From 6cef41f68b7f42dbd1f025afcf0b23d30c09697e Mon Sep 17 00:00:00 2001 From: Jo Rhett Date: Tue, 2 May 2023 01:55:15 -0700 Subject: [PATCH 01/36] Add apt::keyring defined type which creates modern-style keyrings --- README.md | 35 ++ REFERENCE.md | 645 ++++++++++++++++++++--------------- manifests/init.pp | 10 + manifests/keyring.pp | 72 ++++ manifests/source.pp | 114 +++++-- spec/defines/keyring_spec.rb | 20 ++ 6 files changed, 588 insertions(+), 308 deletions(-) create mode 100644 manifests/keyring.pp create mode 100644 spec/defines/keyring_spec.rb diff --git a/README.md b/README.md index d6894a6ac9..f282c8863d 100644 --- a/README.md +++ b/README.md @@ -65,6 +65,25 @@ include apt ### Add GPG keys +You can fetch GPG keys via HTTP, Puppet URI, or local filesystem. The key can be in GPG binary format, or ASCII armored, but the filename should have the appropriate extension (`.gpg` or `.asc`) + +#### Fetch via HTTP +```puppet +apt::keyring {'puppetlabs-keyring.gpg': + source => 'https://apt.puppetlabs.com/keyring.gpg', +} +``` + +#### Fetch via Puppet URI +```puppet +apt::keyring {'puppetlabs-keyring.gpg': + source => 'puppet:///modules/my_module/local_puppetlabs-keyring.gpg', +} +``` + +Alternatively `apt::key` can be used. + +**Warning** `apt::key` is deprecated in the latest Debian and Ubuntu releases. Please use apt::keyring instead. **Warning:** Using short key IDs presents a serious security issue, potentially leaving you open to collision attacks. We recommend you always use full fingerprints to identify your GPG keys. This module allows short keys, but issues a security warning if you use them. @@ -184,6 +203,22 @@ apt::source { 'puppetlabs': } ``` +### Adding name and source to the key parameter of apt::source, which then manages modern apt gpg keyrings + +The name parameter of key hash should contain name with extensions (such as puppetlabs.gpg), Absence of extension will result in creation of file with just name and no extension. + +```puppet +apt::source { 'puppetlabs': + comment => 'Puppet8', + location => 'https://apt.puppetlabs.com/', + repos => 'puppet8', + key => { + 'name' => 'puppetlabs.gpg', + 'source' => 'https://apt.puppetlabs.com/keyring.gpg', + }, +} +``` + ### Configure Apt from Hiera diff --git a/REFERENCE.md b/REFERENCE.md index 842ca67463..241d05da39 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -9,7 +9,7 @@ #### Public Classes * [`apt`](#apt): Main class, includes all other classes. -* [`apt::backports`](#apt--backports): Manages backports. +* [`apt::backports`](#aptbackports): Manages backports. #### Private Classes @@ -18,16 +18,20 @@ ### Defined types -* [`apt::conf`](#apt--conf): Specifies a custom Apt configuration file. -* [`apt::key`](#apt--key): Manages the GPG keys that Apt uses to authenticate packages. -* [`apt::mark`](#apt--mark): Manages apt-mark settings -* [`apt::pin`](#apt--pin): Manages Apt pins. Does not trigger an apt-get update run. -* [`apt::ppa`](#apt--ppa): Manages PPA repositories using `add-apt-repository`. Not supported on Debian. -* [`apt::setting`](#apt--setting): Manages Apt configuration files. -* [`apt::source`](#apt--source): Manages the Apt sources in /etc/apt/sources.list.d/. +* [`apt::conf`](#aptconf): Specifies a custom Apt configuration file. +* [`apt::key`](#aptkey): Manages the GPG keys that Apt uses to authenticate packages. +* [`apt::keyring`](#aptkeyring): Manage GPG keyrings for apt repositories +* [`apt::mark`](#aptmark): Manages apt-mark settings +* [`apt::pin`](#aptpin): Manages Apt pins. Does not trigger an apt-get update run. +* [`apt::ppa`](#aptppa): Manages PPA repositories using `add-apt-repository`. Not supported on Debian. +* [`apt::setting`](#aptsetting): Manages Apt configuration files. +* [`apt::source`](#aptsource): Manages the Apt sources in /etc/apt/sources.list.d/. ### Resource types +#### Public Resource types + + #### Private Resource types * `apt_key`: This type provides Puppet with the capabilities to manage GPG keys needed @@ -36,9 +40,9 @@ be manipulated through the `apt-key` command. ### Data types -* [`Apt::Auth_conf_entry`](#Apt--Auth_conf_entry): Login configuration settings that are recorded in the file `/etc/apt/auth.conf`. -* [`Apt::Proxy`](#Apt--Proxy): Configures Apt to connect to a proxy server. -* [`Apt::Proxy_Per_Host`](#Apt--Proxy_Per_Host): Adds per-host overrides to the system default APT proxy configuration +* [`Apt::Auth_conf_entry`](#aptauth_conf_entry): Login configuration settings that are recorded in the file `/etc/apt/auth.conf`. +* [`Apt::Proxy`](#aptproxy): Configures Apt to connect to a proxy server. +* [`Apt::Proxy_Per_Host`](#aptproxy_per_host): Adds per-host overrides to the system default APT proxy configuration ### Tasks @@ -58,40 +62,41 @@ Main class, includes all other classes. The following parameters are available in the `apt` class: -* [`provider`](#-apt--provider) -* [`keyserver`](#-apt--keyserver) -* [`key_options`](#-apt--key_options) -* [`ppa_options`](#-apt--ppa_options) -* [`ppa_package`](#-apt--ppa_package) -* [`backports`](#-apt--backports) -* [`confs`](#-apt--confs) -* [`update`](#-apt--update) -* [`update_defaults`](#-apt--update_defaults) -* [`purge`](#-apt--purge) -* [`purge_defaults`](#-apt--purge_defaults) -* [`proxy`](#-apt--proxy) -* [`proxy_defaults`](#-apt--proxy_defaults) -* [`sources`](#-apt--sources) -* [`keys`](#-apt--keys) -* [`ppas`](#-apt--ppas) -* [`pins`](#-apt--pins) -* [`settings`](#-apt--settings) -* [`manage_auth_conf`](#-apt--manage_auth_conf) -* [`auth_conf_entries`](#-apt--auth_conf_entries) -* [`auth_conf_owner`](#-apt--auth_conf_owner) -* [`root`](#-apt--root) -* [`sources_list`](#-apt--sources_list) -* [`sources_list_d`](#-apt--sources_list_d) -* [`conf_d`](#-apt--conf_d) -* [`preferences`](#-apt--preferences) -* [`preferences_d`](#-apt--preferences_d) -* [`config_files`](#-apt--config_files) -* [`sources_list_force`](#-apt--sources_list_force) -* [`include_defaults`](#-apt--include_defaults) -* [`apt_conf_d`](#-apt--apt_conf_d) -* [`source_key_defaults`](#-apt--source_key_defaults) - -##### `provider` +* [`provider`](#provider) +* [`keyserver`](#keyserver) +* [`key_options`](#key_options) +* [`ppa_options`](#ppa_options) +* [`ppa_package`](#ppa_package) +* [`backports`](#backports) +* [`confs`](#confs) +* [`update`](#update) +* [`update_defaults`](#update_defaults) +* [`purge`](#purge) +* [`purge_defaults`](#purge_defaults) +* [`proxy`](#proxy) +* [`proxy_defaults`](#proxy_defaults) +* [`sources`](#sources) +* [`keys`](#keys) +* [`keyrings`](#keyrings) +* [`ppas`](#ppas) +* [`pins`](#pins) +* [`settings`](#settings) +* [`manage_auth_conf`](#manage_auth_conf) +* [`auth_conf_entries`](#auth_conf_entries) +* [`auth_conf_owner`](#auth_conf_owner) +* [`root`](#root) +* [`sources_list`](#sources_list) +* [`sources_list_d`](#sources_list_d) +* [`conf_d`](#conf_d) +* [`preferences`](#preferences) +* [`preferences_d`](#preferences_d) +* [`config_files`](#config_files) +* [`sources_list_force`](#sources_list_force) +* [`include_defaults`](#include_defaults) +* [`apt_conf_d`](#apt_conf_d) +* [`source_key_defaults`](#source_key_defaults) + +##### `provider` Data type: `String` @@ -99,7 +104,7 @@ Specifies the provider that should be used by apt::update. Default value: `$apt::params::provider` -##### `keyserver` +##### `keyserver` Data type: `String` @@ -108,7 +113,7 @@ hkp://). Default value: `$apt::params::keyserver` -##### `key_options` +##### `key_options` Data type: `Optional[String]` @@ -116,7 +121,7 @@ Specifies the default options for apt::key resources. Default value: `$apt::params::key_options` -##### `ppa_options` +##### `ppa_options` Data type: `Optional[Array[String]]` @@ -124,7 +129,7 @@ Supplies options to be passed to the `add-apt-repository` command. Default value: `$apt::params::ppa_options` -##### `ppa_package` +##### `ppa_package` Data type: `Optional[String]` @@ -132,7 +137,7 @@ Names the package that provides the `apt-add-repository` command. Default value: `$apt::params::ppa_package` -##### `backports` +##### `backports` Data type: `Optional[Hash]` @@ -146,7 +151,7 @@ Options: Default value: `$apt::params::backports` -##### `confs` +##### `confs` Data type: `Hash` @@ -154,7 +159,7 @@ Creates new `apt::conf` resources. Valid options: a hash to be passed to the cre Default value: `$apt::params::confs` -##### `update` +##### `update` Data type: `Hash` @@ -176,7 +181,7 @@ Default: 'reluctantly'. Default value: `$apt::params::update` -##### `update_defaults` +##### `update_defaults` Data type: `Hash` @@ -184,7 +189,7 @@ The default update settings that are combined and merged with the passed `update Default value: `$apt::params::update_defaults` -##### `purge` +##### `purge` Data type: `Hash` @@ -199,7 +204,7 @@ Options: Default value: `$apt::params::purge` -##### `purge_defaults` +##### `purge_defaults` Data