Merge remote branch 'lelutin/master'
Integrate no custom preference into our new way to manage the preferences. Conflicts: README manifests/default_preferences.pp manifests/init.pp
This commit is contained in:
mh
commit
e2ac1b3d8d
8 changed files with 74 additions and 90 deletions
22
README
22
README
|
|
@ -1,3 +1,4 @@
|
|||
|
||||
Overview
|
||||
========
|
||||
|
||||
|
|
@ -6,7 +7,7 @@ This module manages apt on Debian.
|
|||
It keeps dpkg's and apt's databases as well as the keyrings for securing
|
||||
package download current.
|
||||
|
||||
backports.org is added and an archive key is provided[1].
|
||||
backports.debian.org is added.
|
||||
|
||||
dselect is switched to expert mode to suppress superfluous help screens.
|
||||
|
||||
|
|
@ -50,6 +51,21 @@ following variable before including this class will pull in the
|
|||
templates/apt/sources.list file:
|
||||
$custom_sources_list ='template("apt/sources.list")'
|
||||
|
||||
$custom_preferences
|
||||
--------------------
|
||||
By default this module will use a basic apt/preferences file with
|
||||
unstable and testing pinned to very low values so that any package
|
||||
installation will not accidentally pull in packages from those suites
|
||||
unless you explicitly specify the version number. You can set this
|
||||
variable to pull in a customized apt/preferences template, for
|
||||
example, setting the following variable before including this class
|
||||
will pull in the templates/apt/preferences file:
|
||||
$custom_preferences = 'template("apt/preferences")'
|
||||
|
||||
Also, if you need the preferences file to be absent, set this variable to false:
|
||||
|
||||
$custom_preferences = false
|
||||
|
||||
$custom_key_dir
|
||||
---------------
|
||||
If you have different apt-key files that you want to get added to your
|
||||
|
|
@ -142,7 +158,3 @@ Sometimes -- especially when initially starting management or deploying new
|
|||
packages -- a immediate update is really needed to be able to install the right
|
||||
packages without errors. Thus a method should be devised to be able to specify
|
||||
with high fidelity when a update should be run and when it is not needed.
|
||||
|
||||
|
||||
|
||||
[1] Of course, you should check the validity of _this_ key yourself.
|
||||
|
|
|
|||
|
|
@ -1,33 +0,0 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v1.4.3 (GNU/Linux)
|
||||
|
||||
mQGiBEMIgw4RBADueqAzlq+rQT9JYSSWnNzo6C+9crI8lzW/fcl2Q3PO97MOQTOx
|
||||
Qsf/lOh0Ku7O+VdBa+BwVPuUkSw6wTY5Ku1y/6r1BQzJ9oHkryDDJXsHzKhpdyFc
|
||||
/lD4hNGqRkiNg5ulwAI0O1eqffPWDmeR9ZzSsqM40f1U4TNLfPAu1viWxwCgnbWz
|
||||
onY6RqSYlRsDQaPsNTwieVEEAJeX2FGgNepD1SvfEremAkWCrYYlSZI76iTIf6bd
|
||||
kGkWqIT0vJyE2MNenhDJ2ebbHJVFmL9x8S3m1daC4Zwnacm7aoCY/QgMJ+Js1Fex
|
||||
Acev48W9KHgpVbFMd1t8KAwRbmFcQf0C/FZUbE7xScpTxS4z3SsMOuRyfnGpDOi6
|
||||
m/SnA/9wpquf3pPwbPykzKWNJEDouiJgt0zaFLauKDPeyTWeJ6htaAPDglArewdq
|
||||
bJ9M8QgLFtzjhg/fBQlRRUk7YP4OYtp1OdPkg2D/1rPQNySWlDf21T3N/K8ydKhR
|
||||
bYi+AsPuJLQUi3d+lVTFOebaL9felePvDC2/Eod7PSD1/rnkZ7Q0QmFja3BvcnRz
|
||||
Lm9yZyBBcmNoaXZlIEtleSA8ZnRwLW1hc3RlckBiYWNrcG9ydHMub3JnPohGBBAR
|
||||
AgAGBQJDgImkAAoJEHFe1qB+e4rJ2x4An2oI4xJpDvOx8uDIo9ihG1M0MpUqAJ9S
|
||||
cqVUmiyYSPtu8MwcZecy9kmOIYheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
|
||||
FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AniaEBvlr4oVFMrGgPiye7iE/jv68AJ48
|
||||
