5 Puppet::Type.type(:apt_key).provide(:apt_key) do
8 :date => '[0-9]{4}-[0-9]{2}-[0-9]{2}',
11 :key_id => '[0-9a-fA-F]+',
12 :expires => 'expire(d|s)',
15 confine :osfamily => :debian
16 defaultfor :osfamily => :debian
17 commands :apt_key => 'apt-key'
20 key_array = apt_key('list').split("\n").collect do |line|
21 line_hash = key_line_hash(line)
25 if line_hash[:key_expiry]
26 expired = Date.today > Date.parse(line_hash[:key_expiry])
30 :name => line_hash[:key_id],
31 :id => line_hash[:key_id],
34 :expiry => line_hash[:key_expiry],
35 :size => line_hash[:key_size],
36 :type => line_hash[:key_type] == 'R' ? :rsa : :dsa,
37 :created => line_hash[:key_created]
43 def self.prefetch(resources)
45 resources.keys.each do |name|
46 if provider = apt_keys.find{ |key| key.name == name }
47 resources[name].provider = provider
52 def self.key_line_hash(line)
53 line_array = line.match(key_line_regexp).to_a
54 return nil if line_array.length < 5
57 :key_id => line_array[3],
58 :key_size => line_array[1],
59 :key_type => line_array[2],
60 :key_created => line_array[4],
64 return_hash[:key_expiry] = line_array[7] if line_array.length == 8
68 def self.key_line_regexp
69 # This regexp is trying to match the following output
70 # pub 4096R/4BD6EC30 2010-07-10 [expires: 2016-07-08]
71 # pub 1024D/CD2EFD2A 2009-12-15
73 pub # match only the public key, not signatures
74 \s+ # bunch of spaces after that
75 (#{KEY_LINE[:key_size]}) # size of the key, usually a multiple of 1024
76 #{KEY_LINE[:key_type]} # type of the key, usually R or D
77 \/ # separator between key_type and key_id
78 (#{KEY_LINE[:key_id]}) # hex id of the key
79 \s+ # bunch of spaces after that
80 (#{KEY_LINE[:date]}) # date the key was added to the keyring
81 # following an optional block which indicates if the key has an expiration
82 # date and if it has expired yet
84 \s+ # again with thes paces
85 \[ # we open with a square bracket
86 #{KEY_LINE[:expires]} # expires or expired
89 (#{KEY_LINE[:date]}) # date indicating key expiry
90 \] # we close with a square bracket
91 )? # end of the optional block
96 def source_to_file(value)
97 if URI::parse(value).scheme.nil?
98 fail("The file #{value} does not exist") unless File.exists?(value)
102 key = open(value).read
103 rescue OpenURI::HTTPError => e
104 fail("#{e.message} for #{resource[:source]}")
106 fail("could not resolve #{resource[:source]}")
113 def tempfile(content)
114 file = Tempfile.new('apt_key')
121 @property_hash[:ensure] == :present
126 if resource[:source].nil? and resource[:content].nil?
127 # Breaking up the command like this is needed because it blows up
128 # if --recv-keys isn't the last argument.
129 command.push('adv', '--keyserver', resource[:server])
130 unless resource[:keyserver_options].nil?
131 command.push('--keyserver-options', resource[:keyserver_options])
133 command.push('--recv-keys', resource[:id])
134 elsif resource[:content]
135 command.push('add', tempfile(resource[:content]))
136 elsif resource[:source]
137 command.push('add', source_to_file(resource[:source]))
138 # In case we really screwed up, better safe than sorry.
140 fail("an unexpected condition occurred while trying to add the key: #{resource[:id]}")
143 @property_hash[:ensure] = :present
147 apt_key('del', resource[:id])
152 fail('This is a read-only property.')
157 # Needed until PUP-1470 is fixed and we can drop support for Puppet versions
160 @property_hash[:expired]
163 # Alias the setters of read-only properties
164 # to the read_only function.
165 alias :created= :read_only
166 alias :expired= :read_only
167 alias :expiry= :read_only
168 alias :size= :read_only
169 alias :type= :read_only