[BUG] winpkg.latest broken in 3006.3: AttributeError: 'NoneType' object has no attribute 'split' #65165
Comments
|
Actually, this looks like it's a bug in the pkg state, not anything to do with winpkg. |
OrangeDog
added
Regression
|
From memory, When using latest, package state ask winpkg what is installed, ask winpkg what is the latest version, then determines if a newer version is greater than existing version on the system, if so then calls winpkg to install it. Their is some special coding around 'latest' in winpkg but that's for package definitions which use latest instead of a real version number. |
|
@darkpixel I suggest you look at the example of https://github.com/saltstack/salt-winrepo-ng/blob/master/chrome.sls version numbers should really only be used when you can download a specific version. e.g. https://github.com/saltstack/salt-winrepo-ng/blob/master/putty.sls We use |
|
@damon-atkins I guess I'm just not being clear with my explanation. Go ahead and create a Chrome package like you see in https://github.com/saltstack/salt-winrepo-ng/blob/master/chrome.sls. Now go into Wait for a new release of Chrome. Now, use Salt to ensure that everyone is running the latest version of Chrome because...say...a bug was discovered that allowed users to compromise a system through malformed Salt won't update it to the latest version of Chrome....because Applications that self-update don't work properly with Salt doesn't appear to hand the case where you have an existing and older version of the program installed, but the installer is already in the cache and hasn't changed and you're using the |
|
Hi @darkpixel if you have a vendor which does not support download a specific version like chrome. Then you need to some how download the version you want. And host on the salt master, s3, http etc your self, and put a version number in the binary. Something like the following will allow you to chose a specific version you have store on the salt master or latest version. (note I have just cut and pasted this together as an example). Keep in mind latest is design for self update apps. So if you disable self updating, doing version=latest will only work once. i.e. first install. If you want latest to be calculated then leave the latest version tag out. If you want to be able to control which version of software you need to have a If salt does not download the installer unless its needed, i.e. it will not download the install every time a high-state happens and look inside the msi or exe and try and determine its version. If you think of a high state running on 100 plus servers, all downloading the msi at the same time. Winpkg pulls the version number of the existing software from the registry, and the only other version number it looks at is the version string in the package definition to determine the action taken. |
|
I think that's a bad solution. I shouldn't have to pre-download the installer, rename it to have a version number in it to get past caching, and then serve it all from my salt master instead of Google's (in this case) CDN. |
|
Hi @darkpixel If you look at winget every version has a separate download path, I believe choc is the same. The idea of install version=1.1.1.1 is that it downloads that version only and then installs it knowning its that version. Any software download without a version string or a hash etc in its name makes it impossible to download the version of the software the user wants to install. Firefox offers all versions available for individual download for the last 5 years https://github.com/saltstack/salt-winrepo-ng/blob/master/firefox-esr.sls . |
|
See https://github.com/microsoft/winget-pkgs/tree/master/manifests/g/Google/Chrome The community updates this every time the version changes. i.e. delete old version and creates the new version to match. |
|
I get it, but I don't think I'm being clear. If a workstation isn't running the latest version, it should fire off the installer. I know I can't In other words, winpkg should have functionality added to specifically handle out-of-date applications that just need the latest version installed. I can handle this very inefficiently with a cmd.run: The problem is that Salt basically conflates |
|
Instead of Then do pkg definition of chrome:
'9999999.0':
full_name: 'Google Chrome'
installer: 'https://dl.google.com/edgedl/chrome/install/GoogleChromeStandaloneEnterprise64.msi'
uninstaller: 'https://dl.google.com/edgedl/chrome/install/GoogleChromeStandaloneEnterprise64.msi'
install_flags: '/qn /norestart'
uninstall_flags: '/qn /norestart'
msiexec: True
locale: en_US
reboot: FalseThen |
|
I get it. I appreciate that you're trying to help...but I don't want to always install Chrome on every highstate. I want it to run the installer when Chrome is actually out-of-date. Part of the whole idea behind Salt is that you can ensure systems are brought into compliance based on states and pillar data. When Chrome releases an update, I want to ensure the installer is run if the version number is lower than what's specified in the winrepo package definition...just like you would with any other program that's versioned properly. (with the obvious understanding that Chrome doesn't let you roll back to a previous version...making that impossible) Either Google needs to start versioning their installer or Salt needs to fix winpkg...and I'm going to bet that Google isn't going to budge on their installer. I think the easiest option would be to add a flag to the package definition. Maybe something like |
|
@darkpixel winpkg like other packages manager take action base on required versions, those version are held in the package definition. I believe Google polices is to keep moving forward, i.e. the next release will fix security issues, and if you go to an older release you most likely will have vulnerabilities as well, which have been known for longer. Might be able to use In another comment you said "You should be able to include version numbers to salt knows when a program is out-of-date, and when it is out-of-date it can download the installer and run it." What version number would you use, were would it come from? How would you known the version number of |
Something like this untested pseudo-code code should give you an authoritative set of versions for Chrome:
So...when you have a state that says Fortunately in the case of Windows Installer files, This doesn't work so well for executable files as far as I can tell. There doesn't seem to be a way to tell Windows to launch an executable file that is named
As mentioned above, you don't look at the installer URL and cache to figure it out. You already have version numbers defined in the pkgng definition and you compare that to the version number reported by Add/Remove Programs in Windows. that tells you to download the installer and run it. Honestly, I think the pkgng software definitions need to have a flag |
|
Also, the more I think about it...I'm not sure why Salt even needs to cache Windows Installer files. You can quite literally run: msiexec will take care of downloading and running the installer on its own. |
Description
We have been using winrepo-ng for nearly a year. A recent upgrade of minions from 3006.2 to 3006.3 caused our winpkg definitions to stop working.
Calling pkg.latest for a winrepo-ng package results in an error.
Setup
Create a package definition for Chrome:
This appears to only work if Chrome needs an update, so check here https://versionhistory.googleapis.com/v1/chrome/platforms/win/channels/stable/versions to see if a newer version is available. I don't believe this error occurs if Chrome isn't installed, but I need to verify that.
Create a state:
Call the state:
salt 'minion_id' state.sls chrome.slsError output:
Minion version:
The text was updated successfully, but these errors were encountered: