Mercurial > code > home > repos > infra

view apt.py @ 155:522f26c8f691

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
split apt.py from system.py
author drewp@bigasterisk.com
date Thu, 16 Mar 2023 17:42:17 -0700
parents
children 6ec7cd3615f0
line wrap: on
line source

from pyinfra import host
from pyinfra.facts.files import FindFiles
from pyinfra.facts.server import Arch, LinuxDistribution
from pyinfra.operations import apt, files, server

TZ = 'America/Los_Angeles'

def pkg_keys():
    # apt.key(keyserver='keyserver.ubuntu.com', keyid='04EE7237B7D453EC')
    # apt.key(keyserver='keyserver.ubuntu.com', keyid='648ACFD622F3D138')
    # apt.key(keyserver='keyserver.ubuntu.com', keyid='8B48AD6246925553')
    # apt.key(keyserver='keyserver.ubuntu.com', keyid='F24AEA9FB05498B7')
    if host.name != 'prime':
        apt.key(keyserver='keyserver.ubuntu.com', keyid='D0392EC59F9583BA')
    apt.key(src='https://dl.google.com/linux/linux_signing_key.pub')
    apt.key(src='https://ftp-master.debian.org/keys/archive-key-8-security.asc')
    apt.key(src='https://ftp-master.debian.org/keys/archive-key-8.asc')
    apt.key(src='https://ftp-master.debian.org/keys/archive-key-9-security.asc')
    apt.key(src='https://packages.microsoft.com/keys/microsoft.asc')
    apt.key(src='https://deb.nodesource.com/gpgkey/nodesource.gpg.key')
    apt.key(src='https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/Release.key')
    # Failed to fetch https://repo.steampowered.com/steam/dists/stable/InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F24AEA9FB05498B7 
'''


🚢 ditto(pts/1):/opt# apt update
Hit:1 http://packages.microsoft.com/repos/code stable InRelease
Hit:2 http://dl.google.com/linux/chrome/deb stable InRelease                                                                                                                            
Get:3 https://repo.steampowered.com/steam stable InRelease [2861 B]                                                                                                                     
Hit:4 http://us.archive.ubuntu.com/ubuntu kinetic InRelease                                                                        
Get:5 http://us.archive.ubuntu.com/ubuntu kinetic-backports InRelease [99.9 kB] 
Err:3 https://repo.steampowered.com/steam stable InRelease                                 
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F24AEA9FB05498B7
Get:6 http://us.archive.ubuntu.com/ubuntu kinetic-security InRelease [109 kB]
Get:8 http://us.archive.ubuntu.com/ubuntu kinetic-updates InRelease [118 kB]
Get:9 http://us.archive.ubuntu.com/ubuntu kinetic-updates/universe amd64 Packages [205 kB]
Get:7 https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_22.04  InRelease [1262 B]
Get:10 http://us.archive.ubuntu.com/ubuntu kinetic-updates/universe i386 Packages [119 kB]
Get:11 http://us.archive.ubuntu.com/ubuntu kinetic-updates/universe Translation-en [83.1 kB]
Err:7 https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_22.04  InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4D64390375060AA4
Reading package lists... Done              
W: http://packages.microsoft.com/repos/code/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://dl.google.com/linux/chrome/deb/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: GPG error: https://repo.steampowered.com/steam stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F24AEA9FB05498B7
E: The repository 'https://repo.steampowered.com/steam stable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_22.04  InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4D64390375060AA4
E: The repository 'https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_22.04  InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

'''
def apt_sources():
    if host.get_fact(Arch) == 'x86_64':
        server.shell(commands=['dpkg --add-architecture i386'])

    files.template(src='templates/sources.list.j2', dest='/etc/apt/sources.list')
    if host.get_fact(FindFiles, '/etc/apt/sources.list.d/', quote_path=True):
        raise SystemExit(f"new files in {host.name} /etc/apt/sources.list.d/ - please remove")
    apt.packages(update=True,
                cache_time=86400,
                packages=['tzdata'],
                force=True,
                _env={
                    'TZ': TZ,
                    'LANG': 'en_US.UTF-8',
                    'DEBIAN_FRONTEND': 'noninteractive'
                })
pkg_keys()
apt_sources()