-# source.pp
-# add an apt source
-define apt::source(
- Optional[Variant[String, Stdlib::Compat::String]] $location = undef,
- Variant[String, Stdlib::Compat::String] $comment = $name,
- Variant[String, Stdlib::Compat::String] $ensure = present,
- Optional[Variant[String, Stdlib::Compat::String]] $release = undef,
- Variant[String, Stdlib::Compat::String] $repos = 'main',
- Optional[Variant[Hash, Stdlib::Compat::Hash]] $include = {},
- Optional[Variant[String, Stdlib::Compat::String, Hash, Stdlib::Compat::Hash]] $key = undef,
- $pin = undef,
- Optional[Variant[String, Stdlib::Compat::String]] $architecture = undef,
- Boolean $allow_unsigned = false,
- Boolean $notify_update = true,
- Optional[Variant[String, Stdlib::Compat::String]] $key_server = undef,
- Optional[Variant[String, Stdlib::Compat::String]] $key_content = undef,
- Optional[Variant[String, Stdlib::Compat::String]] $key_source = undef,
- Optional[Boolean] $include_src = undef,
- Optional[Boolean] $include_deb = undef,
- $required_packages = undef,
- $trusted_source = undef,
+# @summary Manages the Apt sources in /etc/apt/sources.list.d/.
+#
+# @example Install the puppetlabs apt source
+# apt::source { 'puppetlabs':
+# location => 'http://apt.puppetlabs.com',
+# repos => 'main',
+# key => {
+# id => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
+# server => 'keyserver.ubuntu.com',
+# },
+# }
+#
+# @param location
+# Required, unless ensure is set to 'absent'. Specifies an Apt repository. Valid options: a string containing a repository URL.
+#
+# @param comment
+# Supplies a comment for adding to the Apt source file.
+#
+# @param ensure
+# Specifies whether the Apt source file should exist. Valid options: 'present' and 'absent'.
+#
+# @param release
+# Specifies a distribution of the Apt repository.
+#
+# @param repos
+# Specifies a component of the Apt repository.
+#
+# @param include
+# Configures include options. Valid options: a hash of available keys.
+#
+# @option include [Boolean] :deb
+# Specifies whether to request the distribution's compiled binaries. Default true.
+#
+# @option include [Boolean] :src
+# Specifies whether to request the distribution's uncompiled source code. Default false.
+#
+# @param key
+# Creates a declaration of the apt::key defined type. Valid options: a string to be passed to the `id` parameter of the `apt::key`
+# defined type, or a hash of `parameter => value` pairs to be passed to `apt::key`'s `id`, `server`, `content`, `source`, `weak_ssl`,
+# and/or `options` parameters.
+#
+# @param keyring
+# Absolute path to a file containing the PGP keyring used to sign this repository. Value is used to set signed-by on the source entry.
+# See https://wiki.debian.org/DebianRepository/UseThirdParty for details.
+#
+# @param pin
+# Creates a declaration of the apt::pin defined type. Valid options: a number or string to be passed to the `id` parameter of the
+# `apt::pin` defined type, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corresponding parameters.
+#
+# @param architecture
+# Tells Apt to only download information for specified architectures. Valid options: a string containing one or more architecture names,
+# separated by commas (e.g., 'i386' or 'i386,alpha,powerpc'). Default: undef (if unspecified, Apt downloads information for all architectures
+# defined in the Apt::Architectures option).
+#
+# @param allow_unsigned
+# Specifies whether to authenticate packages from this release, even if the Release file is not signed or the signature can't be checked.
+#
+# @param notify_update
+# Specifies whether to trigger an `apt-get update` run.
+#
+define apt::source (
+ Optional[String] $location = undef,
+ String $comment = $name,
+ String $ensure = present,
+ Optional[String] $release = undef,
+ String $repos = 'main',
+ Variant[Hash] $include = {},
+ Optional[Variant[String, Hash]] $key = undef,
+ Optional[Stdlib::AbsolutePath] $keyring = undef,
+ Optional[Variant[Hash, Numeric, String]] $pin = undef,
+ Optional[String] $architecture = undef,
+ Boolean $allow_unsigned = false,
+ Boolean $allow_insecure = false,
+ Boolean $notify_update = true,
) {
-
- validate_legacy(String, 'validate_string', $architecture, $comment, $location, $repos)
- validate_legacy(Boolean, 'validate_bool', $allow_unsigned)
- validate_legacy(Hash, 'validate_hash', $include)
-
- # This is needed for compat with 1.8.x
include ::apt
$_before = Apt::Setting["list-${title}"]
- if $required_packages != undef {
- deprecation('apt $required_packages', '$required_packages is deprecated and will be removed in the next major release, please use package resources instead.')
- exec { "Required packages: '${required_packages}' for ${name}":
- command => "${::apt::provider} -y install ${required_packages}",
- logoutput => 'on_failure',
- refreshonly => true,
- tries => 3,
- try_sleep => 1,
- before => $_before,
- }
- }
-
- if $trusted_source != undef {
- deprecation('apt $trusted_source', '$trusted_source is deprecated and will be removed in the next major release, please use $allow_unsigned instead.')