OkIfwcKJt7N8ImPAboeimFvWgIheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
|
||||
FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AnjdB14rGa/rzz1ohwsi1oEnDRYuyAJ44
|
||||
Nv8MTPjOaeEZArQ0flg8OXwF37kCDQRDCIMREAgAzXu6DGSDAz4JH+mlthtiQwNZ
|
||||
FU8bjWanGT3DL6zubxwc3ZQmRaMOiVuvJUuaJv8fdGRSvp09dP2/x5mzq2rACiEn
|
||||
DwZssNSK5sigxgy2W9zeO9bOtg6bhqZLwlsL8Y2xZhyGL3qGeP4zL1QbXZ1QdJuO
|
||||
90Xu7GWYS6Wsj+Y6dUsZFYvTZwSiLkEmgFUTxkNue3DQtZ/KNkwoKc+aqU+S7gDN
|
||||
StQDvTNtR6IV11KbKcY1iQ0B2bkh4zShWwloIr83V6huAhfH8GA7UW6saRJAof5D
|
||||
JWUb+PRmU2TAOOlyZoM4nMH+sFFDPOeG8fbecwlox5BRTMqcCB5ELbQXoVZT+wAD
|
||||
BQf/ffI9R53f9USQkhsSak+k82JjRo9hqKAvPwBv3fDhMYqX3XRmwgNeax2y6Ub0
|
||||
AQkDhIC6eJILP5hTb2gjpmYYP7YE/7F1h37lUg7dDYeyPQF54mUXPnIg3uQ/V9HB
|
||||
TY+ZW8rsVe1KRvPAuVFU77FfCvIFdLSXVi1HSUcGv9Y7Kk4Tkr7vzKshlcIp6zZr
|
||||
O0Y3t/+ekBwTTQqEoUylVYkCSt3z6bjpVWbepkL88rbqJnPueTATw9shjbFYaND8
|
||||
cXZox9tQmlOIZ6gDeH1YvFf7ObRLxULm7C6hwik6agtXWkNABVXSxM6MB4hcP9QC
|
||||
+FEhK6y/7wC3SyNRBuFujDG1aohJBBgRAgAJBQJDCIMRAhsMAAoJEOqOiyEWuhNs
|
||||
VVMAoJ1gbL0PHVf7yDwMjO3HuJBErxLdAJ4v9ojJnvJu2yUl4W586soBm+wsLg==
|
||||
=fBrI
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
|
|
@ -29,7 +29,21 @@ class apt {
|
|||
}
|
||||
}
|
||||
|
||||
config_file {
|
||||
# little default settings which keep the system sane
|
||||
"/etc/apt/apt.conf.d/from_puppet":
|
||||
content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n",
|
||||
before => Concatenated_file['/etc/apt/preferences'];
|
||||
}
|
||||
|
||||
case $custom_preferences {
|
||||
false: {
|
||||
include apt::preferences::absent
|
||||
}
|
||||
default: {
|
||||
include apt::preferences
|
||||
}
|
||||
}
|
||||
|
||||
if $apt_unattended_upgrades {
|
||||
include apt::unattended_upgrades
|
||||
|
|
@ -55,48 +69,14 @@ class apt {
|
|||
'/etc/apt/preferences'],
|
||||
loglevel => info,
|
||||
# Another Semaphor for all packages to reference
|
||||
alias => apt_updated;
|
||||
alias => "apt_updated";
|
||||
}
|
||||
|
||||
## This package should really always be current
|
||||
package { "debian-archive-keyring": ensure => latest }
|
||||
|
||||
case $lsbdistcodename {
|
||||
etch: {
|
||||
package { "debian-backports-keyring": ensure => latest }
|
||||
|
||||
# This key was downloaded from
|
||||
# http://backports.org/debian/archive.key
|
||||
# and is needed to bootstrap the backports trustpath
|
||||
file { "${apt_base_dir}/backports.org.key":
|
||||
source => "puppet:///modules/apt/backports.org.key",
|
||||
mode => 0444, owner => root, group => root,
|
||||
}
|
||||
exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
|
||||
alias => "backports_key",
|
||||
refreshonly => true,
|
||||
subscribe => File["${apt_base_dir}/backports.org.key"],
|
||||
before => [ Concatenated_file[apt_config], Package["debian-backports-keyring"] ]
|
||||
}
|
||||
}
|
||||
lenny: {
|
||||
package { "debian-backports-keyring": ensure => latest }
|
||||
|
||||
# This key was downloaded from
|
||||
# http://backports.org/debian/archive.key
|
||||
# and is needed to bootstrap the backports trustpath
|
||||
file { "${apt_base_dir}/backports.org.key":
|
||||
source => "puppet:///modules/apt/backports.org.key",
|
||||
mode => 0444, owner => root, group => root,
|
||||
}
|
||||
exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
|
||||
alias => "backports_key",
|
||||
refreshonly => true,
|
||||
