Document the new config_template parameter

Also add an example for how to use the apt::unattended_upgrades class.

README

@@ -17,6 +17,16 @@ Ubuntu support is lagging behind but not absent either.
 
 ! Upgrade Notice !
 
+ * The apt::codename parameter has been removed. In its place, the
+   debian_codename fact may be overridden via an environment variable. This
+   will affect all other debian_* facts, and achieve the same result.
+
+     FACTER_debian_codename=jessie puppet agent -t
+
+ * If you were using custom 50unattended-upgrades.${::lsbdistcodename} in your
+   site_apt, these are no longer supported. You should migrate to passing
+   $blacklisted_packages to the apt::unattended_upgrades class.
+
  * the apt class has been moved to a paramterized class. if you were including
    this class before, after passing some variables, you will need to move to
    instantiating the class with those variables instead. For example, if you 
@@ -89,8 +99,9 @@ Requirements
 
 This module needs:
 
-- the lsb module: git://labs.riseup.net/shared-lsb
-- the common module: git://labs.riseup.net/shared-common
+- the common module: https://gitlab.com/shared-puppet-modules-group/common
+- the lsb module: https://gitlab.com/shared-puppet-modules-group/lsb
+  (optional but recommended, required on Ubuntu)
 
 By default, on normal hosts, this module sets the configuration option
 DSelect::Clean to 'auto'. On virtual servers, the value is set by default to
@@ -128,6 +139,14 @@ Example usage:
 
 Class parameters:
 
+* use_lts
+
+  If this variable is set to true the CODENAME-lts sources (such as
+  squeeze-lts) are added.
+
+  By default this is false for backward compatibility with older
+  versions of this module.
+
 * use_volatile
 
   If this variable is set to true the CODENAME-updates sources (such as
@@ -209,15 +228,6 @@ Class parameters:
 
   class { 'apt': custom_sources_list => template('site_apt/sources.list') }
 
-* codename
-
-  Contains the codename ("squeeze", "wheezy", ...) of the client's release. While
-  these values come from lsb-release by default, this parameter can be set
-  manually, e.g. to enable forced upgrades. For example:
-
-     include apt::dist_upgrade
-     class { 'apt': codename => 'wheezy', notify => Exec['apt_dist-upgrade'] }
-
 * custom_key_dir
 
   If you have different apt-key files that you want to get added to your
@@ -362,6 +372,28 @@ apt::unattended_upgrades
 If this class is included, it will install the package 'unattended-upgrades'
 and configure it to daily upgrade the system.
 
+The class has the following parameters that you can use to change the contents
+of the configuration file. The values shown here are the default values:
+
+ * $config_content = undef
+ * $config_template = 'apt/50unattended-upgrades.erb'
+ * $mailonlyonerror = true
+ * $mail_recipient = 'root'
+ * $blacklisted_packages = []
+
+Note that using $config_content actually specifies all of the configuration
+contents and thus makes the other parameters useless.
+
+example:
+
+    class { 'apt::unattended_upgrades':
+      config_template      => 'site_apt/50unattended-upgrades.jessie',
+      blacklisted_packages => [
+       'libc6', 'libc6-dev', 'libc6-i686', 'mysql-server', 'redmine', 'nodejs',
+       'bird'
+      ],
+    }
+
 Defines
 =======
 
@@ -451,6 +483,46 @@ Example:
                 'puppet:///modules/site_apt/company_internals.list' ],
   }
 
+apt::key
+--------
+
+Deploys a secure apt OpenPGP key. This usually accompanies the
+sources.list snippets above for third party repositories. For example,
+you would do:
+
+  apt::key { 'neurodebian.gpg':
+    ensure => present,
+    source => 'puppet:///modules/site_apt/neurodebian.gpg',
+  }
+
+This deploys the key in the `/etc/apt/trusted.gpg.d` directory, which
+is assumed by secure apt to be binary OpenPGP keys and *not*
+"ascii-armored" or "plain text" OpenPGP key material. For the latter,
+use `apt::key::plain`.
+
+The `.gpg` extension is compulsory for `apt` to pickup the key properly.
+
+apt::key::plain
+---------------
+
+Deploys a secure apt OpenPGP key. This usually accompanies the
+sources.list snippets above for third party repositories. For example,
+you would do:
+
+  apt::key::plain { 'neurodebian.asc':
+    source => 'puppet:///modules/site_apt/neurodebian.asc',
+  }
+
+This deploys the key in the `${apt_base_dir}/keys` directory (as
+opposed to `$custom_key_dir` which deploys it in `keys.d`). The reason
+this exists on top of `$custom_key_dir` is to allow a more
+decentralised distribution of those keys, without having all modules
+throw their keys in the same directory in the manifests.
+
+Note that this model does *not* currently allow keys to be removed!
+Use `apt::key` instead for a more practical, revokable approach, but
+that needs binary keys.
+
 apt::upgrade_package
 --------------------
 

files/Debian/50unattended-upgrades

@@ -1,14 +0,0 @@
-// this file is managed by puppet !
-
-Unattended-Upgrade::Origins-Pattern {
-//      "o=Debian,n=${distro-codename}";
-//      "o=Debian,n=${distro-codename}-updates";
-//      "o=Debian,n=${distro_codename}-proposed-updates";
-        "o=Debian,n=${distro_codename},l=Debian-Security";
-}
-
-APT::Periodic::Update-Package-Lists "1";
-APT::Periodic::Download-Upgradeable-Packages "1";
-APT::Periodic::Unattended-Upgrade "1";
-
-Unattended-Upgrade::Mail "root";

files/Debian/50unattended-upgrades.squeeze

@@ -1,14 +0,0 @@
-// this file is managed by puppet !
-
-Unattended-Upgrade::Allowed-Origins {
-//  "${distro-id} oldstable";
-//  "${distro_id} ${distro_codename}-backports";
-    "${distro-id} ${distro-codename}-security";
-    "${distro-id} ${distro-codename}-lts";
-};
-
-APT::Periodic::Update-Package-Lists "1";
-APT::Periodic::Download-Upgradeable-Packages "1";
-APT::Periodic::Unattended-Upgrade "1";
-
-Unattended-Upgrade::Mail "root";

files/Ubuntu/50unattended-upgrades

@@ -1,16 +0,0 @@
-// this file is managed by puppet !
-
-Unattended-Upgrade::Allowed-Origins {
-  "${distro_id}:${distro_codename}-security";
-  "${distro_id}:${distro_codename}-updates";
-  "${distro_id}:${distro_codename}-backports";
-  //"${distro_id}:${distro_codename}-proposed";
-};
-
-
-APT::Periodic::Update-Package-Lists "1";
-APT::Periodic::Download-Upgradeable-Packages "1";
-APT::Periodic::Unattended-Upgrade "1";
-
-Unattended-Upgrade::Mail "root";
-Unattended-Upgrade::MailOnlyOnError "true";