type: `Hash` @@ -207,7 +212,7 @@ The default purge settings that are combined and merged with the passed `purge` Default value: `$apt::params::purge_defaults` -##### `proxy` +##### `proxy` Data type: `Apt::Proxy` @@ -215,7 +220,7 @@ Configures Apt to connect to a proxy server. Valid options: a hash matching the Default value: `$apt::params::proxy` -##### `proxy_defaults` +##### `proxy_defaults` Data type: `Hash` @@ -223,7 +228,7 @@ The default proxy settings that are combined and merged with the passed `proxy` Default value: `$apt::params::proxy_defaults` -##### `sources` +##### `sources` Data type: `Hash` @@ -231,7 +236,7 @@ Creates new `apt::source` resources. Valid options: a hash to be passed to the c Default value: `$apt::params::sources` -##### `keys` +##### `keys` Data type: `Hash` @@ -239,7 +244,15 @@ Creates new `apt::key` resources. Valid options: a hash to be passed to the crea Default value: `$apt::params::keys` -##### `ppas` +##### `keyrings` + +Data type: `Hash` + +Creates new `apt::keyring` resources. Valid options: a hash to be passed to the create_resources function linked above. + +Default value: `{}` + +##### `ppas` Data type: `Hash` @@ -247,7 +260,7 @@ Creates new `apt::ppa` resources. Valid options: a hash to be passed to the crea Default value: `$apt::params::ppas` -##### `pins` +##### `pins` Data type: `Hash` @@ -255,7 +268,7 @@ Creates new `apt::pin` resources. Valid options: a hash to be passed to the crea Default value: `$apt::params::pins` -##### `settings` +##### `settings` Data type: `Hash` @@ -263,7 +276,7 @@ Creates new `apt::setting` resources. Valid options: a hash to be passed to the Default value: `$apt::params::settings` -##### `manage_auth_conf` +##### `manage_auth_conf` Data type: `Boolean` @@ -272,7 +285,7 @@ the auth_conf_entries parameter. When false, the file will be ignored (note that Default value: `$apt::params::manage_auth_conf` -##### `auth_conf_entries` +##### `auth_conf_entries` Data type: `Array[Apt::Auth_conf_entry]` @@ -283,7 +296,7 @@ password and no others. Specifying manage_auth_conf and not specifying this para Default value: `$apt::params::auth_conf_entries` -##### `auth_conf_owner` +##### `auth_conf_owner` Data type: `String` @@ -291,7 +304,7 @@ The owner of the file /etc/apt/auth.conf. Default: '_apt' or 'root' on old relea Default value: `$apt::params::auth_conf_owner` -##### `root` +##### `root` Data type: `String` @@ -299,7 +312,7 @@ Specifies root directory of Apt executable. Default value: `$apt::params::root` -##### `sources_list` +##### `sources_list` Data type: `String` @@ -307,7 +320,7 @@ Specifies the path of the sources_list file to use. Default value: `$apt::params::sources_list` -##### `sources_list_d` +##### `sources_list_d` Data type: `String` @@ -315,7 +328,7 @@ Specifies the path of the sources_list.d file to use. Default value: `$apt::params::sources_list_d` -##### `conf_d` +##### `conf_d` Data type: `String` @@ -323,7 +336,7 @@ Specifies the path of the conf.d file to use. Default value: `$apt::params::conf_d` -##### `preferences` +##### `preferences` Data type: `String` @@ -331,7 +344,7 @@ Specifies the path of the preferences file to use. Default value: `$apt::params::preferences` -##### `preferences_d` +##### `preferences_d` Data type: `String` @@ -339,7 +352,7 @@ Specifies the path of the preferences.d file to use. Default value: `$apt::params::preferences_d` -##### `config_files` +##### `config_files` Data type: `Hash` @@ -347,7 +360,7 @@ A hash made up of the various configuration files used by Apt. Default value: `$apt::params::config_files` -##### `sources_list_force` +##### `sources_list_force` Data type: `Boolean` @@ -355,7 +368,7 @@ Specifies whether to perform force purge or delete. Default false. Default value: `$apt::params::sources_list_force` -##### `include_defaults` +##### `include_defaults` Data type: `Hash` @@ -363,7 +376,7 @@ Data type: `Hash` Default value: `$apt::params::include_defaults` -##### `apt_conf_d` +##### `apt_conf_d` Data type: `String` @@ -371,24 +384,20 @@ The path to the file `apt.conf.d` Default value: `$apt::params::apt_conf_d` -##### `source_key_defaults` +##### `source_key_defaults` Data type: `Hash` -The fault `source_key` settings +The default `source_key` settings -Default value: - -```puppet -{ +Default value: `{ 'server' => $keyserver, 'options' => undef, 'content' => undef, 'source' => undef, - } -``` + }` -### `apt::backports` +### `apt::backports` Manages backports. @@ -412,14 +421,14 @@ class { 'apt::backports': The following parameters are available in the `apt::backports` class: -* [`location`](#-apt--backports--location) -* [`release`](#-apt--backports--release) -* [`repos`](#-apt--backports--repos) -* [`key`](#-apt--backports--key) -* [`pin`](#-apt--backports--pin) -* [`include`](#-apt--backports--include) +* [`location`](#location) +* [`release`](#release) +* [`repos`](#repos) +* [`key`](#key) +* [`pin`](#pin) +* [`include`](#include) -##### `location` +##### `location` Data type: `Optional[String]` @@ -430,9 +439,9 @@ Ubuntu varies: - Ubuntu: 'http://archive.ubuntu.com/ubuntu' -Default value: `undef` +Default value: ``undef`` -##### `release` +##### `release` Data type: `Optional[String]` @@ -440,9 +449,9 @@ Specifies a distribution of the Apt repository containing the backports to manag Default: on Debian and Ubuntu, `${fact('os.distro.codename')}-backports`. We recommend keeping this default, except on other operating systems. -Default value: `undef` +Default value: ``undef`` -##### `repos` +##### `repos` Data type: `Optional[String]` @@ -453,9 +462,9 @@ Default value for Debian and Ubuntu varies: - Ubuntu: 'main universe multiverse restricted' -Default value: `undef` +Default value: ``undef`` -##### `key` +##### `key` Data type: `Optional[Variant[String, Hash]]` @@ -467,9 +476,9 @@ for Debian and Ubuntu varies: - Ubuntu: '630239CC130E1A7FD81A27B140976EAF437D05B5' -Default value: `undef` +Default value: ``undef`` -##### `pin` +##### `pin` Data type: `Variant[Integer, String, Hash]` @@ -478,7 +487,7 @@ type, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corre Default value: `200` -##### `include` +##### `include` Data type: `Variant[Hash]` @@ -488,7 +497,7 @@ Default value: `{}` ## Defined types -### `apt::conf` +### `apt::conf` Specifies a custom Apt configuration file. @@ -496,20 +505,20 @@ Specifies a custom Apt configuration file. The following parameters are available in the `apt::conf` defined type: -* [`content`](#-apt--conf--content) -* [`ensure`](#-apt--conf--ensure) -* [`priority`](#-apt--conf--priority) -* [`notify_update`](#-apt--conf--notify_update) +* [`content`](#content) +* [`ensure`](#ensure) +* [`priority`](#priority) +* [`notify_update`](#notify_update) -##### `content` +##### `content` Data type: `Optional[String]` Required unless `ensure` is set to 'absent'. Directly supplies content for the configuration file. -Default value: `undef` +Default value: ``undef`` -##### `ensure` +##### `ensure` Data type: `Enum['present', 'absent']` @@ -517,7 +526,7 @@ Specifies whether the configuration file should exist. Valid options: 'present' Default value: `present` -##### `priority` +##### `priority` Data type: `Variant[String, Integer]` @@ -526,15 +535,15 @@ Valid options: a string containing an integer or an integer. Default value: `50` -##### `notify_update` +##### `notify_update` Data type: `Optional[Boolean]` Specifies whether to trigger an `apt-get update` run. -Default value: `undef` +Default value: ``undef`` -### `apt::key` +### `apt::key` Manages the GPG keys that Apt uses to authenticate packages. @@ -556,15 +565,15 @@ apt::key { 'puppetlabs': The following parameters are available in the `apt::key` defined type: -* [`id`](#-apt--key--id) -* [`ensure`](#-apt--key--ensure) -* [`content`](#-apt--key--content) -* [`source`](#-apt--key--source) -* [`server`](#-apt--key--server) -* [`weak_ssl`](#-apt--key--weak_ssl) -* [`options`](#-apt--key--options) +* [`id`](#id) +* [`ensure`](#ensure) +* [`content`](#content) +* [`source`](#source) +* [`server`](#server) +* [`weak_ssl`](#weak_ssl) +* [`options`](#options) -##### `id` +##### `id` Data type: `Pattern[/\A(0x)?[0-9a-fA-F]{8}\Z/, /\A(0x)?[0-9a-fA-F]{16}\Z/, /\A(0x)?[0-9a-fA-F]{40}\Z/]` @@ -573,7 +582,7 @@ characters, optionally prefixed with "0x") or a full key fingerprint (40 hexadec Default value: `$title` -##### `ensure` +##### `ensure` Data type: `Enum['present', 'absent', 'refreshed']` @@ -582,24 +591,24 @@ update when they have expired (assuming a new key exists on the key server). Default value: `present` -##### `content` +##### `content` Data type: `Optional[String]` Supplies the entire GPG key. Useful in case the key can't be fetched from a remote location and using a file resource is inconvenient. -Default value: `undef` +Default value: ``undef`` -##### `source` +##### `source` Data type: `Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]]` Specifies the location of an existing GPG key file to copy. Valid options: a string containing a URL (ftp://, http://, or https://) or an absolute path. -Default value: `undef` +Default value: ``undef`` -##### `server` +##### `server` Data type: `Pattern[/\A((hkp|hkps|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?