From 368f0bd9f353e2056ff365ba4367e68a5ce35adf Mon Sep 17 00:00:00 2001 From: Grant Slater Date: Wed, 15 Oct 2025 15:03:07 +0100 Subject: [PATCH] apt: workaround chef 18.8.11 apt_repository key bug Workaround: https://github.com/chef/chef/issues/15214 --- cookbooks/apt/recipes/default.rb | 7 ++ cookbooks/apt/recipes/docker.rb | 7 ++ cookbooks/apt/recipes/elasticsearch6.rb | 7 ++ cookbooks/apt/recipes/elasticsearch7.rb | 7 ++ cookbooks/apt/recipes/elasticsearch8.rb | 7 ++ cookbooks/apt/recipes/fullstaq-ruby.rb | 7 ++ cookbooks/apt/recipes/grafana.rb | 7 ++ cookbooks/apt/recipes/hwraid.rb | 7 ++ .../apt/recipes/management-component-pack.rb | 116 ++++++++++++------ cookbooks/apt/recipes/maxmind.rb | 7 ++ cookbooks/apt/recipes/nginx.rb | 7 ++ cookbooks/apt/recipes/nodesource.rb | 7 ++ cookbooks/apt/recipes/passenger.rb | 7 ++ cookbooks/apt/recipes/postgresql.rb | 7 ++ cookbooks/apt/recipes/yarn.rb | 7 ++ 15 files changed, 174 insertions(+), 40 deletions(-) diff --git a/cookbooks/apt/recipes/default.rb b/cookbooks/apt/recipes/default.rb index 62c6f8d40..b48321095 100644 --- a/cookbooks/apt/recipes/default.rb +++ b/cookbooks/apt/recipes/default.rb @@ -112,6 +112,13 @@ apt_repository "openstreetmap" do key "https://apt.openstreetmap.org/gpg.key" end +# Workaround v18.8.11 bug: https://github.com/chef/chef/issues/15214 +if Chef::VERSION == "18.8.11" + edit_resource(:file, "/etc/apt/keyrings/openstreetmap.gpg") do + action :create_if_missing + end +end + package "unattended-upgrades" if Dir.exist?("/usr/share/unattended-upgrades") diff --git a/cookbooks/apt/recipes/docker.rb b/cookbooks/apt/recipes/docker.rb index 2aeb832e3..542de820d 100644 --- a/cookbooks/apt/recipes/docker.rb +++ b/cookbooks/apt/recipes/docker.rb @@ -37,3 +37,10 @@ apt_repository "docker" do components ["stable"] key "https://download.docker.com/linux/#{docker_platform}/gpg" end + +# Workaround v18.8.11 bug: https://github.com/chef/chef/issues/15214 +if Chef::VERSION == "18.8.11" + edit_resource(:file, "/etc/apt/keyrings/docker.gpg") do + action :create_if_missing + end +end diff --git a/cookbooks/apt/recipes/elasticsearch6.rb b/cookbooks/apt/recipes/elasticsearch6.rb index 66844f61c..ec86f8e2b 100644 --- a/cookbooks/apt/recipes/elasticsearch6.rb +++ b/cookbooks/apt/recipes/elasticsearch6.rb @@ -25,3 +25,10 @@ apt_repository "elasticsearch6.x" do components ["main"] key "https://artifacts.elastic.co/GPG-KEY-elasticsearch" end + +# Workaround v18.8.11 bug: https://github.com/chef/chef/issues/15214 +if Chef::VERSION == "18.8.11" + edit_resource(:file, "/etc/apt/keyrings/elasticsearch6.x.gpg") do + action :create_if_missing + end +end diff --git a/cookbooks/apt/recipes/elasticsearch7.rb b/cookbooks/apt/recipes/elasticsearch7.rb index 57737b635..f26cab421 100644 --- a/cookbooks/apt/recipes/elasticsearch7.rb +++ b/cookbooks/apt/recipes/elasticsearch7.rb @@ -26,6 +26,13 @@ apt_repository "elasticsearch7.x" do key "https://artifacts.elastic.co/GPG-KEY-elasticsearch" end +# Workaround v18.8.11 bug: https://github.com/chef/chef/issues/15214 +if Chef::VERSION == "18.8.11" + edit_resource(:file, "/etc/apt/keyrings/elasticsearch7.x.gpg") do + action :create_if_missing + end +end + # Workaround for mediawiki 1.39.x which ONLY supports elasticsearch 7.10.2 # elasticsearch 7.10.2 is the final Apache 2.0 licensed version of elasticsearch apt_preference "elasticsearch" do