X-Git-Url: https://review.fuel-infra.org/gitweb?a=blobdiff_plain;f=manifests%2Fsource.pp;h=2386c0a5f3b2eae05fdff5d1864f1e78cc0023a9;hb=refs%2Fheads%2Frelease-prep;hp=be5b1c475253758aa1bd9799dd53df7b3e8fabf2;hpb=6cb996e8b5294d48de7dd455127104574950ba57;p=puppet-modules%2Fpuppetlabs-apt.git

diff --git a/manifests/source.pp b/manifests/source.pp
index be5b1c4..2386c0a 100644
--- a/manifests/source.pp
+++ b/manifests/source.pp
@@ -55,31 +55,38 @@
 # @param allow_unsigned
 #   Specifies whether to authenticate packages from this release, even if the Release file is not signed or the signature can't be checked.
 #
+# @param allow_insecure
+#   Specifies whether to allow downloads from insecure repositories.
+#
 # @param notify_update
 #   Specifies whether to trigger an `apt-get update` run.
 #
-define apt::source(
+# @param check_valid_until
+#   Specifies whether to check if the package release date is valid. Defaults to `True`.
+#
+define apt::source (
   Optional[String] $location                    = undef,
   String $comment                               = $name,
   String $ensure                                = present,
   Optional[String] $release                     = undef,
   String $repos                                 = 'main',
-  Optional[Variant[Hash]] $include              = {},
+  Variant[Hash] $include                        = {},
   Optional[Variant[String, Hash]] $key          = undef,
   Optional[Stdlib::AbsolutePath] $keyring       = undef,
   Optional[Variant[Hash, Numeric, String]] $pin = undef,
   Optional[String] $architecture                = undef,
   Boolean $allow_unsigned                       = false,
+  Boolean $allow_insecure                       = false,
   Boolean $notify_update                        = true,
+  Boolean $check_valid_until                    = true,
 ) {
-
-  include ::apt
+  include apt
 
   $_before = Apt::Setting["list-${title}"]
 
   if !$release {
-    if $facts['os']['distro']['codename'] {
-      $_release = $facts['os']['distro']['codename']
+    if fact('os.distro.codename') {
+      $_release = fact('os.distro.codename')
     } else {
       fail('os.distro.codename fact not available: release parameter required')
     }
@@ -91,25 +98,26 @@ define apt::source(
     if ! $location {
       fail('cannot create a source entry without specifying a location')
     }
-    elsif ($::apt::proxy['https_acng']) and ($location =~ /(?i:^https:\/\/)/) {
+    elsif ($apt::proxy['https_acng']) and ($location =~ /(?i:^https:\/\/)/) {
       $_location = regsubst($location, 'https://','http://HTTPS///')
     }
     else {
       $_location = $location
     }
     # Newer oses, do not need the package for HTTPS transport.
-    $_transport_https_releases = [ 'wheezy', 'jessie', 'stretch', 'trusty', 'xenial' ]
-    if ($facts['os']['distro']['codename'] in $_transport_https_releases) and $_location =~ /(?i:^https:\/\/)/ {
-      ensure_packages('apt-transport-https')
+    $_transport_https_releases = ['9']
+    if (fact('os.release.major') in $_transport_https_releases) and $_location =~ /(?i:^https:\/\/)/ {
+      stdlib::ensure_packages('apt-transport-https')
+      Package['apt-transport-https'] -> Class['apt::update']
     }
   } else {
     $_location = undef
   }
 
-  $includes = merge($::apt::include_defaults, $include)
+  $includes = $apt::include_defaults + $include
 
   if $key and $keyring {
-    fail("parameters key and keyring are mutualy exclusive")
+    fail('parameters key and keyring are mutualy exclusive')
   }
 
   if $key {
@@ -117,7 +125,7 @@ define apt::source(
       unless $key['id'] {
         fail('key hash must contain at least an id entry')
       }
-      $_key = merge($::apt::source_key_defaults, $key)
+      $_key = $apt::source_key_defaults + $key
     } else {
       $_key = { 'id' => assert_type(String[1], $key) }
     }
@@ -132,17 +140,21 @@ define apt::source(
   }
 
   $sourcelist = epp('apt/source.list.epp', {
-    'comment'          => $comment,
-    'includes'         => $includes,
-    'options'          => delete_undef_values({
-      'arch'      => $_architecture,
-      'trusted'   => $allow_unsigned ? {true => "yes", false => undef},
-      'signed-by' => $keyring,
-    }),
-    'location'         => $_location,
-    'release'          => $_release,
-    'repos'            => $repos,
-  })
+      'comment'          => $comment,
+      'includes'         => $includes,
+      'options'          => delete_undef_values({
+          'arch'              => $_architecture,
+          'trusted'           => $allow_unsigned ? { true => 'yes', false => undef },
+          'allow-insecure'    => $allow_insecure ? { true => 'yes', false => undef },
+          'signed-by'         => $keyring,
+          'check-valid-until' => $check_valid_until? { true => undef, false => 'false' },
+        },
+      ),
+      'location'         => $_location,
+      'release'          => $_release,
+      'repos'            => $repos,
+    }
+  )
 
   apt::setting { "list-${name}":
     ensure        => $ensure,
@@ -152,7 +164,7 @@ define apt::source(
 
   if $pin {
     if $pin =~ Hash {
-      $_pin = merge($pin, { 'ensure' => $ensure, 'before' => $_before })
+      $_pin = $pin + { 'ensure' => $ensure, 'before' => $_before }
     } elsif ($pin =~ Numeric or $pin =~ String) {
       $url_split = split($location, '[:\/]+')
       $host      = $url_split[1]