(\/[a-zA-Z\d\-_.]+)*\/?$/]` @@ -608,15 +617,15 @@ hkp:// or hkps://). The hkps:// protocol is currently only supported on Ubuntu 1 Default value: `$apt::keyserver` -##### `weak_ssl` +##### `weak_ssl` Data type: `Boolean` Specifies whether strict SSL verification on a https URL should be disabled. Valid options: true or false. -Default value: `false` +Default value: ``false`` -##### `options` +##### `options` Data type: `Optional[String]` @@ -624,7 +633,94 @@ Passes additional options to `apt-key adv --keyserver-options`. Default value: `$apt::key_options` -### `apt::mark` +### `apt::keyring` + +Manage GPG keyrings for apt repositories + +#### Examples + +##### Install the puppetlabs apt source with keyring. + +```puppet +apt::source { 'puppet7-release': + location => 'http://apt.puppetlabs.com', + repos => 'main', + keyring => '/etc/apt/keyrings/puppetlabs-keyring.gpg', +} +apt::keyring {'puppetlabs-keyring.gpg': + source => 'https://apt.puppetlabs.com/keyring.gpg', +} +``` + +#### Parameters + +The following parameters are available in the `apt::keyring` defined type: + +* [`keyring_dir`](#keyring_dir) +* [`keyring_filename`](#keyring_filename) +* [`keyring_file`](#keyring_file) +* [`keyring_file_mode`](#keyring_file_mode) +* [`source`](#source) +* [`content`](#content) +* [`ensure`](#ensure) + +##### `keyring_dir` + +Data type: `Stdlib::Absolutepath` + +Path to the directory where the keyring will be stored. + +Default value: `'/etc/apt/keyrings'` + +##### `keyring_filename` + +Data type: `Optional[String]` + +Optional filename for the keyring. + +Default value: `$name` + +##### `keyring_file` + +Data type: `Stdlib::Absolutepath` + +File path of the keyring. + +Default value: `"${keyring_dir}/${keyring_filename}"` + +##### `keyring_file_mode` + +Data type: `String` + +File permissions of the keyring. + +Default value: `'0644'` + +##### `source` + +Data type: `Optional[Stdlib::Filesource]` + +Source of the keyring file. Mutually exclusive with 'content'. + +Default value: ``undef`` + +##### `content` + +Data type: `Optional[String]` + +Content of the keyring file. Mutually exclusive with 'source'. + +Default value: ``undef`` + +##### `ensure` + +Data type: `Enum['present','absent']` + +Ensure presence or absence of the resource. + +Default value: `'present'` + +### `apt::mark` Manages apt-mark settings @@ -632,9 +728,9 @@ Manages apt-mark settings The following parameters are available in the `apt::mark` defined type: -* [`setting`](#-apt--mark--setting) +* [`setting`](#setting) -##### `setting` +##### `setting` Data type: `Enum['auto','manual','hold','unhold']` @@ -642,7 +738,7 @@ auto, manual, hold, unhold specifies the behavior of apt in case of no more dependencies installed https://manpages.debian.org/stable/apt/apt-mark.8.en.html -### `apt::pin` +### `apt::pin` Manages Apt pins. Does not trigger an apt-get update run. @@ -654,21 +750,21 @@ Manages Apt pins. Does not trigger an apt-get update run. The following parameters are available in the `apt::pin` defined type: -* [`ensure`](#-apt--pin--ensure) -* [`explanation`](#-apt--pin--explanation) -* [`order`](#-apt--pin--order) -* [`packages`](#-apt--pin--packages) -* [`priority`](#-apt--pin--priority) -* [`release`](#-apt--pin--release) -* [`release_version`](#-apt--pin--release_version) -* [`component`](#-apt--pin--component) -* [`originator`](#-apt--pin--originator) -* [`label`](#-apt--pin--label) -* [`origin`](#-apt--pin--origin) -* [`version`](#-apt--pin--version) -* [`codename`](#-apt--pin--codename) - -##### `ensure` +* [`ensure`](#ensure) +* [`explanation`](#explanation) +* [`order`](#order) +* [`packages`](#packages) +* [`priority`](#priority) +* [`release`](#release) +* [`release_version`](#release_version) +* [`component`](#component) +* [`originator`](#originator) +* [`label`](#label) +* [`origin`](#origin) +* [`version`](#version) +* [`codename`](#codename) + +##### `ensure` Data type: `Enum['file', 'present', 'absent']` @@ -676,15 +772,15 @@ Specifies whether the pin should exist. Valid options: 'file', 'present', and 'a Default value: `present` -##### `explanation` +##### `explanation` Data type: `Optional[String]` Supplies a comment to explain the pin. Default: "${caller_module_name}: ${name}". -Default value: `undef` +Default value: ``undef`` -##### `order` +##### `order` Data type: `Variant[Integer]` @@ -692,7 +788,7 @@ Determines the order in which Apt processes the pin file. Files with lower order Default value: `50` -##### `packages` +##### `packages` Data type: `Variant[String, Array]` @@ -700,7 +796,7 @@ Specifies which package(s) to pin. Default value: `'*'` -##### `priority` +##### `priority` Data type: `Variant[Numeric, String]` @@ -709,71 +805,71 @@ priority number (subject to dependency constraints). Valid options: an integer. Default value: `0` -##### `release` +##### `release` Data type: `Optional[String]` Tells APT to prefer packages that support the specified release. Typical values include 'stable', 'testing', and 'unstable'. -Default value: `undef` +Default value: ``undef`` -##### `release_version` +##### `release_version` Data type: `Optional[String]` Tells APT to prefer packages that support the specified operating system release version (such as Debian release version 7). -Default value: `undef` +Default value: ``undef`` -##### `component` +##### `component` Data type: `Optional[String]` Names the licensing component associated with the packages in the directory tree of the Release file. -Default value: `undef` +Default value: ``undef`` -##### `originator` +##### `originator` Data type: `Optional[String]` Names the originator of the packages in the directory tree of the Release file. -Default value: `undef` +Default value: ``undef`` -##### `label` +##### `label` Data type: `Optional[String]` Names the label of the packages in the directory tree of the Release file. -Default value: `undef` +Default value: ``undef`` -##### `origin` +##### `origin` Data type: `Optional[String]` The package origin -Default value: `undef` +Default value: ``undef`` -##### `version` +##### `version` Data type: `Optional[String]` The version of the package -Default value: `undef` +Default value: ``undef`` -##### `codename` +##### `codename` Data type: `Optional[String]` The codename of the package -Default value: `undef` +Default value: ``undef`` -### `apt::ppa` +### `apt::ppa` Manages PPA repositories using `add-apt-repository`. Not supported on Debian. @@ -789,14 +885,14 @@ apt::ppa{ 'ppa:openstack-ppa/bleeding-edge': } The following parameters are available in the `apt::ppa` defined type: -* [`ensure`](#-apt--ppa--ensure) -* [`options`](#-apt--ppa--options) -* [`release`](#-apt--ppa--release) -* [`dist`](#-apt--ppa--dist) -* [`package_name`](#-apt--ppa--package_name) -* [`package_manage`](#-apt--ppa--package_manage) +* [`ensure`](#ensure) +* [`options`](#options) +* [`release`](#release) +* [`dist`](#dist) +* [`package_name`](#package_name) +* [`package_manage`](#package_manage) -##### `ensure` +##### `ensure` Data type: `String` @@ -804,7 +900,7 @@ Specifies whether the PPA should exist. Valid options: 'present' and 'absent'. Default value: `'present'` -##### `options` +##### `options` Data type: `Optional[Array[String]]` @@ -812,7 +908,7 @@ Supplies options to be passed to the `add-apt-repository` command. Default: '-y' Default value: `$apt::ppa_options` -##### `release` +##### `release` Data type: `Optional[String]` @@ -821,7 +917,7 @@ Optional if `puppet facts show os.distro.codename` returns your correct distribu Default value: `fact('os.distro.codename')` -##### `dist` +##### `dist` Data type: `Optional[String]` @@ -830,7 +926,7 @@ Optional if `puppet facts show os.name` returns your correct distribution name. Default value: `$facts['os']['name']` -##### `package_name` +##### `package_name` Data type: `Optional[String]` @@ -838,15 +934,15 @@ Names the package that provides the `apt-add-repository` command. Default: 'soft Default value: `$apt::ppa_package` -##### `package_manage` +##### `package_manage` Data type: `Boolean` Specifies whether Puppet should manage the package that provides `apt-add-repository`. -Default value: `false` +Default value: ``false`` -### `apt::setting` +### `apt::setting` Manages Apt configuration files. @@ -858,13 +954,13 @@ Manages Apt configuration files. The following parameters are available