uninstalled package shows as installed

[nvtkaszpir]

Description

Some systems do not fully uninstall packages, they leave some files used in case of reinstall, and this leads to false positives. Especially when dealing with packages under Ubuntu and is in 'rc' stage, that is, it was not removed with --purge.

In general it shows what package manager shows, and it is true, but I think it is rather misleading.

InSpec and Platform Version

inspec 0.32.0
Ubuntu 15.10, tests executed via ssh on Ubuntu 14.04.

Replication Case

Test file:

title 'htop package'
control 'package-htop' do
  impact 1.0
  title 'htop package should be installed'
  desc 'htop package should be installed'
  describe package('htop') do
    it { should be_installed }
  end
end

Steps:

• install htop package
• run inspec test file, see the output, package is installed
• uninstall htop package
• run inspec test file, see the output, package is still installed

see dpkg -l |grep -i htop showing the package is in rc state (removed, configured) so dpkg still shows package exists but actually it is in incomplete state.

Possible Solutions

'installed' package should actually be installed, fix parsing of package manager's output.
Current test implementation for deb packages just checks exit code on dpkg -s <package>, which is not enough.

Stacktrace

No stack trace.

[chris-rock]

Thanks @nvtkaszpir That is very helpful feedback.