module-puppetlabs-apt/manifests/key.pp

define apt::key (
  $key = $title,
  $ensure = present,
  $key_content = false,
  $key_source = false,
  $key_server = "keyserver.ubuntu.com"
) {

  include apt::params

  if $key_content {
    $method = "content"
  } elsif $key_source {
    $method = "source"
  } elsif $key_server {
    $method = "server"
  }

  # This is a hash of the parts of the key definition that we care about.
  # It is used as a unique identifier for this instance of apt::key. It gets
  # hashed to ensure that the resource name doesn't end up being pages and
  # pages (e.g. in the situation where key_content is specified).
  $digest = sha1("${key}/${key_content}/${key_source}/${key_server}/")

  # Allow multiple ensure => present for the same key to account for many
  # apt::source resources that all reference the same key.
  case $ensure {
    present: {

      anchor { "apt::key/$title":; }

      if defined(Exec["apt::key $key absent"]) {
        fail ("Cannot ensure Apt::Key[$key] present; $key already ensured absent")
      }

      if !defined(Anchor["apt::key $key present"]) {
        anchor { "apt::key $key present":; }
      }

      if !defined(Exec[$digest]) {
        exec { $digest:
          path    => "/bin:/usr/bin",
          unless  => "/usr/bin/apt-key list | /bin/grep '${key}'",
          before  => Anchor["apt::key $key present"],
          command => $method ? {
            "content" => "echo '${key_content}' | /usr/bin/apt-key add -",
            "source"  => "wget -q '${key_source}' -O- | apt-key add -",
            "server"  => "apt-key adv --keyserver '${key_server}' --recv-keys '${key}'",
          };
        }
      }

      Anchor["apt::key $key present"] -> Anchor["apt::key/$title"]

    }
    absent: {

      if defined(Anchor["apt::key $key present"]) {
        fail ("Cannot ensure Apt::Key[$key] absent; $key already ensured present")
      }

      exec { "apt::key $key absent":
        path    => "/bin:/usr/bin",
        onlyif  => "apt-key list | grep '$key'",
        command => "apt-key del '$key'",
        user    => "root",
        group   => "root",
      }
    }

    default: {
      fail "Invalid 'ensure' value '$ensure' for aptkey"
    }
  }
}
(#12823) Add apt::key defined type and modify apt::source to use it Adding this defined type allows puppet to add keys to the apt keystore without needing to add a corresponding source; it also adds the "key_source" parameter for wget'ing keys from arbitrary URLs, and allows for keys to be explicity removed. apt::key allows a key to be ensured present multiple times to account for apt::source resources that all reference the same key. However, this means that it is possible for a given key to be defined multiple times with differing source parameters. e.g. apt::key { "Add key: 4BD6EC30 from Apt::Source bunny": key => "4BD6EC30", key_server => "pgp.mit.edu", } apt::key { "Add key: 4BD6EC30 from Apt::Source rabbit": key => "4BD6EC30", key_server => "keyserver.ubuntu.com", } The defined type will accept both definitions and will create multiple exec resources. This was deemed preferable to the alternative (creating only one exec resource) in that one broken definition won't hose an entire catalog. If one definition fails to install the key because of a bad "key_server", the next apt::key that uses the key will get it done. 2012-02-24 19:10:03 +01:00			`define apt::key (`
			`$key = $title,`
			`$ensure = present,`
			`$key_content = false,`
			`$key_source = false,`
			`$key_server = "keyserver.ubuntu.com"`
			`) {`

			`include apt::params`

			`if $key_content {`
			`$method = "content"`
			`} elsif $key_source {`
			`$method = "source"`
			`} elsif $key_server {`
			`$method = "server"`
			`}`

			`# This is a hash of the parts of the key definition that we care about.`
			`# It is used as a unique identifier for this instance of apt::key. It gets`
			`# hashed to ensure that the resource name doesn't end up being pages and`
			`# pages (e.g. in the situation where key_content is specified).`
			`$digest = sha1("${key}/${key_content}/${key_source}/${key_server}/")`

			`# Allow multiple ensure => present for the same key to account for many`
			`# apt::source resources that all reference the same key.`
			`case $ensure {`
			`present: {`
Convert apt::key to use anchors Previously, apt::key used a noop exec hack to do exactly what anchors were intended to be used for. This commit removes the exec hack and achieves the same end using Anchor resources from the puppetlabs/stdlib module. 2012-03-07 22:49:12 +01:00
			`anchor { "apt::key/$title":; }`

