Debian-specific CFEngine packages

TL;DR: CFEngine packages that comply to the Debian policy are available. Add the line to your sources list:
“deb http://cfengineers.net/repo $distro main”
and add the key http://cfengineers.net/repo/autobuilder.gpg to /etc/apt/trusted.gpg.d
where $distro is one of
jessie lucid precise raspjessie raspwheezy sid squeeze trusty utopic vivid wheezy
which covers all of the supported Debian and Ubuntu releases in all of i386, amd64, armel and armhf, also Raspbian packages are there, obviously limited to “their” armhf.

—-

I am an owner of a couple of ARM devices. One is an i.mx53qsb development board from Freescale (ARMv7). It came with Ubuntu Lucid (armel), but it runs Debian Wheezy (armhf) now. The second one is a Zyxel NAS 325 (ARMv5), which I hacked and boot Debian Wheezy (armel). The last one is a Raspberry Pi 2, which I recently acquired to run Kodi for some children movies. I also have a number of other devices (amd64 and i386) and VMs (running a mixture of Debians and Ubuntu), which I am in control of. As the number is growing, management of that becomes more problematic. Why not manage those with CFEngine?

Well, it turns out that the Community .deb packages don’t cover my array of devices. The packages from cfengine.com are only for 32-bit and 64-bit “Debian-based distribution”. Some ARM builds were floating around, and a Raspbian package was available on the cfengineers.net site prior to this blog entry, but there’s no build for native Debian or Ubuntu on ARM.

Also, I am a bit sceptical about a .deb that suits all “Debian-based distributions”. It was built on some system, right? So it links at least against libc in a particular version. If it links with 2.13, then it will (probably) not work on Squeeze. If it links with 2.11 (squeeze), it probably has no benefit of some goodies that are in libc 2.19 (jessie).

The Community packages include a number of libraries that CFEngine requires. It is both good and bad. If you are running a recent OS release, you probably have the library in the system already. Or even in memory, as these are pretty common ones. You don’t need another copy of libssl, libz, libxml or whatever on your system. This might have security implications – the openssl library shipped with the Community packages will not automatically upgrade, unless you get a new CFEngine package with the library fixed. And if you can’t upgrade to a new CFEngine package due to some syntax change, well… If the CFEngine package contains just CFEngine and links with the libraries present in your system, you can just apply your system’s OS patches and you’re done.

On the other hand, it’s much easier to test a version of CFEngine against a pre-defined version of each library, so you can expect that if you encountered a bug, it’s easier to reproduce, and the number of OS-specific issues is lower. Also having an all-in-one .deb makes it easier to deploy new machines, with a “dpkg -i && cf-agent –bootstrap” command.

I joined my forces with the CFEngine Debian packaging team, aim of which was to keep the cfengine3 package in Debian up-to-date. A big success of the team was to get CFEngine 3.6.2 into Debian Jessie. These packages needed to comply with the Debian policy, so no /var/cfengine – the files are split to appropriate /usr and /var/lib directories. This is a little bit of a problem, as most documentation and how-tos refer to /var/cfengine, but at least we managed to get some of the changes upstream, so that the default masterfiles work out of the box.

Well, but now we have CFEngine 3.6.5 and I want to be able to run this on Wheezy. So what I did, was to set up my own build system, based on Jenkins and building with cowbuilder on native architectures (amd64 and armhf). I updated the packages to CFEngine 3.6.5, and built against all the currently supported Debian, Ubuntu and Raspbian distributions. I am yet to test them more extensively, so please report if you experience any issues.

How-to:
1. wget http://cfengineers.net/repo/autobuilder.gpg -O /etc/apt/trusted.gpg.d/cfengineers-repo.gpg
md5sum: 307334419dfc8c23ea22c61efd5ced87 autobuilder.gpg
2. Add per-distribution entry to /etc/apt/sources.list.
3. Install “cfengine3” package.

Per-distribution notes.

Debian Squeeze (6.0)
deb http://cfengineers.net/repo squeeze main
Architectures: amd64, i386 and armel (Squeeze didn’t come out for armhf)
To build the package I used squeeze-backports for debhelper. I am not sure if no package from squeeze-backports was used during linking.
The repository contains also a backported version of lmdb (0.9.10)

Debian Wheezy (7)
deb http://cfengineers.net/repo wheezy main
Architectures: amd64, i386, armel, armhf
The repository contains also a backported version of lmdb (0.9.10)

Debian Jessie (8)
deb http://cfengineers.net/repo jessie main
Architectures: amd64, i386, armel, armhf

Ubuntu Lucid (10.04)
deb http://cfengineers.net/repo lucid main
Architectures: amd64, i386 and armel (Lucid didn’t come out for armhf)
The repository includes debhelper and dh-autoreconf. It was easier for me to build it this way, and Lucid is going away any day now.
The repository contains also a backported version of lmdb (0.9.10)

Ubuntu Precise
deb http://cfengineers.net/repo precise main
Architectures: amd64, i386, armel and armhf
Automated tests fail on the openssl version from 12.04, so be sure to use the precise-updates repository (use latest OS updates).
The repository contains also a backported version of lmdb (0.9.10)

Ubuntu Trusty
deb http://cfengineers.net/repo trusty main
Architectures: amd64, i386, and armhf (Trusty didn’t come out for armel)

Ubuntu Utopic
deb http://cfengineers.net/repo utopic main
Architectures: amd64, i386, and armhf (Utopic didn’t come out for armel)

Ubuntu Vivid
deb http://cfengineers.net/repo vivid main
Architectures: amd64, i386, and armhf (Vivid will not come out for armel)

Raspbian Wheezy
deb http://cfengineers.net/repo raspwheezy main
Architectures: armhf (the Raspbian armhf or armv6hf as opposed to Debian’s armv7hf)
The repository contains also a backported version of lmdb (0.9.10)

Raspbian Jessie
deb http://cfengineers.net/repo raspjessie main
Architectures: armhf (the Raspbian armhf or armv6hf as opposed to Debian’s armv7hf)

In case you are afraid to have swapped the repositories or so, just check the version string in liblmdb0 and/or cfengine3. The package version is cfengine3_3.6.5-0.1~deb6_armel.deb, which says it’s CFEngine version 3.6.5, Debian package 0.1 (there was no official -1 yet), and it’s for Debian 6, architecture armel. Other valid values are raspdebX and ubuntuXX.XX.

Posted in Uncategorized