in the `apt::setting` defined type: -* [`priority`](#-apt--setting--priority) -* [`ensure`](#-apt--setting--ensure) -* [`source`](#-apt--setting--source) -* [`content`](#-apt--setting--content) -* [`notify_update`](#-apt--setting--notify_update) +* [`priority`](#priority) +* [`ensure`](#ensure) +* [`source`](#source) +* [`content`](#content) +* [`notify_update`](#notify_update) -##### `priority` +##### `priority` Data type: `Variant[String, Integer, Array]` @@ -872,7 +968,7 @@ Determines the order in which Apt processes the configuration file. Files with h Default value: `50` -##### `ensure` +##### `ensure` Data type: `Enum['file', 'present', 'absent']` @@ -880,33 +976,33 @@ Specifies whether the file should exist. Valid options: 'present', 'absent', and Default value: `file` -##### `source` +##### `source` Data type: `Optional[String]` Required, unless `content` is set. Specifies a source file to supply the content of the configuration file. Cannot be used in combination with `content`. Valid options: see link above for Puppet's native file type source attribute. -Default value: `undef` +Default value: ``undef`` -##### `content` +##### `content` Data type: `Optional[String]` Required, unless `source` is set. Directly supplies content for the configuration file. Cannot be used in combination with `source`. Valid options: see link above for Puppet's native file type content attribute. -Default value: `undef` +Default value: ``undef`` -##### `notify_update` +##### `notify_update` Data type: `Boolean` Specifies whether to trigger an `apt-get update` run. -Default value: `true` +Default value: ``true`` -### `apt::source` +### `apt::source` Manages the Apt sources in /etc/apt/sources.list.d/. @@ -929,30 +1025,30 @@ apt::source { 'puppetlabs': The following parameters are available in the `apt::source` defined type: -* [`location`](#-apt--source--location) -* [`comment`](#-apt--source--comment) -* [`ensure`](#-apt--source--ensure) -* [`release`](#-apt--source--release) -* [`repos`](#-apt--source--repos) -* [`include`](#-apt--source--include) -* [`key`](#-apt--source--key) -* [`keyring`](#-apt--source--keyring) -* [`pin`](#-apt--source--pin) -* [`architecture`](#-apt--source--architecture) -* [`allow_unsigned`](#-apt--source--allow_unsigned) -* [`allow_insecure`](#-apt--source--allow_insecure) -* [`notify_update`](#-apt--source--notify_update) -* [`check_valid_until`](#-apt--source--check_valid_until) - -##### `location` +* [`location`](#location) +* [`comment`](#comment) +* [`ensure`](#ensure) +* [`release`](#release) +* [`repos`](#repos) +* [`include`](#include) +* [`key`](#key) +* [`keyring`](#keyring) +* [`pin`](#pin) +* [`architecture`](#architecture) +* [`allow_unsigned`](#allow_unsigned) +* [`allow_insecure`](#allow_insecure) +* [`notify_update`](#notify_update) +* [`check_valid_until`](#check_valid_until) + +##### `location` Data type: `Optional[String]` Required, unless ensure is set to 'absent'. Specifies an Apt repository. Valid options: a string containing a repository URL. -Default value: `undef` +Default value: ``undef`` -##### `comment` +##### `comment` Data type: `String` @@ -960,7 +1056,7 @@ Supplies a comment for adding to the Apt source file. Default value: `$name` -##### `ensure` +##### `ensure` Data type: `String` @@ -968,15 +1064,15 @@ Specifies whether the Apt source file should exist. Valid options: 'present' and Default value: `present` -##### `release` +##### `release` Data type: `Optional[String]` Specifies a distribution of the Apt repository. -Default value: `undef` +Default value: ``undef`` -##### `repos` +##### `repos` Data type: `String` @@ -984,7 +1080,7 @@ Specifies a component of the Apt repository. Default value: `'main'` -##### `include` +##### `include` Data type: `Variant[Hash]` @@ -997,79 +1093,85 @@ Options: Default value: `{}` -##### `key` +##### `key` Data type: `Optional[Variant[String, Hash]]` -Creates a declaration of the apt::key defined type. Valid options: a string to be passed to the `id` parameter of the `apt::key` -defined type, or a hash of `parameter => value` pairs to be passed to `apt::key`'s `id`, `server`, `content`, `source`, `weak_ssl`, -and/or `options` parameters. +Creates an apt::keyring in /etc/apt/keyrings (or anywhere on disk given `filename`) Valid options: + * a hash of `parameter => value` pairs to be passed to `file`: `name` (title), `content`, `source`, `filename` -Default value: `undef` +The following inputs are valid for the (deprecated) apt::key defined type. Valid options: + * a string to be passed to the `id` parameter of the `apt::key` defined type + * a hash of `parameter => value` pairs to be passed to `apt::key`: `id`, `server`, `content`, `source`, `weak_ssl`, `options` -##### `keyring` +Default value: ``undef`` + +##### `keyring` Data type: `Optional[Stdlib::AbsolutePath]` Absolute path to a file containing the PGP keyring used to sign this repository. Value is used to set signed-by on the source entry. +This is not necessary if the key is installed with key param above. See https://wiki.debian.org/DebianRepository/UseThirdParty for details. -Default value: `undef` +Default value: ``undef`` -##### `pin` +##### `pin` Data type: `Optional[Variant[Hash, Numeric, String]]` Creates a declaration of the apt::pin defined type. Valid options: a number or string to be passed to the `id` parameter of the `apt::pin` defined type, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corresponding parameters. -Default value: `undef` +Default value: ``undef`` -##### `architecture` +##### `architecture` Data type: `Optional[String]` Tells Apt to only download information for specified architectures. Valid options: a string containing one or more architecture names, -separated by commas (e.g., 'i386' or 'i386,alpha,powerpc'). Default: undef (if unspecified, Apt downloads information for all architectures -defined in the Apt::Architectures option). +separated by commas (e.g., 'i386' or 'i386,alpha,powerpc'). Default: undef +(if unspecified, Apt downloads information for all architectures defined in the Apt::Architectures option) -Default value: `undef` +Default value: ``undef`` -##### `allow_unsigned` +##### `allow_unsigned` Data type: `Boolean` Specifies whether to authenticate packages from this release, even if the Release file is not signed or the signature can't be checked. -Default value: `false` +Default value: ``false`` -##### `allow_insecure` +##### `allow_insecure` Data type: `Boolean` Specifies whether to allow downloads from insecure repositories. -Default value: `false` +Default value: ``false`` -##### `notify_update` +##### `notify_update` Data type: `Boolean` Specifies whether to trigger an `apt-get update` run. -Default value: `true` +Default value: ``true`` -##### `check_valid_until` +##### `check_valid_until` Data type: `Boolean` Specifies whether to check if the package release date is valid. Defaults to `True`. -Default value: `true` +Default value: ``true`` + +## Resource types ## Data types -### `Apt::Auth_conf_entry` +### `Apt::Auth_conf_entry` Login configuration settings that are recorded in the file `/etc/apt/auth.conf`. @@ -1091,23 +1193,23 @@ Struct[{ The following parameters are available in the `Apt::Auth_conf_entry` data type: -* [`machine`](#-Apt--Auth_conf_entry--machine) -* [`login`](#-Apt--Auth_conf_entry--login) -* [`password`](#-Apt--Auth_conf_entry--password) +* [`machine`](#machine) +* [`login`](#login) +* [`password`](#password) -##### `machine` +##### `machine` Hostname of machine to connect to. -##### `login` +##### `login` Specifies the username to connect with. -##### `password` +##### `password` Specifies the password to connect with. -### `Apt::Proxy` +### `Apt::Proxy` Configures Apt to connect to a proxy server. @@ -1129,33 +1231,33 @@ Struct[{ The following parameters are available in the `Apt::Proxy` data type: -* [`ensure`](#-Apt--Proxy--ensure) -* [`host`](#-Apt--Proxy--host) -* [`port`](#-Apt--Proxy--port) -* [`https`](#-Apt--Proxy--https) -* [`direct`](#-Apt--Proxy--direct) +* [`ensure`](#ensure) +* [`host`](#host) +* [`port`](#port) +* [`https`](#https) +* [`direct`](#direct) -##### `ensure` +##### `ensure` Specifies whether the proxy should exist. Valid options: 'file', 'present', and 'absent'. Prefer 'file' over 'present'. -##### `host` +##### `host` Specifies a proxy host to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: a string containing a hostname. -##### `port` +##### `port` Specifies a proxy port to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: an integer containing a port number. -##### `https` +##### `https` Specifies whether to enable https proxies. -##### `direct` +##### `direct` Specifies whether or not to use a `DIRECT` https proxy if http proxy is used but https is not. -### `Apt::Proxy_Per_Host` +### `Apt::Proxy_Per_Host` Adds