Merge remote branch 'lelutin/master'

Integrate no custom preference into our new way to manage the preferences. Conflicts: README manifests/default_preferences.pp manifests/init.pp
2010-10-21 01:59:41 +02:00 · 2010-10-21 01:59:41 +02:00 · e2ac1b3d8d
commit e2ac1b3d8d
parent e19c94dcd2 4dbcd09281
8 changed files with 74 additions and 90 deletions
--- a/22
+++ b/22
@ -1,3 +1,4 @@
+
 Overview
 ========

@ -6,7 +7,7 @@ This module manages apt on Debian.
 It keeps dpkg's and apt's databases as well as the keyrings for securing
 package download current.

-backports.org is added and an archive key is provided[1].
+backports.debian.org is added.

 dselect is switched to expert mode to suppress superfluous help screens.

@ -50,6 +51,21 @@ following variable before including this class will pull in the
 templates/apt/sources.list file: 
 $custom_sources_list ='template("apt/sources.list")'
 		       
+$custom_preferences	
+--------------------
+By default this module will use a basic apt/preferences file with
+unstable and testing pinned to very low values so that any package
+installation will not accidentally pull in packages from those suites
+unless you explicitly specify the version number. You can set this
+variable to pull in a customized apt/preferences template, for
+example, setting the following variable before including this class
+will pull in the templates/apt/preferences file: 
+$custom_preferences = 'template("apt/preferences")'
+
+Also, if you need the preferences file to be absent, set this variable to false:
+
+$custom_preferences = false
+
 $custom_key_dir
 ---------------
 If you have different apt-key files that you want to get added to your
@ -142,7 +158,3 @@ Sometimes -- especially when initially starting management or deploying new
 packages -- a immediate update is really needed to be able to install the right
 packages without errors. Thus a method should be devised to be able to specify
 with high fidelity when a update should be run and when it is not needed.
-
-
-
-[1] Of course, you should check the validity of _this_ key yourself.
--- a/files/backports.org.key
+++ b/files/backports.org.key
@ -1,33 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.3 (GNU/Linux)
-
-mQGiBEMIgw4RBADueqAzlq+rQT9JYSSWnNzo6C+9crI8lzW/fcl2Q3PO97MOQTOx
-Qsf/lOh0Ku7O+VdBa+BwVPuUkSw6wTY5Ku1y/6r1BQzJ9oHkryDDJXsHzKhpdyFc
-/lD4hNGqRkiNg5ulwAI0O1eqffPWDmeR9ZzSsqM40f1U4TNLfPAu1viWxwCgnbWz
-onY6RqSYlRsDQaPsNTwieVEEAJeX2FGgNepD1SvfEremAkWCrYYlSZI76iTIf6bd
-kGkWqIT0vJyE2MNenhDJ2ebbHJVFmL9x8S3m1daC4Zwnacm7aoCY/QgMJ+Js1Fex
-Acev48W9KHgpVbFMd1t8KAwRbmFcQf0C/FZUbE7xScpTxS4z3SsMOuRyfnGpDOi6
-m/SnA/9wpquf3pPwbPykzKWNJEDouiJgt0zaFLauKDPeyTWeJ6htaAPDglArewdq
-bJ9M8QgLFtzjhg/fBQlRRUk7YP4OYtp1OdPkg2D/1rPQNySWlDf21T3N/K8ydKhR
-bYi+AsPuJLQUi3d+lVTFOebaL9felePvDC2/Eod7PSD1/rnkZ7Q0QmFja3BvcnRz
-Lm9yZyBBcmNoaXZlIEtleSA8ZnRwLW1hc3RlckBiYWNrcG9ydHMub3JnPohGBBAR
-AgAGBQJDgImkAAoJEHFe1qB+e4rJ2x4An2oI4xJpDvOx8uDIo9ihG1M0MpUqAJ9S
-cqVUmiyYSPtu8MwcZecy9kmOIYheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
-FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AniaEBvlr4oVFMrGgPiye7iE/jv68AJ48
-OkIfwcKJt7N8ImPAboeimFvWgIheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
-FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AnjdB14rGa/rzz1ohwsi1oEnDRYuyAJ44
-Nv8MTPjOaeEZArQ0flg8OXwF37kCDQRDCIMREAgAzXu6DGSDAz4JH+mlthtiQwNZ
-FU8bjWanGT3DL6zubxwc3ZQmRaMOiVuvJUuaJv8fdGRSvp09dP2/x5mzq2rACiEn
-DwZssNSK5sigxgy2W9zeO9bOtg6bhqZLwlsL8Y2xZhyGL3qGeP4zL1QbXZ1QdJuO
-90Xu7GWYS6Wsj+Y6dUsZFYvTZwSiLkEmgFUTxkNue3DQtZ/KNkwoKc+aqU+S7gDN
-StQDvTNtR6IV11KbKcY1iQ0B2bkh4zShWwloIr83V6huAhfH8GA7UW6saRJAof5D
-JWUb+PRmU2TAOOlyZoM4nMH+sFFDPOeG8fbecwlox5BRTMqcCB5ELbQXoVZT+wAD
-BQf/ffI9R53f9USQkhsSak+k82JjRo9hqKAvPwBv3fDhMYqX3XRmwgNeax2y6Ub0
-AQkDhIC6eJILP5hTb2gjpmYYP7YE/7F1h37lUg7dDYeyPQF54mUXPnIg3uQ/V9HB
-TY+ZW8rsVe1KRvPAuVFU77FfCvIFdLSXVi1HSUcGv9Y7Kk4Tkr7vzKshlcIp6zZr
-O0Y3t/+ekBwTTQqEoUylVYkCSt3z6bjpVWbepkL88rbqJnPueTATw9shjbFYaND8
-cXZox9tQmlOIZ6gDeH1YvFf7ObRLxULm7C6hwik6agtXWkNABVXSxM6MB4hcP9QC
-+FEhK6y/7wC3SyNRBuFujDG1aohJBBgRAgAJBQJDCIMRAhsMAAoJEOqOiyEWuhNs
-VVMAoJ1gbL0PHVf7yDwMjO3HuJBErxLdAJ4v9ojJnvJu2yUl4W586soBm+wsLg==
-=fBrI
-----END PGP PUBLIC KEY BLOCK-----
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -29,7 +29,21 @@ class apt {
    }
  }