gpl.txt

@@ -1,674 +0,0 @@
-                    GNU GENERAL PUBLIC LICENSE
-                       Version 3, 29 June 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-                            Preamble
-
-  The GNU General Public License is a free, copyleft license for
-software and other kinds of works.
-
-  The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works.  By contrast,
-the GNU General Public License is intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users.  We, the Free Software Foundation, use the
-GNU General Public License for most of our software; it applies also to
-any other work released this way by its authors.  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
-  To protect your rights, we need to prevent others from denying you
-these rights or asking you to surrender the rights.  Therefore, you have
-certain responsibilities if you distribute copies of the software, or if
-you modify it: responsibilities to respect the freedom of others.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must pass on to the recipients the same
-freedoms that you received.  You must make sure that they, too, receive
-or can get the source code.  And you must show them these terms so they
-know their rights.
-
-  Developers that use the GNU GPL protect your rights with two steps:
-(1) assert copyright on the software, and (2) offer you this License
-giving you legal permission to copy, distribute and/or modify it.
-
-  For the developers' and authors' protection, the GPL clearly explains
-that there is no warranty for this free software.  For both users' and
-authors' sake, the GPL requires that modified versions be marked as
-changed, so that their problems will not be attributed erroneously to
-authors of previous versions.
-
-  Some devices are designed to deny users access to install or run
-modified versions of the software inside them, although the manufacturer
-can do so.  This is fundamentally incompatible with the aim of
-protecting users' freedom to change the software.  The systematic
-pattern of such abuse occurs in the area of products for individuals to
-use, which is precisely where it is most unacceptable.  Therefore, we
-have designed this version of the GPL to prohibit the practice for those
-products.  If such problems arise substantially in other domains, we
-stand ready to extend this provision to those domains in future versions
-of the GPL, as needed to protect the freedom of users.
-
-  Finally, every program is threatened constantly by software patents.
-States should not allow patents to restrict development and use of
-software on general-purpose computers, but in those that do, we wish to
-avoid the special danger that patents applied to a free program could
-make it effectively proprietary.  To prevent this, the GPL assures that
-patents cannot be used to render the program non-free.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-                       TERMS AND CONDITIONS
-
-  0. Definitions.
-
-  "This License" refers to version 3 of the GNU General Public License.
-
-  "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
-
-  "The Program" refers to any copyrightable work licensed under this
-License.  Each licensee is addressed as "you".  "Licensees" and
-"recipients" may be individuals or organizations.
-
-  To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of an
-exact copy.  The resulting work is called a "modified version" of the
-earlier work or a work "based on" the earlier work.
-
-  A "covered work" means either the unmodified Program or a work based
-on the Program.
-
-  To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy.  Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
-  To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies.  Mere interaction with a user through
-a computer network, with no transfer of a copy, is not conveying.
-
-  An interactive user interface displays "Appropriate Legal Notices"
-to the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License.  If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
-  1. Source Code.
-
-  The "source code" for a work means the preferred form of the work
-for making modifications to it.  "Object code" means any non-source
-form of a work.
-
-  A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
-  The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form.  A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
-  The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities.  However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work.  For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
-  The Corresponding Source need not include anything that users
-can regenerate automatically from other parts of the Corresponding
-Source.
-
-  The Corresponding Source for a work in source code form is that
-same work.
-
-  2. Basic Permissions.
-
-  All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met.  This License explicitly affirms your unlimited
-permission to run the unmodified Program.  The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work.  This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
-  You may make, run and propagate covered works that you do not
-convey, without conditions so long as your license otherwise remains
-in force.  You may convey covered works to others for the sole purpose
-of having them make modifications exclusively for you, or provide you
-with facilities for running those works, provided that you comply with
-the terms of this License in conveying all material for which you do
-not control copyright.  Those thus making or running the covered works
-for you must do so exclusively on your behalf, under your direction
-and control, on terms that prohibit them from making any copies of
-your copyrighted material outside their relationship with you.
-
-  Conveying under any other circumstances is permitted solely under
-the conditions stated below.  Sublicensing is not allowed; section 10
-makes it unnecessary.
-
-  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
-  No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
-  When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such circumvention
-is effected by exercising rights under this License with respect to
-the covered work, and you disclaim any intention to limit operation or
-modification of the work as a means of enforcing, against the work's
-users, your or third parties' legal rights to forbid circumvention of
-technological measures.
-
-  4. Conveying Verbatim Copies.
-
-  You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
-  You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
-  5. Conveying Modified Source Versions.
-
-  You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these conditions:
-
-    a) The work must carry prominent notices stating that you modified
-    it, and giving a relevant date.
-
-    b) The work must carry prominent notices stating that it is
-    released under this License and any conditions added under section
-    7.  This requirement modifies the requirement in section 4 to
-    "keep intact all notices".
-
-    c) You must license the entire work, as a whole, under this
-    License to anyone who comes into possession of a copy.  This
-    License will therefore apply, along with any applicable section 7
-    additional terms, to the whole of the work, and all its parts,
-    regardless of how they are packaged.  This License gives no
-    permission to license the work in any other way, but it does not
-    invalidate such permission if you have separately received it.
-
-    d) If the work has interactive user interfaces, each must display
-    Appropriate Legal Notices; however, if the Program has interactive
-    interfaces that do not display Appropriate Legal Notices, your
-    work need not make them do so.
-
-  A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit.  Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
-  6. Conveying Non-Source Forms.
-
-  You may convey a covered work in object code form under the terms
-of sections 4 and 5, provided that you also convey the
-machine-readable Corresponding Source under the terms of this License,
-in one of these ways:
-
-    a) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by the
-    Corresponding Source fixed on a durable physical medium
-    customarily used for software interchange.
-
-    b) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by a
-    written offer, valid for at least three years and valid for as
-    long as you offer spare parts or customer support for that product
-    model, to give anyone who possesses the object code either (1) a
-    copy of the Corresponding Source for all the software in the
-    product that is covered by this License, on a durable physical
-    medium customarily used for software interchange, for a price no
-    more than your reasonable cost of physically performing this
-    conveying of source, or (2) access to copy the
-    Corresponding Source from a network server at no charge.
-
-    c) Convey individual copies of the object code with a copy of the
-    written offer to provide the Corresponding Source.  This
-    alternative is allowed only occasionally and noncommercially, and
-    only if you received the object code with such an offer, in accord
-    with subsection 6b.
-
-    d) Convey the object code by offering access from a designated
-    place (gratis or for a charge), and offer equivalent access to the
-    Corresponding Source in the same way through the same place at no
-    further charge.  You need not require recipients to copy the
-    Corresponding Source along with the object code.  If the place to
-    copy the object code is a network server, the Corresponding Source
-    may be on a different server (operated by you or a third party)
-    that supports equivalent copying facilities, provided you maintain
-    clear directions next to the object code saying where to find the
-    Corresponding Source.  Regardless of what server hosts the
-    Corresponding Source, you remain obligated to ensure that it is
-    available for as long as needed to satisfy these requirements.
-
-    e) Convey the object code using peer-to-peer transmission, provided
-    you inform other peers where the object code and Corresponding
-    Source of the work are being offered to the general public at no
-    charge under subsection 6d.
-
-  A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
-  A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal, family,
-or household purposes, or (2) anything designed or sold for incorporation
-into a dwelling.  In determining whether a product is a consumer product,
-doubtful cases shall be resolved in favor of coverage.  For a particular
-product received by a particular user, "normally used" refers to a
-typical or common use of that class of product, regardless of the status
-of the particular user or of the way in which the particular user
-actually uses, or expects or is expected to use, the product.  A product
-is a consumer product regardless of whether the product has substantial
-commercial, industrial or non-consumer uses, unless such uses represent
-the only significant mode of use of the product.
-
-  "Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to install
-and execute modified versions of a covered work in that User Product from
-a modified version of its Corresponding Source.  The information must
-suffice to ensure that the continued functioning of the modified object
-code is in no case prevented or interfered with solely because
-modification has been made.
-
-  If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information.  But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
-  The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or updates
-for a work that has been modified or installed by the recipient, or for
-the User Product in which it has been modified or installed.  Access to a
-network may be denied when the modification itself materially and
-adversely affects the operation of the network or violates the rules and
-protocols for communication across the network.
-
-  Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
-  7. Additional Terms.
-
-  "Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law.  If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
-  When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it.  (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.)  You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
-  Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders of
-that material) supplement the terms of this License with terms:
-
-    a) Disclaiming warranty or limiting liability differently from the
-    terms of sections 15 and 16 of this License; or
-
-    b) Requiring preservation of specified reasonable legal notices or
-    author attributions in that material or in the Appropriate Legal
-    Notices displayed by works containing it; or
-
-    c) Prohibiting misrepresentation of the origin of that material, or
-    requiring that modified versions of such material be marked in
-    reasonable ways as different from the original version; or
-
-    d) Limiting the use for publicity purposes of names of licensors or
-    authors of the material; or
-
-    e) Declining to grant rights under trademark law for use of some
-    trade names, trademarks, or service marks; or
-
-    f) Requiring indemnification of licensors and authors of that
-    material by anyone who conveys the material (or modified versions of
-    it) with contractual assumptions of liability to the recipient, for
-    any liability that these contractual assumptions directly impose on
-    those licensors and authors.
-
-  All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10.  If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term.  If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
-  If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
-  Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions;
-the above requirements apply either way.
-
-  8. Termination.
-
-  You may not propagate or modify a covered work except as expressly
-provided under this License.  Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
-  However, if you cease all violation of this License, then your
-license from a particular copyright holder is reinstated (a)
-provisionally, unless and until the copyright holder explicitly and
-finally terminates your license, and (b) permanently, if the copyright
-holder fails to notify you of the violation by some reasonable means
-prior to 60 days after the cessation.
-
-  Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
-  Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License.  If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
-  9. Acceptance Not Required for Having Copies.
-
-  You are not required to accept this License in order to receive or
-run a copy of the Program.  Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance.  However,
-nothing other than this License grants you permission to propagate or
-modify any covered work.  These actions infringe copyright if you do
-not accept this License.  Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
-  10. Automatic Licensing of Downstream Recipients.
-
-  Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License.  You are not responsible
-for enforcing compliance by third parties with this License.
-
-  An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations.  If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
-  You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License.  For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
-  11. Patents.
-
-  A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based.  The
-work thus licensed is called the contributor's "contributor version".
-
-  A contributor's "essential patent claims" are all patent claims
-owned or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version.  For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
-  Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
-  In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement).  To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
-  If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients.  "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
-  If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
-  A patent license is "discriminatory" if it does not include within
-the scope of its coverage, prohibits the exercise of, or is
-conditioned on the non-exercise of one or more of the rights that are
-specifically granted under this License.  You may not convey a covered
-work if you are a party to an arrangement with a third party that is
-in the business of distributing software, under which you make payment
-to the third party based on the extent of your activity of conveying
-the work, and under which the third party grants, to any of the
-parties who would receive the covered work from you, a discriminatory
-patent license (a) in connection with copies of the covered work
-conveyed by you (or copies made from those copies), or (b) primarily
-for and in connection with specific products or compilations that
-contain the covered work, unless you entered into that arrangement,
-or that patent license was granted, prior to 28 March 2007.
-
-  Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
-  12. No Surrender of Others' Freedom.
-
-  If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you may
-not convey it at all.  For example, if you agree to terms that obligate you
-to collect a royalty for further conveying from those to whom you convey
-the Program, the only way you could satisfy both those terms and this
-License would be to refrain entirely from conveying the Program.
-
-  13. Use with the GNU Affero General Public License.
-
-  Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
-combined work, and to convey the resulting work.  The terms of this
-License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
-section 13, concerning interaction through a network will apply to the
-combination as such.
-
-  14. Revised Versions of this License.
-
-  The Free Software Foundation may publish revised and/or new versions of
-the GNU General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation.  If the Program does not specify a version number of the
-GNU General Public License, you may choose any version ever published
-by the Free Software Foundation.
-
-  If the Program specifies that a proxy can decide which future
-versions of the GNU General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
-
-  Later license versions may give you additional or different
-permissions.  However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
-  15. Disclaimer of Warranty.
-
-  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
-  16. Limitation of Liability.
-
-  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGES.
-
-  17. Interpretation of Sections 15 and 16.
-
-  If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
-                     END OF TERMS AND CONDITIONS
-
-            How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-state the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-Also add information on how to contact you by electronic and paper mail.
-
-  If the program does terminal interaction, make it output a short
-notice like this when it starts in an interactive mode:
-
-    <program>  Copyright (C) <year>  <name of author>
-    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, your program's commands
-might be different; for a GUI interface, you would use an "about box".
-
-  You should also get your employer (if you work as a programmer) or school,
-if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU GPL, see
-<http://www.gnu.org/licenses/>.
-
-  The GNU General Public License does not permit incorporating your program
-into proprietary programs.  If your program is a subroutine library, you
-may consider it more useful to permit linking proprietary applications with
-the library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.  But first, please read
-<http://www.gnu.org/philosophy/why-not-lgpl.html>.

