From 6a72ee00b873555e16fb503dfe1402ecd9c7e1a5 Mon Sep 17 00:00:00 2001
From: digitalsleuth <corey@digitalsleuth.ca>
Date: Fri, 10 Apr 2026 15:48:00 +0000
Subject: [PATCH 1/5] Fix for hard-coded codename in Ubuntu repos

---
 sift/repos/ubuntu-multiverse.sls | 22 ++++++++++++++++++----
 sift/repos/ubuntu-universe.sls   | 19 ++++++++++++++++---
 2 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/sift/repos/ubuntu-multiverse.sls b/sift/repos/ubuntu-multiverse.sls
index 61ae73c..220f7c8 100644
--- a/sift/repos/ubuntu-multiverse.sls
+++ b/sift/repos/ubuntu-multiverse.sls
@@ -1,3 +1,4 @@
+{% set codename = grains["oscodename"] %}
 {%- if grains["osarch"] == "aarch64" or grains["osarch"] == "arm64" -%}
 sift-ubuntu-ports-repo:
   file.append:
@@ -6,14 +7,14 @@ sift-ubuntu-ports-repo:
 
         Types: deb
         URIs: http://ports.ubuntu.com/ubuntu-ports/
-        Suites: noble
+        Suites: {{ codename }}
         Components: main universe restricted multiverse
         Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
         Architectures: arm64
 
         Types: deb
         URIs: http://ports.ubuntu.com/ubuntu-ports/
-        Suites: noble-security
+        Suites: {{ codename }}-security
         Components: main universe restricted multiverse
         Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
         Architectures: arm64
@@ -21,6 +22,19 @@ sift-ubuntu-ports-repo:
       - grep -q "URIs: http://ports.ubuntu.com/ubuntu-ports/" /etc/apt/sources.list.d/ubuntu.sources
 
 {% else %}
+{% if not salt['file.file_exists']('/etc/apt/sources.list.d/ubuntu.sources') %}
+sift-ubuntu-repo-multiverse:
+  file.managed:
+    - name: /etc/apt/sources.list.d/ubuntu.sources
+    - contents: |
+        Types: deb
+        URIs: http://ca.archive.ubuntu.com/ubuntu/
+        Suites: {{ codename }} {{ codename }}-updates {{ codename }}-backports
+        Components: main restricted universe multiverse
+        Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+    - mode: 644
+{% endif %}
+
 sift-multiverse-repo:
   file.replace:
     - name: /etc/apt/sources.list.d/ubuntu.sources
@@ -36,10 +50,10 @@ sift-security-repo:
 
         Types: deb
         URIs: http://security.ubuntu.com/ubuntu/
-        Suites: noble-security
+        Suites: {{ codename }}-security
         Components: main universe restricted multiverse
         Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
     - unless:
-      - grep -q "^Suites:.*noble-security" /etc/apt/sources.list.d/ubuntu.sources
+      - grep -q "^Suites:.*{{ codename }}-security" /etc/apt/sources.list.d/ubuntu.sources
 
 {% endif %}
diff --git a/sift/repos/ubuntu-universe.sls b/sift/repos/ubuntu-universe.sls
index 6fe23e5..d214d87 100644
--- a/sift/repos/ubuntu-universe.sls
+++ b/sift/repos/ubuntu-universe.sls
@@ -1,3 +1,4 @@
+{% set codename = grains["oscodename"] %}
 {%- if grains["osarch"] == "aarch64" or grains["osarch"] == "arm64" -%}
 sift-ubuntu-ports-repo:
   file.append:
@@ -6,13 +7,25 @@ sift-ubuntu-ports-repo:
 
         Types: deb
         URIs: http://ports.ubuntu.com/ubuntu-ports/
-        Suites: noble
+        Suites: {{ codename }}
         Components: main universe restricted multiverse
         Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
         Architectures: arm64
-    - unless: 
-      - grep -q "URIs: http://ports.ubuntu.com/ubuntu-ports/" /etc/apt/sources.list.d/ubuntu.sources
+    - unless: grep -q "ubuntu-ports" /etc/apt/sources.list.d/ubuntu.sources
 {% else %}
+{% if not salt['file.file_exists']('/etc/apt/sources.list.d/ubuntu.sources') %}
+sift-ubuntu-repo-universe:
+  file.managed:
+    - name: /etc/apt/sources.list.d/ubuntu.sources
+    - contents: |
+        Types: deb
+        URIs: http://ca.archive.ubuntu.com/ubuntu/
+        Suites: {{ codename }} {{ codename }}-updates {{ codename }}-backports
+        Components: main restricted universe multiverse
+        Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+    - mode: 644
+{% endif %}
+
 sift-universe-repo:
   file.replace:
     - name: /etc/apt/sources.list.d/ubuntu.sources

From 08bace87ffdfc1fe7155ab029f7b00c8243eb762 Mon Sep 17 00:00:00 2001
From: digitalsleuth <corey@digitalsleuth.ca>
Date: Fri, 10 Apr 2026 18:30:00 +0000
Subject: [PATCH 2/5] Correct current state detection

