It is weird that `trusted_source` would default to `false` as that would
imply that we normally don't trust our sources. This is opposite to the
truth, by default we trust them but only if the Releases file can be
verified (meaning it is signed by a GPG key known to apt).
What we were telling apt is that it should trust this source even if the
Releases file and the repository is unsigned. This is better captured
with `allow_unsigned` and better highlights the danger of what you're
doing, installing packages from a source we cannot authenticate.
This makes its behaviour similar to the `update`, `proxy` and `purge`
hashes on the main classes bringing its API more in line with the rest
of the module.
A few of these fixes are absolutely horrendous but we have no choice as
we need to stay current- and future-parser compatible for now.
Once we can go Puppet 4 only we can use the `$facts` hash lookup instead
which will return undef/nil for things that aren't set instead of them
not being defined at all.
Re-introduce proxy support at the class level. Needing to configure a
proxy is such a common scenario that having it on the class is a
reasonable thing. It also affects `apt::ppa`.
Change `apt::ppa` to no longer have its own `proxy` parameter but use
the proxy as configured on the main `apt` class.
* Update `release` to default to `$::lsbdistcodename`
* Default `include_src` to false
* Validate more things!
* Stop redefining variables from `apt::params`
* Add support for paramater trusted, valid options are 'true' and false.
defaults to false. True sets the value to trusted=yes.
trusted=yes can be set to indicate that packages from this source are
always authenticated even if the Release file is not signed or the
signature can't be checked.
* Update documentation
fix for default debian installations
all files in /etc/apt/preferences without _ will be silently ignore according to debian manpage. Addionally its not a good idea to write versionnumber in filename cause there is no way to delete this files if you increase versionumber
Update source_spec.rb
add a way to include debsrc only (useful for debian/ubuntu build server ... jenkins ect)
Update source_spec.rb
var rename
Update source.list.erb
add include_deb "switch"
Update source.pp
"include_deb" defaultvalue = true
Update hold_spec.rb
change the name of the preferences file (hold)
Update source_spec.rb
Update README.md
Doku: 'include_deb' included next to 'include_src' in examples
Update README.md
typo
In APT preferences files the only allowed comments are lines that start
with `Explanation:`, commented lines that start with a # trigger a
myriad of interesting bugs. This is considered a feature of APT.
Because we're only ever writing a single file at a time with only a #
comment at the top we were getting away with this but it shouldn't be
there in the first place.
The default configuration we were writing for Debian was only working
for Squeeze, from Wheezy and onwards this wasn't working anymore. This
has to do with the fact that we should now be using Origins-Pattern
according to the unattended-upgrades docs. However, Ubuntu didn't
entirely get with the program yet...
This change reflects the defaults that unattended-upgrade installs on
every platform we support. In order to do so the unattended-upgrades
Debian archive for Squeeze, Wheezy, Lucid, Precise and Trusty were
downloaded and the default /etc/apt/apt.conf.d/50unattended-upgrades
checked for its content with regard to using Allow-Origins or
Origins-Pattern.
Fixes#277
The two forms of APT preferences records (general & specific) can now be
completely and not partially defined. All distribution properties can be passed
as resource parameters. This change is totally backward-compatible.
