Skip to main content

package resource

Use the package Chef InSpec audit resource to test if the named package and/or package version is installed on the system.

Availability

Install

This resource is distributed with Chef InSpec and is automatically available for use.

Version

This resource first became available in v1.0.0 of InSpec.

Syntax

A package resource block declares a package and (optionally) a package version:

describe package('name') do
  it { should be_installed }
end

where

  • ('name') must specify the name of a package, such as 'nginx'
  • be_installed is a valid matcher for this resource

Properties

version

The version property tests if the named package version is on the system:

its('version') { should eq '1.2.3' }

You can also use the cmp matcher to perform comparisons using the version attribute:

its('version') { should cmp >= '7.35.0-1ubuntu3.10' }

cmp understands version numbers using Gem::Version, and can use the operators ==, <, <=, >=, and >. It will compare versions by each segment, not as a string - so ‘7.4’ is smaller than ‘7.30’, for example.

Examples

The following examples show how to use this Chef InSpec audit resource.

Test if NGINX version 1.9.5 is installed

describe package('nginx') do
  it { should be_installed }
  its('version') { should eq '1.9.5' }
end

Test that a package is not installed

describe package('some_package') do
  it { should_not be_installed }
end

Test that telnet is not installed

describe package('telnetd') do
  it { should_not be_installed }
end

describe inetd_conf do
  its('telnet') { should eq nil }
end

Test if ClamAV (an antivirus engine) is installed, latest and running

describe package('clamav') do
  it { should be_installed }
  its('version') { should eq '0.98.7' }
end

describe service('clamd') do
  it { should be_enabled }
  it { should be_installed }
  it { should be_latest }
  it { should be_running }
end

Verify if a package is installed according to my rpm database

describe package('some_package', rpm_dbpath: '/var/lib/my_rpmdb') do
  it { should be_installed }
end

Verify if Memcached is installed, latest, enabled, and running

Memcached is an in-memory key-value store that helps improve the performance of database-driven websites and can be installed, maintained, and tested using the memcached cookbook (maintained by Chef). The following example is from the memcached cookbook and shows how to use a combination of the package, service, and port Chef InSpec audit resources to test if Memcached is installed, enabled, and running:

describe package('memcached') do
  it { should be_installed }
end

describe service('memcached') do
  it { should be_installed }
  it { should be_latest }
  it { should be_enabled }
  it { should be_running }
end

describe port(11_211) do
  it { should be_listening }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

be_held

The be_held matcher tests if the named package is “held”. On dpkg platforms, a “held” package will not be upgraded to a later version.

it { should be_held }

be_installed

The be_installed matcher tests if the named package is installed on the system:

it { should be_installed }

be_latest

The be_latest matcher tests if the named installed package is latest on the system. It is not supported in Oracle Solaris, IBM AIX and HP UX operating systems.

it { should be_latest }
Edit this page on GitHub

Thank you for your feedback!

×