It is weird that `trusted_source` would default to `false` as that would
imply that we normally don't trust our sources. This is opposite to the
truth, by default we trust them but only if the Releases file can be
verified (meaning it is signed by a GPG key known to apt).
What we were telling apt is that it should trust this source even if the
Releases file and the repository is unsigned. This is better captured
with `allow_unsigned` and better highlights the danger of what you're
doing, installing packages from a source we cannot authenticate.
This makes its behaviour similar to the `update`, `proxy` and `purge`
hashes on the main classes bringing its API more in line with the rest
of the module.
This conversion is done by Transpec 3.0.8 with the following command:
transpec spec/classes spec/defines spec/unit
* 87 conversions
from: it { should ... }
to: it { is_expected.to ... }
* 14 conversions
from: obj.should
to: expect(obj).to
* 7 conversions
from: == expected
to: eq(expected)
* 1 conversion
from: it { should_not ... }
to: it { is_expected.not_to ... }
For more details: https://github.com/yujinakayama/transpec#supported-conversions
* Update `release` to default to `$::lsbdistcodename`
* Default `include_src` to false
* Validate more things!
* Stop redefining variables from `apt::params`
I'm not entirely clear on the history behind this feature, and this
feels sort of hack-y. If you could explain why this is needed that would
be awesome, or if it isn't just merge this :)
* Add support for paramater trusted, valid options are 'true' and false.
defaults to false. True sets the value to trusted=yes.
trusted=yes can be set to indicate that packages from this source are
always authenticated even if the Release file is not signed or the
signature can't be checked.
* Update documentation
- fix spec tests to include osfamily fact
- add spec tests to verify current default behavior unimpacted.
- manage the update-stamp file in puppet via content rather than a served file.
- update custom fact to return -1 if the file doesn't exist
- add spec test for custom fact
- refactor to use a variable vs a collector/override
- document parameters a bit more verbosely
- remove empty unconstrained fact
- Add osfamily fact to backports tests to facilitate functional tests on non-debian hosts
fix for default debian installations
all files in /etc/apt/preferences without _ will be silently ignore according to debian manpage. Addionally its not a good idea to write versionnumber in filename cause there is no way to delete this files if you increase versionumber
Update source_spec.rb
add a way to include debsrc only (useful for debian/ubuntu build server ... jenkins ect)
Update source_spec.rb
var rename
Update source.list.erb
add include_deb "switch"
Update source.pp
"include_deb" defaultvalue = true
Update hold_spec.rb
change the name of the preferences file (hold)
Update source_spec.rb
Update README.md
Doku: 'include_deb' included next to 'include_src' in examples
Update README.md
typo
Introducing a totally rewritten and tested apt::key. This commit also
patches the spec's of apt::source because it was passing in data that
is no longer allowed by the new validation rules in apt::key.
It does its best to not touch any other specs and where we touch them
only minimally to ensure that we're not introducing breaking changes.
We actually expect an extra space. The previous build failed because a test is issued for location='', which indeed results in 2 spaces between the architecture specification and the release. According to the sources.list man page a location is always required though (unlike the missing/empty location in the :default_params of the source_spec test).
This is necessary when required_packages contains GPG keys that are used for
authenticating other packages. Tested with package ubuntu-cloud-keyring which
is included in Ubuntu main and used by the Ubuntu Cloud Archive.
I think the same problem applies to other *-keyring packages as well.
Move apt-get update exec to a seperate class to minimize the number of
apt-get updates invoked by configuration changes.
* remove apt_update exec resource in apt class.
* remove apt-get-${name} in defines.
* apt::source notify Exec['apt update'].
* Remove dependency to Exec['apt_update'].
* fix rspec-puppet tests.
Conflicts:
manifests/source.pp
Several apt::* define resource type does not support ensurable. This
update allows ensure=>absent to support the removal of these
configuration files.
* apt::conf
* apt::pin
* apt::source
This commit modifies the release parameter test in apt::source to work
correctly within puppet-rspec for edge-case resource definitions. Previously,
the test for the $release parameter was written as
`if ! $release { fail() }`
This commit updates the test to be written as
`if $release == undef { fail() }`
Additionally, the tests for correct behavior in the presence or absence of a
$release parameter have been beefed up.
The reason for making this change relates to examples such as the following
resource definition:
apt::source { "jenkins":
location => "http://pkg.jenkins-ci.org/debian",
release => "",
repos => "binary/",
key => "D50582E6",
key_source => "http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key",
include_src => false,
}
Note that the $release parameter is given as the empty string. In practice,
this is perfectly valid and everything will work great. However, it seems that
the empty string gets interpreted by something in puppet-rspec as something
equivalent to "False", and thus when testing, the above resource definition
would fail with "Puppet::Error: lsbdistcodename fact not available: release
parameter required" even though the $release parameter has been explicitely
specified (as the empty string).
See also: https://github.com/rtyler/puppet-jenkins/issues/9
Adding this defined type allows puppet to add keys to the apt keystore without
needing to add a corresponding source; it also adds the "key_source" parameter
for wget'ing keys from arbitrary URLs, and allows for keys to be explicity
removed.
apt::key allows a key to be ensured present multiple times to account for
apt::source resources that all reference the same key. However, this means
that it is possible for a given key to be defined multiple times with
differing source parameters. e.g.
apt::key { "Add key: 4BD6EC30 from Apt::Source bunny":
key => "4BD6EC30",
key_server => "pgp.mit.edu",
}
apt::key { "Add key: 4BD6EC30 from Apt::Source rabbit":
key => "4BD6EC30",
key_server => "keyserver.ubuntu.com",
}
The defined type will accept both definitions and will create multiple exec
resources. This was deemed preferable to the alternative (creating only one
exec resource) in that one broken definition won't hose an entire catalog. If
one definition fails to install the key because of a bad "key_server", the
next apt::key that uses the key will get it done.
This commit changes $release to default to Facter's $lsbdistcodename
and fall back to a Parse Error if $release is not set and $lsbdistcodename
does not exist. Previously $release was hardcoded to karmic.
This commit also modifies apt::ppa to use $release and sets the
files to be ensured so that they are not purged when purge_sources_list_d
is set to true.
Previously only one should in each block was being evaluated. This moves each
should to its own block so that all values are tested. It also adds another set
of params so that all useful permutations of key, key_server, and key_content
are generated. It also replaces the previous ternary assignment for param_set
with a hash merge.
This update reflects the changes to the apt module to allow duplicate keys. It
mostly involves tests for changes to the resource names to make them unique
between defines.
The hash passing to the with method is cleaner and closer to puppet code, so
all of the with_$param have been replaced with with($hash). This also
includes two minor whitspace changes to unstable.pp and source.pp.
This also replaces the ternary switch on param_set with a hash merge,
which is cleaner and will support more use cases.
This commit adds full coverage for the apt module as it currently exists. It
adds rspec-puppet tests for the defines (apt::builddep, apt::force, apt::pin,
apt::ppa, apt::source) and classes (apt, debian::testing, debian::unstable,
apt::params, apt::release).