-  include apt::preferences
+  config_file {
+    # little default settings which keep the system sane
+    "/etc/apt/apt.conf.d/from_puppet":
+      content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n",
+      before => Concatenated_file['/etc/apt/preferences'];
+  }
+
+  case $custom_preferences {
+    false: {
+      include apt::preferences::absent
+    }
+    default: {
+      include apt::preferences
+    }
+  }

  if $apt_unattended_upgrades {
    include apt::unattended_upgrades
@ -55,48 +69,14 @@ class apt {
                        '/etc/apt/preferences'],
        loglevel => info,
        # Another Semaphor for all packages to reference
-        alias => apt_updated;
+        alias => "apt_updated";
  }

  ## This package should really always be current
  package { "debian-archive-keyring": ensure => latest }
-        
-  case $lsbdistcodename {
-    etch: {
-      package { "debian-backports-keyring": ensure => latest }
-                
-      # This key was downloaded from
-      # http://backports.org/debian/archive.key
-      # and is needed to bootstrap the backports trustpath
-      file { "${apt_base_dir}/backports.org.key":
-        source => "puppet:///modules/apt/backports.org.key",
-        mode => 0444, owner => root, group => root,
-      }
-      exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
-        alias => "backports_key",
-        refreshonly => true,
-        subscribe => File["${apt_base_dir}/backports.org.key"],
-        before => [ Concatenated_file[apt_config], Package["debian-backports-keyring"] ]
-      }
-    }
-    lenny: {
-      package { "debian-backports-keyring": ensure => latest }

