Mercurial > code > home > repos > infra

comparison apt.py @ 178:6ec7cd3615f0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
another try at apt.key, but it doesn't completely work because prime would never upgrade nodejs. I didn't try deleting the host key dirs and building from scratch yet.
author drewp@bigasterisk.com
date Sat, 25 Mar 2023 18:43:42 -0700
parents 522f26c8f691
children 466108f0a509
comparison
equal deleted inserted replaced
177:bf576a059f70 178:6ec7cd3615f0
3 from pyinfra.facts.server import Arch, LinuxDistribution 3 from pyinfra.facts.server import Arch, LinuxDistribution
4 from pyinfra.operations import apt, files, server 4 from pyinfra.operations import apt, files, server
5 5
6 TZ = 'America/Los_Angeles' 6 TZ = 'America/Los_Angeles'
7 7
8
8 def pkg_keys(): 9 def pkg_keys():
9 # apt.key(keyserver='keyserver.ubuntu.com', keyid='04EE7237B7D453EC') 10 # apt.key(keyserver='keyserver.ubuntu.com', keyid='04EE7237B7D453EC')
10 # apt.key(keyserver='keyserver.ubuntu.com', keyid='648ACFD622F3D138') 11 # apt.key(keyserver='keyserver.ubuntu.com', keyid='648ACFD622F3D138')
11 # apt.key(keyserver='keyserver.ubuntu.com', keyid='8B48AD6246925553') 12 # apt.key(keyserver='keyserver.ubuntu.com', keyid='8B48AD6246925553')
12 # apt.key(keyserver='keyserver.ubuntu.com', keyid='F24AEA9FB05498B7') 13 # apt.key(keyserver='keyserver.ubuntu.com', keyid='F24AEA9FB05498B7')
13 if host.name != 'prime': 14 # if host.name != 'prime':
14 apt.key(keyserver='keyserver.ubuntu.com', keyid='D0392EC59F9583BA') 15 # apt.key(keyserver='keyserver.ubuntu.com', keyid='D0392EC59F9583BA')
15 apt.key(src='https://dl.google.com/linux/linux_signing_key.pub') 16 # apt.key(src='https://dl.google.com/linux/linux_signing_key.pub')
16 apt.key(src='https://ftp-master.debian.org/keys/archive-key-8-security.asc') 17 # apt.key(src='https://ftp-master.debian.org/keys/archive-key-8-security.asc')
17 apt.key(src='https://ftp-master.debian.org/keys/archive-key-8.asc') 18 # apt.key(src='https://ftp-master.debian.org/keys/archive-key-8.asc')
18 apt.key(src='https://ftp-master.debian.org/keys/archive-key-9-security.asc') 19 # apt.key(src='https://ftp-master.debian.org/keys/archive-key-9-security.asc')
19 apt.key(src='https://packages.microsoft.com/keys/microsoft.asc') 20 # apt.key(src='https://packages.microsoft.com/keys/microsoft.asc')
20 apt.key(src='https://deb.nodesource.com/gpgkey/nodesource.gpg.key') 21 # apt.key(src='https://deb.nodesource.com/gpgkey/nodesource.gpg.key')
21 apt.key(src='https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/Release.key') 22
22 # Failed to fetch https://repo.steampowered.com/steam/dists/stable/InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F24AEA9FB05498B7 23 apt.key(keyserver='keyserver.ubuntu.com', keyid='1655A0AB68576280')
23 ''' 24
25 files.directory(path='/etc/apt/keyrings/') # for raspi
26 for url, name in [
27 ('https://repo.steampowered.com/steam/archive/stable/steam.gpg', 'steam.gpg'),
28 ('https://deb.nodesource.com/node_18.x/dists/kinetic/Release.gpg', 'nodesource-kinetic.gpg'),
29 ('http://packages.microsoft.com/ubuntu/22.10/prod/dists/kinetic/Release.gpg', 'ms.gpg'),
30 ('https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Unstable/Release.key',
31 'podman.gpg'),
32 ('https://dl.google.com/linux/linux_signing_key.pub', 'chrome.gpg'),
33 ('https://deb.nodesource.com/gpgkey/nodesource.gpg.key', 'nodesource.gpg'),
34 ]:
35 files.download(src=url, dest=f'/etc/apt/keyrings/{name}')
36 # server.shell(commands=[
37 # f"curl -fsSL {url} | gpg --dearmor > /etc/apt/keyrings/{name}" for (url, name) in [
38 # # ('https://deb.nodesource.com/node_18.x/dists/kinetic/Release.gpg', 'nodesource-kinetic.gpg'),
