Bug #10241
closed
"Package management" technique missing "allow untrusted" switch
Added by Dmitry Svyatogorov almost 8 years ago.
Updated over 7 years ago.
Severity:
Major - prevents use of part of Rudder | no simple workaround
User visibility:
Getting started - demo | first install | level 1 Techniques
Description
The deprecated "Package management for Debian / Ubuntu / APT systems" technique had "Allow untrusted package installation" ("APT_PACKAGE_ALLOW_UNTRUSTED") switch to produce appropriate apt call.
As far as I view, the new "Package management" technique has no.
It is bad practice to turn off key validation global, while sometimes there is real need in installation of local built package (e.g. "testing"/"staging" deployment steps).
In rpm-based (RH, SUSE) it can be tuned repo-wide, while deb-based with apt must be hinted on each call.
So, at this moment "Package management" in not valid replace for "Package management for Debian / Ubuntu / APT systems".
- Assignee set to Alexis Mousset
This can be implemented using options passed directly to the package manager (which are now usable in the apt_get module).
- Found in version (s) 4.0.3 added
- Found in version(s) old deleted (
4.0.3)
- Tracker changed from Bug to User story
- Tracker changed from User story to Bug
- Subject changed from "Package management" technique must have "allow untrusted" switch to "Package management" technique missing "allow untrusted" switch
- Reproduced set to No
- Severity set to Major - prevents use of part of Rudder | no simple workaround
- User visibility set to Getting started - demo | first install | level 1 Techniques
This is clearly high priority - we are replacing old package Techniques with this new one. If it is missing a feature, this is something we have overlooked, since the new Package Techniques are designed to replace the old ones. Moving this to bug and setting high priority.
Please work on a fix.
- Related to User story #10388: Add a generic method that handles using options in package actions added
As I wrote in the previous comment, we can quite easily implement it for apt/dpkg.
We need to:
- Synchronize package modules from masterfiles (as the feature we need was not implemented when adding new package methods in Rudder)
- Add a new method to allow using options
- Find a way to add this option to the technique (but only for apt/dpkg for now)
For other package managers, if possible, it would require adding options handling to the package modules.
- Related to Bug #5071: Debian package management: can't specify a repository (ex: "-t wheezy-backports") added
- Target version changed from 4.0.4 to 4.0.5
- Priority changed from 54 to 53
- Assignee deleted (
Alexis Mousset)
- Status changed from New to In progress
- Assignee set to Alexis Mousset
- Target version changed from 4.0.5 to 4.0.6
- Priority changed from 53 to 52
- Target version changed from 4.0.6 to 4.0.7
Hi! Since Rudder 4.1, no means left to install unsigned .deb. (Except of NCF-scenario, that is not yet covered with API, but API is needed to work around the absence of granular RBAC).
Therefore, 4.1.x is now (out-of-the-box) unsuitable for deb-based testing environments.
We now have access to package manager options through package_state_options in ncf, but we still need to define the new option(s) and create the 1.1 version of the technique.
- Target version changed from 4.0.7 to 357
- Priority changed from 52 to 51
- Priority changed from 51 to 66
It is ok to have options that only work on specific package managers as along as it's properly indicated.
- Target version changed from 357 to 4.1.6
- Priority changed from 66 to 65
- Status changed from In progress to Pending technical review
- Assignee changed from Alexis Mousset to Benoît PECCATTE
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/1182
- Status changed from Pending technical review to Pending release
- Status changed from Pending release to Released
This bug has been fixed in Rudder 4.1.6 and 4.2.0~beta3 which were released today.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by Jonathan CLARKE 
Updated by 
Updated by