Project

General

Profile

Actions

Bug #10241

closed

"Package management" technique missing "allow untrusted" switch

Added by Dmitry Svyatogorov almost 8 years ago. Updated over 7 years ago.

Status:
Released
Priority:
N/A
Category:
Techniques
Target version:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Getting started - demo | first install | level 1 Techniques
Effort required:
Priority:
65
Name check:
Fix check:
Regression:

Description

The deprecated "Package management for Debian / Ubuntu / APT systems" technique had "Allow untrusted package installation" ("APT_PACKAGE_ALLOW_UNTRUSTED") switch to produce appropriate apt call.
As far as I view, the new "Package management" technique has no.
It is bad practice to turn off key validation global, while sometimes there is real need in installation of local built package (e.g. "testing"/"staging" deployment steps).
In rpm-based (RH, SUSE) it can be tuned repo-wide, while deb-based with apt must be hinted on each call.

So, at this moment "Package management" in not valid replace for "Package management for Debian / Ubuntu / APT systems".


Related issues 4 (0 open4 closed)

Related to Rudder - User story #9817: Synchronize package modules from masterfilesReleasedNicolas CHARLESActions
Related to Rudder - User story #9125: Add a technique using new package promisesReleasedNicolas CHARLES2016-09-27Actions
Related to Rudder - User story #10388: Add a generic method that handles using options in package actionsReleasedBenoît PECCATTEActions
Related to Rudder - Bug #5071: Debian package management: can't specify a repository (ex: "-t wheezy-backports")RejectedAlexis MoussetActions
Actions #1

Updated by Alexis Mousset almost 8 years ago

  • Related to User story #9817: Synchronize package modules from masterfiles added
Actions #2

Updated by Alexis Mousset almost 8 years ago

  • Assignee set to Alexis Mousset

This can be implemented using options passed directly to the package manager (which are now usable in the apt_get module).

Actions #3

Updated by Benoît PECCATTE almost 8 years ago

  • Found in version (s) 4.0.3 added
Actions #4

Updated by Benoît PECCATTE almost 8 years ago

  • Found in version(s) old deleted (4.0.3)
Actions #5

Updated by François ARMAND almost 8 years ago

Actions #6

Updated by Benoît PECCATTE almost 8 years ago

  • Tracker changed from Bug to User story
Actions #7

Updated by Jonathan CLARKE almost 8 years ago

  • Tracker changed from User story to Bug
  • Subject changed from "Package management" technique must have "allow untrusted" switch to "Package management" technique missing "allow untrusted" switch
  • Reproduced set to No
  • Severity set to Major - prevents use of part of Rudder | no simple workaround
  • User visibility set to Getting started - demo | first install | level 1 Techniques

This is clearly high priority - we are replacing old package Techniques with this new one. If it is missing a feature, this is something we have overlooked, since the new Package Techniques are designed to replace the old ones. Moving this to bug and setting high priority.

Please work on a fix.

Actions #8

Updated by Alexis Mousset almost 8 years ago

  • Related to User story #10388: Add a generic method that handles using options in package actions added
Actions #9

Updated by Alexis Mousset almost 8 years ago

As I wrote in the previous comment, we can quite easily implement it for apt/dpkg.

We need to:

  • Synchronize package modules from masterfiles (as the feature we need was not implemented when adding new package methods in Rudder)
  • Add a new method to allow using options
  • Find a way to add this option to the technique (but only for apt/dpkg for now)

For other package managers, if possible, it would require adding options handling to the package modules.

Actions #11

Updated by Benoît PECCATTE over 7 years ago

  • Priority set to 54
Actions #12

Updated by François ARMAND over 7 years ago

  • Related to Bug #5071: Debian package management: can't specify a repository (ex: "-t wheezy-backports") added
Actions #13

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 4.0.4 to 4.0.5
  • Priority changed from 54 to 53
Actions #14

Updated by Jonathan CLARKE over 7 years ago

  • Assignee deleted (Alexis Mousset)
Actions #15

Updated by Alexis Mousset over 7 years ago

  • Status changed from New to In progress
Actions #16

Updated by Alexis Mousset over 7 years ago

  • Assignee set to Alexis Mousset
Actions #17

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 4.0.5 to 4.0.6
  • Priority changed from 53 to 52
Actions #18

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 4.0.6 to 4.0.7
Actions #19

Updated by Dmitry Svyatogorov over 7 years ago

Hi! Since Rudder 4.1, no means left to install unsigned .deb. (Except of NCF-scenario, that is not yet covered with API, but API is needed to work around the absence of granular RBAC).
Therefore, 4.1.x is now (out-of-the-box) unsuitable for deb-based testing environments.

Actions #20

Updated by Alexis Mousset over 7 years ago

We now have access to package manager options through package_state_options in ncf, but we still need to define the new option(s) and create the 1.1 version of the technique.

Actions #21

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 4.0.7 to 357
Actions #22

Updated by Benoît PECCATTE over 7 years ago

  • Priority changed from 52 to 51
Actions #23

Updated by Benoît PECCATTE over 7 years ago

  • Priority changed from 51 to 66
Actions #24

Updated by Benoît PECCATTE over 7 years ago

It is ok to have options that only work on specific package managers as along as it's properly indicated.

Actions #25

Updated by Alexis Mousset over 7 years ago

  • Target version changed from 357 to 4.1.6
Actions #26

Updated by Alexis Mousset over 7 years ago

  • Priority changed from 66 to 65
Actions #27

Updated by Alexis Mousset over 7 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Alexis Mousset to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/1182
Actions #28

Updated by Alexis Mousset over 7 years ago

  • Status changed from Pending technical review to Pending release
Actions #29

Updated by Dmitry Svyatogorov over 7 years ago

Please, look at http://www.rudder-project.org/redmine/issues/11207 before release.
"apt_get repo-install" instead of "apt_get install" makes technique unusable for debian|ubuntu.

Actions #30

Updated by Vincent MEMBRÉ over 7 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 4.1.6 and 4.2.0~beta3 which were released today.

Actions

Also available in: Atom PDF