Code Review / puppet-modules / puppetlabs-apt.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
(GH-1038) add support for `check-valid-until` configuration
[puppet-modules/puppetlabs-apt.git] / manifests / source.pp
diff --git a/manifests/source.pp b/manifests/source.pp
index da01ef1319e1c33244b72d80844511a7d249949e..5fde580c07b875b58c3ed19ad1b86f5c275db71f 100644 (file)
--- a/manifests/source.pp
+++ b/manifests/source.pp
@@ -55,16 +55,22 @@
 # @param allow_unsigned
 #   Specifies whether to authenticate packages from this release, even if the Release file is not signed or the signature can't be checked.
 #
+# @param allow_insecure
+#   Specifies whether to allow downloads from insecure repositories.
+#
 # @param notify_update
 #   Specifies whether to trigger an `apt-get update` run.
 #
-define apt::source(
+# @param check_valid_until
+#   Specifies whether to check if the package release date is valid. Defaults to `True`.
+#
+define apt::source (
   Optional[String] $location                    = undef,
   String $comment                               = $name,
   String $ensure                                = present,
   Optional[String] $release                     = undef,
   String $repos                                 = 'main',
-  Optional[Variant[Hash]] $include              = {},
+  Variant[Hash] $include                        = {},
   Optional[Variant[String, Hash]] $key          = undef,
   Optional[Stdlib::AbsolutePath] $keyring       = undef,
   Optional[Variant[Hash, Numeric, String]] $pin = undef,
@@ -72,8 +78,8 @@ define apt::source(
   Boolean $allow_unsigned                       = false,
   Boolean $allow_insecure                       = false,
   Boolean $notify_update                        = true,
+  Boolean $check_valid_until                    = true,
 ) {
-
   include ::apt
 
   $_before = Apt::Setting["list-${title}"]
@@ -99,7 +105,7 @@ define apt::source(
       $_location = $location
     }
     # Newer oses, do not need the package for HTTPS transport.
-    $_transport_https_releases = [ '7', '8', '9', '14.04', '16.04' ]
+    $_transport_https_releases = ['9']
     if (fact('os.release.major') in $_transport_https_releases) and $_location =~ /(?i:^https:\/\/)/ {
       ensure_packages('apt-transport-https')
       Package['apt-transport-https'] -> Class['apt::update']
@@ -111,7 +117,7 @@ define apt::source(
   $includes = merge($::apt::include_defaults, $include)
 
   if $key and $keyring {
-    fail("parameters key and keyring are mutualy exclusive")
+    fail('parameters key and keyring are mutualy exclusive')
   }
 
   if $key {
@@ -136,12 +142,14 @@ define apt::source(
   $sourcelist = epp('apt/source.list.epp', {
     'comment'          => $comment,
     'includes'         => $includes,
-    'options'          => delete_undef_values({
-      'arch'           => $architecture,
-      'trusted'        => $allow_unsigned ? {true => "yes", false => undef},
-      'allow-insecure' => $allow_insecure ? {true => "yes", false => undef},
-      'signed-by'      => $keyring,
-    }),
+    'options'          => delete_undef_values( {
+        'arch'              => $architecture,
+        'trusted'           => $allow_unsigned ? { true => 'yes', false => undef },
+        'allow-insecure'    => $allow_insecure ? { true => 'yes', false => undef },
+        'signed-by'         => $keyring,
+        'check-valid-until' => $check_valid_until? { true => undef, false => 'false' },
+      },
+    ),
     'location'         => $_location,
     'release'          => $_release,
     'repos'            => $repos,