X-Git-Url: https://review.fuel-infra.org/gitweb?a=blobdiff_plain;f=manifests%2Fsource.pp;h=5fde580c07b875b58c3ed19ad1b86f5c275db71f;hb=3d3620ccd767ca8c4055f1c84a658c79de31fcb3;hp=6631eeaef46fca2d56a31e0578308d107a6416b0;hpb=480d42bb0ac385182ca17667c97bb629e7c80780;p=puppet-modules%2Fpuppetlabs-apt.git

diff --git a/manifests/source.pp b/manifests/source.pp
index 6631eea..5fde580 100644
--- a/manifests/source.pp
+++ b/manifests/source.pp
@@ -36,8 +36,8 @@
 #
 # @param key
 #   Creates a declaration of the apt::key defined type. Valid options: a string to be passed to the `id` parameter of the `apt::key`
-#   defined type, or a hash of `parameter => value` pairs to be passed to `apt::key`'s `id`, `server`, `content`, `source`, and/or
-#   `options` parameters.
+#   defined type, or a hash of `parameter => value` pairs to be passed to `apt::key`'s `id`, `server`, `content`, `source`, `weak_ssl`,
+#   and/or `options` parameters.
 #
 # @param keyring
 #   Absolute path to a file containing the PGP keyring used to sign this repository. Value is used to set signed-by on the source entry.
@@ -55,31 +55,38 @@
 # @param allow_unsigned
 #   Specifies whether to authenticate packages from this release, even if the Release file is not signed or the signature can't be checked.
 #
+# @param allow_insecure
+#   Specifies whether to allow downloads from insecure repositories.
+#
 # @param notify_update
 #   Specifies whether to trigger an `apt-get update` run.
 #
-define apt::source(
+# @param check_valid_until
+#   Specifies whether to check if the package release date is valid. Defaults to `True`.
+#
+define apt::source (
   Optional[String] $location                    = undef,
   String $comment                               = $name,
   String $ensure                                = present,
   Optional[String] $release                     = undef,
   String $repos                                 = 'main',
-  Optional[Variant[Hash]] $include              = {},
+  Variant[Hash] $include                        = {},
   Optional[Variant[String, Hash]] $key          = undef,
   Optional[Stdlib::AbsolutePath] $keyring       = undef,
   Optional[Variant[Hash, Numeric, String]] $pin = undef,
   Optional[String] $architecture                = undef,
   Boolean $allow_unsigned                       = false,
+  Boolean $allow_insecure                       = false,
   Boolean $notify_update                        = true,
+  Boolean $check_valid_until                    = true,
 ) {
-
   include ::apt
 
   $_before = Apt::Setting["list-${title}"]
 
   if !$release {
-    if $facts['os']['distro']['codename'] {
-      $_release = $facts['os']['distro']['codename']
+    if fact('os.distro.codename') {
+      $_release = fact('os.distro.codename')
     } else {
       fail('os.distro.codename fact not available: release parameter required')
     }
@@ -98,9 +105,10 @@ define apt::source(
       $_location = $location
     }
     # Newer oses, do not need the package for HTTPS transport.
-    $_transport_https_releases = [ 'wheezy', 'jessie', 'stretch', 'trusty', 'xenial' ]
-    if ($facts['os']['distro']['codename'] in $_transport_https_releases) and $_location =~ /(?i:^https:\/\/)/ {
+    $_transport_https_releases = ['9']
+    if (fact('os.release.major') in $_transport_https_releases) and $_location =~ /(?i:^https:\/\/)/ {
       ensure_packages('apt-transport-https')
+      Package['apt-transport-https'] -> Class['apt::update']
     }
   } else {
     $_location = undef
@@ -109,7 +117,7 @@ define apt::source(
   $includes = merge($::apt::include_defaults, $include)
 
   if $key and $keyring {
-    fail("parameters key and keyring are mutualy exclusive")
+    fail('parameters key and keyring are mutualy exclusive')
   }
 
   if $key {
@@ -125,14 +133,23 @@ define apt::source(
 
   $header = epp('apt/_header.epp')
 
+  if $architecture {
+    $_architecture = regsubst($architecture, '\baarch64\b', 'arm64')
+  } else {
+    $_architecture = undef
+  }
+
   $sourcelist = epp('apt/source.list.epp', {
     'comment'          => $comment,
     'includes'         => $includes,
-    'options'          => delete_undef_values({
-      'arch'      => $architecture,
-      'trusted'   => $allow_unsigned ? {true => "yes", false => undef},
-      'signed-by' => $keyring,
-    }),
+    'options'          => delete_undef_values( {
+        'arch'              => $architecture,
+        'trusted'           => $allow_unsigned ? { true => 'yes', false => undef },
+        'allow-insecure'    => $allow_insecure ? { true => 'yes', false => undef },
+        'signed-by'         => $keyring,
+        'check-valid-until' => $check_valid_until? { true => undef, false => 'false' },
+      },
+    ),
     'location'         => $_location,
     'release'          => $_release,
     'repos'            => $repos,
@@ -172,13 +189,14 @@ define apt::source(
       }
 
       apt::key { "Add key: ${$_key['id']} from Apt::Source ${title}":
-        ensure  => $_ensure,
-        id      => $_key['id'],
-        server  => $_key['server'],
-        content => $_key['content'],
-        source  => $_key['source'],
-        options => $_key['options'],
-        before  => $_before,
+        ensure   => $_ensure,
+        id       => $_key['id'],
+        server   => $_key['server'],
+        content  => $_key['content'],
+        source   => $_key['source'],
+        options  => $_key['options'],
+        weak_ssl => $_key['weak_ssl'],
+        before   => $_before,
       }
     }
   }