Class: Chef::Provider::AptRepository

Inherits:

Chef::Provider

Object
Chef::Provider
Chef::Provider::AptRepository

show all

Extended by:: Mixin::Which

Includes:: Mixin::ShellOut

Defined in:: lib/chef/provider/apt_repository.rb

Constant Summary collapse

LIST_APT_KEYS =

"apt-key list".freeze

LIST_APT_KEY_FINGERPRINTS =

"apt-key adv --list-public-keys --with-fingerprint --with-colons".freeze

Instance Attribute Summary

Attributes inherited from Chef::Provider

#action, #current_resource, #new_resource, #recipe_name, #run_context

Instance Method Summary collapse

Constructor Details

This class inherits a constructor from Chef::Provider

Instance Method Details

#build_repo(uri, distribution, components, trusted, arch, add_src = false) ⇒ `Object`

# File 'lib/chef/provider/apt_repository.rb', line 232

def build_repo(uri, distribution, components, trusted, arch, add_src = false)
  uri = make_ppa_url(uri) if is_ppa_url?(uri)

  uri = '"' + uri + '"' unless uri.start_with?("'", '"')
  components = Array(components).join(" ")
  options = []
  options << "arch=#{arch}" if arch
  options << "trusted=yes" if trusted
  optstr = unless options.empty?
             "[" + options.join(" ") + "]"
           end
  info = [ optstr, uri, distribution, components ].compact.join(" ")
  repo =  "deb      #{info}\n"
  repo << "deb-src  #{info}\n" if add_src
  repo
end

#cookbook_name ⇒ `Object`


138
139
140

# File 'lib/chef/provider/apt_repository.rb', line 138

def cookbook_name
  new_resource.cookbook || new_resource.cookbook_name
end

#extract_fingerprints_from_cmd(cmd) ⇒ `Object`

# File 'lib/chef/provider/apt_repository.rb', line 111

def extract_fingerprints_from_cmd(cmd)
  so = shell_out(cmd)
  so.run_command
  so.stdout.split(/\n/).map do |t|
    if z = t.match(/^fpr:+([0-9A-F]+):/)
      z[1].split.join
    end
  end.compact
end

#has_cookbook_file?(fn) ⇒ `Boolean`


142
143
144

# File 'lib/chef/provider/apt_repository.rb', line 142

def has_cookbook_file?(fn)
  run_context.has_cookbook_file_in_cookbook?(cookbook_name, fn)
end

#install_key_from_keyserver(key = new_resource.key, keyserver = new_resource.keyserver) ⇒ `Object`

# File 'lib/chef/provider/apt_repository.rb', line 184

def install_key_from_keyserver(key = new_resource.key, keyserver = new_resource.keyserver)
  cmd = "apt-key adv --recv"
  cmd << " --keyserver-options http-proxy=#{new_resource.key_proxy}" if new_resource.key_proxy
  cmd << " --keyserver "
  cmd << if keyserver.start_with?("hkp://")
           keyserver
         else
           "hkp://#{keyserver}:80"
         end

  cmd << " #{key}"

  declare_resource(:execute, "install-key #{key}") do
    command cmd
    sensitive new_resource.sensitive
    not_if do
      present = extract_fingerprints_from_cmd(LIST_APT_KEY_FINGERPRINTS).any? do |fp|
        fp.end_with? key.upcase
      end
      present && key_is_valid?(LIST_APT_KEYS, key.upcase)
    end
    notifies :run, "execute[apt-cache gencaches]", :immediately
  end

  raise "The key #{key} is invalid and cannot be used to verify an apt repository." unless key_is_valid?(LIST_APT_KEYS, key.upcase)
end

#install_key_from_uri ⇒ `Object`

# File 'lib/chef/provider/apt_repository.rb', line 154

def install_key_from_uri
  key_name = new_resource.key.gsub(/[^0-9A-Za-z\-]/, "_")
  cached_keyfile = ::File.join(Chef::Config[:file_cache_path], key_name)
  type = if new_resource.key.start_with?("http")
           :remote_file
         elsif has_cookbook_file?(new_resource.key)
           :cookbook_file
         else
           raise Chef::Exceptions::FileNotFound, "Cannot locate key file"
         end

  declare_resource(type, cached_keyfile) do
    source new_resource.key
    mode "0644"
    sensitive new_resource.sensitive
    action :create
  end

  raise "The key #{cached_keyfile} is invalid and cannot be used to verify an apt repository." unless key_is_valid?("gpg #{cached_keyfile}", "")

  declare_resource(:execute, "apt-key add #{cached_keyfile}") do
    sensitive new_resource.sensitive
    action :run
    not_if do
      no_new_keys?(cached_keyfile)
    end
    notifies :run, "execute[apt-cache gencaches]", :immediately
  end
end

