Ubuntu has forced the installation of Firefox and Thunderbird as snap packages for some time. I don’t like snap packages since they’re a bit slower to start, take much more space on the disk, and store the profile files into the “.snap” directory folder, while I want them in the standard place in my home folder. The procedure to revert to the traditional deb installation (through the Mozilla PPA) is well documented but takes several steps, especially to avoid the unintended update to the snap version during the Ubuntu update process.
In this blog post, I’ll document my Ansible tasks to make the whole procedure automatic. This is part of my Ansible playbook for Ubuntu.
These are the main tasks:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
--- - name: Check whether snap is installed and on system path command: 'which snap' register: snap_installed ignore_errors: yes changed_when: false - name: Remove Firefox and Thunderbird Snaps become: true ansible.builtin.snap: state: absent name: - firefox - thunderbird when: snap_installed.rc == 0 - name: Copy Mozilla apt key # The apt_key file is expected to be found on the remote host # so we first need to copy it become: true copy: src: "{{ playbook_dir }}/tasks/files/keys/mozilla.pub" dest: "/tmp/" mode: 0600 - name: Add Mozilla key become: true apt_key: # use locally save key to avoid possible temporary failures # repo: https://launchpad.net/%7Emozillateam/+archive/ubuntu/ppa file: "/tmp/mozilla.pub" state: present - name: Add Mozilla Team apt repository with Distribution codename become: true apt_repository: repo: "deb https://ppa.launchpadcontent.net/mozillateam/ppa/ubuntu {{ ansible_distribution_release }} main" filename: "mozillateamppa" state: present - name: Check whether it is the first time we add Mozilla PPA stat: path: "/etc/apt/preferences.d/mozillateamppa" register: mozillateamppa_result - name: Remove existing transitional packages the first time become: true ansible.builtin.apt: state: absent pkg: - firefox - thunderbird when: not mozillateamppa_result.stat.exists - name: Copy Mozilla apt preference become: true copy: src: "{{ playbook_dir }}/tasks/files/mozilla/mozillateamppa.txt" dest: "/etc/apt/preferences.d/mozillateamppa" mode: 0644 - name: Install Firefox and Thunderbird from APT become: true ansible.builtin.apt: update_cache: true state: present pkg: - firefox - thunderbird - name: Copy Mozilla Unattended update preference become: true copy: src: "{{ playbook_dir }}/tasks/files/mozilla/51unattended-upgrades-mozilla.txt" dest: "/etc/apt/apt.conf.d/51unattended-upgrades-mozilla" mode: 0644 |
The check for snap being installed is required when the playbook is tested with Molecule using a Docker container (the Docker image of Ubuntu does not have snap and the corresponding installed packages).
Then, we remove the snap packages (if “snap” is installed, as said above). Note the use of the “ansible.builtin.snap” module.
I prefer to store the public keys for PPA as part of the Ansible playbook so that I don’t depend on the PGP servers, which tend to be slow and make the Molecule tests flaky. To download the public key locally, I use the link under “Signing key” on the PPA web page:
I add the key and the repository with the corresponding Ansible modules “apt_key” and “apt_repository”.
Note that I then perform a check for the existence of the preference file for the Ubuntu update process, “/etc/apt/preferences.d/mozillateamppa”. I’ll create the file later. If the file does not exist, I assume that this is the first time these Ansible tasks are executed. In that case, I’ll also remove the transitional deb packages for Firefox and Thunderbird, which Ubuntu has in its main repository, which would then force the installation of the corresponding snap packages. Removing such transitional deb packages is crucial, or the real deb packages we want from the Mozilla PPA will not be installed.
Such a preference file is then copied into the final position by using the template file of the playbook, stored in “tasks/files/mozilla/mozillateamppa.txt”:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
Package: thunderbird* Pin: release o=LP-PPA-mozillateam Pin-Priority: 1001 Package: thunderbird* Pin: release o=Ubuntu Pin-Priority: -1 Package: firefox* Pin: release o=LP-PPA-mozillateam Pin-Priority: 1001 Package: firefox* Pin: release o=Ubuntu Pin-Priority: -1 |
Then, we install the deb packages from the Mozilla PPA (note the “update_cache: true”: we added a new PPA, so we must update the apt cache).
Finally, we copy another file to ensure that the versions installed from the Mozilla PPA will take precedence during Ubuntu unattended-upgrades. The template file stored in the playbook “tasks/files/mozilla/51unattended-upgrades-mozilla.txt” is:
|
1 |
Unattended-Upgrade::Allowed-Origins:: "LP-PPA-mozillateam:${distro_codename}"; |
That’s all!
Hope you find this post useful 🙂