david22swan [Tue, 17 Jan 2023 18:12:30 +0000 (18:12 +0000)]
(CONT-494) PDK Update
david22swan [Tue, 17 Jan 2023 18:02:54 +0000 (18:02 +0000)]
(CONT-494) Pin github_changelog_generator gem version
Paula Muir [Wed, 18 Jan 2023 10:43:29 +0000 (10:43 +0000)]
Merge pull request #1085 from puppetlabs/CONT-493-ppa_validation_fix
(CONT-493) PPA validation adjustment
Lukas Audzevicius [Wed, 18 Jan 2023 10:39:23 +0000 (10:39 +0000)]
Merge pull request #1075 from xepa/xepa-patch-1
Updated mark as title can contain dot (fixes #1074)
Lukas Audzevicius [Tue, 17 Jan 2023 16:59:08 +0000 (16:59 +0000)]
(CONT-493) PPA validation adjustment
Prior to this commit, one of our updates (https://github.com/puppetlabs/puppetlabs-apt/pull/1052)
implemented a regex validation for ppa packages that were to be
installed. However, this validation did not account for resource
names that were dotted.
This commit aims to fix this bug in our validation process so that it
works as intended.
Michiel Brandenburg [Wed, 11 Jan 2023 12:05:47 +0000 (13:05 +0100)]
Update spec files
Michiel Brandenburg [Wed, 11 Jan 2023 12:05:32 +0000 (13:05 +0100)]
Updated regex after carefull reading of policy
Michiel Brandenburg [Mon, 9 Jan 2023 11:14:08 +0000 (12:14 +0100)]
Merge branch 'main' into xepa-patch-1
david22swan [Mon, 9 Jan 2023 10:06:50 +0000 (10:06 +0000)]
Merge pull request #1081 from johanfleury/fix/remove-apt-prefix-from-facts-variables
fix: remove `apt::` prefix from fact variables
Lukas Audzevicius [Mon, 9 Jan 2023 10:02:08 +0000 (10:02 +0000)]
Merge pull request #1082 from bastelfreak/foo
fix typo in source.pp
Tim Meusel [Fri, 6 Jan 2023 14:21:22 +0000 (15:21 +0100)]
fix typo in source.pp
Johan Fleury [Mon, 2 Jan 2023 14:12:25 +0000 (09:12 -0500)]
fix: remove `apt::` prefix from fact variables
Fact variables are top-scopped and should not be prefixed by module name.
This bug was introduced by
cb6e58cedbd6d7a9bfc63c97c83d51eb39e9c7dc.
Michiel Brandenburg [Wed, 21 Dec 2022 21:44:08 +0000 (22:44 +0100)]
Updated regex in mark.pp
Now using debian policy manual as reference
Michiel Brandenburg [Wed, 21 Dec 2022 21:29:56 +0000 (22:29 +0100)]
Merge branch 'main' into xepa-patch-1
Paula Muir [Wed, 21 Dec 2022 09:33:42 +0000 (09:33 +0000)]
Merge pull request #1080 from puppetlabs/release-prep
Release prep v9.0.1
Michiel Brandenburg [Wed, 21 Dec 2022 07:55:33 +0000 (08:55 +0100)]
Merge branch 'main' into xepa-patch-1
GitHub Action [Tue, 20 Dec 2022 19:39:57 +0000 (19:39 +0000)]
Release prep v9.0.1
Gavin Patton [Tue, 20 Dec 2022 12:12:29 +0000 (12:12 +0000)]
Merge pull request #1079 from puppetlabs/bugfix-bump_minimum_puppet_version
(bugfix) - Declare minimum Puppet version 6.24.0
Paula Muir [Tue, 20 Dec 2022 11:54:57 +0000 (11:54 +0000)]
(bugfix) - Declare minimum Puppet version 6.24.0
In codebase hardening efforts the commands are passed as an array, but this feature was only introduced in Puppet 6.24.01. This raises the minimum version to match, since it's no longer possible to use the module on anything older.