lib/facter/debian_codename.rb

@@ -0,0 +1,40 @@
+begin
+  require 'facter/util/debian'
+end
+
+def version_to_codename(version)
+  if Facter::Util::Debian::CODENAMES.has_key?(version)
+    return Facter::Util::Debian::CODENAMES[version]
+  else
+    Facter.warn("Could not determine codename from version '#{version}'")
+  end
+end
+
+Facter.add(:debian_codename) do
+  has_weight 99
+  confine :operatingsystem => 'Debian'
+  setcode do
+    Facter.value('lsbdistcodename')
+  end
+end
+
+Facter.add(:debian_codename) do
+  has_weight 66
+  confine :operatingsystem => 'Debian'
+  setcode do
+    version_to_codename(Facter.value('operatingsystemmajrelease'))
+  end
+end
+
+Facter.add(:debian_codename) do
+  has_weight 33
+  confine :operatingsystem => 'Debian'
+  setcode do
+    debian_version = File.open('/etc/debian_version', &:readline)
+    if debian_version.match(/^\d+/)
+      version_to_codename(debian_version.scan(/^(\d+)/)[0][0])
+    elsif debian_version.match(/^[a-z]+\/(sid|unstable)/)
+      debian_version.scan(/^([a-z]+)\//)[0][0]
+    end
+  end
+end

