#
# @param key
# Creates a declaration of the apt::key defined type. Valid options: a string to be passed to the `id` parameter of the `apt::key`
- # defined type, or a hash of `parameter => value` pairs to be passed to `apt::key`'s `id`, `server`, `content`, `source`, and/or
- # `options` parameters.
+ # defined type, or a hash of `parameter => value` pairs to be passed to `apt::key`'s `id`, `server`, `content`, `source`, `weak_ssl`,
+ # and/or `options` parameters.
#
+# @param keyring
+# Absolute path to a file containing the PGP keyring used to sign this repository. Value is used to set signed-by on the source entry.
+# See https://wiki.debian.org/DebianRepository/UseThirdParty for details.
+#
# @param pin
# Creates a declaration of the apt::pin defined type. Valid options: a number or string to be passed to the `id` parameter of the
# `apt::pin` defined type, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corresponding parameters.
String $repos = 'main',
Optional[Variant[Hash]] $include = {},
Optional[Variant[String, Hash]] $key = undef,
+ Optional[Stdlib::AbsolutePath] $keyring = undef,
Optional[Variant[Hash, Numeric, String]] $pin = undef,
Optional[String] $architecture = undef,
Boolean $allow_unsigned = false,
$includes = merge($::apt::include_defaults, $include)
+ if $key and $keyring {
+ fail("parameters key and keyring are mutualy exclusive")
+ }
+
if $key {
if $key =~ Hash {
unless $key['id'] {
$sourcelist = epp('apt/source.list.epp', {
'comment' => $comment,
'includes' => $includes,
- 'opt_architecture' => $architecture,
- 'allow_unsigned' => $allow_unsigned,
+ 'options' => delete_undef_values({
+ 'arch' => $architecture,
+ 'trusted' => $allow_unsigned ? {true => "yes", false => undef},
+ 'signed-by' => $keyring,
+ }),
'location' => $_location,
'release' => $_release,
'repos' => $repos,
}
apt::key { "Add key: ${$_key['id']} from Apt::Source ${title}":
- ensure => $_ensure,
- id => $_key['id'],
- server => $_key['server'],
- content => $_key['content'],
- source => $_key['source'],
- options => $_key['options'],
- before => $_before,
+ ensure => $_ensure,
+ id => $_key['id'],
+ server => $_key['server'],
+ content => $_key['content'],
+ source => $_key['source'],
+ options => $_key['options'],
+ weak_ssl => $_key['weak_ssl'],
+ before => $_before,
}
}
}
location: 'http://debian.mirror.iweb.ca/debian/',
release: 'sid',
repos: 'testing',
- key: { 'ensure' => 'refreshed',
- 'id' => GPG_KEY_ID,
- 'server' => 'pgp.mit.edu',
- 'content' => 'GPG key content',
- 'source' => 'http://apt.puppetlabs.com/pubkey.gpg' },
+ key: {
+ 'ensure' => 'refreshed',
+ 'id' => GPG_KEY_ID,
+ 'server' => 'pgp.mit.edu',
+ 'content' => 'GPG key content',
+ 'source' => 'http://apt.puppetlabs.com/pubkey.gpg',
+ 'weak_ssl' => true,
+ },
pin: '10',
architecture: 'x86_64',
allow_unsigned: true,
id: GPG_KEY_ID,
server: 'pgp.mit.edu',
content: 'GPG key content',
- source: 'http://apt.puppetlabs.com/pubkey.gpg')
+ source: 'http://apt.puppetlabs.com/pubkey.gpg',
+ weak_ssl: true)
}
end
end
}
end
+ context 'with keyring set' do
+ let :params do
+ {
+ location: 'hello.there',
+ keyring: '/usr/share/keyrings/foo-archive-keyring.gpg',
+ }
+ end
+
+ it {
+ is_expected.to contain_apt__setting('list-my_source')
+ .with(ensure: 'present')
+ .with_content(%r{# my_source\ndeb \[signed-by=/usr/share/keyrings/foo-archive-keyring.gpg\] hello.there jessie main\n})
+ }
+ end
+
+ context 'with keyring, architecture and allow_unsigned set' do
+ let :params do
+ {
+ location: 'hello.there',
+ architecture: 'amd64',
+ allow_unsigned: true,
+ keyring: '/usr/share/keyrings/foo-archive-keyring.gpg',
+ }
+ end
+
+ it {
+ is_expected.to contain_apt__setting('list-my_source')
+ .with(ensure: 'present')
+ .with_content(%r{# my_source\ndeb \[arch=amd64 trusted=yes signed-by=/usr/share/keyrings/foo-archive-keyring.gpg\] hello.there jessie main\n})
+ }
+ end
+
context 'with a https location, install apt-transport-https' do
let :params do
{