Michiel Brandenburg [Tue, 13 Dec 2022 10:24:48 +0000 (11:24 +0100)]
Merge branch 'main' into xepa-patch-1
Gavin Patton [Tue, 13 Dec 2022 10:16:21 +0000 (10:16 +0000)]
Merge pull request #1076 from puppetlabs/pdksync_maint-remove_stale_bot
pdksync - (MAINT) Remove stalebot
Craig Gumbley [Tue, 13 Dec 2022 10:00:14 +0000 (10:00 +0000)]
(MAINT) Remove stalebot workflow
Michiel Brandenburg [Mon, 12 Dec 2022 14:08:49 +0000 (15:08 +0100)]
Updated mark as title can contain dot
GSPatton [Mon, 31 Oct 2022 15:19:47 +0000 (15:19 +0000)]
Merge pull request #1069 from Programie/main
Do not remove PPA sources.list.d files if purge is enabled
Michael Wieland [Tue, 25 Oct 2022 14:37:14 +0000 (16:37 +0200)]
Exec resource only exists on first run
Michael Wieland [Tue, 25 Oct 2022 14:35:20 +0000 (16:35 +0200)]
Make sure add-apt-repository is executed before managing file resource for it
Michael Wieland [Tue, 25 Oct 2022 14:33:27 +0000 (16:33 +0200)]
Ensure sources.list.d file resource exists so purge does not remove files created by apt::ppa
Craig Gumbley [Fri, 14 Oct 2022 13:17:07 +0000 (14:17 +0100)]
Merge pull request #1068 from puppetlabs/cont-173/main/updating_deprecated_facter
(CONT-173) - Updating deprecated facter instances
jordanbreen28 [Thu, 13 Oct 2022 12:10:57 +0000 (13:10 +0100)]
(CONT-173) - Updating deprecated facter instances
Prior to this PR, this module contained instances of Facter::Util::Resolution.exec and Facter::Util::Resolution.which, which are deprecated.
This PR aims to replace these exec helpers with their supported Facter::Core::Execution counterparts.
This PR:
- Replaced all Facter::Util::Resolution instances with corresponding Facter::Core::Execution exec helpers
Fix rubucop linting error
This commit corrects an error identified by rubocop in spec testing.
Craig Gumbley [Thu, 6 Oct 2022 10:01:50 +0000 (11:01 +0100)]
Merge pull request #1067 from puppetlabs/pdksync_pdksync/remove_puppet_module_gems
pdksync - (PDKSync) Removal of puppet_module_gems
david22swan [Thu, 6 Oct 2022 08:52:38 +0000 (09:52 +0100)]
(PDKSync) Removal of puppet_module_gems
Paula Muir [Wed, 5 Oct 2022 15:17:46 +0000 (16:17 +0100)]
Merge pull request #1065 from puppetlabs/pdksync_remove_debian_9
pdksync - (CONT-130) Dropping Support for Debian 9
jordanbreen28 [Wed, 5 Oct 2022 09:03:43 +0000 (10:03 +0100)]
Dropping Debian 9 Support
Craig Gumbley [Wed, 31 Aug 2022 17:22:23 +0000 (18:22 +0100)]
Merge pull request #1058 from puppetlabs/issue-1057
Lukas Audzevicius [Wed, 31 Aug 2022 11:01:09 +0000 (12:01 +0100)]
Add tests for valid/invalid resource names
Prior to this commit, ppa_spec.rb did not test the recently implemented
validation for resource names.
This commit aims to implement some test cases to make sure that valid
resource names are allowed while invalid or malicious resource names do
not work.
Lukas Audzevicius [Tue, 30 Aug 2022 11:56:32 +0000 (12:56 +0100)]
(GH-1057) Regex fix to allow dotted resources
Prior to this commit, one of our recent module updates introduced a
regex validation step for the resource names in our ppa.pp manifest
which would raise an issue if a valid resource name contained a dot (.).
This commit aims to slightly adjust the regex validation so that it
allows for dotted resource names. This PR should fix issue #1057.
