From: daianamezdrea <46529728+daianamezdrea@users.noreply.github.com> Date: Mon, 26 Jul 2021 13:33:46 +0000 (+0300) Subject: Merge pull request #993 from kenyon/source_weak_ssl X-Git-Tag: v8.1.0~2 X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=fcb2ba57befedcd24ef33c07cc206158e903dfa3;hp=-c;p=puppet-modules%2Fpuppetlabs-apt.git Merge pull request #993 from kenyon/source_weak_ssl apt::source: pass the weak_ssl param to apt::key --- fcb2ba57befedcd24ef33c07cc206158e903dfa3 diff --combined manifests/source.pp index 6631eea,ccc87c3..4e14d8a --- a/manifests/source.pp +++ b/manifests/source.pp @@@ -36,13 -36,9 +36,13 @@@ # # @param key # Creates a declaration of the apt::key defined type. Valid options: a string to be passed to the `id` parameter of the `apt::key` - # defined type, or a hash of `parameter => value` pairs to be passed to `apt::key`'s `id`, `server`, `content`, `source`, and/or - # `options` parameters. + # defined type, or a hash of `parameter => value` pairs to be passed to `apt::key`'s `id`, `server`, `content`, `source`, `weak_ssl`, + # and/or `options` parameters. # +# @param keyring +# Absolute path to a file containing the PGP keyring used to sign this repository. Value is used to set signed-by on the source entry. +# See https://wiki.debian.org/DebianRepository/UseThirdParty for details. +# # @param pin # Creates a declaration of the apt::pin defined type. Valid options: a number or string to be passed to the `id` parameter of the # `apt::pin` defined type, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corresponding parameters. @@@ -66,7 -62,6 +66,7 @@@ define apt::source String $repos = 'main', Optional[Variant[Hash]] $include = {}, Optional[Variant[String, Hash]] $key = undef, + Optional[Stdlib::AbsolutePath] $keyring = undef, Optional[Variant[Hash, Numeric, String]] $pin = undef, Optional[String] $architecture = undef, Boolean $allow_unsigned = false, @@@ -108,10 -103,6 +108,10 @@@ $includes = merge($::apt::include_defaults, $include) + if $key and $keyring { + fail("parameters key and keyring are mutualy exclusive") + } + if $key { if $key =~ Hash { unless $key['id'] { @@@ -128,11 -119,8 +128,11 @@@ $sourcelist = epp('apt/source.list.epp', { 'comment' => $comment, 'includes' => $includes, - 'opt_architecture' => $architecture, - 'allow_unsigned' => $allow_unsigned, + 'options' => delete_undef_values({ + 'arch' => $architecture, + 'trusted' => $allow_unsigned ? {true => "yes", false => undef}, + 'signed-by' => $keyring, + }), 'location' => $_location, 'release' => $_release, 'repos' => $repos, @@@ -172,13 -160,14 +172,14 @@@ } apt::key { "Add key: ${$_key['id']} from Apt::Source ${title}": - ensure => $_ensure, - id => $_key['id'], - server => $_key['server'], - content => $_key['content'], - source => $_key['source'], - options => $_key['options'], - before => $_before, + ensure => $_ensure, + id => $_key['id'], + server => $_key['server'], + content => $_key['content'], + source => $_key['source'], + options => $_key['options'], + weak_ssl => $_key['weak_ssl'], + before => $_before, } } } diff --combined spec/defines/source_spec.rb index 2ce50a2,fa443b8..f6c2e23 --- a/spec/defines/source_spec.rb +++ b/spec/defines/source_spec.rb @@@ -109,11 -109,14 +109,14 @@@ describe 'apt::source' d location: 'http://debian.mirror.iweb.ca/debian/', release: 'sid', repos: 'testing', - key: { 'ensure' => 'refreshed', - 'id' => GPG_KEY_ID, - 'server' => 'pgp.mit.edu', - 'content' => 'GPG key content', - 'source' => 'http://apt.puppetlabs.com/pubkey.gpg' }, + key: { + 'ensure' => 'refreshed', + 'id' => GPG_KEY_ID, + 'server' => 'pgp.mit.edu', + 'content' => 'GPG key content', + 'source' => 'http://apt.puppetlabs.com/pubkey.gpg', + 'weak_ssl' => true, + }, pin: '10', architecture: 'x86_64', allow_unsigned: true, @@@ -136,7 -139,8 +139,8 @@@ id: GPG_KEY_ID, server: 'pgp.mit.edu', content: 'GPG key content', - source: 'http://apt.puppetlabs.com/pubkey.gpg') + source: 'http://apt.puppetlabs.com/pubkey.gpg', + weak_ssl: true) } end end @@@ -154,38 -158,6 +158,38 @@@ } end + context 'with keyring set' do + let :params do + { + location: 'hello.there', + keyring: '/usr/share/keyrings/foo-archive-keyring.gpg', + } + end + + it { + is_expected.to contain_apt__setting('list-my_source') + .with(ensure: 'present') + .with_content(%r{# my_source\ndeb \[signed-by=/usr/share/keyrings/foo-archive-keyring.gpg\] hello.there jessie main\n}) + } + end + + context 'with keyring, architecture and allow_unsigned set' do + let :params do + { + location: 'hello.there', + architecture: 'amd64', + allow_unsigned: true, + keyring: '/usr/share/keyrings/foo-archive-keyring.gpg', + } + end + + it { + is_expected.to contain_apt__setting('list-my_source') + .with(ensure: 'present') + .with_content(%r{# my_source\ndeb \[arch=amd64 trusted=yes signed-by=/usr/share/keyrings/foo-archive-keyring.gpg\] hello.there jessie main\n}) + } + end + context 'with a https location, install apt-transport-https' do let :params do {