better attempt at gpg version checking
adding in key length warning
removing version check, adding key check
adding tests
clean up the code
small changes
use commands
documentation updates
In what universe does it make sense to create a `sources.list.d` entry
for a repository **without** specifying where this repository is?
😖😞😩😧😱
Only when removing the resource should a location not be required.
It is weird that `trusted_source` would default to `false` as that would
imply that we normally don't trust our sources. This is opposite to the
truth, by default we trust them but only if the Releases file can be
verified (meaning it is signed by a GPG key known to apt).
What we were telling apt is that it should trust this source even if the
Releases file and the repository is unsigned. This is better captured
with `allow_unsigned` and better highlights the danger of what you're
doing, installing packages from a source we cannot authenticate.
This makes its behaviour similar to the `update`, `proxy` and `purge`
hashes on the main classes bringing its API more in line with the rest
of the module.
A few of these fixes are absolutely horrendous but we have no choice as
we need to stay current- and future-parser compatible for now.
Once we can go Puppet 4 only we can use the `$facts` hash lookup instead
which will return undef/nil for things that aren't set instead of them
not being defined at all.
This was a great idea but is pretty pointless. It's also not being used
by anything and not exposed as a switch on the main class so it would
almost never affect any behaviour.
* Allow any configuration of apt to be done through data bindings by
passing in hashes representing the resources.
* Switch apt::ppa to use `distid` as set in `apt::params. This makes
`apt::ppa` also work for LinuxMint.
* Instead of having 4 options controlling purging we now have a single
hash with four possible keys.
* Include `apt::update` only _after_ we've assembled the `$_update`
hash.
* Instead of having 4 options controlling purging we now have a single
hash with four possible keys.
* We purge everything by default.
* `/etc/apt/preferences` is now always managed.
* Add missing `mode` to some of the files.
Re-introduce proxy support at the class level. Needing to configure a
proxy is such a common scenario that having it on the class is a
reasonable thing. It also affects `apt::ppa`.
Change `apt::ppa` to no longer have its own `proxy` parameter but use
the proxy as configured on the main `apt` class.
Instead of having two additional parameters, `base_name` and
`setting_type` simply parse it from `title`.
We need to prefix most resources with `list-`, `conf-`, or `pref-` any
way to avoid duplicate resources so we might as well leverage that.
This allows you to work around duplicate resource issues when you have
settings of different types with the same name. When the files are built
it is path/${priority}${base_name}${extension}.
This conversion is done by Transpec 3.0.8 with the following command:
transpec spec/classes spec/defines spec/unit
* 87 conversions
from: it { should ... }
to: it { is_expected.to ... }
* 14 conversions
from: obj.should
to: expect(obj).to
* 7 conversions
from: == expected
to: eq(expected)
* 1 conversion
from: it { should_not ... }
to: it { is_expected.not_to ... }
For more details: https://github.com/yujinakayama/transpec#supported-conversions
* Update `release` to default to `$::lsbdistcodename`
* Default `include_src` to false
* Validate more things!
* Stop redefining variables from `apt::params`
This is a 'base' type. It's a simple wrapper around a file which takes
`type`, `ensure`, `content`, `source` and `file_perms`. It is intended
for usage by `apt::conf`, `apt::source` and an upcoming `apt::pref`.
I'm not entirely clear on the history behind this feature, and this
feels sort of hack-y. If you could explain why this is needed that would
be awesome, or if it isn't just merge this :)
The /usr/lib/update-notifier/apt-check script returns its output
to STDERR but a recent change to the script redirects STDERR to
/dev/null. This will cause the array to always be empty.
Combined with that problem, while we were checking for the result
being nil, we never checked for an invalid array. As a result,
the apt_has_updates was always true and the apt_updates and
apt_security_updates facts were trying to read from an empty array
and failing.
* Add support for paramater trusted, valid options are 'true' and false.
defaults to false. True sets the value to trusted=yes.
trusted=yes can be set to indicate that packages from this source are
always authenticated even if the Release file is not signed or the
signature can't be checked.