Lukas Audzevicius [Wed, 31 Aug 2022 10:27:52 +0000 (11:27 +0100)]
Merge pull request #1056 from puppetlabs/gh-1055-hardcoded_cache_path
(GH-1055) Fix hardcoded cache path
Craig Gumbley [Wed, 24 Aug 2022 16:11:45 +0000 (17:11 +0100)]
Merge pull request #1053 from david22swan/GH-cat-9
(GH-cat-9) Update module to match current syntax standard
david22swan [Wed, 24 Aug 2022 10:59:05 +0000 (11:59 +0100)]
(GH-cat-9) Update module to match current syntax standard
Module is now in compliance with the following rules:
- optional_default
- strict_indent
- unquoted_string_in_case
- parameter_documentation
- relative_classname_inclusion
- no-top_scope_facts-check
- no-top_scope_variable-check
- variable_scope
The below exception has been left in place:
- disable_anchor_resource
Craig Gumbley [Mon, 22 Aug 2022 10:23:56 +0000 (10:23 +0000)]
(GH-1055) Fix hardcoded cache path
Prior to this commit the cache path used to create the script file resource
was hardcoded to /opt/puppetlabs/puppet/cache.
This commit fixes that by using the `puppet_vardir` fact provided by stdlib so
that we will always get the correct path for the OS that is executing the code.
Additionally, if for some reason the `puppet_vardir` fact is not available we
will fall back to `tmp`.
Paula Muir [Thu, 18 Aug 2022 15:49:03 +0000 (16:49 +0100)]
Merge pull request #1054 from puppetlabs/release-prep
Release prep v9.0.0
GitHub Action [Thu, 18 Aug 2022 10:38:33 +0000 (10:38 +0000)]
Release prep v9.0.0
Paula Muir [Thu, 18 Aug 2022 08:23:29 +0000 (09:23 +0100)]
Merge pull request #1052 from puppetlabs/maint-harden_ppa
Harden PPA defined type
Craig Gumbley [Fri, 12 Aug 2022 12:15:33 +0000 (12:15 +0000)]
Add spec test for add-apt-repository
This commit adds spec tests that validate the changes made in
the previous commit.
Craig Gumbley [Thu, 11 Aug 2022 15:20:36 +0000 (15:20 +0000)]
Harden PPA defined type
Prior to this commit there was a possibility that malformed strings
could be passed as the resources name. This could lead to unsafe
executions on a remote system.
This was also a possibility for the options parameter as it was
constrained to a string.
In addition, commands were not properly broken out in to arrays of
arguments when passed to the exec resource.
This commit fixes the above by adding validation to the resource name
ensuring that the given ppa name conforms to expectation. Also, commands
are now broken down in to arrays of arguments appropriately. This ensures
safer execution on the remote system.
Given that the options parameter, passed as a raw string, could lead to
unsafe code execution it was reasonable to change the accepted type to
an `Optional[Array[String]]. This means that an array of options can now
be passed to the exec resource inside the original command.
Craig Gumbley [Wed, 17 Aug 2022 10:44:17 +0000 (11:44 +0100)]
Merge pull request #1050 from ekohl/deal-with-net-ftp-as-default-gem
Deal with net-ftp being unavailable
Craig Gumbley [Wed, 17 Aug 2022 10:36:21 +0000 (11:36 +0100)]
Merge pull request #1051 from puppetlabs/maint-move_apt_mark_to_provider
Harden apt-mark defined type
Craig Gumbley [Fri, 12 Aug 2022 09:41:23 +0000 (09:41 +0000)]
Add spec tests for apt-mark
This commit adds additional spec tests for mark.pp.
The tests validate the new resource name requirements
introduced in the previous commit.
Craig Gumbley [Thu, 11 Aug 2022 20:13:11 +0000 (20:13 +0000)]
Harden apt-mark defined type
Prior to this commit the title parameter of this defined
type was not properly validated. This means that it could have been
possible to use a resource title outside of the normal bounds of
a package name.
Additionally the `onlyif` and `command` parameter values were
interpolated strings meaning that it may have been possible to
execute unsafe code on the remote system.