subscribe => File["${apt_base_dir}/backports.org.key"],
|
||||
before => [ Concatenated_file[apt_config], Package["debian-backports-keyring"] ]
|
||||
}
|
||||
}
|
||||
}
|
||||
# backports uses the normal archive key now
|
||||
package { "debian-backports-keyring": ensure => absent }
|
||||
|
||||
if $custom_key_dir {
|
||||
file { "${apt_base_dir}/keys.d":
|
||||
|
|
|
|||
|
|
@ -4,7 +4,8 @@ class apt::preferences {
|
|||
$apt_preferences_dir = "${common::moduledir::module_dir_path}/apt/preferences"
|
||||
module_dir{'apt/preferences': }
|
||||
file{"${apt_preferences_dir}_header":
|
||||
content => 'Package: *
|
||||
content => $custom_preferences ? {
|
||||
'' => 'Package: *
|
||||
Pin: release a=unstable
|
||||
Pin-Priority: 1
|
||||
|
||||
|
|
@ -13,6 +14,8 @@ Pin: release a=testing
|
|||
Pin-Priority: 2
|
||||
|
||||
',
|
||||
default => $custom_preferences
|
||||
},
|
||||
}
|
||||
|
||||
concatenated_file{'/etc/apt/preferences':
|
||||
|
|
@ -25,10 +28,4 @@ Pin-Priority: 2
|
|||
require => File["/etc/apt/sources.list"];
|
||||
}
|
||||
|
||||
config_file {
|
||||
# little default settings which keep the system sane
|
||||
"/etc/apt/apt.conf.d/from_puppet":
|
||||
content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n",
|
||||
before => Concatenated_file[apt_config];
|
||||
}
|
||||
}
|
||||
|
|
|
|||
8
manifests/preferences/absent.pp
Normal file
8
manifests/preferences/absent.pp
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
class apt::preferences::absent {
|
||||
include common::moduledir
|
||||
$apt_preferences_dir = "${common::moduledir::module_dir_path}/apt/preferences"
|
||||
concatenated_file{'/etc/apt/preferences':
|
||||
dir => $apt_preferences_dir,
|
||||
ensure => absent,
|
||||
}
|
||||
}
|
||||
18
manifests/proxy-client.pp
Normal file
18
manifests/proxy-client.pp
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
class apt::proxy-client {
|
||||
|
||||
$real_apt_proxy = $apt_proxy ? {
|
||||
"" => "localhost",
|
||||
default => $apt_proxy
|
||||
}
|
||||
|
||||
$real_apt_proxy_port = $apt_proxy_port ? {
|
||||
"" => "3142",
|
||||
default => $apt_proxy_port
|
||||
}
|
||||
|
||||
file { "/etc/apt/apt.conf.d/20proxy":
|
||||
ensure => present,
|
||||
content => "Acquire::http { Proxy \"http://$real_apt_proxy:$real_apt_proxy_port\"; };\n",
|
||||
owner => root, group => 0, mode => 0644;
|
||||
}
|
||||
}
|
||||
8
templates/sources.list.backports.erb
Normal file
8
templates/sources.list.backports.erb
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
# This file is brought to you by puppet
|
||||
|
||||
# backports
|
||||
<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%>
|
||||
# There are no backports for for <%= lsbdistcodename %>
|
||||
<% else -%>
|
||||
deb http://backports.debian.org/debian-backports/ <%= lsbdistcodename %>-backports main
|
||||
<% end -%>
|
||||
|
|
@ -9,9 +9,3 @@ deb http://ftp.debian.org/debian/ <%= lsbdistcodename %> main contrib non-free
|
|||
deb http://security.debian.org/ <%= lsbdistcodename %>/updates main contrib non-free
|
||||
<% end -%>
|
||||
|
||||
# backports
|
||||
<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%>
|
||||
# There are no backports for for <%= lsbdistcodename %>
|
||||
<% else -%>
|
||||
deb http://www.backports.org/debian/ <%= lsbdistcodename %>-backports main
|
||||
<% end -%>
|
||||
|
|
|
|||
Loading…
Reference in a new issue