diff --git a/README b/README index e624bba..131ae1d 100644 --- a/README +++ b/README @@ -1,3 +1,4 @@ + Overview ======== @@ -6,7 +7,7 @@ This module manages apt on Debian. It keeps dpkg's and apt's databases as well as the keyrings for securing package download current. -backports.org is added and an archive key is provided[1]. +backports.debian.org is added. dselect is switched to expert mode to suppress superfluous help screens. @@ -138,7 +139,3 @@ Sometimes -- especially when initially starting management or deploying new packages -- a immediate update is really needed to be able to install the right packages without errors. Thus a method should be devised to be able to specify with high fidelity when a update should be run and when it is not needed. - - - -[1] Of course, you should check the validity of _this_ key yourself. diff --git a/files/backports.org.key b/files/backports.org.key deleted file mode 100644 index 6e66404..0000000 --- a/files/backports.org.key +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.3 (GNU/Linux) - -mQGiBEMIgw4RBADueqAzlq+rQT9JYSSWnNzo6C+9crI8lzW/fcl2Q3PO97MOQTOx -Qsf/lOh0Ku7O+VdBa+BwVPuUkSw6wTY5Ku1y/6r1BQzJ9oHkryDDJXsHzKhpdyFc -/lD4hNGqRkiNg5ulwAI0O1eqffPWDmeR9ZzSsqM40f1U4TNLfPAu1viWxwCgnbWz -onY6RqSYlRsDQaPsNTwieVEEAJeX2FGgNepD1SvfEremAkWCrYYlSZI76iTIf6bd -kGkWqIT0vJyE2MNenhDJ2ebbHJVFmL9x8S3m1daC4Zwnacm7aoCY/QgMJ+Js1Fex -Acev48W9KHgpVbFMd1t8KAwRbmFcQf0C/FZUbE7xScpTxS4z3SsMOuRyfnGpDOi6 -m/SnA/9wpquf3pPwbPykzKWNJEDouiJgt0zaFLauKDPeyTWeJ6htaAPDglArewdq -bJ9M8QgLFtzjhg/fBQlRRUk7YP4OYtp1OdPkg2D/1rPQNySWlDf21T3N/K8ydKhR -bYi+AsPuJLQUi3d+lVTFOebaL9felePvDC2/Eod7PSD1/rnkZ7Q0QmFja3BvcnRz -Lm9yZyBBcmNoaXZlIEtleSA8ZnRwLW1hc3RlckBiYWNrcG9ydHMub3JnPohGBBAR -AgAGBQJDgImkAAoJEHFe1qB+e4rJ2x4An2oI4xJpDvOx8uDIo9ihG1M0MpUqAJ9S -cqVUmiyYSPtu8MwcZecy9kmOIYheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD -FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AniaEBvlr4oVFMrGgPiye7iE/jv68AJ48 -OkIfwcKJt7N8ImPAboeimFvWgIheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD -FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AnjdB14rGa/rzz1ohwsi1oEnDRYuyAJ44 -Nv8MTPjOaeEZArQ0flg8OXwF37kCDQRDCIMREAgAzXu6DGSDAz4JH+mlthtiQwNZ -FU8bjWanGT3DL6zubxwc3ZQmRaMOiVuvJUuaJv8fdGRSvp09dP2/x5mzq2rACiEn -DwZssNSK5sigxgy2W9zeO9bOtg6bhqZLwlsL8Y2xZhyGL3qGeP4zL1QbXZ1QdJuO -90Xu7GWYS6Wsj+Y6dUsZFYvTZwSiLkEmgFUTxkNue3DQtZ/KNkwoKc+aqU+S7gDN -StQDvTNtR6IV11KbKcY1iQ0B2bkh4zShWwloIr83V6huAhfH8GA7UW6saRJAof5D -JWUb+PRmU2TAOOlyZoM4nMH+sFFDPOeG8fbecwlox5BRTMqcCB5ELbQXoVZT+wAD -BQf/ffI9R53f9USQkhsSak+k82JjRo9hqKAvPwBv3fDhMYqX3XRmwgNeax2y6Ub0 -AQkDhIC6eJILP5hTb2gjpmYYP7YE/7F1h37lUg7dDYeyPQF54mUXPnIg3uQ/V9HB -TY+ZW8rsVe1KRvPAuVFU77FfCvIFdLSXVi1HSUcGv9Y7Kk4Tkr7vzKshlcIp6zZr -O0Y3t/+ekBwTTQqEoUylVYkCSt3z6bjpVWbepkL88rbqJnPueTATw9shjbFYaND8 -cXZox9tQmlOIZ6gDeH1YvFf7ObRLxULm7C6hwik6agtXWkNABVXSxM6MB4hcP9QC -+FEhK6y/7wC3SyNRBuFujDG1aohJBBgRAgAJBQJDCIMRAhsMAAoJEOqOiyEWuhNs -VVMAoJ1gbL0PHVf7yDwMjO3HuJBErxLdAJ4v9ojJnvJu2yUl4W586soBm+wsLg== -=fBrI ------END PGP PUBLIC KEY BLOCK----- diff --git a/manifests/init.pp b/manifests/init.pp index 78ae6c5..98ec91c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -36,7 +36,7 @@ class apt { default: { config_file { "/etc/apt/preferences": content => $custom_preferences, - alias => apt_config, + alias => "apt_config", require => File["/etc/apt/sources.list"]; } } @@ -57,71 +57,38 @@ class apt { 'refresh_apt': command => '/usr/bin/apt-get update && sleep 1', refreshonly => true, - subscribe => [ File["/etc/apt/sources.list"], - File["/etc/apt/preferences"], - File["/etc/apt/apt.conf.d"], - Config_file[apt_config] ]; + subscribe => [ File["/etc/apt/sources.list", "/etc/apt/preferences", "/etc/apt/apt.conf.d"], + Config_file["apt_config"] ]; 'update_apt': command => '/usr/bin/apt-get update && /usr/bin/apt-get autoclean', - require => [ File["/etc/apt/sources.list"], - File["/etc/apt/preferences"], Config_file[apt_config] ], + require => [ File["/etc/apt/sources.list", "/etc/apt/preferences"], Config_file["apt_config"] ], loglevel => info, # Another Semaphor for all packages to reference - alias => apt_updated; + alias => "apt_updated"; } ## This package should really always be current package { "debian-archive-keyring": ensure => latest } + # backports uses the normal archive key now + package { "debian-backports-keyring": ensure => absent } - case $lsbdistcodename { - etch: { - package { "debian-backports-keyring": ensure => latest } - - # This key was downloaded from - # http://backports.org/debian/archive.key - # and is needed to bootstrap the backports trustpath - file { "${apt_base_dir}/backports.org.key": - source => "puppet:///modules/apt/backports.org.key", - mode => 0444, owner => root, group => root, + case $custom_key_dir { + '': { + exec { "/bin/true # no_custom_keydir": } + } + default: { + file { "${apt_base_dir}/keys.d": + source => "$custom_key_dir", + recurse => true, + mode => 0755, owner => root, group => root, } - exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update": - alias => "backports_key", + exec { "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && apt-get update": + alias => "custom_keys", + subscribe => File["${apt_base_dir}/keys.d"], refreshonly => true, - subscribe => File["${apt_base_dir}/backports.org.key"], - before => [ File[apt_config], Package["debian-backports-keyring"] ] + before => Config_file["apt_config"]; } } - lenny: { - package { "debian-backports-keyring": ensure => latest } - - # This key was downloaded from - # http://backports.org/debian/archive.key - # and is needed to bootstrap the backports trustpath - file { "${apt_base_dir}/backports.org.key": - source => "puppet:///modules/apt/backports.org.key", - mode => 0444, owner => root, group => root, - } - exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update": - alias => "backports_key", - refreshonly => true, - subscribe => File["${apt_base_dir}/backports.org.key"], - before => [ Config_file[apt_config], Package["debian-backports-keyring"] ] - } - } - } - - if $custom_key_dir { - file { "${apt_base_dir}/keys.d": - source => "$custom_key_dir", - recurse => true, - mode => 0755, owner => root, group => root, - } - exec { "find ${apt_base_dir}/keys.d -type f -exec apt-key add '{}' \\; && apt-get update": - alias => "custom_keys", - subscribe => File["${apt_base_dir}/keys.d"], - refreshonly => true, - before => Config_file[apt_config]; - } } # workaround for preseeded_package component diff --git a/templates/sources.list.backports.erb b/templates/sources.list.backports.erb new file mode 100644 index 0000000..b271ca7 --- /dev/null +++ b/templates/sources.list.backports.erb @@ -0,0 +1,8 @@ +# This file is brought to you by puppet + +# backports +<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%> +# There are no backports for for <%= lsbdistcodename %> +<% else -%> +deb http://backports.debian.org/debian-backports/ <%= lsbdistcodename %>-backports main +<% end -%> diff --git a/templates/sources.list.erb b/templates/sources.list.erb index 169d7b5..feb5603 100644 --- a/templates/sources.list.erb +++ b/templates/sources.list.erb @@ -9,9 +9,3 @@ deb http://ftp.debian.org/debian/ <%= lsbdistcodename %> main contrib non-free deb http://security.debian.org/ <%= lsbdistcodename %>/updates main contrib non-free <% end -%> -# backports -<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%> -# There are no backports for for <%= lsbdistcodename %> -<% else -%> -deb http://www.backports.org/debian/ <%= lsbdistcodename %>-backports main -<% end -%>