Since fetch_url already take care of the exception, the try/except
clause is no longer working, so replace it with proper status
checking, thus permitting to remove urlib2 from the import list.
for install, remove, deb_install, and upgrade.
Since apt has very commonly familiar output, just use the normal output
from apt-get or aptitude -- trimmed to the interesting parts -- to show
to the user if she specified --diff on the CLI.
Uses the recent support for the `diff['prepared]` key.
Fixesansible/ansible#10239
'server_insecure' maps to the subscription-manager config
(/etc/rhsm/rhsm.conf) value for 'insecure' key in the
'server' stanza. The 'insecure' configures if the https connection
to 'server_hostname' is verified as having been issued by
a CA in 'ca_cert_dir' trust store.
Previous documentation indicating it disables https and
enables http was inaccurate. Connection to server_hostname
always uses https.
This is useful for packages that bootstrap their own apt-key setup - only
the initial installation will require overriding. Notable examples are the
Dropbox and Google Chrome packages.
(Setting force=yes is far too strong: I only want to bypass
authentication!)
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
The returned list of diffs aims to simulate how a file system diff would
look before and after writing the sources list files.
n.b. Ternary conditional is due to failing integration test for
python 2.4
This mirrors a nearly identical change made to apt_repository.py.
Also removes the use of apt-get --force-yes as it can be dangerous
and should not be necessary (apt_repository.py does not use it).
Repeating the explanation from the apt_respository change below:
Since use_unsafe_shell is suspicious from a security point
of view (or it wouldn't be unsafe), the less we have, the less
code we have to thoroughly inspect for a security audit.
In this case, the '&&' can be replaced by doing 2 calls to run_command.
The old method left settings in the environment. The new method takes
care of clearing them after use. In this module, the old method was
also setting the environment too late to affect all the command line
tools which lead to a bug.
Fixes https://github.com/ansible/ansible/issues/14264
On systems with restrictive umasks, the pip module won't allow you to
install pip packages that are usable by everyone on the system. This
commit adds a umask option to optionally override the umask on a
per-package basis.
Since there is no shell escape of the password parameter, a password with
a single quote (or even worst, a single quote and a pipe) could have
unattended consequences. Also, the less we use use_unsafe_shell=True, the
better.
Since use_unsafe_shell is suspicious from a security point
of view (or it wouldn't be unsafe), the less we have, the less
code we have to toroughly inspect for a security audit.
In this case, the '&&' can be replaced by doing 2 calls to run_command.
Without this change, some trouble may occur when "deb" parameter
is used as env vars controlling dpkg are not set. For example,
installing a package that requires user input will never end since
DEBIAN_FRONTEND=noninteractive is not set.
So export env vars in APT_ENV_VARS before run dpkg, like in cases
using apt-get/aptitude.
