* [`pin`](#pin)
* [`architecture`](#architecture)
* [`allow_unsigned`](#allow_unsigned)
+* [`allow_insecure`](#allow_insecure)
* [`notify_update`](#notify_update)
##### <a name="location"></a>`location`
Default value: ``false``
+##### <a name="allow_insecure"></a>`allow_insecure`
+
+Data type: `Boolean`
+
+Specifies whether to authenticate packages from this release, even if the Release file is not signed or the signature can't be checked.
+Unlike the `allow_unsigned` (trusted=yes) option, this should throw a warning that the interaction is insecure.
+See [this comment](https://unix.stackexchange.com/a/480550) for a brief discussion of the difference and why this option might be preferable to `allow_unsigned`.
+
+Default value: ``false``
+
##### <a name="notify_update"></a>`notify_update`
Data type: `Boolean`
Optional[Variant[Hash, Numeric, String]] $pin = undef,
Optional[String] $architecture = undef,
Boolean $allow_unsigned = false,
+ Boolean $allow_insecure = false,
Boolean $notify_update = true,
) {
'comment' => $comment,
'includes' => $includes,
'options' => delete_undef_values({
- 'arch' => $_architecture,
- 'trusted' => $allow_unsigned ? {true => "yes", false => undef},
- 'signed-by' => $keyring,
+ 'arch' => $architecture,
+ 'trusted' => $allow_unsigned ? {true => "yes", false => undef},
+ 'allow-insecure' => $allow_insecure ? {true => "yes", false => undef},
+ 'signed-by' => $keyring,
}),
'location' => $_location,
'release' => $_release,
}
end
+ context 'when allow_insecure true' do
+ let :params do
+ {
+ 'include' => { 'src' => false },
+ 'location' => 'http://debian.mirror.iweb.ca/debian/',
+ 'allow_insecure' => true,
+ }
+ end
+
+ it { is_expected.to contain_apt__setting('list-my_source').with_content(%r{# my_source\ndeb \[allow-insecure=yes\] http://debian.mirror.iweb.ca/debian/ jessie main\n}) }
+ end
+
context 'when allow_unsigned true' do
let :params do
{
end
end
+ context 'with allow_insecure true' do
+ let :params do
+ {
+ location: 'hello.there',
+ allow_insecure: true,
+ }
+ end
+
+ it {
+ is_expected.to contain_apt__setting('list-my_source').with(ensure: 'present').with_content(%r{# my_source\ndeb \[allow-insecure=yes\] hello.there jessie main\n})
+ }
+ end
+
context 'with allow_unsigned true' do
let :params do
{