1 # frozen_string_literal: true
4 require 'puppet/parameter/boolean'
6 Puppet::Type.newtype(:apt_key) do
8 @summary This type provides Puppet with the capabilities to manage GPG keys needed
9 by apt to perform package validation. Apt has it's own GPG keyring that can
10 be manipulated through the `apt-key` command.
13 apt_key { '6F6B15509CF8E59E6E469F327F438280EF8D349F':
14 source => 'http://apt.puppetlabs.com/pubkey.gpg'
19 If Puppet is given the location of a key file which looks like an absolute
20 path this type will autorequire that file.
28 if self[:refresh] == true && self[:ensure] == :absent
29 raise(_('ensure => absent and refresh => true are mutually exclusive'))
31 if self[:content] && self[:source]
32 raise(_('The properties content and source are mutually exclusive.'))
34 if self[:id].length < 40
35 warning(_('The id should be a full fingerprint (40 characters), see README.'))
39 newparam(:id, namevar: true) do
40 desc 'The ID of the key you want to manage.'
41 # GPG key ID's should be either 32-bit (short) or 64-bit (long) key ID's
42 # and may start with the optional 0x, or they can be 40-digit key fingerprints
43 newvalues(%r{\A(0x)?[0-9a-fA-F]{8}\Z}, %r{\A(0x)?[0-9a-fA-F]{16}\Z}, %r{\A(0x)?[0-9a-fA-F]{40}\Z})
45 id = if value.start_with?('0x')
46 value.partition('0x').last.upcase
55 desc 'The content of, or string representing, a GPG key.'
59 desc 'Location of a GPG key file, /path/to/file, ftp://, http:// or https://'
60 newvalues(%r{\Ahttps?://}, %r{\Aftp://}, %r{\A/\w+})
64 if self[:source] && Pathname.new(self[:source]).absolute?
70 desc 'The key server to fetch the key from based on the ID. It can either be a domain name or url.'
71 defaultto :'keyserver.ubuntu.com'
73 newvalues(%r{\A((hkp|hkps|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?(\/[a-zA-Z\d\-_.]+)*\/?$})
77 desc 'Additional options to pass to apt-key\'s --keyserver-options.'
80 newparam(:refresh, boolean: true, parent: Puppet::Parameter::Boolean) do
81 desc 'When true, recreate an existing expired key'
85 newparam(:weak_ssl, boolean: true, parent: Puppet::Parameter::Boolean) do
86 desc 'When true and source uses https, accepts download of keys without SSL verification'
90 newproperty(:fingerprint) do
92 The 40-digit hexadecimal fingerprint of the specified GPG key.
94 This property is read-only.
100 The 16-digit hexadecimal id of the specified GPG key.
102 This property is read-only.
106 newproperty(:short) do
108 The 8-digit hexadecimal id of the specified GPG key.
110 This property is read-only.
114 newproperty(:expired) do
116 Indicates if the key has expired.
118 This property is read-only.
122 newproperty(:expiry) do
124 The date the key will expire, or nil if it has no expiry date.
126 This property is read-only.
130 newproperty(:size) do
132 The key size, usually a multiple of 1024.
134 This property is read-only.
138 newproperty(:type) do
140 The key type, one of: rsa, dsa, ecc, ecdsa
142 This property is read-only.
146 newproperty(:created) do
148 Date the key was created.
150 This property is read-only.