per-host overrides to the system default APT proxy configuration @@ -1175,29 +1277,29 @@ Struct[{ The following parameters are available in the `Apt::Proxy_Per_Host` data type: -* [`scope`](#-Apt--Proxy_Per_Host--scope) -* [`host`](#-Apt--Proxy_Per_Host--host) -* [`port`](#-Apt--Proxy_Per_Host--port) -* [`https`](#-Apt--Proxy_Per_Host--https) -* [`direct`](#-Apt--Proxy_Per_Host--direct) +* [`scope`](#scope) +* [`host`](#host) +* [`port`](#port) +* [`https`](#https) +* [`direct`](#direct) -##### `scope` +##### `scope` Specifies the scope of the override. Valid options: a string containing a hostname. -##### `host` +##### `host` Specifies a proxy host to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: a string containing a hostname. -##### `port` +##### `port` Specifies a proxy port to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: an integer containing a port number. -##### `https` +##### `https` Specifies whether to enable https for this override. -##### `direct` +##### `direct` Specifies whether or not to use a `DIRECT` target to bypass the system default proxy. @@ -1216,4 +1318,3 @@ Allows you to perform apt-get functions Data type: `Enum[update, upgrade, dist-upgrade, autoremove]` Action to perform with apt-get - diff --git a/manifests/init.pp b/manifests/init.pp index b30b418d72..ede62dcd71 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -88,6 +88,9 @@ # @param keys # Creates new `apt::key` resources. Valid options: a hash to be passed to the create_resources function linked above. # +# @param keyrings +# Creates new `apt::keyring` resources. Valid options: a hash to be passed to the create_resources function linked above. +# # @param ppas # Creates new `apt::ppa` resources. Valid options: a hash to be passed to the create_resources function linked above. # @@ -159,6 +162,7 @@ Apt::Proxy $proxy = $apt::params::proxy, Hash $sources = $apt::params::sources, Hash $keys = $apt::params::keys, + Hash $keyrings = {}, Hash $ppas = $apt::params::ppas, Hash $pins = $apt::params::pins, Hash $settings = $apt::params::settings, @@ -347,6 +351,12 @@ if $keys { create_resources('apt::key', $keys) } + # manage keyrings if present + $keyrings.each |$key, $data| { + apt::keyring { $key: + * => $data, + } + } # manage ppas if present if $ppas { create_resources('apt::ppa', $ppas) diff --git a/manifests/keyring.pp b/manifests/keyring.pp new file mode 100644 index 0000000000..9b9de821c8 --- /dev/null +++ b/manifests/keyring.pp @@ -0,0 +1,72 @@ +# @summary Manage GPG keyrings for apt repositories +# +# @example Download the puppetlabs apt keyring +# apt::keyring {'puppetlabs-keyring.gpg': +# source => 'https://apt.puppetlabs.com/keyring.gpg', +# } +# @example Deploy the apt source and associated keyring file +# apt::source { 'puppet8-release': +# location => 'http://apt.puppetlabs.com', +# repos => 'puppet8', +# key => { +# name => 'puppetlabs-keyring.gpg', +# source => 'https://apt.puppetlabs.com/keyring.gpg' +# } +# } +# +# @param keyring_dir +# Path to the directory where the keyring will be stored. +# +# @param keyring_filename +# Optional filename for the keyring. It should also contain extension along with the filename. +# +# @param keyring_file +# File path of the keyring. +# +# @param keyring_file_mode +# File permissions of the keyring. +# +# @param source +# Source of the keyring file. Mutually exclusive with 'content'. +# +# @param content +# Content of the keyring file. Mutually exclusive with 'source'. +# +# @param ensure +# Ensure presence or absence of the resource. +# +define apt::keyring ( + Stdlib::Absolutepath $keyring_dir = '/etc/apt/keyrings', + Optional[String] $keyring_filename = $name, + Stdlib::Absolutepath $keyring_file = "${keyring_dir}/${keyring_filename}", + String $keyring_file_mode = '0644', + Optional[Stdlib::Filesource] $source = undef, + Optional[String] $content = undef, + Enum['present','absent'] $ensure = 'present', +) { + ensure_resource('file', $keyring_dir, { ensure => 'directory', mode => '0755', }) + if $source and $content { + fail("Parameters 'source' and 'content' are mutually exclusive") + } elsif ! $source and ! $content { + fail("One of 'source' or 'content' parameters are required") + } + + case $ensure { + 'present': { + file { $keyring_file: + ensure => 'file', + mode => $keyring_file_mode, + source => $source, + content => $content, + } + } + 'absent': { + file { $keyring_file: + ensure => $ensure, + } + } + default: { + fail("Invalid 'ensure' value '${ensure}' for apt::keyring") + } + } +} diff --git a/manifests/source.pp b/manifests/source.pp index dac455fcaf..9ad588e100 100644 --- a/manifests/source.pp +++ b/manifests/source.pp @@ -10,6 +10,17 @@ # }, # } # +#@example Download key behaviour to handle modern apt gpg keyrings. The name parameter in the key hash should be given with +# extension. Absence of extension will result in file formation with just name and no extension. +# apt::source { 'puppetlabs': +# location => 'http://apt.puppetlabs.com', +# comment => 'Puppet8', +# key => { +# 'name' => 'puppetlabs.gpg', +# 'source' => 'https://apt.puppetlabs.com/keyring.gpg', +# }, +# } +# # @param location # Required, unless ensure is set to 'absent'. Specifies an Apt repository. Valid options: a string containing a repository URL. # @@ -35,12 +46,16 @@ # Specifies whether to request the distribution's uncompiled source code. Default false. # # @param key -# Creates a declaration of the apt::key defined type. Valid options: a string to be passed to the `id` parameter of the `apt::key` -# defined type, or a hash of `parameter => value` pairs to be passed to `apt::key`'s `id`, `server`, `content`, `source`, `weak_ssl`, -# and/or `options` parameters. +# Creates an apt::keyring in /etc/apt/keyrings (or anywhere on disk given `filename`) Valid options: +# * a hash of `parameter => value` pairs to be passed to `file`: `name` (title), `content`, `source`, `filename` +# +# The following inputs are valid for the (deprecated) apt::key defined type. Valid options: +# * a string to be passed to the `id` parameter of the `apt::key` defined type +# * a hash of `parameter => value` pairs to be passed to `apt::key`: `id`, `server`, `content`, `source`, `weak_ssl`, `options` # # @param keyring # Absolute path to a file containing the PGP keyring used to sign this repository. Value is used to set signed-by on the source entry. +# This is not necessary if the key is installed with key param above. # See https://wiki.debian.org/DebianRepository/UseThirdParty for details. # # @param pin @@ -49,8 +64,8 @@ # # @param architecture # Tells Apt to only download information for specified architectures. Valid options: a string containing one or more architecture names, -# separated by commas (e.g., 'i386' or 'i386,alpha,powerpc'). Default: undef (if unspecified, Apt downloads information for all architectures -# defined in the Apt::Architectures option). +# separated by commas (e.g., 'i386' or 'i386,alpha,powerpc'). Default: undef +# (if unspecified, Apt downloads information for all architectures defined in the Apt::Architectures option) # # @param allow_unsigned # Specifies whether to authenticate packages from this release, even if the Release file is not signed or the signature can't be checked. @@ -122,19 +137,68 @@ $includes = $apt::include_defaults + $include - if $key and $keyring { - fail('parameters key and keyring are mutualy exclusive') - } - - if $key { + if $keyring { + if $key { + fail('parameters key and keyring are mutually exclusive') + } else { + $_list_keyring = $keyring + } + } elsif $key { if $key =~ Hash { - unless $key['id'] { - fail('key hash must contain at least an id entry') + unless $key['name'] or $key['id'] { + fail('key hash must contain a key name (for apt::keyring) or an id (for apt::key)') + } + if $key['id'] { + # defaults like keyserver are only relevant to apt::key + $_key = merge($apt::source_key_defaults, $key) + } else { + $_key = $key } - $_key = $apt::source_key_defaults + $key } else { $_key = { 'id' => assert_type(String[1], $key) } } + if $_key['ensure'] { + $_key_ensure = $_key['ensure'] + } else { + $_key_ensure = $ensure + } + + # Old keyserver keys handled by apt-key + if ($_key =~ Hash and $_key['id']) { + # We do not want to remove keys when the source is absent. + if ($ensure == 'present') { + apt::key { "Add key: ${$_key['id']} from Apt::Source ${title}": + ensure => $_key_ensure, + id => $_key['id'], + server => $_key['server'], + content => $_key['content'], + source => $_key['source'], + options => $_key['options'], + weak_ssl => $_key['weak_ssl'], + before => $_before, + } + } + $_list_keyring = undef + } + # Modern apt keyrings + elsif $_key =~ Hash and $_key['name'] { + apt::keyring { $_key['name']: + ensure => $_key_ensure, + content => $_key['content'], + source => $_key['source'], + keyring_filename => $_key['filename'], + before => $_before, + } + # TODO replace this block with a reference to the apt::keyring's final filename/full_path + if $_key['filename'] { + $_list_keyring = $_key['filename'] + } else { + $_list_keyring = "/etc/apt/keyrings/${_key['name']}" + } + } + } else { + # No `key` nor `keyring` provided + $_list_keyring = undef } $header = epp('apt/_header.epp') @@ -152,7 +216,7 @@ 'arch' => $_architecture, 'trusted' => $allow_unsigned ? { true => 'yes', false => undef }, 'allow-insecure' => $allow_insecure ? { true => 'yes', false => undef }, - 'signed-by' => $keyring, + 'signed-by' => $_list_keyring, 'check-valid-until' => $check_valid_until? { true => undef, false => 'false' }, }, ), @@ -184,26 +248,4 @@ } create_resources('apt::pin', { "${name}" => $_pin }) } - - # We do not want to remove keys when the source is absent. - if $key and ($ensure == 'present') { - if $_key =~ Hash { - if $_key['ensure'] != undef { - $_ensure = $_key['ensure'] - } else { - $_ensure = $ensure - } - - apt::key { "Add key: ${$_key['id']} from Apt::Source ${title}": - ensure => $_ensure, - id => $_key['id'], - server => $_key['server'], - content => $_key['content'], - source => $_key['source'], - options => $_key['options'], - weak_ssl => $_key['weak_ssl'], - before => $_before, - } - } - } } diff --git a/spec/defines/keyring_spec.rb b/spec/defines/keyring_spec.rb new file mode 100644 index 0000000000..6b3c65e1ef --- /dev/null +++ b/spec/defines/keyring_spec.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'apt::keyring' do + let(:title) { 'namevar' } + let(:params) do + { + source: 'http://apt.puppetlabs.com/pubkey.gpg', + } + end + + on_supported_os.each do |os, os_facts| + context "on #{os}" do + let(:facts) { os_facts } + + it { is_expected.to compile } + end + end +end From 2fb1b177f5f1165f6bd5c01ae7a8a08b56321a85 Mon Sep 17 00:00:00 2001 From: Ramesh Sencha Date: Fri, 29 Sep 2023 10:10:58 +0530 Subject: [PATCH 02/36] Update README.md Co-authored-by: Kenyon Ralph --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f282c8863d..0d533f1d3b 100644 --- a/README.md +++ b/README.md @@ -76,7 +76,7 @@ apt::keyring {'puppetlabs-keyring.gpg': #### Fetch via Puppet URI ```puppet -apt::keyring {'puppetlabs-keyring.gpg': +apt::keyring { 'puppetlabs-keyring.gpg': source => 'puppet:///modules/my_module/local_puppetlabs-keyring.gpg', } ``` From bfc2c7f41da8972e1bafc2d59f3d5eed0f11551e Mon Sep 17 00:00:00 2001 From: Ramesh Sencha Date: Fri, 29 Sep 2023 10:11:08 +0530 Subject: [PATCH 03/36] Update README.md Co-authored-by: Kenyon Ralph --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0d533f1d3b..b42dcf2ee9 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ You can fetch GPG keys via HTTP, Puppet URI, or local filesystem. The key can be #### Fetch via HTTP ```puppet -apt::keyring {'puppetlabs-keyring.gpg': +apt::keyring { 'puppetlabs-keyring.gpg': source => 'https://apt.puppetlabs.com/keyring.gpg', } ``` From 5c122e3bd3bf32531b69fc9f03a77a5d2ba71dd5 Mon Sep 17 00:00:00 2001 From: Ramesh Sencha Date: Fri, 29 Sep 2023 10:11:16 +0530 Subject: [PATCH 04/36] Update README.md Co-authored-by: Kenyon Ralph --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b42dcf2ee9..aa51056057 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,8 @@ include apt ### Add GPG keys -You can fetch GPG keys via HTTP, Puppet URI, or local filesystem. The key can be in GPG binary format, or ASCII armored, but the filename should have the appropriate extension (`.gpg` or `.asc`) + +You can fetch GPG keys via HTTP, Puppet URI, or local filesystem. The key can be in GPG binary format, or ASCII armored, but the filename should have the appropriate extension (`.gpg` or `.asc`). #### Fetch via HTTP ```puppet From e8e98e1c610e20de85fe95d8471681647deae449 Mon Sep 17 00:00:00 2001 From: Ramesh Sencha Date: Fri, 29 Sep 2023 10:11:29 +0530 Subject: [PATCH 05/36] Update README.md Co-authored-by: Kenyon Ralph --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index aa51056057..509ab296a4 100644 --- a/README.md +++ b/README.md @@ -69,6 +69,7 @@ include apt You can fetch GPG keys via HTTP, Puppet URI, or local filesystem. The key can be in GPG binary format, or ASCII armored, but the filename should have the appropriate extension (`.gpg` or `.asc`). #### Fetch via HTTP + ```puppet apt::keyring { 'puppetlabs-keyring.gpg': source => 'https://apt.puppetlabs.com/keyring.gpg', From d7155fb26bf8ff2af22050f2441279759cf4bb1e Mon Sep 17 00:00:00 2001 From: Ramesh Sencha Date: Fri, 29 Sep 2023 10:11:36 +0530 Subject: [PATCH 06/36] Update README.md Co-authored-by: Kenyon Ralph --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 509ab296a4..61731e56d7 100644 --- a/README.md +++ b/README.md @@ -77,6 +77,7 @@ apt::keyring { 'puppetlabs-keyring.gpg': ``` #### Fetch via Puppet URI + ```puppet apt::keyring { 'puppetlabs-keyring.gpg': source => 'puppet:///modules/my_module/local_puppetlabs-keyring.gpg', From e423dbfc916b15575dba8cea8592a2a107587c70 Mon Sep 17 00:00:00 2001 From: Ramesh Sencha Date: Fri, 29 Sep 2023 10:11:47 +0530 Subject: [PATCH 07/36] Update README.md Co-authored-by: Kenyon Ralph --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 61731e56d7..209509f18e 100644 --- a/README.md +++ b/README.md @@ -208,7 +208,7 @@ apt::source { 'puppetlabs': ### Adding name and source to the key parameter of apt::source, which then manages modern apt gpg keyrings -The name parameter of key hash should contain name with extensions (such as puppetlabs.gpg), Absence of extension will result in creation of file with just name and no extension. +The `name` parameter of key hash should contain the filename with extension (such as `puppetlabs.gpg`). ```puppet apt::source { 'puppetlabs': From ee8d03a81377bde74110cd947709bf849017d9a3 Mon Sep 17 00:00:00 2001 From: Ramesh Sencha Date: Fri, 29 Sep 2023 10:11:53 +0530 Subject: [PATCH 08/36] Update manifests/source.pp Co-authored-by: Kenyon Ralph --- manifests/source.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/source.pp b/manifests/source.pp index 9ad588e100..cd7e4c56fd 100644 --- a/manifests/source.pp +++ b/manifests/source.pp @@ -49,7 +49,7 @@ # Creates an apt::keyring in /etc/apt/keyrings (or anywhere on disk given `filename`) Valid options: # * a hash of `parameter => value` pairs to be passed to `file`: `name` (title), `content`, `source`, `filename` # -# The following inputs are valid for the (deprecated) apt::key defined type. Valid options: +# The following inputs are valid for the (deprecated) `apt::key` defined type. Valid options: # * a string to be passed to the `id` parameter of the `apt::key` defined type # * a hash of `parameter => value` pairs to be passed to `apt::key`: `id`, `server`, `content`, `source`, `weak_ssl`, `options` # From 6525552fa44b691c78f7580b76b12284fb373721 Mon Sep 17 00:00:00 2001 From: Ramesh Sencha Date: Fri, 29 Sep 2023 10:11:59 +0530 Subject: [PATCH 09/36] Update manifests/source.pp Co-authored-by: Kenyon Ralph --- manifests/source.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/source.pp b/manifests/source.pp index cd7e4c56fd..d9a40df503 100644 --- a/manifests/source.pp +++ b/manifests/source.pp @@ -164,7 +164,7 @@ } # Old keyserver keys handled by apt-key - if ($_key =~ Hash and $_key['id']) { + if $_key =~ Hash and $_key['id'] { # We do not want to remove keys when the source is absent. if ($ensure == 'present') { apt::key { "Add key: ${$_key['id']} from Apt::Source ${title}": From 19e479b42f6816e5a369957241e2b8d3a32211a0 Mon Sep 17 00:00:00 2001 From: Ramesh Sencha Date: Fri, 29 Sep 2023 10:12:05 +0530 Subject: [PATCH 10/36] Update manifests/source.pp Co-authored-by: Kenyon Ralph --- manifests/source.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/source.pp b/manifests/source.pp index d9a40df503..aaf337c886 100644 --- a/manifests/source.pp +++ b/manifests/source.pp @@ -166,7 +166,7 @@ # Old keyserver keys handled by apt-key if $_key =~ Hash and $_key['id'] { # We do not want to remove keys when the source is absent. - if ($ensure == 'present') { + if $ensure == 'present' { apt::key { "Add key: ${$_key['id']} from Apt::Source ${title}": ensure => $_key_ensure, id => $_key['id'], From da06d9a6857b8e35c1e3188c9963db96fbb7f6b9 Mon Sep 17 00:00:00 2001 From: Ramesh Sencha Date: Fri, 29 Sep 2023 10:12:13 +0530 Subject: [PATCH 11/36] Update manifests/source.pp Co-authored-by: Kenyon Ralph --- manifests/source.