diff --git a/cookbooks/apt/recipes/elasticsearch8.rb b/cookbooks/apt/recipes/elasticsearch8.rb index b9991e474..50eec5d54 100644 --- a/cookbooks/apt/recipes/elasticsearch8.rb +++ b/cookbooks/apt/recipes/elasticsearch8.rb @@ -25,3 +25,10 @@ apt_repository "elasticsearch8.x" do components ["main"] key "https://artifacts.elastic.co/GPG-KEY-elasticsearch" end + +# Workaround v18.8.11 bug: https://github.com/chef/chef/issues/15214 +if Chef::VERSION == "18.8.11" + edit_resource(:file, "/etc/apt/keyrings/elasticsearch8.x.gpg") do + action :create_if_missing + end +end diff --git a/cookbooks/apt/recipes/fullstaq-ruby.rb b/cookbooks/apt/recipes/fullstaq-ruby.rb index d9dad7d37..df6debf36 100644 --- a/cookbooks/apt/recipes/fullstaq-ruby.rb +++ b/cookbooks/apt/recipes/fullstaq-ruby.rb @@ -25,3 +25,10 @@ apt_repository "fullstaq-ruby" do components ["main"] key "https://raw.githubusercontent.com/fullstaq-ruby/server-edition/main/fullstaq-ruby.asc" end + +# Workaround v18.8.11 bug: https://github.com/chef/chef/issues/15214 +if Chef::VERSION == "18.8.11" + edit_resource(:file, "/etc/apt/keyrings/fullstaq-ruby.gpg") do + action :create_if_missing + end +end diff --git a/cookbooks/apt/recipes/grafana.rb b/cookbooks/apt/recipes/grafana.rb index 5738c23d4..93a7b4c88 100644 --- a/cookbooks/apt/recipes/grafana.rb +++ b/cookbooks/apt/recipes/grafana.rb @@ -25,3 +25,10 @@ apt_repository "grafana" do components ["main"] key "https://packages.grafana.com/gpg.key" end + +# Workaround v18.8.11 bug: https://github.com/chef/chef/issues/15214 +if Chef::VERSION == "18.8.11" + edit_resource(:file, "/etc/apt/keyrings/grafana.gpg") do + action :create_if_missing + end +end diff --git a/cookbooks/apt/recipes/hwraid.rb b/cookbooks/apt/recipes/hwraid.rb index c8d99bdef..ce0548858 100644 --- a/cookbooks/apt/recipes/hwraid.rb +++ b/cookbooks/apt/recipes/hwraid.rb @@ -37,3 +37,10 @@ apt_repository "hwraid" do components ["main"] key "https://hwraid.le-vert.net/debian/hwraid.le-vert.net.gpg.key" end + +# Workaround v18.8.11 bug: https://github.com/chef/chef/issues/15214 +if Chef::VERSION == "18.8.11" + edit_resource(:file, "/etc/apt/keyrings/hwraid.gpg") do + action :create_if_missing + end +end diff --git a/cookbooks/apt/recipes/management-component-pack.rb b/cookbooks/apt/recipes/management-component-pack.rb index 3a86443ad..a3431d2e4 100644 --- a/cookbooks/apt/recipes/management-component-pack.rb +++ b/cookbooks/apt/recipes/management-component-pack.rb @@ -23,43 +23,79 @@ apt_repository "management-component-pack" do action :remove end -# if platform?("debian") -# apt_repository "mcp" do -# uri "https://downloads.linux.hpe.com/SDR/repo/mcp" -# distribution "#{node[:lsb][:codename]}/current" -# components ["non-free"] -# key ["https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub", "https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key2.pub"] -# end -# -# if node[:dmi][:system][:product_name].end_with?("Gen9") -# apt_repository "mcp-gen9" do -# uri "https://downloads.linux.hpe.com/SDR/repo/mcp" -# distribution "stretch/current-gen9" -# components ["non-free"] -# key ["https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub", "https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key2.pub"] -# end -# end -# elsif platform?("ubuntu") -# if node[:dmi][:system][:product_name].end_with?