#install_ppa_key(owner, repo) ⇒ `Object`

# File 'lib/chef/provider/apt_repository.rb', line 211

def install_ppa_key(owner, repo)
  url = "https://launchpad.net/api/1.0/~#{owner}/+archive/#{repo}"
  key_id = Chef::HTTP::Simple.new(url).get("signing_key_fingerprint").delete('"')
  install_key_from_keyserver(key_id, "keyserver.ubuntu.com")
rescue Net::HTTPServerException => e
  raise "Could not access Launchpad ppa API: #{e.message}"
end

#is_key_id?(id) ⇒ `Boolean`

# File 'lib/chef/provider/apt_repository.rb', line 106

def is_key_id?(id)
  id = id[2..-1] if id.start_with?("0x")
  id =~ /^\h+$/ && [8, 16, 40].include?(id.length)
end

#is_ppa_url?(url) ⇒ `Boolean`


219
220
221

# File 'lib/chef/provider/apt_repository.rb', line 219

def is_ppa_url?(url)
  url.start_with?("ppa:")
end

#key_is_valid?(cmd, key) ⇒ `Boolean`

# File 'lib/chef/provider/apt_repository.rb', line 121

def key_is_valid?(cmd, key)
  valid = true

  so = shell_out(cmd)
  so.run_command
  so.stdout.split(/\n/).map do |t|
    if t =~ %r{^\/#{key}.*\[expired: .*\]$}
      Chef::Log.debug "Found expired key: #{t}"
      valid = false
      break
    end
  end

  Chef::Log.debug "key #{key} #{valid ? "is valid" : "is not valid"}"
  valid
end

#load_current_resource ⇒ `Object`


39
40

# File 'lib/chef/provider/apt_repository.rb', line 39

def load_current_resource
end

#make_ppa_url(ppa) ⇒ `Object`

# File 'lib/chef/provider/apt_repository.rb', line 223

def make_ppa_url(ppa)
  return unless is_ppa_url?(ppa)
  owner, repo = ppa[4..-1].split("/")
  repo ||= "ppa"

  install_ppa_key(owner, repo)
  "http://ppa.launchpad.net/#{owner}/#{repo}/ubuntu"
end

#no_new_keys?(file) ⇒ `Boolean`

# File 'lib/chef/provider/apt_repository.rb', line 146

def no_new_keys?(file)
  # Now we are using the option --with-colons that works across old os versions
  # as well as the latest (16.10). This for both `apt-key` and `gpg` commands
  installed_keys = extract_fingerprints_from_cmd(LIST_APT_KEY_FINGERPRINTS)
  proposed_keys = extract_fingerprints_from_cmd("gpg --with-fingerprint --with-colons #{file}")
  (installed_keys & proposed_keys).sort == proposed_keys.sort
end

Class: Chef::Provider::AptRepository

Constant Summary collapse

Instance Attribute Summary

Attributes inherited from Chef::Provider

Instance Method Summary collapse

Methods included from Mixin::Which

Methods included from Mixin::ShellOut

Methods included from Mixin::PathSanity

Methods inherited from Chef::Provider

Methods included from Mixin::Provides

Methods included from Mixin::DescendantsTracker

Methods included from Mixin::LazyModuleInclude

Methods included from Mixin::NotifyingBlock

Methods included from DSL::DeclareResource

Methods included from Mixin::PowershellOut

Methods included from Mixin::WindowsArchitectureHelper

Methods included from DSL::PlatformIntrospection

Constructor Details

Instance Method Details

#build_repo(uri, distribution, components, trusted, arch, add_src = false) ⇒ Object

#cookbook_name ⇒ Object

#extract_fingerprints_from_cmd(cmd) ⇒ Object

#has_cookbook_file?(fn) ⇒ Boolean

#install_key_from_keyserver(key = new_resource.key, keyserver = new_resource.keyserver) ⇒ Object

#install_key_from_uri ⇒ Object

#install_ppa_key(owner, repo) ⇒ Object

#is_key_id?(id) ⇒ Boolean

#is_ppa_url?(url) ⇒ Boolean

#key_is_valid?(cmd, key) ⇒ Boolean

#load_current_resource ⇒ Object

#make_ppa_url(ppa) ⇒ Object

#no_new_keys?(file) ⇒ Boolean

#build_repo(uri, distribution, components, trusted, arch, add_src = false) ⇒ `Object`

#cookbook_name ⇒ `Object`

#extract_fingerprints_from_cmd(cmd) ⇒ `Object`

#has_cookbook_file?(fn) ⇒ `Boolean`

#install_key_from_keyserver(key = new_resource.key, keyserver = new_resource.keyserver) ⇒ `Object`

#install_key_from_uri ⇒ `Object`

#install_ppa_key(owner, repo) ⇒ `Object`

#is_key_id?(id) ⇒ `Boolean`

#is_ppa_url?(url) ⇒ `Boolean`

#key_is_valid?(cmd, key) ⇒ `Boolean`

#load_current_resource ⇒ `Object`

#make_ppa_url(ppa) ⇒ `Object`

#no_new_keys?(file) ⇒ `Boolean`