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/source.pp b/manifests/source.pp index aaf337c886..6bf58033a9 100644 --- a/manifests/source.pp +++ b/manifests/source.pp @@ -64,7 +64,7 @@ # # @param architecture # Tells Apt to only download information for specified architectures. Valid options: a string containing one or more architecture names, -# separated by commas (e.g., 'i386' or 'i386,alpha,powerpc'). Default: undef +# separated by commas (e.g., 'i386' or 'i386,alpha,powerpc'). # (if unspecified, Apt downloads information for all architectures defined in the Apt::Architectures option) # # @param allow_unsigned From 3c8e3cfa45c3c7048c33dc28795c24f172dae00b Mon Sep 17 00:00:00 2001 From: Ramesh Sencha Date: Fri, 29 Sep 2023 10:12:19 +0530 Subject: [PATCH 12/36] Update manifests/source.pp Co-authored-by: Kenyon Ralph --- manifests/source.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/source.pp b/manifests/source.pp index 6bf58033a9..b15c6b1766 100644 --- a/manifests/source.pp +++ b/manifests/source.pp @@ -55,7 +55,7 @@ # # @param keyring # Absolute path to a file containing the PGP keyring used to sign this repository. Value is used to set signed-by on the source entry. -# This is not necessary if the key is installed with key param above. +# This is not necessary if the key is installed with `key` param above. # See https://wiki.debian.org/DebianRepository/UseThirdParty for details. # # @param pin From f8ddb8c1b58de508def26e3a3a29eb8d9839057d Mon Sep 17 00:00:00 2001 From: Ramesh Sencha Date: Fri, 29 Sep 2023 10:12:35 +0530 Subject: [PATCH 13/36] Update manifests/init.pp Co-authored-by: Kenyon Ralph --- manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index ede62dcd71..d263a61d08 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -89,7 +89,7 @@ # Creates new `apt::key` resources. Valid options: a hash to be passed to the create_resources function linked above. # # @param keyrings -# Creates new `apt::keyring` resources. Valid options: a hash to be passed to the create_resources function linked above. +# Hash of `apt::keyring` resources. # # @param ppas # Creates new `apt::ppa` resources. Valid options: a hash to be passed to the create_resources function linked above. From ca1bcce146da15cbce16050befcd618e581838c8 Mon Sep 17 00:00:00 2001 From: Ramesh Sencha Date: Fri, 29 Sep 2023 10:12:47 +0530 Subject: [PATCH 14/36] Update manifests/keyring.pp Co-authored-by: Kenyon Ralph --- manifests/keyring.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/keyring.pp b/manifests/keyring.pp index 9b9de821c8..022cff8a87 100644 --- a/manifests/keyring.pp +++ b/manifests/keyring.pp @@ -1,7 +1,7 @@ # @summary Manage GPG keyrings for apt repositories # # @example Download the puppetlabs apt keyring -# apt::keyring {'puppetlabs-keyring.gpg': +# apt::keyring { 'puppetlabs-keyring.gpg': # source => 'https://apt.puppetlabs.com/keyring.gpg', # } # @example Deploy the apt source and associated keyring file From 4c17cf5be49b86a90dd19cb277316ec9ed194484 Mon Sep 17 00:00:00 2001 From: Ramesh Sencha Date: Fri, 29 Sep 2023 10:12:56 +0530 Subject: [PATCH 15/36] Update manifests/keyring.pp Co-authored-by: Kenyon Ralph --- manifests/keyring.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/keyring.pp b/manifests/keyring.pp index 022cff8a87..4ae70f49b2 100644 --- a/manifests/keyring.pp +++ b/manifests/keyring.pp @@ -37,7 +37,7 @@ # define apt::keyring ( Stdlib::Absolutepath $keyring_dir = '/etc/apt/keyrings', - Optional[String] $keyring_filename = $name, + String[1] $keyring_filename = $name, Stdlib::Absolutepath $keyring_file = "${keyring_dir}/${keyring_filename}", String $keyring_file_mode = '0644', Optional[Stdlib::Filesource] $source = undef, From f6eee3499376ce3f0ddd8c6baaa10bc813fbd7f2 Mon Sep 17 00:00:00 2001 From: Ramesh Sencha Date: Fri, 29 Sep 2023 10:13:05 +0530 Subject: [PATCH 16/36] Update manifests/keyring.pp Co-authored-by: Kenyon Ralph --- manifests/keyring.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/keyring.pp b/manifests/keyring.pp index 4ae70f49b2..64b4a5b49d 100644 --- a/manifests/keyring.pp +++ b/manifests/keyring.pp @@ -39,7 +39,7 @@ Stdlib::Absolutepath $keyring_dir = '/etc/apt/keyrings', String[1] $keyring_filename = $name, Stdlib::Absolutepath $keyring_file = "${keyring_dir}/${keyring_filename}", - String $keyring_file_mode = '0644', + Stdlib::Filemode $keyring_file_mode = '0644', Optional[Stdlib::Filesource] $source = undef, Optional[String] $content = undef, Enum['present','absent'] $ensure = 'present', From ff60961272974511649135ae400f86efe2cb6af0 Mon Sep 17 00:00:00 2001 From: Ramesh Sencha Date: Fri, 29 Sep 2023 10:13:16 +0530 Subject: [PATCH 17/36] Update manifests/keyring.pp Co-authored-by: Kenyon Ralph --- manifests/keyring.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/keyring.pp b/manifests/keyring.pp index 64b4a5b49d..65bed48857 100644 --- a/manifests/keyring.pp +++ b/manifests/keyring.pp @@ -41,7 +41,7 @@ Stdlib::Absolutepath $keyring_file = "${keyring_dir}/${keyring_filename}", Stdlib::Filemode $keyring_file_mode = '0644', Optional[Stdlib::Filesource] $source = undef, - Optional[String] $content = undef, + Optional[String[1]] $content = undef, Enum['present','absent'] $ensure = 'present', ) { ensure_resource('file', $keyring_dir, { ensure => 'directory', mode => '0755', }) From 73b27de10a2fe07532407f0ef4ca81a72fca3441 Mon Sep 17 00:00:00 2001 From: Ramesh Sencha Date: Fri, 29 Sep 2023 10:13:43 +0530 Subject: [PATCH 18/36] Update manifests/keyring.pp Co-authored-by: Kenyon Ralph --- manifests/keyring.pp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/manifests/keyring.pp b/manifests/keyring.pp index 65bed48857..83af558257 100644 --- a/manifests/keyring.pp +++ b/manifests/keyring.pp @@ -56,6 +56,8 @@ file { $keyring_file: ensure => 'file', mode => $keyring_file_mode, + owner => 'root', + group => 'root', source => $source, content => $content, } From 94f392cec91d93da546bd7697e430107dc86abe6 Mon Sep 17 00:00:00 2001 From: Ramesh Sencha Date: Fri, 29 Sep 2023 10:13:57 +0530 Subject: [PATCH 19/36] Update manifests/source.pp Co-authored-by: Kenyon Ralph --- manifests/source.pp | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/manifests/source.pp b/manifests/source.pp index b15c6b1766..ee22235009 100644 --- a/manifests/source.pp +++ b/manifests/source.pp @@ -10,16 +10,16 @@ # }, # } # -#@example Download key behaviour to handle modern apt gpg keyrings. The name parameter in the key hash should be given with -# extension. Absence of extension will result in file formation with just name and no extension. -# apt::source { 'puppetlabs': -# location => 'http://apt.puppetlabs.com', -# comment => 'Puppet8', -# key => { -# 'name' => 'puppetlabs.gpg', -# 'source' => 'https://apt.puppetlabs.com/keyring.gpg', -# }, -# } +# @example Download key behaviour to handle modern apt gpg keyrings. The `name` parameter in the key hash should be given with +# extension. Absence of extension will result in file formation with just name and no extension. +# apt::source { 'puppetlabs': +# location => 'http://apt.puppetlabs.com', +# comment => 'Puppet8', +# key => { +# 'name' => 'puppetlabs.gpg', +# 'source' => 'https://apt.puppetlabs.com/keyring.gpg', +# }, +# } # # @param location # Required, unless ensure is set to 'absent'. Specifies an Apt repository. Valid options: a string containing a repository URL. From 9e38a7c18f4458096ddb09b57570f577000cfeb0 Mon Sep 17 00:00:00 2001 From: Ramesh Sencha Date: Fri, 29 Sep 2023 10:14:24 +0530 Subject: [PATCH 20/36] Update manifests/source.pp Co-authored-by: Kenyon Ralph --- manifests/source.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/source.pp b/manifests/source.pp index ee22235009..e1793cea48 100644 --- a/manifests/source.pp +++ b/manifests/source.pp @@ -46,7 +46,7 @@ # Specifies whether to request the distribution's uncompiled source code. Default false. # # @param key -# Creates an apt::keyring in /etc/apt/keyrings (or anywhere on disk given `filename`) Valid options: +# Creates an `apt::keyring` in `/etc/apt/keyrings` (or anywhere on disk given `filename`) Valid options: # * a hash of `parameter => value` pairs to be passed to `file`: `name` (title), `content`, `source`, `filename` # # The following inputs are valid for the (deprecated) `apt::key` defined type. Valid options: From fd32f03ed8d451c6d3056ad22fd218c0aa1fd70f Mon Sep 17 00:00:00 2001 From: Ramesh Sencha Date: Fri, 29 Sep 2023 10:17:55 +0530 Subject: [PATCH 21/36] Regenerating REFERENCE.md file --- REFERENCE.md | 628 ++++++++++++++++++++++++++------------------------- 1 file changed, 325 insertions(+), 303 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 241d05da39..f4e31a20cf 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -9,7 +9,7 @@ #### Public Classes * [`apt`](#apt): Main class, includes all other classes. -* [`apt::backports`](#aptbackports): Manages backports. +* [`apt::backports`](#apt--backports): Manages backports. #### Private Classes @@ -18,20 +18,17 @@ ### Defined types -* [`apt::conf`](#aptconf): Specifies a custom Apt configuration file. -* [`apt::key`](#aptkey): Manages the GPG keys that Apt uses to authenticate