(#12823) Add apt::key defined type and modify apt::source to use it Adding this defined type allows puppet to add keys to the apt keystore without needing to add a corresponding source; it also adds the "key_source" parameter for wget'ing keys from arbitrary URLs, and allows for keys to be explicity removed. apt::key allows a key to be ensured present multiple times to account for apt::source resources that all reference the same key. However, this means that it is possible for a given key to be defined multiple times with differing source parameters. e.g. apt::key { "Add key: 4BD6EC30 from Apt::Source bunny": key => "4BD6EC30", key_server => "pgp.mit.edu", } apt::key { "Add key: 4BD6EC30 from Apt::Source rabbit": key => "4BD6EC30", key_server => "keyserver.ubuntu.com", } The defined type will accept both definitions and will create multiple exec resources. This was deemed preferable to the alternative (creating only one exec resource) in that one broken definition won't hose an entire catalog. If one definition fails to install the key because of a bad "key_server", the next apt::key that uses the key will get it done. 2012-02-24 19:10:03 +01:00			`if defined(Exec["apt::key $key absent"]) {`
			`fail ("Cannot ensure Apt::Key[$key] present; $key already ensured absent")`
			`}`
Convert apt::key to use anchors Previously, apt::key used a noop exec hack to do exactly what anchors were intended to be used for. This commit removes the exec hack and achieves the same end using Anchor resources from the puppetlabs/stdlib module. 2012-03-07 22:49:12 +01:00
			`if !defined(Anchor["apt::key $key present"]) {`
			`anchor { "apt::key $key present":; }`
			`}`

(#12823) Add apt::key defined type and modify apt::source to use it Adding this defined type allows puppet to add keys to the apt keystore without needing to add a corresponding source; it also adds the "key_source" parameter for wget'ing keys from arbitrary URLs, and allows for keys to be explicity removed. apt::key allows a key to be ensured present multiple times to account for apt::source resources that all reference the same key. However, this means that it is possible for a given key to be defined multiple times with differing source parameters. e.g. apt::key { "Add key: 4BD6EC30 from Apt::Source bunny": key => "4BD6EC30", key_server => "pgp.mit.edu", } apt::key { "Add key: 4BD6EC30 from Apt::Source rabbit": key => "4BD6EC30", key_server => "keyserver.ubuntu.com", } The defined type will accept both definitions and will create multiple exec resources. This was deemed preferable to the alternative (creating only one exec resource) in that one broken definition won't hose an entire catalog. If one definition fails to install the key because of a bad "key_server", the next apt::key that uses the key will get it done. 2012-02-24 19:10:03 +01:00			`if !defined(Exec[$digest]) {`
			`exec { $digest:`
			`path => "/bin:/usr/bin",`
			`unless => "/usr/bin/apt-key list \| /bin/grep '${key}'",`
Convert apt::key to use anchors Previously, apt::key used a noop exec hack to do exactly what anchors were intended to be used for. This commit removes the exec hack and achieves the same end using Anchor resources from the puppetlabs/stdlib module. 2012-03-07 22:49:12 +01:00			`before => Anchor["apt::key $key present"],`
(#12823) Add apt::key defined type and modify apt::source to use it Adding this defined type allows puppet to add keys to the apt keystore without needing to add a corresponding source; it also adds the "key_source" parameter for wget'ing keys from arbitrary URLs, and allows for keys to be explicity removed. apt::key allows a key to be ensured present multiple times to account for apt::source resources that all reference the same key. However, this means that it is possible for a given key to be defined multiple times with differing source parameters. e.g. apt::key { "Add key: 4BD6EC30 from Apt::Source bunny": key => "4BD6EC30", key_server => "pgp.mit.edu", } apt::key { "Add key: 4BD6EC30 from Apt::Source rabbit": key => "4BD6EC30", key_server => "keyserver.ubuntu.com", } The defined type will accept both definitions and will create multiple exec resources. This was deemed preferable to the alternative (creating only one exec resource) in that one broken definition won't hose an entire catalog. If one definition fails to install the key because of a bad "key_server", the next apt::key that uses the key will get it done. 2012-02-24 19:10:03 +01:00			`command => $method ? {`
			`"content" => "echo '${key_content}' \| /usr/bin/apt-key add -",`
			`"source" => "wget -q '${key_source}' -O- \| apt-key add -",`
			`"server" => "apt-key adv --keyserver '${key_server}' --recv-keys '${key}'",`
			`};`
			`}`
			`}`
Convert apt::key to use anchors Previously, apt::key used a noop exec hack to do exactly what anchors were intended to be used for. This commit removes the exec hack and achieves the same end using Anchor resources from the puppetlabs/stdlib module. 2012-03-07 22:49:12 +01:00
			`Anchor["apt::key $key present"] -> Anchor["apt::key/$title"]`