lib/facter/debian_lts.rb

@@ -0,0 +1,14 @@
+begin
+  require 'facter/util/debian'
+end
+
+Facter.add(:debian_lts) do
+  confine :operatingsystem => 'Debian'
+  setcode do
+    if Facter::Util::Debian::LTS.include? Facter.value('debian_codename')
+      true
+    else
+      false
+    end
+  end
+end

lib/facter/debian_nextcodename.rb

@@ -0,0 +1,22 @@
+begin
+  require 'facter/util/debian'
+end
+
+def debian_codename_to_next(codename)
+  if codename == "sid"
+    return "experimental"
+  else
+    codenames = Facter::Util::Debian::CODENAMES.values
+    i = codenames.index(codename)
+    if i and i+1 < codenames.count
+      return codenames[i+1]
+    end
+  end
+end
+
+Facter.add(:debian_nextcodename) do
+  confine :operatingsystem => 'Debian'
+  setcode do
+    debian_codename_to_next(Facter.value('debian_codename'))
+  end
+end

lib/facter/debian_nextrelease.rb

@@ -0,0 +1,23 @@
+def debian_release_to_next(release)
+  releases = [
+    'oldoldoldstable',
+    'oldoldstable',
+    'oldstable',
+    'stable',
+    'testing',
+    'unstable',
+    'experimental',
+  ]
+  if releases.include? release
+    if releases.index(release)+1 < releases.count
+      return releases[releases.index(release)+1]
+    end
+  end
+end
+
+Facter.add(:debian_nextrelease) do
+  confine :operatingsystem => 'Debian'
+  setcode do
+    debian_release_to_next(Facter.value('debian_release'))
+  end
+end

lib/facter/debian_release.rb

@@ -0,0 +1,36 @@
+begin
+  require 'facter/util/debian'
+end
+
+def debian_codename_to_release(codename)
+  stable = Facter::Util::Debian::STABLE
+  versions = Facter::Util::Debian::CODENAMES.invert
+  release = nil
+  if codename == "sid"
+    release = "unstable"
+  elsif versions.has_key? codename
+    version = versions[codename].to_i
+    if version == stable
+      release = "stable"
+    elsif version < stable
+      release = "stable"
+      for i in version..stable - 1
+        release = "old" + release
+      end
+    elsif version == stable + 1
+      release = "testing"
+    end
+  end
+  if release.nil?
+    Facter.warn("Could not determine release from codename #{codename}!")
+  end
+  return release
+end
+
+Facter.add(:debian_release) do
+  has_weight 99
+  confine :operatingsystem => 'Debian'
+  setcode do
+    debian_codename_to_release(Facter.value('debian_codename'))
+  end
+end

lib/facter/ubuntu_codename.rb

@@ -0,0 +1,8 @@
+Facter.add(:ubuntu_codename) do
+  confine :operatingsystem => 'Ubuntu'
+  setcode do
+    Facter.value('lsbdistcodename')
+  end
+end
+
+

lib/facter/ubuntu_nextcodename.rb

@@ -0,0 +1,18 @@
+begin
+  require 'facter/util/ubuntu'
+end
+
+def ubuntu_codename_to_next(codename)
+  codenames = Facter::Util::Ubuntu::CODENAMES
+  i = codenames.index(codename)
+  if i and i+1 < codenames.count
+    return codenames[i+1]
+  end
+end
+
+Facter.add(:ubuntu_nextcodename) do
+  confine :operatingsystem => 'Ubuntu'
+  setcode do
+    ubuntu_codename_to_next(Facter.value('ubuntu_codename'))
+  end
+end

lib/facter/util/debian.rb

@@ -0,0 +1,18 @@
+module Facter
+  module Util
+    module Debian
+      STABLE = 8
+      CODENAMES = {
+        "5" => "lenny",
+        "6" => "squeeze",
+        "7" => "wheezy",
+        "8" => "jessie",
+        "9" => "stretch",
+        "10" => "buster",
+      }
+      LTS = [
+        "squeeze",
+      ]
+    end
+  end
+end

lib/facter/util/ubuntu.rb

@@ -0,0 +1,20 @@
+module Facter
+  module Util
+    module Ubuntu
+      CODENAMES = [
+        "lucid",
+        "maverick",
+        "natty",
+        "oneiric",
+        "precise",
+        "quantal",
+        "raring",
+        "saucy",
+        "trusty",
+        "utopic",
+        "vivid",
+        "wily",
+      ]
+    end
+  end
+end

lib/puppet/parser/functions/debian_nextcodename.rb

@@ -1,11 +0,0 @@
-module Puppet::Parser::Functions
-  newfunction(:debian_nextcodename, :type => :rvalue) do |args|
-    case args[0]
-      when "squeeze" then "wheezy"
-      when "wheezy"  then "jessie"
-      when "jessie"  then "sid"
-      when "sid"     then "experimental"
-      else "sid"
-    end
-  end
-end

lib/puppet/parser/functions/debian_nextrelease.rb

@@ -1,11 +0,0 @@
-module Puppet::Parser::Functions
-  newfunction(:debian_nextrelease, :type => :rvalue) do |args|
-    case args[0]
-      when 'oldstable' then 'stable'
-      when 'stable'    then 'testing'
-      when 'testing'   then 'unstable'
-      when 'unstable'  then 'experimental'
-      else 'unstable'
-    end
-  end
-end

lib/puppet/parser/functions/debian_release.rb

@@ -1,12 +0,0 @@
-module Puppet::Parser::Functions
-  newfunction(:debian_release, :type => :rvalue) do |args|
-    case args[0]
-      when 'squeeze'      then 'oldstable'
-      when 'wheezy'       then 'stable'
-      when 'jessie'       then 'testing'
-      when 'sid'          then 'unstable'
-      when 'experimental' then 'experimental'
-      else 'testing'
-    end
-  end
-end

lib/puppet/parser/functions/debian_release_version.rb

@@ -1,9 +0,0 @@
-module Puppet::Parser::Functions
-  newfunction(:debian_release_version, :type => :rvalue) do |args|
-    case args[0]
-      when 'squeeze'      then '6.0'
-      when 'wheezy'       then '7.0'
-      else ''
-    end
-  end
-end

manifests/apticron.pp

@@ -1,6 +1,6 @@
 class apt::apticron(
   $ensure_version = 'installed',
-  $config = "apt/${::operatingsystem}/apticron_${::lsbdistcodename}.erb",
+  $config = "apt/${::operatingsystem}/apticron_${::debian_codename}.erb",
   $email = 'root',
   $diff_only = '1',
   $listchanges_profile = 'apticron',

manifests/dselect.pp

@@ -1,9 +1,10 @@
+# manage dselect, like
+# suppressing the annoying help texts
 class apt::dselect {
 
