From f3022a4922bc2aee0ecee7fd7bf2b080163f43ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Thu, 19 Mar 2015 23:58:31 +0100 Subject: [PATCH 1/2] Add support for Debian --- attributes/default.rb | 21 +++++++++++----- recipes/default.rb | 1 + spec/default_spec.rb | 24 +++++++++++++++---- .../default/unattended-upgrades.conf.erb | 15 +++++++++++- 4 files changed, 50 insertions(+), 11 deletions(-) diff --git a/attributes/default.rb b/attributes/default.rb index 0120756..6c3addd 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -8,12 +8,21 @@ default['unattended-upgrades']['automatic_reboot'] = false default['unattended-upgrades']['download_limit'] = nil # Set to Integer representing kb/sec limit -default['unattended-upgrades']['allowed_origins'] = { - 'security' => true, - 'updates' => false, - 'proposed' => false, - 'backports' => false -} +case node['platform'] +when 'ubuntu' + default['unattended-upgrades']['allowed_origins'] = { + 'security' => true, + 'updates' => false, + 'proposed' => false, + 'backports' => false + } + default['unattended-upgrades']['origin_patterns'] = {} +when 'debian' + default['unattended-upgrades']['allowed_origins'] = {} + default['unattended-upgrades']['origin_patterns'] = { + 'origin=Debian,archive=stable,label=Debian-Security' => true + } +end default['unattended-upgrades']['apt_recipe'] = 'default' diff --git a/recipes/default.rb b/recipes/default.rb index daa551a..74c6c88 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -37,6 +37,7 @@ mode '0644' variables( :allowed_origins => node['unattended-upgrades']['allowed_origins'], + :origin_patterns => node['unattended-upgrades']['origin_patterns'], :package_blacklist => node['unattended-upgrades']['package_blacklist'], :autofix_dpkg => node['unattended-upgrades']['autofix_dpkg'], :minimal_steps => node['unattended-upgrades']['minimal_steps'], diff --git a/spec/default_spec.rb b/spec/default_spec.rb index ba51453..a57208c 100644 --- a/spec/default_spec.rb +++ b/spec/default_spec.rb @@ -16,8 +16,16 @@ end it 'should write the config files' do - expect(chef_run).to render_file('/etc/apt/apt.conf.d/50unattended-upgrades').with_content('Unattended-Upgrade::Mail "root@localhost"') - expect(chef_run).to render_file('/etc/apt/apt.conf.d/20auto-upgrades').with_content('APT::Periodic::Unattended-Upgrade "1"') + expect(chef_run).to render_file('/etc/apt/apt.conf.d/50unattended-upgrades') + .with_content('Unattended-Upgrade::Mail "root@localhost"') + expect(chef_run).to render_file('/etc/apt/apt.conf.d/50unattended-upgrades') + .with_content('Unattended-Upgrade::Allowed-Origins') + expect(chef_run).to_not render_file('/etc/apt/apt.conf.d/50unattended-upgrades') + .with_content('Unattended-Upgrade::Origins-Pattern') + expect(chef_run).to render_file('/etc/apt/apt.conf.d/50unattended-upgrades') + .with_content('"${distro_id}:${distro_codename}-security"') + expect(chef_run).to render_file('/etc/apt/apt.conf.d/20auto-upgrades') + .with_content('APT::Periodic::Unattended-Upgrade "1"') end it 'should not warn about missing mail package' do @@ -41,8 +49,16 @@ end it 'should write the config files' do - expect(chef_run).to render_file('/etc/apt/apt.conf.d/50unattended-upgrades').with_content('Unattended-Upgrade::Mail') - expect(chef_run).to render_file('/etc/apt/apt.conf.d/20auto-upgrades').with_content('APT::Periodic::Unattended-Upgrade "1"') + expect(chef_run).to render_file('/etc/apt/apt.conf.d/50unattended-upgrades'). + with_content('Unattended-Upgrade::Mail') + expect(chef_run).to_not render_file('/etc/apt/apt.conf.d/50unattended-upgrades') + .with_content('Unattended-Upgrade::Allowed-Origins') + expect(chef_run).to render_file('/etc/apt/apt.conf.d/50unattended-upgrades') + .with_content('Unattended-Upgrade::Origins-Pattern') + expect(chef_run).to render_file('/etc/apt/apt.conf.d/50unattended-upgrades') + .with_content('origin=Debian,archive=stable,label=Debian-Security') + expect(chef_run).to render_file('/etc/apt/apt.conf.d/20auto-upgrades') + .with_content('APT::Periodic::Unattended-Upgrade "1"') end end diff --git a/templates/default/unattended-upgrades.conf.erb b/templates/default/unattended-upgrades.conf.erb index 09ff914..78075b8 100644 --- a/templates/default/unattended-upgrades.conf.erb +++ b/templates/default/unattended-upgrades.conf.erb @@ -1,11 +1,24 @@ // File configured by chef - don't edit manually +<% unless @allowed_origins.empty? %> // Automatically upgrade packages from these (origin:archive) pairs Unattended-Upgrade::Allowed-Origins { <% @allowed_origins.each do |origin, enabled| %> -<%= '//' unless enabled %> "${distro_id}:${distro_codename}-<%= origin %>"; + <%= "\"${distro_id}:${distro_codename}-#{origin}\";" if enabled -%> <% end %> + }; +<% end %> + +<% unless @origin_patterns.empty? %> +// Automatically upgrade packages from these origin patterns +Unattended-Upgrade::Origins-Pattern { +<% @origin_patterns.each do |pattern, enabled| %> + <%= "\"#{pattern}\";" if enabled -%> +<% end %> + +}; +<% end %> // List of packages to not update Unattended-Upgrade::Package-Blacklist { From 7c8b80ca5c5d053efbf3684bb3df58e6dc9eebff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Fri, 20 Mar 2015 15:07:07 +0100 Subject: [PATCH 2/2] Bump version and officially support Debian --- metadata.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata.rb b/metadata.rb index 064ce32..5e361ee 100644 --- a/metadata.rb +++ b/metadata.rb @@ -4,9 +4,9 @@ license "Apache 2.0" description "Installs/Configures unattended-upgrades" long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version "0.1.2" +version "0.2.0" -# supports "debian" # Untested +supports "debian" supports "ubuntu" depends "apt"