mirror of
https://github.com/rapid7/metasploitable3.git
synced 2024-07-17 00:00:38 +02:00
1 line
12 KiB
JSON
1 line
12 KiB
JSON
|
{"name":"apt","version":"7.2.0","description":"Configures apt and apt caching.","long_description":"# apt Cookbook\n\n[][travis] [][cookbook]\n\nThis cookbook includes recipes to execute apt-get update to ensure the local APT package cache is up to date. There are recipes for managing the apt-cacher-ng caching proxy and proxy clients. It also includes a custom resource for pinning packages via /etc/apt/preferences.d.\n\n## Requirements\n\n### Platforms\n\n- Ubuntu 12.04+\n- Debian 7+\n\nMay work with or without modification on other Debian derivatives.\n\n### Chef\n\n- Chef 13.3+\n\n### Cookbooks\n\n- None\n\n## Recipes\n\n### default\n\nThis recipe manually updates the timestamp file used to only run `apt-get update` if the cache is more than one day old.\n\nThis recipe should appear first in the run list of Debian or Ubuntu nodes to ensure that the package cache is up to date before managing any `package` resources with Chef.\n\nThis recipe also sets up a local cache directory for preseeding packages.\n\n**Including the default recipe on a node that does not support apt (such as Windows or RHEL) results in a noop.**\n\n### cacher-client\n\nConfigures the node to use a `apt-cacher-ng` server to cache apt requests. Configuration of the server to use is located in `default['apt']['cacher_client']['cacher_server']` which is a hash containing `host`, `port`, `proxy_ssl`, and `bypass` keys. Example:\n\n```json\n{\n \"apt\": {\n \"cacher_client\": {\n \"cacher_server\": {\n \"host\": \"cache_server.mycorp.dmz\",\n \"port\": 1234,\n \"proxy_ssl\": true,\n \"cache_bypass\": {\n \"download.oracle.com\": \"http\"\n }\n }\n }\n }\n}\n```\n\n#### Bypassing the cache\n\nOccasionally you may come across repositories that do not play nicely when the node is using an `apt-cacher-ng` server. You can configure `cacher-client` to bypass the server and connect directly to the repository with the `cache_bypass` attribute.\n\nTo do this, you need to override the `cache_bypass` attribute with an hash of repositories, with each key as the repository URL and value as the protocol to use:\n\n```json\n{\n \"apt\": {\n \"cacher_client\": {\n \"cacher_server\": {\n \"cache_bypass\": {\n \"URL\": \"PROTOCOL\"\n }\n }\n }\n }\n}\n```\n\nFor example, to prevent caching and directly connect to the repository at `download.oracle.com` via http and the repo at `nginx.org` via https\n\n```json\n{\n \"apt\": {\n \"cacher_client\": {\n \"cacher_server\": {\n \"cache_bypass\": {\n \"download.oracle.com\": \"http\",\n \"nginx.org\": \"https\"\n }\n }\n }\n }\n}\n```\n\n### cacher-ng\n\nInstalls the `apt-cacher-ng` package and service so the system can provide APT caching. You can check the usage report at <http://{hostname}:3142/acng-report.html>.\n\nIf you wish to help the `cacher-ng` recipe seed itself, you must now explicitly include the `cacher-client` recipe in your run list **after** `cacher-ng` or you will block your ability to install any packages (ie. `apt-cacher-ng`).\n\n### unattended-upgrades\n\nInstalls and configures the `unattended-upgrades` package to provide automatic package updates. This can be configured to upgrade all packages or to just install security updates by setting `['apt']['unattended_upgrades']['allowed_origins']`.\n\nTo pull just security updates, set `origins_patterns` to something like `[\"origin=Ubuntu,archive=trusty-security\"]` (for Ubuntu trusty) or `[\"origin=Debian,label=Debian-Security\"]` (for Debian).\n\n## Attributes\n\n### General\n\n- `['apt']['compile_time_update']` - force the default recipe to run `apt-get update` at compile time.\n- `['apt']['periodic
|