-  # suppress annoying help texts of dselect
-  line { 'dselect_expert':
-      file => '/etc/dpkg/dselect.cfg',
-      line => 'expert',
+  file_line { 'dselect_expert':
+    path => '/etc/dpkg/dselect.cfg',
+    line => 'expert',
   }
 
   package { 'dselect': ensure => installed }

manifests/init.pp

@@ -4,13 +4,15 @@
 # See LICENSE for the full license granted to you.
 
 class apt(
-  $codename = $apt::params::codename,
+  $use_lts = $apt::params::use_lts,
   $use_volatile = $apt::params::use_volatile,
+  $use_backports = $apt::params::use_backports,
   $include_src = $apt::params::include_src,
   $use_next_release = $apt::params::use_next_release,
   $debian_url = $apt::params::debian_url,
   $security_url = $apt::params::security_url,
   $backports_url = $apt::params::backports_url,
+  $lts_url = $apt::params::lts_url,
   $volatile_url = $apt::params::volatile_url,
   $ubuntu_url = $apt::params::ubuntu_url,
   $repos = $apt::params::repos,
@@ -39,21 +41,6 @@ class apt(
     require => undef,
   }
 
-  include lsb
-
-  # init $release, $next_release, $next_codename, $release_version
-  case $codename {
-    'n/a': {
-      fail("Unknown lsbdistcodename reported by facter: '$::lsbdistcodename', please fix this by setting this variable in your manifest.")
-    }
-    default: {
-      $release = debian_release($codename)
-    }
-  }
-  $release_version = debian_release_version($codename)
-  $next_codename = debian_nextcodename($codename)
-  $next_release = debian_nextrelease($release)
-
   $sources_content = $custom_sources_list ? {
     ''      => template( "apt/${::operatingsystem}/sources.list.erb"),
     default => $custom_sources_list
@@ -112,8 +99,8 @@ class apt(
   package { 'debian-backports-keyring': ensure => absent }
 
   include common::moduledir
+  common::module_dir { 'apt': }
   $apt_base_dir = "${common::moduledir::module_dir_path}/apt"
-  modules_dir { 'apt': }
 
   if $custom_key_dir {
     file { "${apt_base_dir}/keys.d":

manifests/key.pp

@@ -0,0 +1,13 @@
+define apt::key ($source, $ensure = 'present') {
+  validate_re(
+    $name, '\.gpg$',
+    'An apt::key resource name must have the .gpg extension',
+  )
+
+  file {
+    "/etc/apt/trusted.gpg.d/${name}":
+      ensure => $ensure,
+      source => $source,
+      notify => Exec['refresh_apt'],
+  }
+}

manifests/key/plain.pp

@@ -0,0 +1,13 @@
+define apt::key::plain ($source) {
+  file {
+    "${apt::apt_base_dir}/keys/${name}":
+      source  => $source;
+    "${apt::apt_base_dir}/keys":
+      ensure  => directory;
+  }
+  exec { "apt-key add '${apt::apt_base_dir}/keys/${name}'":
+    subscribe   => File["${apt::apt_base_dir}/keys/${name}"],
+    refreshonly => true,
+    notify      => Exec['refresh_apt'],
+  }
+}

manifests/listchanges.pp

@@ -1,6 +1,6 @@
 class apt::listchanges(
   $ensure_version = 'installed',
-  $config = "apt/${::operatingsystem}/listchanges_${::lsbdistcodename}.erb",
+  $config = "apt/${::operatingsystem}/listchanges_${::debian_codename}.erb",
   $frontend = 'mail',
   $email = 'root',
   $confirm = '0',

manifests/params.pp

@@ -1,14 +1,16 @@
 class apt::params () {
-  $codename = $::lsbdistcodename
+  $use_lts = false
   $use_volatile = false
+  $use_backports = true
   $include_src = false
   $use_next_release = false
-  $debian_url = 'http://http.debian.net/debian/'
+  $debian_url = 'http://httpredir.debian.org/debian/'
   $security_url = 'http://security.debian.org/'
-  $backports_url = $::lsbdistcodename ? {
-    'wheezy' => $debian_url,
-    default  => 'http://backports.debian.org/debian-backports/',
+  $backports_url = $::debian_codename ? {
+    'squeeze'  => 'http://backports.debian.org/debian-backports/',
+    default => $debian_url
   }
+  $lts_url = $debian_url
   $volatile_url = 'http://volatile.debian.org/debian-volatile/'
   $ubuntu_url = 'http://archive.ubuntu.com/ubuntu'
   $repos = 'auto'

manifests/preferences.pp

@@ -2,8 +2,8 @@ class apt::preferences {
 
   $pref_contents = $apt::custom_preferences ? {
     ''      => $::operatingsystem ? {
-      'debian' => template("apt/${::operatingsystem}/preferences_${apt::codename}.erb"),
-      'ubuntu' => template("apt/${::operatingsystem}/preferences_${apt::codename}.erb"),
+      'debian' => template("apt/${::operatingsystem}/preferences_${::debian_codename}.erb"),
+      'ubuntu' => template("apt/${::operatingsystem}/preferences_${::ubuntu_codename}.erb"),
     },
     default => $apt::custom_preferences
   }

manifests/preseeded_package.pp

@@ -4,7 +4,7 @@ define apt::preseeded_package (
 ) {
   $seedfile = "/var/cache/local/preseeding/${name}.seeds"
   $real_content = $content ? {
-    ''      => template ( "site_apt/${::lsbdistcodename}/${name}.seeds" ),
+    ''      => template ( "site_apt/${::debian_codename}/${name}.seeds" ),
     default => $content
   }
 

manifests/unattended_upgrades.pp

@@ -1,15 +1,24 @@
-class apt::unattended_upgrades {
+class apt::unattended_upgrades (
+  $config_content = undef,
+  $config_template = 'apt/50unattended-upgrades.erb',
+  $mailonlyonerror = true,
+  $mail_recipient = 'root',
+  $blacklisted_packages = [],
+  $ensure_version = present
+) {
 