---
 sift/repos/ubuntu-multiverse.sls | 7 ++++---
 sift/repos/ubuntu-universe.sls   | 5 +++--
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/sift/repos/ubuntu-multiverse.sls b/sift/repos/ubuntu-multiverse.sls
index 220f7c8..65a2494 100644
--- a/sift/repos/ubuntu-multiverse.sls
+++ b/sift/repos/ubuntu-multiverse.sls
@@ -1,6 +1,6 @@
 {% set codename = grains["oscodename"] %}
 {%- if grains["osarch"] == "aarch64" or grains["osarch"] == "arm64" -%}
-sift-ubuntu-ports-repo:
+sift-ubuntu-ports-repo-multiverse:
   file.append:
     - name: /etc/apt/sources.list.d/ubuntu.sources
     - text: |
@@ -19,7 +19,8 @@ sift-ubuntu-ports-repo:
         Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
         Architectures: arm64
     - unless:
-      - grep -q "URIs: http://ports.ubuntu.com/ubuntu-ports/" /etc/apt/sources.list.d/ubuntu.sources
+      - grep -q "ubuntu-ports" /etc/apt/sources.list.d/ubuntu.sources
+      - grep -q "{{ codename }}-security" /etc/apt/sources.list.d/ubuntu.sources
 
 {% else %}
 {% if not salt['file.file_exists']('/etc/apt/sources.list.d/ubuntu.sources') %}
@@ -54,6 +55,6 @@ sift-security-repo:
         Components: main universe restricted multiverse
         Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
     - unless:
-      - grep -q "^Suites:.*{{ codename }}-security" /etc/apt/sources.list.d/ubuntu.sources
+      - grep -q "{{ codename }}-security" /etc/apt/sources.list.d/ubuntu.sources
 
 {% endif %}
diff --git a/sift/repos/ubuntu-universe.sls b/sift/repos/ubuntu-universe.sls
index d214d87..979b804 100644
--- a/sift/repos/ubuntu-universe.sls
+++ b/sift/repos/ubuntu-universe.sls
@@ -1,6 +1,6 @@
 {% set codename = grains["oscodename"] %}
 {%- if grains["osarch"] == "aarch64" or grains["osarch"] == "arm64" -%}
-sift-ubuntu-ports-repo:
+sift-ubuntu-ports-repo-universe:
   file.append:
     - name: /etc/apt/sources.list.d/ubuntu.sources
     - text: |
@@ -11,7 +11,8 @@ sift-ubuntu-ports-repo:
         Components: main universe restricted multiverse
         Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
         Architectures: arm64
-    - unless: grep -q "ubuntu-ports" /etc/apt/sources.list.d/ubuntu.sources
+    - unless:
+      - grep -q "ubuntu-ports" /etc/apt/sources.list.d/ubuntu.sources
 {% else %}
 {% if not salt['file.file_exists']('/etc/apt/sources.list.d/ubuntu.sources') %}
 sift-ubuntu-repo-universe:

From 6323a6f020e666157c73d115740c6a18f0aa1ad6 Mon Sep 17 00:00:00 2001
From: digitalsleuth <corey@digitalsleuth.ca>
Date: Fri, 10 Apr 2026 18:43:38 +0000
Subject: [PATCH 3/5] Updates to unless statements

---
 sift/repos/ubuntu-multiverse.sls | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/sift/repos/ubuntu-multiverse.sls b/sift/repos/ubuntu-multiverse.sls
index 65a2494..e4b5c2d 100644
--- a/sift/repos/ubuntu-multiverse.sls
+++ b/sift/repos/ubuntu-multiverse.sls
@@ -55,6 +55,5 @@ sift-security-repo:
         Components: main universe restricted multiverse
         Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
     - unless:
-      - grep -q "{{ codename }}-security" /etc/apt/sources.list.d/ubuntu.sources
-
+      - grep -q "ubuntu-ports" /etc/apt/sources.list.d/ubuntu.sources
 {% endif %}

From 56dd4cadc315f396788e0f30a00a6f61aed666e1 Mon Sep 17 00:00:00 2001
From: digitalsleuth <corey@digitalsleuth.ca>
Date: Fri, 10 Apr 2026 20:10:34 +0000
Subject: [PATCH 4/5] Update states from managed to append

---
 sift/repos/ubuntu-multiverse.sls | 19 +++++++++++++------
 sift/repos/ubuntu-universe.sls   | 20 +++++++++++++-------
 2 files changed, 26 insertions(+), 13 deletions(-)

diff --git a/sift/repos/ubuntu-multiverse.sls b/sift/repos/ubuntu-multiverse.sls
index e4b5c2d..bd35e1e 100644
--- a/sift/repos/ubuntu-multiverse.sls
+++ b/sift/repos/ubuntu-multiverse.sls
@@ -23,18 +23,18 @@ sift-ubuntu-ports-repo-multiverse:
       - grep -q "{{ codename }}-security" /etc/apt/sources.list.d/ubuntu.sources
 