- $_allow_unsigned = $trusted_source
- } else {
- $_allow_unsigned = $allow_unsigned
- }
-
- if ! $release {
- if $facts['lsbdistcodename'] {
- $_release = $facts['lsbdistcodename']
+ if !$release {
+ if fact('os.distro.codename') {
+ $_release = fact('os.distro.codename')
} else {
- fail('lsbdistcodename fact not available: release parameter required')
+ fail('os.distro.codename fact not available: release parameter required')
}
} else {
$_release = $release
}
- if $ensure == 'present' and ! $location {
- fail('cannot create a source entry without specifying a location')
- }
-
- if $include_src != undef and $include_deb != undef {
- $_deprecated_include = {
- 'src' => $include_src,
- 'deb' => $include_deb,
+ if $ensure == 'present' {
+ if ! $location {
+ fail('cannot create a source entry without specifying a location')
+ }
+ elsif ($::apt::proxy['https_acng']) and ($location =~ /(?i:^https:\/\/)/) {
+ $_location = regsubst($location, 'https://','http://HTTPS///')
+ }
+ else {
+ $_location = $location
+ }
+ # Newer oses, do not need the package for HTTPS transport.
+ $_transport_https_releases = ['9']
+ if (fact('os.release.major') in $_transport_https_releases) and $_location =~ /(?i:^https:\/\/)/ {
+ ensure_packages('apt-transport-https')
+ Package['apt-transport-https'] -> Class['apt::update']
}
- } elsif $include_src != undef {
- $_deprecated_include = { 'src' => $include_src }
- } elsif $include_deb != undef {
- $_deprecated_include = { 'deb' => $include_deb }
} else {
- $_deprecated_include = {}
+ $_location = undef
}
- $includes = merge($::apt::include_defaults, $_deprecated_include, $include)
+ $includes = merge($::apt::include_defaults, $include)
- $_deprecated_key = {
- 'key_server' => $key_server,
- 'key_content' => $key_content,
- 'key_source' => $key_source,
+ if $key and $keyring {
+ fail('parameters key and keyring are mutualy exclusive')
}
if $key {
- if is_hash($key) {
+ if $key =~ Hash {
unless $key['id'] {
fail('key hash must contain at least an id entry')
}
- $_key = merge($::apt::source_key_defaults, $_deprecated_key, $key)
+ $_key = merge($::apt::source_key_defaults, $key)
} else {
- validate_legacy(String, 'validate_string', $key)
- $_key = merge( { 'id' => $key }, $_deprecated_key)
+ $_key = { 'id' => assert_type(String[1], $key) }
}
}
$header = epp('apt/_header.epp')
+ if $architecture {
+ $_architecture = regsubst($architecture, '\baarch64\b', 'arm64')
+ } else {
+ $_architecture = undef
+ }
+
$sourcelist = epp('apt/source.list.epp', {
- 'comment' => $comment,
- 'includes' => $includes,
- 'architecture' => $architecture,
- 'allow_unsigned' => $_allow_unsigned,
- 'location' => $location,
- 'release' => $_release,
- 'repos' => $repos,
+ 'comment' => $comment,
+ 'includes' => $includes,
+ 'options' => delete_undef_values( {
+ 'arch' => $architecture,
+ 'trusted' => $allow_unsigned ? { true => 'yes', false => undef },
+ 'allow-insecure' => $allow_insecure ? { true => 'yes', false => undef },
+ 'signed-by' => $keyring,
+ },
+ ),
+ 'location' => $_location,
+ 'release' => $_release,
+ 'repos' => $repos,
})
apt::setting { "list-${name}":
}
if $pin {
- if is_hash($pin) {
+ if $pin =~ Hash {
$_pin = merge($pin, { 'ensure' => $ensure, 'before' => $_before })
- } elsif (is_numeric($pin) or is_string($pin)) {
+ } elsif ($pin =~ Numeric or $pin =~ String) {
$url_split = split($location, '[:\/]+')
$host = $url_split[1]
$_pin = {
# We do not want to remove keys when the source is absent.
if $key and ($ensure == 'present') {
- if is_hash($_key) {
+ if $_key =~ Hash {
+ if $_key['ensure'] != undef {
+ $_ensure = $_key['ensure']
+ } else {
+ $_ensure = $ensure
+ }
+
apt::key { "Add key: ${$_key['id']} from Apt::Source ${title}":
- ensure => present,
- id => $_key['id'],
- server => $_key['server'],
- content => $_key['content'],
- source => $_key['source'],
- options => $_key['options'],
- key_server => $_key['key_server'],
- key_content => $_key['key_content'],
- key_source => $_key['key_source'],
- before => $_before,
+ ensure => $_ensure,
+ id => $_key['id'],
+ server => $_key['server'],
+ content => $_key['content'],
+ source => $_key['source'],
+ options => $_key['options'],
+ weak_ssl => $_key['weak_ssl'],
+ before => $_before,
}
}
}