   package { 'unattended-upgrades':
-    ensure  => present
+    ensure  => $ensure_version
+  }
+
+  $file_content = $config_content ? {
+    undef   => template($config_template),
+    default => $config_content
   }
 
   apt_conf { '50unattended-upgrades':
-    source  => [
-                "puppet:///modules/site_apt/${::lsbdistid}/50unattended-upgrades.${::lsbdistcodename}",
-                "puppet:///modules/site_apt/${::lsbdistid}/50unattended-upgrades",
-                "puppet:///modules/apt/${::lsbdistid}/50unattended-upgrades.${::lsbdistcodename}",
-                "puppet:///modules/apt/${::lsbdistid}/50unattended-upgrades" ],
-    require => Package['unattended-upgrades'],
+    content     => $file_content,
+    require     => Package['unattended-upgrades'],
+    refresh_apt => false
   }
 }

templates/20proxy.erb

@@ -1,5 +1,5 @@
 // This file is managed by Puppet
 // all local modifications will be overwritten
 
-Acquire::http { Proxy "<%= proxy %>:<%= port %>"; };
+Acquire::http { Proxy "<%= @proxy %>:<%= @port %>"; };
 Acquire::HTTP::Proxy::bugs.debian.org "DIRECT";

templates/50unattended-upgrades.erb

@@ -0,0 +1,38 @@
+// this file is managed by puppet !
+
+<% if scope.lookupvar('::operatingsystem') == 'Ubuntu' -%>
+Unattended-Upgrade::Allowed-Origins {
+  "${distro_id}:${distro_codename}-security";
+  "${distro_id}:${distro_codename}-updates";
+  "${distro_id}:${distro_codename}-backports";
+<% elsif scope.lookupvar('::operatingsystem') == 'Debian' and scope.lookupvar('::debian_codename') == 'squeeze' -%>
+Unattended-Upgrade::Allowed-Origins {
+  "${distro_id}:<%= scope.lookupvar('::debian_release') %>";
+  "${distro_id}:squeeze-lts";
+<% elsif scope.lookupvar('::operatingsystem') == 'Debian' and scope.lookupvar('::debian_codename') == 'wheezy' -%>
+Unattended-Upgrade::Origins-Pattern {
+  "origin=Debian,archive=<%= scope.lookupvar('::debian_release') %>,label=Debian-Security";
+  "origin=Debian,archive=${distro_codename}-lts";
+<% else -%>
+Unattended-Upgrade::Origins-Pattern {
+  "origin=Debian,codename=${distro_codename},label=Debian";
+  "origin=Debian,codename=${distro_codename},label=Debian-Security";
+<% end -%>
+};
+
+<% if not @blacklisted_packages.empty?  -%>
+Unattended-Upgrade::Package-Blacklist {
+<% @blacklisted_packages.each do |pkg| -%>
+  "<%= pkg %>";
+<% end -%>
+};
+<% end -%>
+
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "1";
+APT::Periodic::Unattended-Upgrade "1";
+
+Unattended-Upgrade::Mail "<%= @mail_recipient -%>";
+<% if @mailonlyonerror -%>
+Unattended-Upgrade::MailOnlyOnError "true";
+<% end -%>

templates/Debian/apticron_lenny.erb

@@ -24,9 +24,9 @@ LISTCHANGES_PROFILE="<%= scope.lookupvar('apt::apticron::listchanges_profile') %
 # of "hostname -f" for the system name in the mails it generates
 #
 # SYSTEM="foobar.example.com"
-<%- unless scope.lookupvar('apt::apticron::system').to_s == "false" -%>
-<%= "SYSTEM=\"#{scope.lookupvar('apt::apticron::system')}\"" %>
-<%- end -%>
+<% unless (v=scope.lookupvar('apt::apticron::system')).to_s == "false" -%>
+SYSTEM="<%= v %>"
+<% end -%>
 
 #
 # Set IPADDRESSNUM if you would like to configure the maximal number of IP
@@ -34,9 +34,9 @@ LISTCHANGES_PROFILE="<%= scope.lookupvar('apt::apticron::listchanges_profile') %
 # family type (inet, inet6), if available.
 #
 # IPADDRESSNUM="1"
-<%- unless scope.lookupvar('apt::apticron::ipaddressnum').to_s == "false" -%>
-<%= "IPADDRESSNUM=\"#{scope.lookupvar('apt::apticron::ipaddressnum')}\"" %>
-<%- end -%>
+<% unless (v=scope.lookupvar('apt::apticron::ipaddressnum')).to_s == "false" -%>
+IPADDRESSNUM="<%= v %>"
+<% end -%>
 
 #
 # Set IPADDRESSES to a whitespace seperated list of reachable addresses for
@@ -44,7 +44,7 @@ LISTCHANGES_PROFILE="<%= scope.lookupvar('apt::apticron::listchanges_profile') %
 # "ip" command
 #
 # IPADDRESSES="192.0.2.1 2001:db8:1:2:3::1"
-<%- unless scope.lookupvar('apt::apticron::ipaddresses').to_s == "false" -%>
-<%= "IPADDRESSES=\"#{scope.lookupvar('apt::apticron::ipaddresses')}\"" %>
-<%- end -%>
+<% unless (v=scope.lookupvar('apt::apticron::ipaddresses')).to_s == "false" -%>
+IPADDRESSES="<%= v %>"
+<% end -%>
 

templates/Debian/apticron_squeeze.erb

@@ -26,9 +26,9 @@ LISTCHANGES_PROFILE="<%= scope.lookupvar('apt::apticron::listchanges_profile') %
 # of "hostname -f" for the system name in the mails it generates
 #
 # SYSTEM="foobar.example.com"
-<%- unless scope.lookupvar('apt::apticron::system').to_s == "false" -%>
-<%= "SYSTEM=\"#{scope.lookupvar('apt::apticron::system')}\"" %>
-<%- end -%>
+<% unless (v=scope.lookupvar('apt::apticron::system')).to_s == "false" -%>
+SYSTEM="<%= v %>"
+<% end -%>
 
 
 #
@@ -37,9 +37,9 @@ LISTCHANGES_PROFILE="<%= scope.lookupvar('apt::apticron::listchanges_profile') %
 # family type (inet, inet6), if available.
 #
 # IPADDRESSNUM="1"
-<%- unless scope.lookupvar('apt::apticron::ipaddressnum').to_s == "false" -%>
-<%= "IPADDRESSNUM=\"#{scope.lookupvar('apt::apticron::ipaddressnum')}\"" %>
-<%- end -%>
+<% unless (v=scope.lookupvar('apt::apticron::ipaddressnum')).to_s == "false" -%>
+IPADDRESSNUM="<%= v %>"
+<% end -%>
 