 {% else %}
-{% if not salt['file.file_exists']('/etc/apt/sources.list.d/ubuntu.sources') %}
 sift-ubuntu-repo-multiverse:
-  file.managed:
+  file.append:
     - name: /etc/apt/sources.list.d/ubuntu.sources
-    - contents: |
+    - text: |
         Types: deb
-        URIs: http://ca.archive.ubuntu.com/ubuntu/
+        URIs: http://archive.ubuntu.com/ubuntu/
         Suites: {{ codename }} {{ codename }}-updates {{ codename }}-backports
         Components: main restricted universe multiverse
         Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
-    - mode: 644
-{% endif %}
+    - makedirs: True
+    - unless:
+      - grep -q "archive.ubuntu.com" /etc/apt/sources.list.d/ubuntu.sources
 
 sift-multiverse-repo:
   file.replace:
@@ -56,4 +56,11 @@ sift-security-repo:
         Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
     - unless:
       - grep -q "ubuntu-ports" /etc/apt/sources.list.d/ubuntu.sources
+      - grep -q "security.ubuntu.com" /etc/apt/sources.list.d/ubuntu.sources
+
+{% if codename == "jammy" %}
+sift-remove-sources-list-multiverse:
+  file.absent:
+    - name: /etc/apt/sources.list
+{% endif %}
 {% endif %}
diff --git a/sift/repos/ubuntu-universe.sls b/sift/repos/ubuntu-universe.sls
index 979b804..09b9acf 100644
--- a/sift/repos/ubuntu-universe.sls
+++ b/sift/repos/ubuntu-universe.sls
@@ -11,21 +11,22 @@ sift-ubuntu-ports-repo-universe:
         Components: main universe restricted multiverse
         Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
         Architectures: arm64
+    - makedirs: True
     - unless:
       - grep -q "ubuntu-ports" /etc/apt/sources.list.d/ubuntu.sources
 {% else %}
-{% if not salt['file.file_exists']('/etc/apt/sources.list.d/ubuntu.sources') %}
 sift-ubuntu-repo-universe:
-  file.managed:
+  file.append:
     - name: /etc/apt/sources.list.d/ubuntu.sources
-    - contents: |
+    - text: |
         Types: deb
-        URIs: http://ca.archive.ubuntu.com/ubuntu/
+        URIs: http://archive.ubuntu.com/ubuntu/
         Suites: {{ codename }} {{ codename }}-updates {{ codename }}-backports
         Components: main restricted universe multiverse
         Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
-    - mode: 644
-{% endif %}
+    - makedirs: True
+    - unless:
+      - grep -q "archive.ubuntu.com" /etc/apt/sources.list.d/ubuntu.sources
 
 sift-universe-repo:
   file.replace:
@@ -34,5 +35,10 @@ sift-universe-repo:
     - repl: '\1\2 universe'
     - flags:
         - MULTILINE
-{%- endif %}
+{% if codename == "jammy" %}
+sift-remove-sources-list:
+  file.absent:
+    - name: /etc/apt/sources.list
+{% endif %}
+{% endif %}
 

From e6242aeade82651b7e8d9d3adff26c60a25795cc Mon Sep 17 00:00:00 2001
From: digitalsleuth <corey@digitalsleuth.ca>
Date: Sat, 11 Apr 2026 16:29:51 +0000
Subject: [PATCH 5/5] Add requires

---
 sift/repos/ubuntu-multiverse.sls | 4 ++++
 sift/repos/ubuntu-universe.sls   | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/sift/repos/ubuntu-multiverse.sls b/sift/repos/ubuntu-multiverse.sls
index bd35e1e..5485282 100644
--- a/sift/repos/ubuntu-multiverse.sls
+++ b/sift/repos/ubuntu-multiverse.sls
@@ -59,8 +59,12 @@ sift-security-repo:
       - grep -q "security.ubuntu.com" /etc/apt/sources.list.d/ubuntu.sources
 
 {% if codename == "jammy" %}
+
 sift-remove-sources-list-multiverse:
   file.absent:
     - name: /etc/apt/sources.list
+    - require:
+      - file: sift-multiverse-repo
+
 {% endif %}
 {% endif %}
diff --git a/sift/repos/ubuntu-universe.sls b/sift/repos/ubuntu-universe.sls
index 09b9acf..eb0d90b 100644
--- a/sift/repos/ubuntu-universe.sls
+++ b/sift/repos/ubuntu-universe.sls
@@ -35,10 +35,15 @@ sift-universe-repo:
     - repl: '\1\2 universe'
     - flags:
         - MULTILINE
+
 {% if codename == "jammy" %}
+
 sift-remove-sources-list:
   file.absent:
     - name: /etc/apt/sources.list
+    - require:
+      - file: sift-universe-repo
+
 {% endif %}
 {% endif %}