-      # This key was downloaded from
-      # http://backports.org/debian/archive.key
-      # and is needed to bootstrap the backports trustpath
-      file { "${apt_base_dir}/backports.org.key":
-        source => "puppet:///modules/apt/backports.org.key",
-        mode => 0444, owner => root, group => root,
-      }
-      exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
-        alias => "backports_key",
-        refreshonly => true,
-        subscribe => File["${apt_base_dir}/backports.org.key"],
-        before => [ Concatenated_file[apt_config], Package["debian-backports-keyring"] ]
-      }
-    }
-  }
+  # backports uses the normal archive key now
+  package { "debian-backports-keyring": ensure => absent }

  if $custom_key_dir {
    file { "${apt_base_dir}/keys.d":
@ -114,4 +94,4 @@ class apt {

  # workaround for preseeded_package component
  file { [ "/var/cache", "/var/cache/local", "/var/cache/local/preseeding" ]: ensure => directory }
-}     
+}
--- a/manifests/preferences.pp
+++ b/manifests/preferences.pp
@ -4,7 +4,8 @@ class apt::preferences {
  $apt_preferences_dir = "${common::moduledir::module_dir_path}/apt/preferences"
  module_dir{'apt/preferences': }
  file{"${apt_preferences_dir}_header":
-    content => 'Package: *
+    content => $custom_preferences ? {
+      '' => 'Package: *
 Pin: release a=unstable
 Pin-Priority: 1

@ -13,6 +14,8 @@ Pin: release a=testing
 Pin-Priority: 2

 ',
+      default => $custom_preferences
+    },
  }

  concatenated_file{'/etc/apt/preferences':
@ -25,10 +28,4 @@ Pin-Priority: 2
    require => File["/etc/apt/sources.list"];
  }

-  config_file {
-    # little default settings which keep the system sane
-    "/etc/apt/apt.conf.d/from_puppet":
-      content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n",
-      before => Concatenated_file[apt_config];
-  }
 }
--- a/manifests/preferences/absent.pp
+++ b/manifests/preferences/absent.pp
@ -0,0 +1,8 @@
+class apt::preferences::absent {
+  include common::moduledir
+  $apt_preferences_dir = "${common::moduledir::module_dir_path}/apt/preferences"
+  concatenated_file{'/etc/apt/preferences':
+    dir => $apt_preferences_dir,
+    ensure => absent,
+  }
+}
--- a/manifests/proxy-client.pp
+++ b/manifests/proxy-client.pp
@ -0,0 +1,18 @@
+class apt::proxy-client {
+
+  $real_apt_proxy = $apt_proxy ? {
+    "" => "localhost",
+    default => $apt_proxy
+  }
+
+  $real_apt_proxy_port = $apt_proxy_port ? {
+    "" => "3142",
+    default => $apt_proxy_port
+  }
+
+  file { "/etc/apt/apt.conf.d/20proxy":
+    ensure => present,
+    content => "Acquire::http { Proxy \"http://$real_apt_proxy:$real_apt_proxy_port\"; };\n",
+    owner => root, group => 0, mode => 0644;
+  }
+}
--- a/templates/sources.list.backports.erb
+++ b/templates/sources.list.backports.erb
@ -0,0 +1,8 @@
+# This file is brought to you by puppet
+
+# backports
+<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%>
+# There are no backports for for <%= lsbdistcodename %>
+<% else -%>
+deb http://backports.debian.org/debian-backports/ <%= lsbdistcodename %>-backports main
+<% end -%>
--- a/templates/sources.list.erb
+++ b/templates/sources.list.erb
@ -9,9 +9,3 @@ deb http://ftp.debian.org/debian/ <%= lsbdistcodename %> main contrib non-free
 deb http://security.debian.org/ <%= lsbdistcodename %>/updates main contrib non-free
 <% end -%>

-# backports
-<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%>
-# There are no backports for for <%= lsbdistcodename %>
-<% else -%>
-deb http://www.backports.org/debian/ <%= lsbdistcodename %>-backports main
-<% end -%>