From 3d3620ccd767ca8c4055f1c84a658c79de31fcb3 Mon Sep 17 00:00:00 2001 From: david22swan Date: Wed, 3 Aug 2022 09:16:52 +0100 Subject: [PATCH 1/1] (GH-1038) add support for `check-valid-until` configuration Add's additional configuration to `apt::source` to allow the user to specify whether or not to check if the repository that they are accessing has a valid release ate. Defaults to `True` --- REFERENCE.md | 11 ++++++++++- manifests/source.pp | 16 ++++++++++++---- spec/defines/source_spec.rb | 26 ++++++++++++++++++++++++++ 3 files changed, 48 insertions(+), 5 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index c859365..561cb5b 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -937,6 +937,7 @@ The following parameters are available in the `apt::source` defined type: * [`allow_unsigned`](#allow_unsigned) * [`notify_update`](#notify_update) * [`allow_insecure`](#allow_insecure) +* [`check_valid_until`](#check_valid_until) ##### `location` @@ -1049,10 +1050,18 @@ Default value: ``true`` Data type: `Boolean` - +Specifies whether to allow downloads from insecure repositories. Default value: ``false`` +##### `check_valid_until` + +Data type: `Boolean` + +Specifies whether to check if the package release date is valid. Defaults to `True`. + +Default value: ``true`` + ## Resource types ## Data types diff --git a/manifests/source.pp b/manifests/source.pp index fcdc454..5fde580 100644 --- a/manifests/source.pp +++ b/manifests/source.pp @@ -55,9 +55,15 @@ # @param allow_unsigned # Specifies whether to authenticate packages from this release, even if the Release file is not signed or the signature can't be checked. # +# @param allow_insecure +# Specifies whether to allow downloads from insecure repositories. +# # @param notify_update # Specifies whether to trigger an `apt-get update` run. # +# @param check_valid_until +# Specifies whether to check if the package release date is valid. Defaults to `True`. +# define apt::source ( Optional[String] $location = undef, String $comment = $name, @@ -72,6 +78,7 @@ define apt::source ( Boolean $allow_unsigned = false, Boolean $allow_insecure = false, Boolean $notify_update = true, + Boolean $check_valid_until = true, ) { include ::apt @@ -136,10 +143,11 @@ define apt::source ( 'comment' => $comment, 'includes' => $includes, 'options' => delete_undef_values( { - 'arch' => $architecture, - 'trusted' => $allow_unsigned ? { true => 'yes', false => undef }, - 'allow-insecure' => $allow_insecure ? { true => 'yes', false => undef }, - 'signed-by' => $keyring, + 'arch' => $architecture, + 'trusted' => $allow_unsigned ? { true => 'yes', false => undef }, + 'allow-insecure' => $allow_insecure ? { true => 'yes', false => undef }, + 'signed-by' => $keyring, + 'check-valid-until' => $check_valid_until? { true => undef, false => 'false' }, }, ), 'location' => $_location, diff --git a/spec/defines/source_spec.rb b/spec/defines/source_spec.rb index d702f62..6410895 100644 --- a/spec/defines/source_spec.rb +++ b/spec/defines/source_spec.rb @@ -171,6 +171,32 @@ describe 'apt::source' do } end + context 'with check_valid_until false' do + let :params do + { + location: 'hello.there', + check_valid_until: false, + } + end + + it { + is_expected.to contain_apt__setting('list-my_source').with(ensure: 'present').with_content(%r{# my_source\ndeb \[check-valid-until=false\] hello.there stretch main\n}) + } + end + + context 'with check_valid_until true' do + let :params do + { + location: 'hello.there', + check_valid_until: true, + } + end + + it { + is_expected.to contain_apt__setting('list-my_source').with(ensure: 'present').with_content(%r{# my_source\ndeb hello.there stretch main\n}) + } + end + context 'with keyring set' do let :params do { -- 2.32.3