63,42 @@ Unattended-Upgrade::MailOnlyOnError "<%= node['apt']['unattended_upgrades']['mai
 // (equivalent to apt-get autoremove)
 Unattended-Upgrade::Remove-Unused-Dependencies "<%= node['apt']['unattended_upgrades']['remove_unused_dependencies'] ? 'true' : 'false' %>";

-// Automatically reboot *WITHOUT CONFIRMATION* if a 
-// the file /var/run/reboot-required is found after the upgrade 
+// Automatically reboot *WITHOUT CONFIRMATION* if a
+// the file /var/run/reboot-required is found after the upgrade
 Unattended-Upgrade::Automatic-Reboot "<%= node['apt']['unattended_upgrades']['automatic_reboot'] ? 'true' : 'false' %>";

-// If automatic reboot is enabled and needed, reboot at the specific
-// time instead of immediately
-//  Default: "now"
 <% if node['apt']['unattended_upgrades']['automatic_reboot'] -%>
+// If automatic reboot is enabled and needed, reboot at the specific
+// time instead of immediately. Default is "now"
 Unattended-Upgrade::Automatic-Reboot-Time "<%= node['apt']['unattended_upgrades']['automatic_reboot_time'] %>";
 <% end %>

+<% if node['apt']['unattended_upgrades']['dl_limit'] -%>
 // Use apt bandwidth limit feature, this example limits the download
 // speed to 70kb/sec
-<% if node['apt']['unattended_upgrades']['dl_limit'] -%>
+// Acquire::http::Dl-Limit "70";
 Acquire::http::Dl-Limit "<%= node['apt']['unattended_upgrades']['dl_limit'] %>";
 <% end -%>
+
+// Enable logging to syslog. Default is False
+Unattended-Upgrade::SyslogEnable "<%= node['apt']['unattended_upgrades']['syslog_enable'] ? 'true' : 'false' %>";
+
+// Specify syslog facility. Default is daemon
+Unattended-Upgrade::SyslogFacility "<%= node['apt']['unattended_upgrades']['syslog_facility'] %>";
+
+// specify any dpkg options you want to run
+// for example if you wanted to upgrade and use
+// the installed version of config files when
+// resolving conflicts during an upgrade you
+// typically need:
+// Dpkg::Options {
+//   "--force-confdef";
+//   "--force-confold";
+//};
+<% unless node['apt']['unattended_upgrades']['dpkg_options'].empty? -%>
+Dpkg::Options {
+<% node['apt']['unattended_upgrades']['dpkg_options'].each do |option|%>
+	"<%= option %>";
+<% end -%>
+};
+<% end -%>
--- a/site-cookbooks/kosmos-base/recipes/default.rb
+++ b/site-cookbooks/kosmos-base/recipes/default.rb
@ -29,8 +29,17 @@ include_recipe 'timezone_iii'
 include_recipe 'ntp'
 include_recipe 'kosmos-base::systemd_emails'

+node.override["apt"]["unattended_upgrades"]["allowed_origins"] = [
+  "${distro_id}:${distro_codename}-security",
+  "${distro_id}:${distro_codename}-updates"
+]
+node.override["apt"]["unattended_upgrades"]["mail"] = "ops@kosmos.org"
+node.override["apt"]["unattended_upgrades"]["syslog_enable"] = true
+include_recipe 'apt::unattended-upgrades'
+
 package 'mailutils'
 package 'mosh'
+package 'vim'

 # Don't create users and rewrite the sudo config in development environment.
 # It breaks the vagrant user