39 # # ('http://packages.microsoft.com/ubuntu/22.10/prod/dists/kinetic/Release.gpg', 'ms.gpg'),
40 # ]
41 # ])
24 42
25 43
26 🚢 ditto(pts/1):/opt# apt update
27 Hit:1 http://packages.microsoft.com/repos/code stable InRelease
28 Hit:2 http://dl.google.com/linux/chrome/deb stable InRelease
29 Get:3 https://repo.steampowered.com/steam stable InRelease [2861 B]
30 Hit:4 http://us.archive.ubuntu.com/ubuntu kinetic InRelease
31 Get:5 http://us.archive.ubuntu.com/ubuntu kinetic-backports InRelease [99.9 kB]
32 Err:3 https://repo.steampowered.com/steam stable InRelease
33 The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F24AEA9FB05498B7
34 Get:6 http://us.archive.ubuntu.com/ubuntu kinetic-security InRelease [109 kB]
35 Get:8 http://us.archive.ubuntu.com/ubuntu kinetic-updates InRelease [118 kB]
36 Get:9 http://us.archive.ubuntu.com/ubuntu kinetic-updates/universe amd64 Packages [205 kB]
37 Get:7 https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_22.04 InRelease [1262 B]
38 Get:10 http://us.archive.ubuntu.com/ubuntu kinetic-updates/universe i386 Packages [119 kB]
39 Get:11 http://us.archive.ubuntu.com/ubuntu kinetic-updates/universe Translation-en [83.1 kB]
40 Err:7 https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_22.04 InRelease
41 The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4D64390375060AA4
42 Reading package lists... Done
43 W: http://packages.microsoft.com/repos/code/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
44 W: http://dl.google.com/linux/chrome/deb/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
45 W: GPG error: https://repo.steampowered.com/steam stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F24AEA9FB05498B7
46 E: The repository 'https://repo.steampowered.com/steam stable InRelease' is not signed.
47 N: Updating from such a repository can't be done securely, and is therefore disabled by default.
48 N: See apt-secure(8) manpage for repository creation and user configuration details.
49 W: GPG error: https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_22.04 InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4D64390375060AA4
50 E: The repository 'https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_22.04 InRelease' is not signed.
51 N: Updating from such a repository can't be done securely, and is therefore disabled by default.
52 N: See apt-secure(8) manpage for repository creation and user configuration details.
53
54 '''
55 def apt_sources(): 44 def apt_sources():
56 if host.get_fact(Arch) == 'x86_64': 45 if host.get_fact(Arch) == 'x86_64':
57 server.shell(commands=['dpkg --add-architecture i386']) 46 server.shell(commands=['dpkg --add-architecture i386'])
58 47
59 files.template(src='templates/sources.list.j2', dest='/etc/apt/sources.list') 48 files.template(src='templates/sources.list.j2', dest='/etc/apt/sources.list')
60 if host.get_fact(FindFiles, '/etc/apt/sources.list.d/', quote_path=True): 49 if host.get_fact(FindFiles, '/etc/apt/sources.list.d/', quote_path=True):
61 raise SystemExit(f"new files in {host.name} /etc/apt/sources.list.d/ - please remove") 50 raise SystemExit(f"new files in {host.name} /etc/apt/sources.list.d/ - please remove")
62 apt.packages(update=True, 51 apt.packages(update=True,
63 cache_time=86400, 52 cache_time=86400,
64 packages=['tzdata'], 53 packages=['tzdata'],
65 force=True, 54 force=True,
66 _env={ 55 _env={
67 'TZ': TZ, 56 'TZ': TZ,
68 'LANG': 'en_US.UTF-8', 57 'LANG': 'en_US.UTF-8',
69 'DEBIAN_FRONTEND': 'noninteractive' 58 'DEBIAN_FRONTEND': 'noninteractive'
70 }) 59 })
60
61
71 pkg_keys() 62 pkg_keys()
72 apt_sources() 63 apt_sources()