This commit fixes the above issues by adding a regex to check that the
resource title is a valid apt package name and also breaks out the
`onlyif` and `command` parameter values in to arrays of args ensuring
that the commands executed in a safe manor on the remote system.
The exception in this commit is the `unless_cmd`. This has not been
broken out in to an array of args due to the requirement of the command.
This is a reasonable trade of however due to the fact that action is
created from known enum values and title would be pre-validated.
This is also explained in mark.pp:20.
Ewoud Kohl van Wijngaarden [Wed, 10 Aug 2022 12:26:16 +0000 (14:26 +0200)]
Deal with net-ftp being unavailable
In Ruby 3.0 net-ftp changed from a bundled gem to a default gem. This
means it may not be available, such as when running unit tests.
Since ftp is becoming less and less common, this changes net-ftp to be
an optional dependency. Users who do need ftp support should ensure the
gem is installed.
Lukas Audzevicius [Tue, 9 Aug 2022 10:00:26 +0000 (11:00 +0100)]
Merge pull request #1046 from puppetlabs/pdksync_GH-cat-11/main/add_ubuntu_22.04_support
pdksync - (GH-cat-11) Certify Support for Ubuntu 22.04
david22swan [Thu, 4 Aug 2022 10:28:39 +0000 (11:28 +0100)]
(GH-cat-11) Certify Support for Ubuntu 22.04
Paula Muir [Wed, 3 Aug 2022 15:28:37 +0000 (16:28 +0100)]
Merge pull request #1044 from david22swan/release_prep
Release prep v8.5.0
david22swan [Wed, 3 Aug 2022 12:38:08 +0000 (13:38 +0100)]
Release prep v8.5.0
Lukas Audzevicius [Wed, 3 Aug 2022 10:02:03 +0000 (11:02 +0100)]
Merge pull request #1042 from david22swan/GH-1038/main/check_valid_until
(GH-1038) add support for `check-valid-until` configuration
david22swan [Wed, 3 Aug 2022 08:16:52 +0000 (09:16 +0100)]
(GH-1038) add support for `check-valid-until` configuration
Add's additional configuration to `apt::source` to allow the user to specify whether or not to check if the repository that they are accessing has a valid release ate.
Defaults to `True`
Lukas Audzevicius [Mon, 20 Jun 2022 13:32:46 +0000 (14:32 +0100)]
Merge pull request #1040 from david22swan/release_prep
Release prep v8.4.1
david22swan [Mon, 20 Jun 2022 13:18:47 +0000 (14:18 +0100)]
Release prep v8.4.1
Craig Gumbley [Mon, 20 Jun 2022 12:32:19 +0000 (13:32 +0100)]
Merge pull request #1039 from david22swan/GH-1036/main/dependency_cycle
(ISSUE-1036) Conditional `gnupg` include added to init.pp
david22swan [Mon, 20 Jun 2022 10:09:40 +0000 (11:09 +0100)]
(ISSUE-1036) Conditional `gnupg` include added to init.pp
Originally removed as it was causing `gnupg` to be installed in all OS when it wasn't needed, removing it seems to have caused a dependency cycle in the relevant Debian family OS for certain community members.
Adding the include back within a conditional statement to solve the issue while still preventing it from being included when unneeded.
