Code Review / puppet-modules / puppetlabs-apt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: dcb7116) | patch
MODULES-10548: make files readonly
authorAntoine Beaupré <anarcat@debian.org>
Wed, 12 Feb 2020 19:23:33 +0000 (14:23 -0500)
committerAntoine Beaupré <anarcat@debian.org>
Mon, 17 Feb 2020 17:08:15 +0000 (12:08 -0500)
commitab2e06b72f2be8dc38d6e3ecec68dc2cdacbce4e
tree8c79272ee89df17143d6ed2d7f020a8412930d8ctree | snapshot
parentdcb71161ed8a7159b40a80d0d4536ca59741cb7bcommit | diff
MODULES-10548: make files readonly

Files created by the apt module are mode writable by the
owner. Because those files are managed by Puppet, they should really
not be writable by anyone, even root. While root can bypass those
warnings, having files readonly does provide an immediate and reliable
indication that a file should not be edited on site, on top of the
usual top of file warnings.

This also fixes a problem with sources.list.d being non-executable,
which Puppet seems to ignore, but seems better to keep consistent.
manifests/init.pp diff | blob | history
manifests/setting.pp diff | blob | history
spec/classes/apt_spec.rb diff | blob | history
spec/defines/conf_spec.rb diff | blob | history
spec/defines/setting_spec.rb diff | blob | history