This adds support for passing in a full pin declaration as the pin
parameter on a source declaration.
It keeps the old behaviour intact, you can still simply do `pin => '10'`
and it will pin on origin with a priority of 10.
Should that not be what you want you can now pass in a full pin
declaration instead. We make no assumptions here, whatever you pass in
will be passed through to pin as-is with the exception of the values for
`ensure` and `before` which are always overridden by us to ensure
everything keeps working as designed.
In what universe does it make sense to create a `sources.list.d` entry
for a repository **without** specifying where this repository is?
😖😞😩😧😱
Only when removing the resource should a location not be required.
It is weird that `trusted_source` would default to `false` as that would
imply that we normally don't trust our sources. This is opposite to the
truth, by default we trust them but only if the Releases file can be
verified (meaning it is signed by a GPG key known to apt).
What we were telling apt is that it should trust this source even if the
Releases file and the repository is unsigned. This is better captured
with `allow_unsigned` and better highlights the danger of what you're
doing, installing packages from a source we cannot authenticate.
This makes its behaviour similar to the `update`, `proxy` and `purge`
hashes on the main classes bringing its API more in line with the rest
of the module.
A few of these fixes are absolutely horrendous but we have no choice as
we need to stay current- and future-parser compatible for now.
Once we can go Puppet 4 only we can use the `$facts` hash lookup instead
which will return undef/nil for things that aren't set instead of them
not being defined at all.
Instead of having two additional parameters, `base_name` and
`setting_type` simply parse it from `title`.
We need to prefix most resources with `list-`, `conf-`, or `pref-` any
way to avoid duplicate resources so we might as well leverage that.
* Update `release` to default to `$::lsbdistcodename`
* Default `include_src` to false
* Validate more things!
* Stop redefining variables from `apt::params`
I'm not entirely clear on the history behind this feature, and this
feels sort of hack-y. If you could explain why this is needed that would
be awesome, or if it isn't just merge this :)
* Add support for paramater trusted, valid options are 'true' and false.
defaults to false. True sets the value to trusted=yes.
trusted=yes can be set to indicate that packages from this source are
always authenticated even if the Release file is not signed or the
signature can't be checked.
* Update documentation
fix for default debian installations
all files in /etc/apt/preferences without _ will be silently ignore according to debian manpage. Addionally its not a good idea to write versionnumber in filename cause there is no way to delete this files if you increase versionumber
Update source_spec.rb
add a way to include debsrc only (useful for debian/ubuntu build server ... jenkins ect)
Update source_spec.rb
var rename
Update source.list.erb
add include_deb "switch"
Update source.pp
"include_deb" defaultvalue = true
Update hold_spec.rb
change the name of the preferences file (hold)
Update source_spec.rb
Update README.md
Doku: 'include_deb' included next to 'include_src' in examples
Update README.md
typo
Introducing a totally rewritten and tested apt::key. This commit also
patches the spec's of apt::source because it was passing in data that
is no longer allowed by the new validation rules in apt::key.
It does its best to not touch any other specs and where we touch them
only minimally to ensure that we're not introducing breaking changes.
This is necessary when required_packages contains GPG keys that are used for
authenticating other packages. Tested with package ubuntu-cloud-keyring which
is included in Ubuntu main and used by the Ubuntu Cloud Archive.
I think the same problem applies to other *-keyring packages as well.
Write the pin preference filename as ${name} rather than ${release}, so
that we can pin more than one thing.
Change apt::source so that when pin is set, that it pins to the origin
rather than the release.
The update to separate Exec["apt-get update ${name}"] to single exec in
apt::update class resulted in apt-get update command to be dangled.
Previously if user specified Package['package_a'] <-
Apt::Resource['source_a'], the original refactor would no longer
guarantee apt-get update is executed before the package is installed.
This patch fixes the problem using the anchor resource and ensuring the
old behaviour is maintained and user can depend on apt-get update
command being invoked if they specify dependency on any apt::*
define resource type as well as the apt class.
Move apt-get update exec to a seperate class to minimize the number of
apt-get updates invoked by configuration changes.
* remove apt_update exec resource in apt class.
* remove apt-get-${name} in defines.
* apt::source notify Exec['apt update'].
* Remove dependency to Exec['apt_update'].
* fix rspec-puppet tests.
Conflicts:
manifests/source.pp
Several apt::* define resource type does not support ensurable. This
update allows ensure=>absent to support the removal of these
configuration files.
* apt::conf
* apt::pin
* apt::source
The shorthand syntax cause rspec-puppet failure for external modules
depending on the puppet-apt module. This patch uses the require
metaparameter to avoid this issue.
This patch adds the appropriate spec tests to validate the changes
introduced by e5f2dfe. As a bonus it includes fixes to the manifests
that were discovered while writing the tests.
With the addition of this patch two new defines will be added; one to
manage APT configuration files (apt::conf) and one that abstracts out the
requirements needed to turn on backport repositories (apt::backports).
In addition, the patch takes the opportunity to clean up variable
definitions so they follow a consistent pattern of setting local
variables to the fully qualified value stored in the apt::params
class. Previously all variable used within a class directly addressed
the apt::params namespace when ever the variable was used. In the
pattern they now adhere to we can more easily switch the namespace
data lives in or externalize it even more using hiera.
This commit modifies the release parameter test in apt::source to work
correctly within puppet-rspec for edge-case resource definitions. Previously,
the test for the $release parameter was written as
`if ! $release { fail() }`
This commit updates the test to be written as
`if $release == undef { fail() }`
Additionally, the tests for correct behavior in the presence or absence of a
$release parameter have been beefed up.
The reason for making this change relates to examples such as the following
resource definition:
apt::source { "jenkins":
location => "http://pkg.jenkins-ci.org/debian",
release => "",
repos => "binary/",
key => "D50582E6",
key_source => "http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key",
include_src => false,
}
Note that the $release parameter is given as the empty string. In practice,
this is perfectly valid and everything will work great. However, it seems that
the empty string gets interpreted by something in puppet-rspec as something
equivalent to "False", and thus when testing, the above resource definition
would fail with "Puppet::Error: lsbdistcodename fact not available: release
parameter required" even though the $release parameter has been explicitely
specified (as the empty string).
See also: https://github.com/rtyler/puppet-jenkins/issues/9
Adding this defined type allows puppet to add keys to the apt keystore without
needing to add a corresponding source; it also adds the "key_source" parameter
for wget'ing keys from arbitrary URLs, and allows for keys to be explicity
removed.
apt::key allows a key to be ensured present multiple times to account for
apt::source resources that all reference the same key. However, this means
that it is possible for a given key to be defined multiple times with
differing source parameters. e.g.
apt::key { "Add key: 4BD6EC30 from Apt::Source bunny":
key => "4BD6EC30",
key_server => "pgp.mit.edu",
}
apt::key { "Add key: 4BD6EC30 from Apt::Source rabbit":
key => "4BD6EC30",
key_server => "keyserver.ubuntu.com",
}
The defined type will accept both definitions and will create multiple exec
resources. This was deemed preferable to the alternative (creating only one
exec resource) in that one broken definition won't hose an entire catalog. If
one definition fails to install the key because of a bad "key_server", the
next apt::key that uses the key will get it done.
This commit changes $release to default to Facter's $lsbdistcodename
and fall back to a Parse Error if $release is not set and $lsbdistcodename
does not exist. Previously $release was hardcoded to karmic.
This commit also modifies apt::ppa to use $release and sets the
files to be ensured so that they are not purged when purge_sources_list_d
is set to true.