david22swan [Mon, 6 Jun 2022 15:55:12 +0000 (16:55 +0100)]
Merge pull request #1035 from puppetlabs/Release_prep-v8.4.0
Release prep v8.4.0
Lukas Audzevicius [Mon, 6 Jun 2022 15:53:48 +0000 (16:53 +0100)]
Syntax
Lukas Audzevicius [Mon, 6 Jun 2022 15:34:14 +0000 (16:34 +0100)]
Release prep v8.4.0
david22swan [Mon, 23 May 2022 09:51:40 +0000 (10:51 +0100)]
Merge pull request #1032 from puppetlabs/pdksync_maint/pdk_update_stalebot
pdksync - (MAINT) Stale bot config/msg update
Lukas Audzevicius [Thu, 19 May 2022 10:22:17 +0000 (11:22 +0100)]
Config update
Lukas Audzevicius [Wed, 18 May 2022 16:34:31 +0000 (17:34 +0100)]
(MAINT) Stale-bot config/msg update
Lukas Audzevicius [Wed, 20 Apr 2022 15:28:55 +0000 (16:28 +0100)]
Merge pull request #1030 from puppetlabs/pdksync_maint/pdk_update_20-04
pdksync - (Maint) PDK Update
david22swan [Wed, 20 Apr 2022 13:07:53 +0000 (14:07 +0100)]
(GH-cat-9) syntax:hiera:yaml exclusions added
david22swan [Wed, 20 Apr 2022 13:07:49 +0000 (14:07 +0100)]
(GH-cat-9) syntax:hiera:yaml fixes
david22swan [Wed, 20 Apr 2022 10:07:37 +0000 (11:07 +0100)]
(maint) PDK Update
Lukas Audzevicius [Mon, 4 Apr 2022 14:13:05 +0000 (15:13 +0100)]
Merge pull request #1029 from puppetlabs/pdksync_pdksync-use_pull_request_target
pdksync - PDKSYNC Update labeller trigger
Craig Gumbley [Mon, 4 Apr 2022 13:09:44 +0000 (14:09 +0100)]
"This commit changes the workflow trigger for pull requests to pull_request_target"
Lukas Audzevicius [Tue, 29 Mar 2022 13:10:49 +0000 (14:10 +0100)]
Merge pull request #1019 from puppetlabs/pdksync_pdksync_heads/
main-0-gf3911d3
pdksync - pdksync_heads/
main-0-gf3911d3
david22swan [Tue, 29 Mar 2022 09:00:18 +0000 (10:00 +0100)]
(GH-C&T-9) Temporarily disable syntax checks
Craig Gumbley [Mon, 28 Mar 2022 16:44:24 +0000 (17:44 +0100)]
Merge pull request #1020 from simondeziel/optional-gnupg
(MODULES-11301) Don't install gnupg if not needed
david22swan [Fri, 25 Mar 2022 16:08:52 +0000 (16:08 +0000)]
Merge pull request #1025 from puppetlabs/pdksync_pdksync_add_workflows
pdksync - Add labeller and stale GHA workflows
Craig Gumbley [Fri, 25 Mar 2022 15:33:43 +0000 (15:33 +0000)]
(MAINT) Fixes no new line at EOF
Craig Gumbley [Fri, 25 Mar 2022 15:12:31 +0000 (15:12 +0000)]
(MAINT) Add labeller and stale GHA workflows
Lukas Audzevicius [Thu, 24 Mar 2022 18:00:49 +0000 (18:00 +0000)]
Merge pull request #1024 from david22swan/GH-iac-334/main/remove_compatible_code
(GH-iac-334) Remove code specific to unsupported OSs
david22swan [Thu, 24 Mar 2022 16:33:31 +0000 (16:33 +0000)]
(GH-iac-334) Remove code specific to unsupported OSs
Code removed includes ubuntu 16.04 + 14.04 and Debian 7 + 8
Lukas Audzevicius [Thu, 24 Mar 2022 14:04:17 +0000 (14:04 +0000)]
Merge pull request #1023 from puppetlabs/pdksync_GH-iac-334/main/remove_ubuntu_14.04_support
pdksync - (GH-iac-334) Remove Support for Ubuntu 14.04
david22swan [Wed, 23 Mar 2022 16:21:38 +0000 (16:21 +0000)]
(GH-iac-334) Remove Support for Ubuntu 14.04
Lukas Audzevicius [Wed, 23 Mar 2022 15:19:03 +0000 (15:19 +0000)]
Merge pull request #1022 from puppetlabs/pdksync_GH-iac-334/main/remove_ubuntu_16.04_support
pdksync - (GH-iac-334) Remove Support for Ubuntu 16.04
david22swan [Wed, 23 Mar 2022 12:34:16 +0000 (12:34 +0000)]
(GH-iac-334) Remove Support for Ubuntu 16.04
Simon Deziel [Thu, 17 Mar 2022 03:15:12 +0000 (23:15 -0400)]
(MODULES-11301) Don't install gnupg if not needed
apt::key has the needed ensure_packages() to bring gnupg only
when needed.
