Install packages from debian backports with puppet

Let's say we have a list of packages you want to install from backports like this:

$backports = [ 'pkg1', 'pkg2' ]

There are a couple of things you have to do:

Add the backports repository to sources.list(.d)

apt::source { 'debian-backports':
  location => "ftp://$SERVER/debian",
  repos => 'main contrib non-free',
  release => 'jessie-backports'
}

pin the packages to a priority of 500 or higher

apt::pin { 'backports_packages':
  packages => $backports,
  priority => 600,
  release => 'jessie-backports'
}

set "ensure => latest", not installed/present

package { $backports: ensure => latest }

Debian Mirror / Another fix for hashsum mismatch

At work I am running a debian mirror for a bunch of client machines. I needed packages from the backports, so I added the backports to mirror and got this nice error:

W: Failed to fetch ftp://$SERVER_AT_WORK/debian-backports/dists/jessie-backports/main/binary-amd64/Packages Hash Sum mismatch

Turns out, the old mirror structure from debian wheezy cannot be used for a jessie-mirror, you need to use the same directory structure as on the offical mirrors (ftp://$SERVER_AT_WORK/debian/dists/jessie-backports).

For a complete mirror you can use this script:

	#!/bin/bash
	# configuration
	MIRROR='ftp.de.debian.org'
	ARCH='i386,amd64'
	SECTIONS='main,contrib,non-free,main/debian-installer'
	RELEASE='jessie'
	MIRRORDIR=/srv/ftp
	# end of configuration
	DISTS="${RELEASE},${RELEASE}-updates,${RELEASE}-backports"
	COMMONOPTS="-v -a ${ARCH} -s ${SECTIONS} --i18n --passive --ignore-missing-release --ignore-release-gpg --slow-cpu"
	mkdir -p $MIRRORDIR/debian
	mkdir -p $MIRRORDIR/debian-security
	debmirror $COMMONOPTS -r debian -h $MIRROR -d $DISTS $MIRRORDIR/debian
	debmirror $COMMONOPTS -r debian-security -h security.debian.org -d $RELEASE/updates $MIRRORDIR/debian-security

view raw update-debian-mirror.sh hosted with ❤ by GitHub