"Package management" technique missing "allow untrusted" switch
The deprecated "Package management for Debian / Ubuntu / APT systems" technique had "Allow untrusted package installation" ("APT_PACKAGE_ALLOW_UNTRUSTED") switch to produce appropriate apt call.
As far as I view, the new "Package management" technique has no.
It is bad practice to turn off key validation global, while sometimes there is real need in installation of local built package (e.g. "testing"/"staging" deployment steps).
In rpm-based (RH, SUSE) it can be tuned repo-wide, while deb-based with apt must be hinted on each call.
So, at this moment "Package management" in not valid replace for "Package management for Debian / Ubuntu / APT systems".
#7 Updated by Jonathan CLARKE 9 months ago
- Tracker changed from User story to Bug
- Subject changed from "Package management" technique must have "allow untrusted" switch to "Package management" technique missing "allow untrusted" switch
- Reproduced set to No
- Severity set to Major - prevents use of part of Rudder | no simple workaround
- User visibility set to Getting started - demo | first install | level 1 Techniques
This is clearly high priority - we are replacing old package Techniques with this new one. If it is missing a feature, this is something we have overlooked, since the new Package Techniques are designed to replace the old ones. Moving this to bug and setting high priority.
Please work on a fix.
#9 Updated by Alexis MOUSSET 9 months ago
As I wrote in the previous comment, we can quite easily implement it for apt/dpkg.
We need to:
- Synchronize package modules from masterfiles (as the feature we need was not implemented when adding new package methods in Rudder)
- Add a new method to allow using options
- Find a way to add this option to the technique (but only for apt/dpkg for now)
For other package managers, if possible, it would require adding options handling to the package modules.
#19 Updated by Dmitry Svyatogorov 5 months ago
Hi! Since Rudder 4.1, no means left to install unsigned .deb. (Except of NCF-scenario, that is not yet covered with API, but API is needed to work around the absence of granular RBAC).
Therefore, 4.1.x is now (out-of-the-box) unsuitable for deb-based testing environments.
#27 Updated by Alexis MOUSSET 4 months ago
- Status changed from In progress to Pending technical review
- Assignee changed from Alexis MOUSSET to Benoît PECCATTE
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/1182
#28 Updated by Alexis MOUSSET 4 months ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder-techniques|d9c2d014a6b5a8769893e43b677ac914cff02b4e.
#29 Updated by Dmitry Svyatogorov 4 months ago
Please, look at http://www.rudder-project.org/redmine/issues/11207 before release.
"apt_get repo-install" instead of "apt_get install" makes technique unusable for debian|ubuntu.