 
 #
@@ -48,9 +48,9 @@ LISTCHANGES_PROFILE="<%= scope.lookupvar('apt::apticron::listchanges_profile') %
 # "ip" command
 #
 # IPADDRESSES="192.0.2.1 2001:db8:1:2:3::1"
-<%- unless scope.lookupvar('apt::apticron::ipaddresses').to_s == "false" -%>
-<%= "IPADDRESSES=\"#{scope.lookupvar('apt::apticron::ipaddresses')}\"" %>
-<%- end -%>
+<% unless (v=scope.lookupvar('apt::apticron::ipaddresses')).to_s == "false" -%>
+IPADDRESSES="<%= v %>"
+<% end -%>
 
 
 #

templates/Debian/apticron_wheezy.erb

@@ -25,9 +25,9 @@ LISTCHANGES_PROFILE="<%= scope.lookupvar('apt::apticron::listchanges_profile') %
 # of "hostname -f" for the system name in the mails it generates
 #
 # SYSTEM="foobar.example.com"
-<%- unless scope.lookupvar('apt::apticron::system').to_s == "false" -%> 
-<%= "SYSTEM=\"#{scope.lookupvar('apt::apticron::system')}\"" %>
-<%- end -%>
+<% unless (v=scope.lookupvar('apt::apticron::system')).to_s == "false" -%>
+SYSTEM="<%= v %>"
+<% end -%>
 
 #
 # Set IPADDRESSNUM if you would like to configure the maximal number of IP
@@ -35,9 +35,9 @@ LISTCHANGES_PROFILE="<%= scope.lookupvar('apt::apticron::listchanges_profile') %
 # family type (inet, inet6), if available.
 #
 # IPADDRESSNUM="1"
-<%- unless scope.lookupvar('apt::apticron::ipaddressnum').to_s == "false" -%>
-<%= "IPADDRESSNUM=\"#{scope.lookupvar('apt::apticron::ipaddressnum')}\"" %>
-<%- end -%>
+<% unless (v=scope.lookupvar('apt::apticron::ipaddressnum')).to_s == "false" -%>
+IPADDRESSNUM="<%= v %>"
+<% end -%>
 
 #
 # Set IPADDRESSES to a whitespace separated list of reachable addresses for
@@ -45,9 +45,9 @@ LISTCHANGES_PROFILE="<%= scope.lookupvar('apt::apticron::listchanges_profile') %
 # "ip" command
 #
 # IPADDRESSES="192.0.2.1 2001:db8:1:2:3::1"
-<%- unless scope.lookupvar('apt::apticron::ipaddresses').to_s == "false" -%>
-<%= "IPADDRESSES=\"#{scope.lookupvar('apt::apticron::ipaddresses')}\"" %>
-<%- end -%>
+<% unless (v=scope.lookupvar('apt::apticron::ipaddresses')).to_s == "false" -%>
+IPADDRESSES=<%= v %>"
+<% end -%>
 
 #
 # Set NOTIFY_HOLDS="0" if you don't want to be notified about new versions of

templates/Debian/preferences_jessie.erb

@@ -1,4 +1,4 @@
-Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %>
+Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %>
 Package: *
 Pin: release o=Debian,n=<%= codename %>
 Pin-Priority: 990

templates/Debian/preferences_lenny.erb

@@ -1,6 +1,6 @@
-Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %>
+Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %>
 Package: *
-Pin: release o=Debian,a=<%= scope.lookupvar('apt::release') %>,v=<%= scope.lookupvar('apt::release_version') %>*
+Pin: release o=Debian,a=<%= scope.lookupvar('::debian_release') %>,v=5*
 Pin-Priority: 990
 
 Explanation: Debian backports
@@ -8,7 +8,7 @@ Package: *
 Pin: origin backports.debian.org
 Pin-Priority: 200
 
-Explanation: Debian <%= next_release=scope.lookupvar('apt::next_release') %>
+Explanation: Debian <%= next_release=scope.lookupvar('::debian_nextrelease') %>
 Package: *
 Pin: release o=Debian,a=<%= next_release %>
 Pin-Priority: 2

templates/Debian/preferences_squeeze.erb

@@ -1,4 +1,4 @@
-Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %>
+Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %>
 Package: *
 Pin: release o=Debian,n=<%= codename %>
 Pin-Priority: 990
@@ -8,7 +8,12 @@ Package: *
 Pin: release o=Debian,n=<%= codename %>-updates
 Pin-Priority: 990
 
-Explanation: Debian <%= next_codename=scope.lookupvar('apt::next_codename') %>
+Explanation: Debian <%= codename %>-lts
+Package: *
+Pin: release o=Debian,n=<%= codename %>-lts
+Pin-Priority: 990
+
+Explanation: Debian <%= next_codename=scope.lookupvar('::debian_nextcodename') %>
 Package: *
 Pin: release o=Debian,n=<%= next_codename %>
 Pin-Priority: 2

templates/Debian/preferences_wheezy.erb

@@ -1,4 +1,4 @@
-Explanation: Debian <%= codename=scope.lookupvar('apt::codename') %>
+Explanation: Debian <%= codename=scope.lookupvar('::debian_codename') %>
 Package: *
 Pin: release o=Debian,n=<%= codename %>
 Pin-Priority: 990

templates/Debian/sources.list.erb

@@ -1,74 +1,88 @@
 # This file is managed by puppet
 # all local modifications will be overwritten
 
-### Debian current: <%= codename=scope.lookupvar('apt::codename') %>
+### Debian current: <%= codename=scope.lookupvar('::debian_codename') %>
 
 # basic
 deb <%= debian_url=scope.lookupvar('apt::debian_url') %> <%= codename %> <%= lrepos=scope.lookupvar('apt::real_repos') %>
-<% if scope.lookupvar('apt::include_src')  -%>
+<% if include_src=scope.lookupvar('apt::include_src')  -%>
 deb-src <%= debian_url %> <%= codename %> <%= lrepos %>
 <% end -%>
 
 # security
-<% if ((release=scope.lookupvar('apt::release')) == "stable" || release == "oldstable") -%>
+<% if ((release=scope.lookupvar('::debian_release')) == "stable" || release == "oldstable") -%>
 deb <%= security_url=scope.lookupvar('apt::security_url') %> <%= codename %>/updates <%= lrepos %>
-<% if include_src -%>
+<%   if include_src -%>
 deb-src <%= security_url %> <%= codename %>/updates <%= lrepos %>
 <% end -%>
 <% else -%>
 # There is no security support for <%= release %>
 <% end -%>
 