("Gen10") -# apt_repository "mcp-jammy" do -# uri "https://downloads.linux.hpe.com/SDR/repo/mcp" -# distribution "jammy/current" -# components ["non-free"] -# key ["https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub", "https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key2.pub"] -# end -# -# apt_repository "mcp-focal-gen10" do -# uri "https://downloads.linux.hpe.com/SDR/repo/mcp" -# distribution "focal/current-gen10" -# components ["non-free"] -# key ["https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub", "https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key2.pub"] -# end -# else -# apt_repository "mcp-bionic-gen9" do -# uri "https://downloads.linux.hpe.com/SDR/repo/mcp" -# distribution "bionic/current-gen9" -# components ["non-free"] -# key ["https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub", "https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key2.pub"] -# end -# end -# end +if platform?("debian") + apt_repository "mcp" do + uri "https://downloads.linux.hpe.com/SDR/repo/mcp" + distribution "#{node[:lsb][:codename]}/current" + components ["non-free"] + key ["https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub", "https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key2.pub"] + end + + # Workaround v18.8.11 bug: https://github.com/chef/chef/issues/15214 + if Chef::VERSION == "18.8.11" + edit_resource(:file, "/etc/apt/keyrings/mcp.gpg") do + action :create_if_missing + end + end + + if node[:dmi][:system][:product_name].end_with?("Gen9") + apt_repository "mcp-gen9" do + uri "https://downloads.linux.hpe.com/SDR/repo/mcp" + distribution "stretch/current-gen9" + components ["non-free"] + key ["https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub", "https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key2.pub"] + end + + # Workaround v18.8.11 bug: https://github.com/chef/chef/issues/15214 + if Chef::VERSION == "18.8.11" + edit_resource(:file, "/etc/apt/keyrings/mcp-gen9.gpg") do + action :create_if_missing + end + end + + end +elsif platform?("ubuntu") + if node[:dmi][:system][:product_name].end_with?("Gen10") + apt_repository "mcp-jammy" do + uri "https://downloads.linux.hpe.com/SDR/repo/mcp" + distribution "jammy/current" + components ["non-free"] + key ["https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub", "https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key2.pub"] + end + + # Workaround v18.8.11 bug: https://github.com/chef/chef/issues/15214 + if Chef::VERSION == "18.8.11" + edit_resource(:file, "/etc/apt/keyrings/mcp-jammy.gpg") do + action :create_if_missing + end + end + + apt_repository "mcp-focal-gen10" do + uri "https://downloads.linux.hpe.com/SDR/repo/mcp" + distribution "focal/current-gen10" + components ["non-free"] + key ["https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub", "https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key2.pub"] + end + + # Workaround v18.8.11 bug: https://github.com/chef/chef/issues/15214 + if Chef::VERSION == "18.8.11" + edit_resource(:file, "/etc/apt/keyrings/mcp-focal-gen10.gpg") do + action :create_if_missing + end + end + else + apt_repository "mcp-bionic-gen9" do + uri "https://downloads.linux.hpe.com/SDR/repo/mcp" + distribution "bionic/current-gen9" + components ["non-free"] + key ["https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub", "https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key2.pub"] + end + + # Workaround v18.8.11 bug: https://github.com/chef/chef/issues/15214 + if Chef::VERSION == "18.8.11" + edit_resource(:file, "/etc/apt/keyrings/mcp-bionic-gen9.gpg") do + action :create_if_missing + end + end + end +end diff --git a/cookbooks/apt/recipes/maxmind.rb b/cookbooks/apt/recipes/maxmind.rb index dbe0fc88a..bc520428f 100644 --- a/cookbooks/apt/recipes/maxmind.rb +++ b/cookbooks/apt/recipes/maxmind.rb @@ -23,3 +23,10 @@ apt_repository "maxmind" do uri "ppa:maxmind/ppa" only_if { platform?("ubuntu") } end + +# Workaround v18.8.11 bug: https://github.com/chef/chef/issues/15214 +if Chef::VERSION == "18.8.11" + edit_resource(:file, "/etc/apt/keyrings/maxmind.gpg") do + action :create_if_missing + end +end diff --git a/cookbooks/apt/recipes/nginx.rb b/cookbooks/apt/recipes/nginx.rb index 117ef31a7..bf6ca71ef 100644 --- a/cookbooks/apt/recipes/nginx.rb +++ b/cookbooks/apt/recipes/nginx.rb @@ -30,3 +30,10 @@ apt_repository "nginx" do components ["nginx"] key "https://nginx.org/keys/nginx_signing.key" end + +# Workaround v18.8.11 bug: https://github.com/chef/chef/issues/15214 +if Chef::VERSION == "18.8.11" + edit_resource(:file, "/etc/apt/keyrings/nginx.gpg") do + action :create_if_missing + end +end diff --git a/cookbooks/apt/recipes/nodesource.rb b/cookbooks/apt/recipes/nodesource.rb index 18d5d8be7..0efcf5157 100644 --- a/cookbooks/apt/recipes/nodesource.rb +++ b/cookbooks/apt/recipes/nodesource.rb @@ -26,3 +26,10 @@ apt_repository "nodesource" do key "https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key" ignore_failure true end + +# Workaround v18.8.11 bug: https://github.com/chef/chef/issues/15214 +if Chef::VERSION == "18.8.11" + edit_resource(:file, "/etc/apt/keyrings/nodesource.gpg") do + action :create_if_missing + end +end diff --git a/cookbooks/apt/recipes/passenger.rb b/cookbooks/apt/recipes/passenger.rb index b7e208dd6..093e853b1 100644 --- a/cookbooks/apt/recipes/passenger.rb +++ b/cookbooks/apt/recipes/passenger.rb @@ -24,3 +24,10 @@ apt_repository "passenger" do components ["main"] key "https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt" end + +# Workaround v18.8.11 bug: https://github.com/chef/chef/issues/15214 +if Chef::VERSION == "18.8.11" + edit_resource(:file, "/etc/apt/keyrings/passenger.gpg") do + action :create_if_missing + end +end diff --git a/cookbooks/apt/recipes/postgresql.rb b/cookbooks/apt/recipes/postgresql.rb index 6fe6377d1..16d4cff88 100644 --- a/cookbooks/apt/recipes/postgresql.rb +++ b/cookbooks/apt/recipes/postgresql.rb @@ -25,3 +25,10 @@ apt_repository "postgresql" do components ["main"] key "https://www.postgresql.org/media/keys/ACCC4CF8.asc" end + +# Workaround v18.8.11 bug: https://github.com/chef/chef/issues/15214 +if Chef::VERSION == "18.8.11" + edit_resource(:file, "/etc/apt/keyrings/postgresql.gpg") do + action :create_if_missing + end +end diff --git a/cookbooks/apt/recipes/yarn.rb b/cookbooks/apt/recipes/yarn.rb index fe5059bb3..8ec2ddc3d 100644 --- a/cookbooks/apt/recipes/yarn.rb +++ b/cookbooks/apt/recipes/yarn.rb @@ -25,3 +25,10 @@ apt_repository "yarn" do components ["main"] key "https://dl.yarnpkg.com/debian/pubkey.gpg" end + +# Workaround v18.8.11 bug: https://github.com/chef/chef/issues/15214 +if Chef::VERSION == "18.8.11" + edit_resource(:file, "/etc/apt/keyrings/yarn.gpg") do + action :create_if_missing + end +end -- 2.39.5