$ensure = present,
$key_content = false,
$key_source = false,
- $key_server = "keyserver.ubuntu.com"
+ $key_server = 'keyserver.ubuntu.com',
+ $key_options = false
) {
include apt::params
+ $upkey = upcase($key)
+ # trim the key to the last 8 chars so we can match longer keys with apt-key list too
+ $trimmedkey = regsubst($upkey, '^.*(.{8})$', '\1')
+
if $key_content {
- $method = "content"
+ $method = 'content'
} elsif $key_source {
- $method = "source"
+ $method = 'source'
} elsif $key_server {
- $method = "server"
+ $method = 'server'
}
# This is a hash of the parts of the key definition that we care about.
# It is used as a unique identifier for this instance of apt::key. It gets
# hashed to ensure that the resource name doesn't end up being pages and
# pages (e.g. in the situation where key_content is specified).
- $digest = sha1("${key}/${key_content}/${key_source}/${key_server}/")
+ $digest = sha1("${upkey}/${key_content}/${key_source}/${key_server}/")
# Allow multiple ensure => present for the same key to account for many
# apt::source resources that all reference the same key.
case $ensure {
present: {
- if defined(Exec["apt::key $key absent"]) {
- fail ("Cannot ensure Apt::Key[$key] present; $key already ensured absent")
- } elsif !defined(Exec["apt::key $key present"]) {
- # this is a marker to ensure we don't simultaneously define a key
- # ensure => absent AND ensure => present
- exec { "apt::key $key present":
- path => "/",
- onlyif => "/bin/false",
- noop => true;
- }
+
+ anchor { "apt::key/${title}": }
+
+ if defined(Exec["apt::key ${upkey} absent"]) {
+ fail("Cannot ensure Apt::Key[${upkey}] present; ${upkey} already ensured absent")
+ }
+
+ if !defined(Anchor["apt::key ${upkey} present"]) {
+ anchor { "apt::key ${upkey} present": }
+ }
+
+ if $key_options{
+ $options_string = "--keyserver-options ${key_options}"
}
+ else{
+ $options_string = ''
+ }
+
if !defined(Exec[$digest]) {
+ $digest_command = $method ? {
+ 'content' => "echo '${key_content}' | /usr/bin/apt-key add -",
+ 'source' => "wget -q '${key_source}' -O- | apt-key add -",
+ 'server' => "apt-key adv --keyserver '${key_server}' ${options_string} --recv-keys '${upkey}'",
+ }
exec { $digest:
- path => "/bin:/usr/bin",
- unless => "/usr/bin/apt-key list | /bin/grep '${key}'",
- command => $method ? {
- "content" => "echo '${key_content}' | /usr/bin/apt-key add -",
- "source" => "wget -q '${key_source}' -O- | apt-key add -",
- "server" => "apt-key adv --keyserver '${key_server}' --recv-keys '${key}'",
- };
+ command => $digest_command,
+ path => '/bin:/usr/bin',
+ unless => "/usr/bin/apt-key list | /bin/grep '${trimmedkey}'",
+ logoutput => 'on_failure',
+ before => Anchor["apt::key ${upkey} present"],
}
}
+
+ Anchor["apt::key ${upkey} present"] -> Anchor["apt::key/${title}"]
+
}
absent: {
- if defined(Exec["apt::key $key present"]) {
- fail ("Cannot ensure Apt::Key[$key] absent; $key already ensured present")
+
+ if defined(Anchor["apt::key ${upkey} present"]) {
+ fail("Cannot ensure Apt::Key[${upkey}] absent; ${upkey} already ensured present")
}
- exec { "apt::key $key absent":
- path => "/bin:/usr/bin",
- onlyif => "apt-key list | grep '$key'",
- command => "apt-key del '$key'",
- user => "root",
- group => "root",
+
+ exec { "apt::key ${upkey} absent":
+ command => "apt-key del '${upkey}'",
+ path => '/bin:/usr/bin',
+ onlyif => "apt-key list | grep '${trimmedkey}'",
+ user => 'root',
+ group => 'root',
+ logoutput => 'on_failure',
}
}
+
default: {
- fail "Invalid 'ensure' value '$ensure' for aptkey"
+ fail "Invalid 'ensure' value '${ensure}' for aptkey"
}
}
}