+<% if use_backports=scope.lookupvar('apt::use_backports') -%>
 # backports
-<% if (release == "testing" || release == "unstable" || release == "experimental") -%>
+<%   if (release == "testing" || release == "unstable" || release == "experimental") -%>
 # There is no backports archive for <%= release %>
-<% else -%>
+<%   else -%>
 deb <%= backports_url=scope.lookupvar('apt::backports_url') %> <%= codename %>-backports <%= lrepos %>
-<% if include_src -%>
+<%     if include_src -%>
 deb-src <%= backports_url %> <%= codename %>-backports <%= lrepos %>
-<% end -%>
-<% end -%>
+<%     end
+     end
+   end -%>
 
 <% if use_volatile=scope.lookupvar('apt::use_volatile') -%>
 # volatile
-<% if (release == "testing" || release == "unstable" || release == "experimental") -%>
+<%   if (release == "testing" || release == "unstable" || release == "experimental") -%>
 # There is no volatile archive for <%= release %>
-<% else -%>
+<%   else -%>
 deb <%= debian_url %> <%= codename %>-updates <%= lrepos %>
-<% if include_src -%>
+<%     if include_src -%>
 deb-src <%= debian_url %> <%= codename %>-updates <%= lrepos %>
+<%     end
+     end
+   end -%>
+
+<% if use_lts=scope.lookupvar('apt::use_lts') -%>
+# LTS
+<% if release_lts=scope.lookupvar('::debian_lts') == "false" -%>
+# There is no LTS archive for <%= release %>
+<% else -%>
+deb <%= debian_url %> <%= codename %>-lts <%= lrepos %>
+<% if include_src -%>
+deb-src <%= debian_url %> <%= codename %>-lts <%= lrepos %>
 <% end -%>
 <% end -%>
 <% end -%>
 
 <% if next_release=scope.lookupvar('apt::use_next_release') -%>
-### Debian next: <%= next_release=scope.lookupvar('apt::next_release') ; next_codename=scope.lookupvar('apt::next_codename') %>
+### Debian next: <%= next_release=scope.lookupvar('::debian_nextrelease') ; next_codename=scope.lookupvar('::debian_nextcodename') %>
 
 # basic
 deb <%= debian_url %> <%= next_codename %> <%= lrepos %>
-<% if include_src then -%>
+<%   if include_src -%>
 deb-src <%= debian_url %> <%= next_codename %> <%= lrepos %>
-<% end -%>
+<%   end -%>
 
 # security
-<% if (next_release == "unstable" || next_release == "experimental") -%>
+<%   if (next_release == "unstable" || next_release == "experimental") -%>
 # There is no security support for <%= next_release %>
-<% else -%>
+<%   else -%>
 deb <%= security_url %> <%= next_codename %>/updates <%= lrepos %>
-<% if include_src then -%>
+<%     if include_src then -%>
 deb-src <%= security_url %> <%= next_codename %>/updates <%= lrepos %>
-<% end -%>
-<% end -%>
+<%     end
+     end -%>
 
-<% if use_volatile -%>
+<%   if use_volatile -%>
 # volatile
-<% if (next_release == "testing" || next_release == "unstable" || next_release == "experimental") -%>
+<%     if (next_release == "testing" || next_release == "unstable" || next_release == "experimental") -%>
 # There is no volatile archive for <%= next_release %>
-<% else -%>
+<%     else -%>
 deb <%= debian_url %> <%= next_codename %>-updates <%= lrepos %>
-<% if include_src then -%>
+<%       if include_src -%>
 deb-src <%= debian_url %> <%= next_codename %>-updates <%= lrepos %>
-<% end -%>
-<% end -%>
-<% end -%>
-<% end -%>
+<%       end
+       end
+     end
+   end -%>

templates/Ubuntu/preferences_maverick.erb

@@ -1,4 +1,4 @@
-Explanation: Ubuntu <%= codename=scope.lookupvar('apt::codename') %> security
+Explanation: Ubuntu <%= codename=scope.lookupvar('::ubuntu_codename') %> security
 Package: *
 Pin: release o=Ubuntu,a=<%= codename %>-security
 Pin-Priority: 990
@@ -18,7 +18,7 @@ Package: *
 Pin: release a=<%= codename %>-backports
 Pin-Priority: 200
 
-Explanation: Ubuntu <%= next_release=scope.lookupvar('apt::next_release') %>
+Explanation: Ubuntu <%= next_release=scope.lookupvar('::ubuntu_nextcodename') %>
 Package: *
 Pin: release o=Ubuntu,a=<%= next_release %>
 Pin-Priority: 2

templates/Ubuntu/preferences_utopic.erb

@@ -0,0 +1 @@
+preferences_maverick.erb

templates/Ubuntu/sources.list.erb

@@ -1,17 +1,19 @@
 # This file is managed by puppet
 # all local modifications will be overwritten
 
-# basic <%= codename=scope.lookupvar('apt::codename') %>
+# basic <%= codename=scope.lookupvar('::ubuntu_codename') %>
 deb <%= ubuntu_url=scope.lookupvar('apt::ubuntu_url') %> <%= codename %> <%= lrepos=scope.lookupvar('apt::real_repos') %>
 <% if include_src=scope.lookupvar('apt::include_src') -%>
 deb-src <%= ubuntu_url %> <%= codename %> <%= lrepos %>
 <% end -%>
 
+<% if use_volatile=scope.lookupvar('apt::use_volatile') -%>
 # updates
 deb <%= ubuntu_url %> <%= codename %>-updates <%= lrepos %>
-<% if include_src -%>
+<%   if include_src -%>
 deb-src <%= ubuntu_url %> <%= codename %>-updates <%= lrepos %>
-<% end -%>
+<%   end
+   end -%>
 
 # security suppport
 deb <%= ubuntu_url %> <%= codename %>-security <%= lrepos %>
@@ -19,8 +21,10 @@ deb <%= ubuntu_url %> <%= codename %>-security <%= lrepos %>
 deb-src <%= ubuntu_url %> <%= codename %>-security <%= lrepos %>
 <% end -%>
 
+<% if use_backports=scope.lookupvar('apt::use_backports') -%>
 # backports
-deb <%= ubuntu_url %> <%= codename %>-backports main <%= lrepos %>
-<% if include_src -%>
+deb <%= ubuntu_url %> <%= codename %>-backports <%= lrepos %>
+<%   if include_src -%>
 deb-src <%= ubuntu_url %> <%= codename %>-backports <%= lrepos %>
-<% end -%>
+<%   end
+   end -%>

templates/preferences_snippet.erb

@@ -1,4 +1,4 @@
-Package: <%= real_package %>
-Pin: <%= pin %>
-Pin-Priority: <%= priority %>
+Package: <%= @real_package %>
+Pin: <%= @pin %>
+Pin-Priority: <%= @priority %>
 

templates/preferences_snippet_release.erb

@@ -1,4 +1,4 @@
-Package: <%= real_package %>
-Pin: release a=<%= release %>
-Pin-Priority: <%= priority %>
+Package: <%= @real_package %>
+Pin: release a=<%= @release %>
+Pin-Priority: <%= @priority %>