(#12823) Add apt::key defined type and modify apt::source to use it Adding this defined type allows puppet to add keys to the apt keystore without needing to add a corresponding source; it also adds the "key_source" parameter for wget'ing keys from arbitrary URLs, and allows for keys to be explicity removed. apt::key allows a key to be ensured present multiple times to account for apt::source resources that all reference the same key. However, this means that it is possible for a given key to be defined multiple times with differing source parameters. e.g. apt::key { "Add key: 4BD6EC30 from Apt::Source bunny": key => "4BD6EC30", key_server => "pgp.mit.edu", } apt::key { "Add key: 4BD6EC30 from Apt::Source rabbit": key => "4BD6EC30", key_server => "keyserver.ubuntu.com", } The defined type will accept both definitions and will create multiple exec resources. This was deemed preferable to the alternative (creating only one exec resource) in that one broken definition won't hose an entire catalog. If one definition fails to install the key because of a bad "key_server", the next apt::key that uses the key will get it done. 2012-02-24 19:10:03 +01:00			`}`
			`absent: {`
Convert apt::key to use anchors Previously, apt::key used a noop exec hack to do exactly what anchors were intended to be used for. This commit removes the exec hack and achieves the same end using Anchor resources from the puppetlabs/stdlib module. 2012-03-07 22:49:12 +01:00
			`if defined(Anchor["apt::key $key present"]) {`
(#12823) Add apt::key defined type and modify apt::source to use it Adding this defined type allows puppet to add keys to the apt keystore without needing to add a corresponding source; it also adds the "key_source" parameter for wget'ing keys from arbitrary URLs, and allows for keys to be explicity removed. apt::key allows a key to be ensured present multiple times to account for apt::source resources that all reference the same key. However, this means that it is possible for a given key to be defined multiple times with differing source parameters. e.g. apt::key { "Add key: 4BD6EC30 from Apt::Source bunny": key => "4BD6EC30", key_server => "pgp.mit.edu", } apt::key { "Add key: 4BD6EC30 from Apt::Source rabbit": key => "4BD6EC30", key_server => "keyserver.ubuntu.com", } The defined type will accept both definitions and will create multiple exec resources. This was deemed preferable to the alternative (creating only one exec resource) in that one broken definition won't hose an entire catalog. If one definition fails to install the key because of a bad "key_server", the next apt::key that uses the key will get it done. 2012-02-24 19:10:03 +01:00			`fail ("Cannot ensure Apt::Key[$key] absent; $key already ensured present")`
			`}`
Convert apt::key to use anchors Previously, apt::key used a noop exec hack to do exactly what anchors were intended to be used for. This commit removes the exec hack and achieves the same end using Anchor resources from the puppetlabs/stdlib module. 2012-03-07 22:49:12 +01:00
(#12823) Add apt::key defined type and modify apt::source to use it Adding this defined type allows puppet to add keys to the apt keystore without needing to add a corresponding source; it also adds the "key_source" parameter for wget'ing keys from arbitrary URLs, and allows for keys to be explicity removed. apt::key allows a key to be ensured present multiple times to account for apt::source resources that all reference the same key. However, this means that it is possible for a given key to be defined multiple times with differing source parameters. e.g. apt::key { "Add key: 4BD6EC30 from Apt::Source bunny": key => "4BD6EC30", key_server => "pgp.mit.edu", } apt::key { "Add key: 4BD6EC30 from Apt::Source rabbit": key => "4BD6EC30", key_server => "keyserver.ubuntu.com", } The defined type will accept both definitions and will create multiple exec resources. This was deemed preferable to the alternative (creating only one exec resource) in that one broken definition won't hose an entire catalog. If one definition fails to install the key because of a bad "key_server", the next apt::key that uses the key will get it done. 2012-02-24 19:10:03 +01:00			`exec { "apt::key $key absent":`
			`path => "/bin:/usr/bin",`
			`onlyif => "apt-key list \| grep '$key'",`
			`command => "apt-key del '$key'",`
			`user => "root",`
			`group => "root",`
			`}`
			`}`
Convert apt::key to use anchors Previously, apt::key used a noop exec hack to do exactly what anchors were intended to be used for. This commit removes the exec hack and achieves the same end using Anchor resources from the puppetlabs/stdlib module. 2012-03-07 22:49:12 +01:00
(#12823) Add apt::key defined type and modify apt::source to use it Adding this defined type allows puppet to add keys to the apt keystore without needing to add a corresponding source; it also adds the "key_source" parameter for wget'ing keys from arbitrary URLs, and allows for keys to be explicity removed. apt::key allows a key to be ensured present multiple times to account for apt::source resources that all reference the same key. However, this means that it is possible for a given key to be defined multiple times with differing source parameters. e.g. apt::key { "Add key: 4BD6EC30 from Apt::Source bunny": key => "4BD6EC30", key_server => "pgp.mit.edu", } apt::key { "Add key: 4BD6EC30 from Apt::Source rabbit": key => "4BD6EC30", key_server => "keyserver.ubuntu.com", } The defined type will accept both definitions and will create multiple exec resources. This was deemed preferable to the alternative (creating only one exec resource) in that one broken definition won't hose an entire catalog. If one definition fails to install the key because of a bad "key_server", the next apt::key that uses the key will get it done. 2012-02-24 19:10:03 +01:00			`default: {`
			`fail "Invalid 'ensure' value '$ensure' for aptkey"`
			`}`
			`}`
			`}`