Mercurial > code > home > repos > infra

view apt.py @ 178:6ec7cd3615f0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
another try at apt.key, but it doesn't completely work because prime would never upgrade nodejs. I didn't try deleting the host key dirs and building from scratch yet.
author drewp@bigasterisk.com
date Sat, 25 Mar 2023 18:43:42 -0700
parents 522f26c8f691
children 466108f0a509
line wrap: on
line source

from pyinfra import host
from pyinfra.facts.files import FindFiles
from pyinfra.facts.server import Arch, LinuxDistribution
from pyinfra.operations import apt, files, server

TZ = 'America/Los_Angeles'


def pkg_keys():
    # apt.key(keyserver='keyserver.ubuntu.com', keyid='04EE7237B7D453EC')
    # apt.key(keyserver='keyserver.ubuntu.com', keyid='648ACFD622F3D138')
    # apt.key(keyserver='keyserver.ubuntu.com', keyid='8B48AD6246925553')
    # apt.key(keyserver='keyserver.ubuntu.com', keyid='F24AEA9FB05498B7')
    # if host.name != 'prime':
    #     apt.key(keyserver='keyserver.ubuntu.com', keyid='D0392EC59F9583BA')
    # apt.key(src='https://dl.google.com/linux/linux_signing_key.pub')
    # apt.key(src='https://ftp-master.debian.org/keys/archive-key-8-security.asc')
    # apt.key(src='https://ftp-master.debian.org/keys/archive-key-8.asc')
    # apt.key(src='https://ftp-master.debian.org/keys/archive-key-9-security.asc')
    # apt.key(src='https://packages.microsoft.com/keys/microsoft.asc')
    # apt.key(src='https://deb.nodesource.com/gpgkey/nodesource.gpg.key')

    apt.key(keyserver='keyserver.ubuntu.com', keyid='1655A0AB68576280')

    files.directory(path='/etc/apt/keyrings/')  # for raspi
    for url, name in [
        ('https://repo.steampowered.com/steam/archive/stable/steam.gpg', 'steam.gpg'),
        ('https://deb.nodesource.com/node_18.x/dists/kinetic/Release.gpg', 'nodesource-kinetic.gpg'),
        ('http://packages.microsoft.com/ubuntu/22.10/prod/dists/kinetic/Release.gpg', 'ms.gpg'),
        ('https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Unstable/Release.key',
         'podman.gpg'),
        ('https://dl.google.com/linux/linux_signing_key.pub', 'chrome.gpg'),
        ('https://deb.nodesource.com/gpgkey/nodesource.gpg.key', 'nodesource.gpg'),
    ]:
        files.download(src=url, dest=f'/etc/apt/keyrings/{name}')
    # server.shell(commands=[
    #     f"curl -fsSL {url} | gpg --dearmor > /etc/apt/keyrings/{name}" for (url, name) in [
    #         # ('https://deb.nodesource.com/node_18.x/dists/kinetic/Release.gpg', 'nodesource-kinetic.gpg'),
    #         # ('http://packages.microsoft.com/ubuntu/22.10/prod/dists/kinetic/Release.gpg', 'ms.gpg'),
    #     ]
    # ])


def apt_sources():
    if host.get_fact(Arch) == 'x86_64':
        server.shell(commands=['dpkg --add-architecture i386'])

    files.template(src='templates/sources.list.j2', dest='/etc/apt/sources.list')
    if host.get_fact(FindFiles, '/etc/apt/sources.list.d/', quote_path=True):
        raise SystemExit(f"new files in {host.name} /etc/apt/sources.list.d/ - please remove")
    apt.packages(update=True,
                cache_time=86400,
                 packages=['tzdata'],
                 force=True,
                 _env={
                     'TZ': TZ,
                     'LANG': 'en_US.UTF-8',
                     'DEBIAN_FRONTEND': 'noninteractive'
                 })


pkg_keys()
apt_sources()