From 38416452415fba1d0ed0095d627f7d06c37ae368 Mon Sep 17 00:00:00 2001
From: Robert August Vincent II <pillarsdotnet@gmail.com>
Date: Wed, 7 Dec 2022 16:36:56 -0500
Subject: [PATCH] MODULES-10763 Do not report apt-get update as a change

---
 manifests/update.pp                   | 16 +++++++++++--
 templates/update_had_no_effect.sh.epp | 33 +++++++++++++++++++++++++++
 2 files changed, 47 insertions(+), 2 deletions(-)
 create mode 100644 templates/update_had_no_effect.sh.epp

diff --git a/manifests/update.pp b/manifests/update.pp
index a9f2486b16..f30079f7d7 100644
--- a/manifests/update.pp
+++ b/manifests/update.pp
@@ -56,13 +56,25 @@
   } else {
     $_refresh = true
   }
+  # We perform the update in an `unless` clause of the exec, and
+  # return true only if the `/var/cache/apt/pkgcache.bin` file changed.
+  # This ensures that Puppet does not report a change if the
+  # update command had no effect. See MODULES-10763 for discussion.
+  $apt_update_unless = epp(
+    'apt/update_had_no_effect.sh.epp',
+    'provider' => $apt::provider,
+    'timeout'  => $apt::_update['timeout'],
+    'tries'    => $apt::_update['tries'],
+  )
   exec { 'apt_update':
-    command     => "${apt::provider} update",
+    command     => "echo ${apt::provider} updated the package cache.",
     loglevel    => $apt::_update['loglevel'],
     logoutput   => 'on_failure',
+    path        => '/bin:/sbin:/usr/bin:/usr/sbin',
+    provider    => shell,
     refreshonly => $_refresh,
     timeout     => $apt::_update['timeout'],
     tries       => $apt::_update['tries'],
-    try_sleep   => 1,
+    unless      => $apt_update_unless,
   }
 }
diff --git a/templates/update_had_no_effect.sh.epp b/templates/update_had_no_effect.sh.epp
new file mode 100644
index 0000000000..0a3ff085c4
--- /dev/null
+++ b/templates/update_had_no_effect.sh.epp
@@ -0,0 +1,33 @@
+<%- |
+  String  $provider = 'apt',
+  Integer $timeout = 30,
+  Integer $tries = 1,
+| -%>
+
+EVAL="$(mktemp)" || EVAL=/tmp/aptdir
+apt-config shell DIR Dir::Cache > "$EVAL" && . "$EVAL"
+[ "$DIR" ] || DIR='var/cache/apt'
+cd "/$DIR" || exit 0
+export TMPDIR="/$DIR"
+apt-config shell CUR DIR::Cache::pkgcache >"$EVAL" && . "$EVAL"
+[ "$CUR" ] || CUR=pkgcache.bin
+OLD="$(mktemp)" || OLD="/${DIR}/${CUR}.old"
+rm -f "$EVAL"
+[ -e "$CUR" ] || touch "$CUR"
+ln -f "$CUR" "$OLD"
+TRIES=<%= $tries %>
+while true; do
+  if timeout 1 true; then
+    timeout <%= $timeout %>m <%= $provider %> update && break
+  else
+    <%= $provider %> update && break
+  fi
+  [ $TRIES -le 1 ] && break
+  sleep 1
+  TRIES=$(( TRIES - 1 ))
+done
+SAME=1
+[ -e "$CUR" ] || touch "$CUR"
+cmp "$CUR" "$OLD" && SAME=0
+rm -f "$OLD"
+exit $SAME