* Update documentation
Add "oldstable" to the default update origins to ensure
the updates keep working after wheezy+1 gets released
See unattended-upgrades 0.79.5+wheezy1 and https://bugs.debian.org/711826
You can feed the command the long key, but it truncates it to add the
key. This causes issues due to the short-key collision with the
puppetlabs key. So, test with a different key on debian 6.
- fix spec tests to include osfamily fact
- add spec tests to verify current default behavior unimpacted.
- manage the update-stamp file in puppet via content rather than a served file.
- update custom fact to return -1 if the file doesn't exist
- add spec test for custom fact
- refactor to use a variable vs a collector/override
- document parameters a bit more verbosely
- remove empty unconstrained fact
- Add osfamily fact to backports tests to facilitate functional tests on non-debian hosts
when updating or installing newer packages with apt::force and you have changed previous
configuration files aptitude or apt-get will prompt what to do. You can suppress that
by pre-define the action with cfg_files parameter (new, old or unchanged and its backward
compatible if not defined). With a second optional parameter cfg_missing you can force
your provider to install missing configuration files as well.
Signed-off-by: Martin Seener <martin@seener.de>
apt::force: Changed selectors used in force.pp to case statements; refs #module-1306
Signed-off-by: Martin Seener <martin@seener.de>
apt::force: rspec: fixed the failing tests and added validate_re for cfg_files and validate_bool for cfg_missing. Also removed default values for both case statements and only allow pre-defined values or true/false. Furthermore enhanced the README refs #module-1306
Was able to fix the failing rspec tests for the patch.
Thanks to Morgan Haskel.
Signed-off-by: Martin Seener <martin@seener.de>
Despite the puppetlabs-stdlib documentation says validation_re supports 3 arguments the tests failed telling that only 2 are supported. Fixed this by removing the 3 optional argument; refs #modules-1306
Signed-off-by: Martin Seener <martin.seener@barzahlen.de>
apt::force: updated readme refs #module-1306
Signed-off-by: Martin Seener <martin@seener.de>
A lot of the tests were testing things that really should be tested via
unit tests, so those were deleted and unit tests will be revamped to
make sure they are covering everything they need to be covering.
Conflicts:
spec/acceptance/unattended_upgrade_spec.rb
A lot of the tests were testing things that really should be tested via
unit tests, so those were deleted and unit tests will be revamped to
make sure they are covering everything they need to be covering.
fix for default debian installations
all files in /etc/apt/preferences without _ will be silently ignore according to debian manpage. Addionally its not a good idea to write versionnumber in filename cause there is no way to delete this files if you increase versionumber
Update source_spec.rb
add a way to include debsrc only (useful for debian/ubuntu build server ... jenkins ect)
Update source_spec.rb
var rename
Update source.list.erb
add include_deb "switch"
Update source.pp
"include_deb" defaultvalue = true
Update hold_spec.rb
change the name of the preferences file (hold)
Update source_spec.rb
Update README.md
Doku: 'include_deb' included next to 'include_src' in examples
Update README.md
typo
New fact was added that matched a regex breaking the always_apt_update
tests. Updated the tests to check for the apt_update exec, not just the
string apt_update.
Adds spec test
If lab-release is not installed, then the end user sees a confusing/ vague message
Error: Unsupported lsbdistid () at /modules/apt/manifests/params.pp:52
It is common for docker containers to not include this package by default
After fix, the user sees a friendlier message if lab-release is not installed
Error: Unable to determine lsbdistid, is lsb-release installed? at /modules/apt/manifests/params.pp:52
Making use of the apt-check command from the 'update-notifier-common'
package (if available) display the number of available updates, number of
security updates as well as the update package names.
Quoting https://wiki.debian.org/LTS
Official security support for Debian GNU/Linux 6.0
(code name "Squeeze") has ended on 31 May 2014.
However long term support for the distribution
is going to be extended until February 2016,
i.e. five years after the initial release.
See https://wiki.debian.org/LTS for more details.
As some places dont have port 11371 open, they are required to use URL as
key_server instead of domain name therefore adding the capability to use URL or
domain name as key_server parameter
