diff --git a/manifests/params.pp b/manifests/params.pp index d23b2db..2f6c723 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -10,28 +10,40 @@ class apt::params { case $::lsbdistcodename { 'squeeze': { $backports_location = 'http://backports.debian.org/debian-backports' + $legacy_origin = true + $origins = ['${distro_id} ${distro_codename}-security'] } 'wheezy': { $backports_location = 'http://ftp.debian.org/debian/' + $legacy_origin = false + $origins = ['origin=Debian,archive=stable,label=Debian-Security'] } default: { $backports_location = 'http://http.debian.net/debian/' + $legacy_origin = false + $origins = ['origin=Debian,archive=stable,label=Debian-Security'] } } } 'ubuntu': { case $::lsbdistcodename { - 'precise','trusty': { - $backports_location = 'http://us.archive.ubuntu.com/ubuntu' - $ppa_options = '-y' - } 'lucid': { $backports_location = 'http://us.archive.ubuntu.com/ubuntu' - $ppa_options = undef + $ppa_options = undef + $legacy_origin = true + $origins = ['${distro_id} ${distro_codename}-security'] + } + 'precise', 'trusty': { + $backports_location = 'http://us.archive.ubuntu.com/ubuntu' + $ppa_options = '-y' + $legacy_origin = true + $origins = ['${distro_id}:${distro_codename}-security'] } default: { $backports_location = 'http://old-releases.ubuntu.com/ubuntu' - $ppa_options = '-y' + $ppa_options = '-y' + $legacy_origin = true + $origins = ['${distro_id}:${distro_codename}-security'] } } } diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp index b0bd8ab..c57a9ee 100644 --- a/manifests/unattended_upgrades.pp +++ b/manifests/unattended_upgrades.pp @@ -14,30 +14,29 @@ # file and in /etc/cron.daily/apt # class apt::unattended_upgrades ( - $origins = ['${distro_id}:${distro_codename}-security'], - $blacklist = [], - $update = "1", - $download = "1", - $upgrade = "1", - $autoclean = "7", - $auto_fix = true, - $minimal_steps = false, + $origins = $::apt::params::origins, + $blacklist = [], + $update = "1", + $download = "1", + $upgrade = "1", + $autoclean = "7", + $auto_fix = true, + $minimal_steps = false, $install_on_shutdown = false, - $mail_to = "NONE", - $mail_only_on_error = false, - $remove_unused = true, - $auto_reboot = false, - $dl_limit = "NONE", - $enable = "1", - $backup_interval = "0", - $backup_level = "3", - $max_age = "0", - $min_age = "0", - $max_size = "0", - $download_delta = "0", - $verbose = "0", -) { - include apt::params + $mail_to = "NONE", + $mail_only_on_error = false, + $remove_unused = true, + $auto_reboot = false, + $dl_limit = "NONE", + $enable = "1", + $backup_interval = "0", + $backup_level = "3", + $max_age = "0", + $min_age = "0", + $max_size = "0", + $download_delta = "0", + $verbose = "0", +) inherits ::apt::params { validate_bool( $auto_fix, @@ -47,6 +46,7 @@ class apt::unattended_upgrades ( $remove_unused, $auto_reboot ) + validate_array($origins) package { 'unattended-upgrades': ensure => present, diff --git a/spec/classes/unattended_upgrades_spec.rb b/spec/classes/unattended_upgrades_spec.rb index f5cad53..25a1f7a 100644 --- a/spec/classes/unattended_upgrades_spec.rb +++ b/spec/classes/unattended_upgrades_spec.rb @@ -25,16 +25,100 @@ describe 'apt::unattended_upgrades', :type => :class do } describe "origins" do - describe "with param defaults" do - let(:params) {{ }} - it { should contain_file(file_unattended).with_content(/^Unattended-Upgrade::Allowed-Origins \{\n\t"\$\{distro_id\}:\$\{distro_codename\}-security";\n\};$/) } + describe 'on Debian' do + default_facts = { :lsbdistid => 'Debian' } + context 'defaults' do + let :facts do default_facts end + it { + should contain_file(file_unattended).with_content( + /^Unattended-Upgrade::Origins-Pattern/ + ).with_content( + /"origin=Debian,archive=stable,label=Debian-Security";/ + ) + } + end + context 'defaults with custom origin' do + let :facts do default_facts end + let :params do { :origins => ['bananana']} end + it { + should contain_file(file_unattended).with_content( + /^Unattended-Upgrade::Origins-Pattern/ + ).with_content( + /"bananana";/ + ) + } + end + context 'defaults with invalid origin' do + let :facts do default_facts end + let :params do { :origins => 'bananana'} end + it { + expect {subject}.to raise_error(/is not an Array/) + } + end + context 'squeeze' do + let :facts do default_facts.merge({:lsbdistcodename => 'squeeze'}) end + it { + should contain_file(file_unattended).with_content( + /^Unattended-Upgrade::Allowed-Origins/ + ).with_content( + /"\${distro_id} \${distro_codename}-security";/ + ) + } + end + context 'wheezy' do + let :facts do default_facts.merge({:lsbdistcodename => 'wheezy'}) end + it { + should contain_file(file_unattended).with_content( + /^Unattended-Upgrade::Origins-Pattern/ + ).with_content( + /"origin=Debian,archive=stable,label=Debian-Security";/ + ) + } + end end - describe "with origins => ['ubuntu:precise-security']" do - let :params do - { :origins => ['ubuntu:precise-security'] } + describe 'on Ubuntu' do + default_facts = { :lsbdistid => 'Ubuntu' } + context 'default' do + let :facts do default_facts end + it { + should contain_file(file_unattended).with_content( + /^Unattended-Upgrade::Allowed-Origins/ + ).with_content( + /"\${distro_id}\:\${distro_codename}-security";/ + ) + } + end + context 'lucid' do + let :facts do default_facts.merge({:lsbdistcodename => 'lucid'}) end + it { + should contain_file(file_unattended).with_content( + /^Unattended-Upgrade::Allowed-Origins/ + ).with_content( + /"\${distro_id} \${distro_codename}-security";/ + ) + } + end + context 'precise' do + let :facts do default_facts.merge({:lsbdistcodename => 'precise'}) end + it { + should contain_file(file_unattended).with_content( + /^Unattended-Upgrade::Allowed-Origins/ + ).with_content( + /"\${distro_id}\:\${distro_codename}-security";/ + ) + } + end + context 'trusty' do + let :facts do default_facts.merge({:lsbdistcodename => 'trusty'}) end + it { + should contain_file(file_unattended).with_content( + /^Unattended-Upgrade::Allowed-Origins/ + ).with_content( + /"\${distro_id}\:\${distro_codename}-security";/ + ) + } end - it { should contain_file(file_unattended).with_content(/^Unattended-Upgrade::Allowed-Origins \{\n\t"ubuntu:precise-security";\n\};$/) } end end diff --git a/templates/50unattended-upgrades.erb b/templates/50unattended-upgrades.erb index 4df0f74..1177922 100644 --- a/templates/50unattended-upgrades.erb +++ b/templates/50unattended-upgrades.erb @@ -1,5 +1,9 @@ // Automatically upgrade packages from these (origin:archive) pairs +<%- if @legacy_origin -%> Unattended-Upgrade::Allowed-Origins { +<%- else -%> +Unattended-Upgrade::Origins-Pattern { +<%- end -%> <% @origins.each do |origin| -%> "<%= origin %>"; <% end -%>