X-Git-Url: https://review.fuel-infra.org/gitweb?a=blobdiff_plain;f=manifests%2Fsource.pp;h=fcdc4542143c8641e6f75668d9dce16fc35b6208;hb=6004f13a3a6c1baf4612316b71abff796914789b;hp=981933d0c21ce4d7b1b8664fa5f47b75d038c79f;hpb=65904b214d98c899f390ac6908322fc06e3aca13;p=puppet-modules%2Fpuppetlabs-apt.git

diff --git a/manifests/source.pp b/manifests/source.pp
index 981933d..fcdc454 100644
--- a/manifests/source.pp
+++ b/manifests/source.pp
@@ -1,28 +1,87 @@
-# source.pp
-# add an apt source
-define apt::source(
+# @summary Manages the Apt sources in /etc/apt/sources.list.d/.
+#
+# @example Install the puppetlabs apt source
+#   apt::source { 'puppetlabs':
+#     location => 'http://apt.puppetlabs.com',
+#     repos    => 'main',
+#     key      => {
+#       id     => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
+#       server => 'keyserver.ubuntu.com',
+#     },
+#   }
+#
+# @param location
+#   Required, unless ensure is set to 'absent'. Specifies an Apt repository. Valid options: a string containing a repository URL.
+#
+# @param comment
+#   Supplies a comment for adding to the Apt source file.
+#
+# @param ensure
+#   Specifies whether the Apt source file should exist. Valid options: 'present' and 'absent'.
+#
+# @param release
+#   Specifies a distribution of the Apt repository.
+#
+# @param repos
+#   Specifies a component of the Apt repository.
+#
+# @param include
+#   Configures include options. Valid options: a hash of available keys.
+#
+# @option include [Boolean] :deb
+#   Specifies whether to request the distribution's compiled binaries. Default true.
+#
+# @option include [Boolean] :src
+#   Specifies whether to request the distribution's uncompiled source code. Default false.
+#
+# @param key
+#   Creates a declaration of the apt::key defined type. Valid options: a string to be passed to the `id` parameter of the `apt::key`
+#   defined type, or a hash of `parameter => value` pairs to be passed to `apt::key`'s `id`, `server`, `content`, `source`, `weak_ssl`,
+#   and/or `options` parameters.
+#
+# @param keyring
+#   Absolute path to a file containing the PGP keyring used to sign this repository. Value is used to set signed-by on the source entry.
+#   See https://wiki.debian.org/DebianRepository/UseThirdParty for details.
+#
+# @param pin
+#   Creates a declaration of the apt::pin defined type. Valid options: a number or string to be passed to the `id` parameter of the
+#   `apt::pin` defined type, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corresponding parameters.
+#
+# @param architecture
+#   Tells Apt to only download information for specified architectures. Valid options: a string containing one or more architecture names,
+#   separated by commas (e.g., 'i386' or 'i386,alpha,powerpc'). Default: undef (if unspecified, Apt downloads information for all architectures
+#   defined in the Apt::Architectures option).
+#
+# @param allow_unsigned
+#   Specifies whether to authenticate packages from this release, even if the Release file is not signed or the signature can't be checked.
+#
+# @param notify_update
+#   Specifies whether to trigger an `apt-get update` run.
+#
+define apt::source (
   Optional[String] $location                    = undef,
   String $comment                               = $name,
   String $ensure                                = present,
   Optional[String] $release                     = undef,
   String $repos                                 = 'main',
-  Optional[Variant[Hash]] $include              = {},
+  Variant[Hash] $include                        = {},
   Optional[Variant[String, Hash]] $key          = undef,
+  Optional[Stdlib::AbsolutePath] $keyring       = undef,
   Optional[Variant[Hash, Numeric, String]] $pin = undef,
   Optional[String] $architecture                = undef,
   Boolean $allow_unsigned                       = false,
+  Boolean $allow_insecure                       = false,
   Boolean $notify_update                        = true,
 ) {
-
   include ::apt
 