Signed-off-by: Simon Deziel <simon@sdeziel.info>
david22swan [Wed, 16 Mar 2022 15:26:30 +0000 (15:26 +0000)]
Romain Tartière [Tue, 15 Mar 2022 15:51:40 +0000 (05:51 -1000)]
Merge pull request #1017 from root-expert/safe-facts
Christos Papageorgiou [Tue, 15 Mar 2022 12:00:56 +0000 (14:00 +0200)]
Switch using os.release.major for apt-transport-https
Signed-off-by: Christos Papageorgiou <christos.papageorgioy@gmail.com>
Craig Gumbley [Thu, 10 Mar 2022 14:54:13 +0000 (14:54 +0000)]
Merge pull request #1016 from puppetlabs/kreeuwijk-patch-1
Clarify this Task runs apt-get, not apt
Christos Papageorgiou [Thu, 24 Feb 2022 11:59:00 +0000 (13:59 +0200)]
Use fact() function for all os.distro.* facts
* On Puppet 6 facter 3.x requires lsb-release to resolve os.distro.* facts. Using $facts hash cause errors like "Evaluation Error: Operator '[]' is not applicable to an Undef Value." because os.distro is undefined causing the catalog to fail. Use fact() to identify Undef facts and throw an error to the user.
Signed-off-by: Christos Papageorgiou <christos.papageorgioy@gmail.com>
Kevin Reeuwijk [Tue, 22 Feb 2022 14:42:49 +0000 (15:42 +0100)]
Clarify this Task runs apt-get, not apt
Romain Tartière [Mon, 21 Feb 2022 14:19:25 +0000 (04:19 -1000)]
(maint) Fix resource ordering when apt-transport-https is needed (#1015)
Adds a dependency to ensure apt-transport-https is installed when the
repositories are updated.
Hugh Esco [Wed, 9 Feb 2022 11:57:55 +0000 (06:57 -0500)]
enable allow-insecure for apt::source defined types, includes new tests, documentation (#1014)
Co-authored-by: Lukas Audzevicius <97180854+LukasAud@users.noreply.github.com>
Lukas Audzevicius [Mon, 7 Feb 2022 11:26:31 +0000 (11:26 +0000)]
Merge pull request #1013 from mpdude/patch-3
Omit empty options in source.list template to fix MODULES-11174
Lukas Audzevicius [Mon, 7 Feb 2022 11:25:55 +0000 (11:25 +0000)]
Merge pull request #1012 from mpdude/patch-1
Replace `arm64` for `aarch64` in `::apt::source`
Lukas Audzevicius [Thu, 3 Feb 2022 17:01:07 +0000 (17:01 +0000)]
Merge pull request #1011 from Conzar/ppa-ubuntu-fix
Fixed reading conditions for gpg file for Ubuntu versions 21.04 and later.
Matthias Pigulla [Sun, 9 Jan 2022 22:51:55 +0000 (23:51 +0100)]
Omit empty options in source.list template to fix MODULES-11174
Empty `[name= ...]` options in a soures list lead to Apt parsing errors.
This change skips such empty options, resolving https://tickets.puppetlabs.com/browse/MODULES-11174.
Matthias Pigulla [Sun, 9 Jan 2022 22:33:03 +0000 (23:33 +0100)]
Replace `arm64` for `aarch64` in `::apt::source`
Michael Speth [Sun, 9 Jan 2022 09:32:01 +0000 (22:32 +1300)]
Fixed gpg file for Ubuntu versions 21.04 and later.
As of Ubuntu 21.04, Canotical has again changed the filename of the gpg files going back to dashes
instead of using underscores.
daianamezdrea [Mon, 18 Oct 2021 12:18:48 +0000 (15:18 +0300)]
Merge pull request #1010 from LTangaF/remove_frequency_collector
(MODULES-10763) Remove frequency collector