add apt::key resource to deploy arbitrary keys

the rationale of this is that isn't useful for third party modules, because they cannot inject keys in there without some serious apt class hijacking
2015-06-11 10:07:47 -04:00 · 2015-06-11 10:07:47 -04:00 · 33acc00e5c
commit 33acc00e5c
parent d87876a16f
2 changed files with 30 additions and 0 deletions
--- a/17
+++ b/17
@ -478,6 +478,23 @@ Example:
                'puppet:///modules/site_apt/company_internals.list' ],
  }

+apt::key
+--------
+
+Deploys a secure apt OpenPGP key. This usually accompanies the
+sources.list snippets above for third party repositories. For example,
+you would do:
+
+  apt::key { 'neurodebian.key':
+    source => 'puppet:///modules/site_apt/neurodebian.key',
+  }
+
+This deploys the key in the `${apt_base_dir}/keys` directory (as
+opposed to `$custom_key_dir` which deploys it in `keys.d`). The reason
+this exists on top of `$custom_key_dir` is to allow a more
+decentralised distribution of those keys, without having all modules
+throw their keys in the same directory in the manifests.
+
 apt::upgrade_package
 --------------------

--- a/manifests/key.pp
+++ b/manifests/key.pp
@ -0,0 +1,13 @@
+define apt::key ($source) {
+  file {
+    "${apt::apt_base_dir}/${name}":
+      source  => $source;
+    "${apt::apt_base_dir}/keys":
+      ensure  => directory;
+  }
+  exec { "apt-key add ${apt::apt_base_dir}/${name}":
+    subscribe   => File["${apt::apt_base_dir}/${name}"],
+    refreshonly => true,
+    notify      => Exec['refresh_apt'],
+  }
+}