   $_before = Apt::Setting["list-${title}"]
 
   if !$release {
-    if $facts['lsbdistcodename'] {
-      $_release = $facts['lsbdistcodename']
+    if fact('os.distro.codename') {
+      $_release = fact('os.distro.codename')
     } else {
-      fail(translate('lsbdistcodename fact not available: release parameter required'))
+      fail('os.distro.codename fact not available: release parameter required')
     }
   } else {
     $_release = $release
@@ -30,21 +89,34 @@ define apt::source(
 
   if $ensure == 'present' {
     if ! $location {
-      fail(translate('cannot create a source entry without specifying a location'))
+      fail('cannot create a source entry without specifying a location')
+    }
+    elsif ($::apt::proxy['https_acng']) and ($location =~ /(?i:^https:\/\/)/) {
+      $_location = regsubst($location, 'https://','http://HTTPS///')
+    }
+    else {
+      $_location = $location
     }
     # Newer oses, do not need the package for HTTPS transport.
-    $_transport_https_releases = [ 'wheezy', 'jessie', 'stretch', 'trusty', 'xenial' ]
-    if $_release in $_transport_https_releases and $location =~ /(?i:^https:\/\/)/ {
+    $_transport_https_releases = ['9']
+    if (fact('os.release.major') in $_transport_https_releases) and $_location =~ /(?i:^https:\/\/)/ {
       ensure_packages('apt-transport-https')
+      Package['apt-transport-https'] -> Class['apt::update']
     }
+  } else {
+    $_location = undef
   }
 
   $includes = merge($::apt::include_defaults, $include)
 
+  if $key and $keyring {
+    fail('parameters key and keyring are mutualy exclusive')
+  }
+
   if $key {
     if $key =~ Hash {
       unless $key['id'] {
-        fail(translate('key hash must contain at least an id entry'))
+        fail('key hash must contain at least an id entry')
       }
       $_key = merge($::apt::source_key_defaults, $key)
     } else {
@@ -54,12 +126,23 @@ define apt::source(
 
   $header = epp('apt/_header.epp')
 
+  if $architecture {
+    $_architecture = regsubst($architecture, '\baarch64\b', 'arm64')
+  } else {
+    $_architecture = undef
+  }
+
   $sourcelist = epp('apt/source.list.epp', {
     'comment'          => $comment,
     'includes'         => $includes,
-    'opt_architecture' => $architecture,
-    'allow_unsigned'   => $allow_unsigned,
-    'location'         => $location,
+    'options'          => delete_undef_values( {
+        'arch'           => $architecture,
+        'trusted'        => $allow_unsigned ? { true => 'yes', false => undef },
+        'allow-insecure' => $allow_insecure ? { true => 'yes', false => undef },
+        'signed-by'      => $keyring,
+      },
+    ),
+    'location'         => $_location,
     'release'          => $_release,
     'repos'            => $repos,
   })
@@ -83,7 +166,7 @@ define apt::source(
         'origin'   => $host,
       }
     } else {
-      fail(translate('Received invalid value for pin parameter'))
+      fail('Received invalid value for pin parameter')
     }
     create_resources('apt::pin', { "${name}" => $_pin })
   }
@@ -91,14 +174,21 @@ define apt::source(
   # We do not want to remove keys when the source is absent.
   if $key and ($ensure == 'present') {
     if $_key =~ Hash {
+      if $_key['ensure'] != undef {
+        $_ensure = $_key['ensure']
+      } else {
+        $_ensure = $ensure
+      }
+
       apt::key { "Add key: ${$_key['id']} from Apt::Source ${title}":
-        ensure  => present,
-        id      => $_key['id'],
-        server  => $_key['server'],
-        content => $_key['content'],
-        source  => $_key['source'],
-        options => $_key['options'],
-        before  => $_before,
+        ensure   => $_ensure,
+        id       => $_key['id'],
+        server   => $_key['server'],
+        content  => $_key['content'],
+        source   => $_key['source'],
+        options  => $_key['options'],
+        weak_ssl => $_key['weak_ssl'],
+        before   => $_before,
       }
     }
   }