X-Git-Url: https://review.fuel-infra.org/gitweb?a=blobdiff_plain;ds=sidebyside;f=manifests%2Fsource.pp;h=fcdc4542143c8641e6f75668d9dce16fc35b6208;hb=5c4626344dd265137be6fa119c072675b8734b87;hp=ccc87c355d197e8f1a334b0a6177733e89259b64;hpb=2f3eb87fb359d18d65810eb7def0e341d9cd6c84;p=puppet-modules%2Fpuppetlabs-apt.git diff --git a/manifests/source.pp b/manifests/source.pp index ccc87c3..fcdc454 100644 --- a/manifests/source.pp +++ b/manifests/source.pp @@ -39,6 +39,10 @@ # defined type, or a hash of `parameter => value` pairs to be passed to `apt::key`'s `id`, `server`, `content`, `source`, `weak_ssl`, # and/or `options` parameters. # +# @param keyring +# Absolute path to a file containing the PGP keyring used to sign this repository. Value is used to set signed-by on the source entry. +# See https://wiki.debian.org/DebianRepository/UseThirdParty for details. +# # @param pin # Creates a declaration of the apt::pin defined type. Valid options: a number or string to be passed to the `id` parameter of the # `apt::pin` defined type, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corresponding parameters. @@ -54,27 +58,28 @@ # @param notify_update # Specifies whether to trigger an `apt-get update` run. # -define apt::source( +define apt::source ( Optional[String] $location = undef, String $comment = $name, String $ensure = present, Optional[String] $release = undef, String $repos = 'main', - Optional[Variant[Hash]] $include = {}, + Variant[Hash] $include = {}, Optional[Variant[String, Hash]] $key = undef, + Optional[Stdlib::AbsolutePath] $keyring = undef, Optional[Variant[Hash, Numeric, String]] $pin = undef, Optional[String] $architecture = undef, Boolean $allow_unsigned = false, + Boolean $allow_insecure = false, Boolean $notify_update = true, ) { - include ::apt $_before = Apt::Setting["list-${title}"] if !$release { - if $facts['os']['distro']['codename'] { - $_release = $facts['os']['distro']['codename'] + if fact('os.distro.codename') { + $_release = fact('os.distro.codename') } else { fail('os.distro.codename fact not available: release parameter required') } @@ -93,9 +98,10 @@ define apt::source( $_location = $location } # Newer oses, do not need the package for HTTPS transport. - $_transport_https_releases = [ 'wheezy', 'jessie', 'stretch', 'trusty', 'xenial' ] - if ($facts['os']['distro']['codename'] in $_transport_https_releases) and $_location =~ /(?i:^https:\/\/)/ { + $_transport_https_releases = ['9'] + if (fact('os.release.major') in $_transport_https_releases) and $_location =~ /(?i:^https:\/\/)/ { ensure_packages('apt-transport-https') + Package['apt-transport-https'] -> Class['apt::update'] } } else { $_location = undef @@ -103,6 +109,10 @@ define apt::source( $includes = merge($::apt::include_defaults, $include) + if $key and $keyring { + fail('parameters key and keyring are mutualy exclusive') + } + if $key { if $key =~ Hash { unless $key['id'] { @@ -116,11 +126,22 @@ define apt::source( $header = epp('apt/_header.epp') + if $architecture { + $_architecture = regsubst($architecture, '\baarch64\b', 'arm64') + } else { + $_architecture = undef + } + $sourcelist = epp('apt/source.list.epp', { 'comment' => $comment, 'includes' => $includes, - 'opt_architecture' => $architecture, - 'allow_unsigned' => $allow_unsigned, + 'options' => delete_undef_values( { + 'arch' => $architecture, + 'trusted' => $allow_unsigned ? { true => 'yes', false => undef }, + 'allow-insecure' => $allow_insecure ? { true => 'yes', false => undef }, + 'signed-by' => $keyring, + }, + ), 'location' => $_location, 'release' => $_release, 'repos' => $repos,