Project

General

Profile

Bug #10241

"Package management" technique missing "allow untrusted" switch

Added by Dmitry Svyatogorov 9 months ago. Updated 3 months ago.

Status:
Released
Priority:
N/A
Category:
Techniques
Target version:
Target version (plugin):
Severity:
Major - prevents use of part of Rudder | no simple workaround
User visibility:
Getting started - demo | first install | level 1 Techniques
Effort required:
Priority:
65

Description

The deprecated "Package management for Debian / Ubuntu / APT systems" technique had "Allow untrusted package installation" ("APT_PACKAGE_ALLOW_UNTRUSTED") switch to produce appropriate apt call.
As far as I view, the new "Package management" technique has no.
It is bad practice to turn off key validation global, while sometimes there is real need in installation of local built package (e.g. "testing"/"staging" deployment steps).
In rpm-based (RH, SUSE) it can be tuned repo-wide, while deb-based with apt must be hinted on each call.

So, at this moment "Package management" in not valid replace for "Package management for Debian / Ubuntu / APT systems".


Related issues

Related to ncf - User story #9817: Synchronize package modules from masterfiles Released
Related to Rudder - User story #9125: Add a technique using new package promises Released 2016-09-27
Related to ncf - User story #10388: Add a generic method that handles using options in package actions Released
Related to Rudder - Bug #5071: Debian package management: can't specify a repository (ex: "-t wheezy-backports") Rejected

Associated revisions

Revision b227b756
Added by Alexis MOUSSET 4 months ago

Refs #10241: Creation of packageManagement version 1.1 from 1.0

Revision d9c2d014
Added by Alexis MOUSSET 4 months ago

Fixes #10241: \"Package management\" technique missing \"allow untrusted\" switch

History

#1 Updated by Alexis MOUSSET 9 months ago

  • Related to User story #9817: Synchronize package modules from masterfiles added

#2 Updated by Alexis MOUSSET 9 months ago

  • Assignee set to Alexis MOUSSET

This can be implemented using options passed directly to the package manager (which are now usable in the apt_get module).

#3 Updated by Benoît PECCATTE 9 months ago

  • Found in version (s) 4.0.3 added

#4 Updated by Benoît PECCATTE 9 months ago

  • Found in version(s) old deleted (4.0.3)

#5 Updated by François ARMAND 9 months ago

#6 Updated by Benoît PECCATTE 9 months ago

  • Tracker changed from Bug to User story

#7 Updated by Jonathan CLARKE 9 months ago

  • Tracker changed from User story to Bug
  • Subject changed from "Package management" technique must have "allow untrusted" switch to "Package management" technique missing "allow untrusted" switch
  • Reproduced set to No
  • Severity set to Major - prevents use of part of Rudder | no simple workaround
  • User visibility set to Getting started - demo | first install | level 1 Techniques

This is clearly high priority - we are replacing old package Techniques with this new one. If it is missing a feature, this is something we have overlooked, since the new Package Techniques are designed to replace the old ones. Moving this to bug and setting high priority.

Please work on a fix.

#8 Updated by Alexis MOUSSET 9 months ago

  • Related to User story #10388: Add a generic method that handles using options in package actions added

#9 Updated by Alexis MOUSSET 9 months ago

As I wrote in the previous comment, we can quite easily implement it for apt/dpkg.

We need to:

  • Synchronize package modules from masterfiles (as the feature we need was not implemented when adding new package methods in Rudder)
  • Add a new method to allow using options
  • Find a way to add this option to the technique (but only for apt/dpkg for now)

For other package managers, if possible, it would require adding options handling to the package modules.

#11 Updated by Benoît PECCATTE 8 months ago

  • Priority set to 54

#12 Updated by François ARMAND 8 months ago

  • Related to Bug #5071: Debian package management: can't specify a repository (ex: "-t wheezy-backports") added

#13 Updated by Vincent MEMBRÉ 7 months ago

  • Target version changed from 4.0.4 to 4.0.5
  • Priority changed from 54 to 53

#14 Updated by Jonathan CLARKE 7 months ago

  • Assignee deleted (Alexis MOUSSET)

#15 Updated by Alexis MOUSSET 7 months ago

  • Status changed from New to In progress

#16 Updated by Alexis MOUSSET 7 months ago

  • Assignee set to Alexis MOUSSET

#17 Updated by Vincent MEMBRÉ 6 months ago

  • Target version changed from 4.0.5 to 4.0.6
  • Priority changed from 53 to 52

#18 Updated by Vincent MEMBRÉ 6 months ago

  • Target version changed from 4.0.6 to 4.0.7

#19 Updated by Dmitry Svyatogorov 5 months ago

Hi! Since Rudder 4.1, no means left to install unsigned .deb. (Except of NCF-scenario, that is not yet covered with API, but API is needed to work around the absence of granular RBAC).
Therefore, 4.1.x is now (out-of-the-box) unsuitable for deb-based testing environments.

#20 Updated by Alexis MOUSSET 5 months ago

We now have access to package manager options through package_state_options in ncf, but we still need to define the new option(s) and create the 1.1 version of the technique.

#21 Updated by Vincent MEMBRÉ 5 months ago

  • Target version changed from 4.0.7 to 357

#22 Updated by Benoît PECCATTE 5 months ago

  • Priority changed from 52 to 51

#23 Updated by Benoît PECCATTE 5 months ago

  • Priority changed from 51 to 66

#24 Updated by Benoît PECCATTE 5 months ago

It is ok to have options that only work on specific package managers as along as it's properly indicated.

#25 Updated by Alexis MOUSSET 5 months ago

  • Target version changed from 357 to 4.1.6

#26 Updated by Alexis MOUSSET 4 months ago

  • Priority changed from 66 to 65

#27 Updated by Alexis MOUSSET 4 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Alexis MOUSSET to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/1182

#28 Updated by Alexis MOUSSET 4 months ago

  • Status changed from Pending technical review to Pending release

#29 Updated by Dmitry Svyatogorov 4 months ago

Please, look at http://www.rudder-project.org/redmine/issues/11207 before release.
"apt_get repo-install" instead of "apt_get install" makes technique unusable for debian|ubuntu.

#30 Updated by Vincent MEMBRÉ 3 months ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 4.1.6 and 4.2.0~beta3 which were released today.

Also available in: Atom PDF