opuppet/module-apt
4
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

allow for binary keys that can be removed

Browse source
This commit is contained in:
Antoine Beaupré 2015-06-11 10:21:56 -04:00
parent 33acc00e5c
commit 891aa0fbbe
3 changed files with 41 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
README
View file

@ -485,8 +485,25 @@ Deploys a secure apt OpenPGP key. This usually accompanies the
sources.list snippets above for third party repositories. For example, sources.list snippets above for third party repositories. For example,
you would do: you would do:
apt::key { 'neurodebian.key': apt::key { 'neurodebian.gpg':
source => 'puppet:///modules/site_apt/neurodebian.key', ensure => present,
source => 'puppet:///modules/site_apt/neurodebian.gpg',
}
This deploys the key in the `/etc/apt/trusted.gpg.d` directory, which
is assumed by secure apt to be binary OpenPGP keys and *not*
"ascii-armored" or "plain text" OpenPGP key material. For the latter,
use `apt::key::plain`.
apt::key::plain
---------------
Deploys a secure apt OpenPGP key. This usually accompanies the
sources.list snippets above for third party repositories. For example,
you would do:
apt::key::asc { 'neurodebian.asc':
source => 'puppet:///modules/site_apt/neurodebian.asc',
} }
This deploys the key in the `${apt_base_dir}/keys` directory (as This deploys the key in the `${apt_base_dir}/keys` directory (as
@ -495,6 +512,10 @@ this exists on top of `$custom_key_dir` is to allow a more
decentralised distribution of those keys, without having all modules decentralised distribution of those keys, without having all modules
throw their keys in the same directory in the manifests. throw their keys in the same directory in the manifests.
Note that this model does *not* currently allow keys to be removed!
Use `apt::key` instead for a more practical, revokable approach, but
that needs binary keys.
apt::upgrade_package apt::upgrade_package
-------------------- --------------------

15
manifests/key.pp
View file

@ -1,13 +1,8 @@
define apt::key ($source) { define apt::key ($ensure => 'present', $source) {
file { file {
"${apt::apt_base_dir}/${name}": "/etc/apt/trusted.gpg.d/$name":
source => $source; source => $source,
"${apt::apt_base_dir}/keys": ensure => $ensure,
ensure => directory; notify => Exec['refresh_apt'],
}
exec { "apt-key add ${apt::apt_base_dir}/${name}":
subscribe => File["${apt::apt_base_dir}/${name}"],
refreshonly => true,
notify => Exec['refresh_apt'],
} }
} }

13
manifests/key/plain.pp Normal file
View file

@ -0,0 +1,13 @@
define apt::key::plain ($source) {
file {
"${apt::apt_base_dir}/${name}":
source => $source;
"${apt::apt_base_dir}/keys":
ensure => directory;
}
exec { "apt-key add ${apt::apt_base_dir}/${name}":
subscribe => File["${apt::apt_base_dir}/${name}"],
refreshonly => true,
notify => Exec['refresh_apt'],
}
}