Download latest version of Inspec on Linux


#1

For nearly a day now, I've been trying to find a way to get the latest version of Inspec on my Ubuntu script...

In my script I'd like to be able to download directly from:

https://packages.chef.io/files/stable/inspec/2.3.4/ubuntu/16.04/inspec_2.3.4-1_amd64.deb

The problem is, the version number changes in the URL. If I hard code the URL, I will fall behind. I need to be able to download from the URL and auto install without having to check the versions all the time.


#2

I recommend you use our install script described in https://docs.chef.io/install_omnibus.html

$ curl -L https://omnitruck.chef.io/install.sh | bash -s -- -P inspec
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0el 7 x86_64
100 23075  100 23075    0     0  66952      0 --:--:-- --:--:-- --:--:-- 67078
Getting information for inspec stable  for el...
downloading https://omnitruck.chef.io/stable/inspec/metadata?v=&p=el&pv=7&m=x86_64
  to file /tmp/install.sh.194/metadata.txt
trying curl...
sha1	fa0e9ce70671a0f744f178ece9d42f437cca2f0d
sha256	f6e2965d28d9cd84f586c7b7d478543613014db98dc866d164665bb09ceefe15
url	https://packages.chef.io/files/stable/inspec/2.3.4/el/7/inspec-2.3.4-1.el7.x86_64.rpm
version	2.3.4
downloaded metadata file looks valid...
downloading https://packages.chef.io/files/stable/inspec/2.3.4/el/7/inspec-2.3.4-1.el7.x86_64.rpm
  to file /tmp/install.sh.194/inspec-2.3.4-1.el7.x86_64.rpm
trying curl...
Comparing checksum with sha256sum...

WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

You are installing an omnibus package without a version pin.  If you are installing
on production servers via an automated process this is DANGEROUS and you will
be upgraded without warning on new releases, even to new major releases.
Letting the version float is only appropriate in desktop, test, development or
CI/CD environments.

WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

Installing inspec 
installing with rpm...
warning: /tmp/install.sh.194/inspec-2.3.4-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing...                          ################################# [100%]
You're about to install InSpec!
Updating / installing...
   1:inspec-2.3.4-1.el7               ################################# [100%]
Thank you for installing InSpec!

#3

Where do you think we should place that information, do we need to make this more prominent on inspec.io? We have this documented here https://github.com/inspec/inspec#install-as-package


#4

I'm currently discussing it with our team. We're building an immutable infrastructure managed by Terraform. I think the knee jerk reaction when building our pipeline is the general rule of thumb, don't install more resources than necessary. So we're trying keep our instances resource light by just having Inspec and no other Chef resources until needed.

If you guys made it more obvious on inspec.io that would be great. I think in the future, others still learning and trying to build this infrastructure might do the same. Thank you for the advice!


#5

Is exactly what we were looking for! Thank you