allow for binary keys that can be removed
This commit is contained in:
Antoine Beaupré
parent
33acc00e5c
commit
891aa0fbbe
3 changed files with 41 additions and 12 deletions
25
README
25
README
|
|
@ -485,8 +485,25 @@ Deploys a secure apt OpenPGP key. This usually accompanies the
|
|||
sources.list snippets above for third party repositories. For example,
|
||||
you would do:
|
||||
|
||||
apt::key { 'neurodebian.key':
|
||||
source => 'puppet:///modules/site_apt/neurodebian.key',
|
||||
apt::key { 'neurodebian.gpg':
|
||||
ensure => present,
|
||||
source => 'puppet:///modules/site_apt/neurodebian.gpg',
|
||||
}
|
||||
|
||||
This deploys the key in the `/etc/apt/trusted.gpg.d` directory, which
|
||||
is assumed by secure apt to be binary OpenPGP keys and *not*
|
||||
"ascii-armored" or "plain text" OpenPGP key material. For the latter,
|
||||
use `apt::key::plain`.
|
||||
|
||||
apt::key::plain
|
||||
---------------
|
||||
|
||||
Deploys a secure apt OpenPGP key. This usually accompanies the
|
||||
sources.list snippets above for third party repositories. For example,
|
||||
you would do:
|
||||
|
||||
apt::key::asc { 'neurodebian.asc':
|
||||
source => 'puppet:///modules/site_apt/neurodebian.asc',
|
||||
}
|
||||
|
||||
This deploys the key in the `${apt_base_dir}/keys` directory (as
|
||||
|
|
@ -495,6 +512,10 @@ this exists on top of `$custom_key_dir` is to allow a more
|
|||
decentralised distribution of those keys, without having all modules
|
||||
throw their keys in the same directory in the manifests.
|
||||
|
||||
Note that this model does *not* currently allow keys to be removed!
|
||||
Use `apt::key` instead for a more practical, revokable approach, but
|
||||
that needs binary keys.
|
||||
|
||||
apt::upgrade_package
|
||||
--------------------
|
||||
|
||||
|
|
|
|||
|
|
@ -1,13 +1,8 @@
|
|||
define apt::key ($source) {
|
||||
define apt::key ($ensure => 'present', $source) {
|
||||
file {
|
||||
"${apt::apt_base_dir}/${name}":
|
||||
source => $source;
|
||||
"${apt::apt_base_dir}/keys":
|
||||
ensure => directory;
|
||||
}
|
||||
exec { "apt-key add ${apt::apt_base_dir}/${name}":
|
||||
subscribe => File["${apt::apt_base_dir}/${name}"],
|
||||
refreshonly => true,
|
||||
notify => Exec['refresh_apt'],
|
||||
"/etc/apt/trusted.gpg.d/$name":
|
||||
source => $source,
|
||||
ensure => $ensure,
|
||||
notify => Exec['refresh_apt'],
|
||||
}
|
||||
}
|
||||
|
|
|
|||
13
manifests/key/plain.pp
Normal file
13
manifests/key/plain.pp
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
define apt::key::plain ($source) {
|
||||
file {
|
||||
"${apt::apt_base_dir}/${name}":
|
||||
source => $source;
|
||||
"${apt::apt_base_dir}/keys":
|
||||
ensure => directory;
|
||||
}
|
||||
exec { "apt-key add ${apt::apt_base_dir}/${name}":
|
||||
subscribe => File["${apt::apt_base_dir}/${name}"],
|
||||
refreshonly => true,
|
||||
notify => Exec['refresh_apt'],
|
||||
}
|
||||
}
|
||||
Loading…
Reference in a new issue