packages. -* [`apt::keyring`](#aptkeyring): Manage GPG keyrings for apt repositories -* [`apt::mark`](#aptmark): Manages apt-mark settings -* [`apt::pin`](#aptpin): Manages Apt pins. Does not trigger an apt-get update run. -* [`apt::ppa`](#aptppa): Manages PPA repositories using `add-apt-repository`. Not supported on Debian. -* [`apt::setting`](#aptsetting): Manages Apt configuration files. -* [`apt::source`](#aptsource): Manages the Apt sources in /etc/apt/sources.list.d/. +* [`apt::conf`](#apt--conf): Specifies a custom Apt configuration file. +* [`apt::key`](#apt--key): Manages the GPG keys that Apt uses to authenticate packages. +* [`apt::keyring`](#apt--keyring): Manage GPG keyrings for apt repositories +* [`apt::mark`](#apt--mark): Manages apt-mark settings +* [`apt::pin`](#apt--pin): Manages Apt pins. Does not trigger an apt-get update run. +* [`apt::ppa`](#apt--ppa): Manages PPA repositories using `add-apt-repository`. Not supported on Debian. +* [`apt::setting`](#apt--setting): Manages Apt configuration files. +* [`apt::source`](#apt--source): Manages the Apt sources in /etc/apt/sources.list.d/. ### Resource types -#### Public Resource types - - #### Private Resource types * `apt_key`: This type provides Puppet with the capabilities to manage GPG keys needed @@ -40,9 +37,9 @@ be manipulated through the `apt-key` command. ### Data types -* [`Apt::Auth_conf_entry`](#aptauth_conf_entry): Login configuration settings that are recorded in the file `/etc/apt/auth.conf`. -* [`Apt::Proxy`](#aptproxy): Configures Apt to connect to a proxy server. -* [`Apt::Proxy_Per_Host`](#aptproxy_per_host): Adds per-host overrides to the system default APT proxy configuration +* [`Apt::Auth_conf_entry`](#Apt--Auth_conf_entry): Login configuration settings that are recorded in the file `/etc/apt/auth.conf`. +* [`Apt::Proxy`](#Apt--Proxy): Configures Apt to connect to a proxy server. +* [`Apt::Proxy_Per_Host`](#Apt--Proxy_Per_Host): Adds per-host overrides to the system default APT proxy configuration ### Tasks @@ -62,41 +59,41 @@ Main class, includes all other classes. The following parameters are available in the `apt` class: -* [`provider`](#provider) -* [`keyserver`](#keyserver) -* [`key_options`](#key_options) -* [`ppa_options`](#ppa_options) -* [`ppa_package`](#ppa_package) -* [`backports`](#backports) -* [`confs`](#confs) -* [`update`](#update) -* [`update_defaults`](#update_defaults) -* [`purge`](#purge) -* [`purge_defaults`](#purge_defaults) -* [`proxy`](#proxy) -* [`proxy_defaults`](#proxy_defaults) -* [`sources`](#sources) -* [`keys`](#keys) -* [`keyrings`](#keyrings) -* [`ppas`](#ppas) -* [`pins`](#pins) -* [`settings`](#settings) -* [`manage_auth_conf`](#manage_auth_conf) -* [`auth_conf_entries`](#auth_conf_entries) -* [`auth_conf_owner`](#auth_conf_owner) -* [`root`](#root) -* [`sources_list`](#sources_list) -* [`sources_list_d`](#sources_list_d) -* [`conf_d`](#conf_d) -* [`preferences`](#preferences) -* [`preferences_d`](#preferences_d) -* [`config_files`](#config_files) -* [`sources_list_force`](#sources_list_force) -* [`include_defaults`](#include_defaults) -* [`apt_conf_d`](#apt_conf_d) -* [`source_key_defaults`](#source_key_defaults) - -##### `provider` +* [`provider`](#-apt--provider) +* [`keyserver`](#-apt--keyserver) +* [`key_options`](#-apt--key_options) +* [`ppa_options`](#-apt--ppa_options) +* [`ppa_package`](#-apt--ppa_package) +* [`backports`](#-apt--backports) +* [`confs`](#-apt--confs) +* [`update`](#-apt--update) +* [`update_defaults`](#-apt--update_defaults) +* [`purge`](#-apt--purge) +* [`purge_defaults`](#-apt--purge_defaults) +* [`proxy`](#-apt--proxy) +* [`proxy_defaults`](#-apt--proxy_defaults) +* [`sources`](#-apt--sources) +* [`keys`](#-apt--keys) +* [`keyrings`](#-apt--keyrings) +* [`ppas`](#-apt--ppas) +* [`pins`](#-apt--pins) +* [`settings`](#-apt--settings) +* [`manage_auth_conf`](#-apt--manage_auth_conf) +* [`auth_conf_entries`](#-apt--auth_conf_entries) +* [`auth_conf_owner`](#-apt--auth_conf_owner) +* [`root`](#-apt--root) +* [`sources_list`](#-apt--sources_list) +* [`sources_list_d`](#-apt--sources_list_d) +* [`conf_d`](#-apt--conf_d) +* [`preferences`](#-apt--preferences) +* [`preferences_d`](#-apt--preferences_d) +* [`config_files`](#-apt--config_files) +* [`sources_list_force`](#-apt--sources_list_force) +* [`include_defaults`](#-apt--include_defaults) +* [`apt_conf_d`](#-apt--apt_conf_d) +* [`source_key_defaults`](#-apt--source_key_defaults) + +##### `provider` Data type: `String` @@ -104,7 +101,7 @@ Specifies the provider that should be used by apt::update. Default value: `$apt::params::provider` -##### `keyserver` +##### `keyserver` Data type: `String` @@ -113,7 +110,7 @@ hkp://). Default value: `$apt::params::keyserver` -##### `key_options` +##### `key_options` Data type: `Optional[String]` @@ -121,7 +118,7 @@ Specifies the default options for apt::key resources. Default value: `$apt::params::key_options` -##### `ppa_options` +##### `ppa_options` Data type: `Optional[Array[String]]` @@ -129,7 +126,7 @@ Supplies options to be passed to the `add-apt-repository` command. Default value: `$apt::params::ppa_options` -##### `ppa_package` +##### `ppa_package` Data type: `Optional[String]` @@ -137,7 +134,7 @@ Names the package that provides the `apt-add-repository` command. Default value: `$apt::params::ppa_package` -##### `backports` +##### `backports` Data type: `Optional[Hash]` @@ -151,7 +148,7 @@ Options: Default value: `$apt::params::backports` -##### `confs` +##### `confs` Data type: `Hash` @@ -159,7 +156,7 @@ Creates new `apt::conf` resources. Valid options: a hash to be passed to the cre Default value: `$apt::params::confs` -##### `update` +##### `update` Data type: `Hash` @@ -181,7 +178,7 @@ Default: 'reluctantly'. Default value: `$apt::params::update` -##### `update_defaults` +##### `update_defaults` Data type: `Hash` @@ -189,7 +186,7 @@ The default update settings that are combined and merged with the passed `update Default value: `$apt::params::update_defaults` -##### `purge` +##### `purge` Data type: `Hash` @@ -204,7 +201,7 @@ Options: Default value: `$apt::params::purge` -##### `purge_defaults` +##### `purge_defaults` Data type: `Hash` @@ -212,7 +209,7 @@ The default purge settings that are combined and merged with the passed `purge` Default value: `$apt::params::purge_defaults` -##### `proxy` +##### `proxy` Data type: `Apt::Proxy` @@ -220,7 +217,7 @@ Configures Apt to connect to a proxy server. Valid options: a hash matching the Default value: `$apt::params::proxy` -##### `proxy_defaults` +##### `proxy_defaults` Data type: `Hash` @@ -228,7 +225,7 @@ The default proxy settings that are combined and merged with the passed `proxy` Default value: `$apt::params::proxy_defaults` -##### `sources` +##### `sources` Data type: `Hash` @@ -236,7 +233,7 @@ Creates new `apt::source` resources. Valid options: a hash to be passed to the c Default value: `$apt::params::sources` -##### `keys` +##### `keys` Data type: `Hash` @@ -244,15 +241,15 @@ Creates new `apt::key` resources. Valid options: a hash to be passed to the crea Default value: `$apt::params::keys` -##### `keyrings` +##### `keyrings` Data type: `Hash` -Creates new `apt::keyring` resources. Valid options: a hash to be passed to the create_resources function linked above. +Hash of `apt::keyring` resources. Default value: `{}` -##### `ppas` +##### `ppas` Data type: `Hash` @@ -260,7 +257,7 @@ Creates new `apt::ppa` resources. Valid options: a hash to be passed to the crea Default value: `$apt::params::ppas` -##### `pins` +##### `pins` Data type: `Hash` @@ -268,7 +265,7 @@ Creates new `apt::pin` resources. Valid options: a hash to be passed to the crea Default value: `$apt::params::pins` -##### `settings` +##### `settings` Data type: `Hash` @@ -276,7 +273,7 @@ Creates new `apt::setting` resources. Valid options: a hash to be passed to the Default value: `$apt::params::settings` -##### `manage_auth_conf` +##### `manage_auth_conf` Data type: `Boolean` @@ -285,7 +282,7 @@ the auth_conf_entries parameter. When false, the file will be ignored (note that Default value: `$apt::params::manage_auth_conf` -##### `auth_conf_entries` +##### `auth_conf_entries` Data type: `Array[Apt::Auth_conf_entry]` @@ -296,7 +293,7 @@ password and no others. Specifying manage_auth_conf and not specifying this para Default value: `$apt::params::auth_conf_entries` -##### `auth_conf_owner` +##### `auth_conf_owner` Data type: `String` @@ -304,7 +301,7 @@ The owner of the file /etc/apt/auth.conf. Default: '_apt' or 'root' on old relea Default value: `$apt::params::auth_conf_owner` -##### `root` +##### `root` Data type: `String` @@ -312,7 +309,7 @@ Specifies root directory of Apt executable. Default value: `$apt::params::root` -##### `sources_list` +##### `sources_list` Data type: `String` @@ -320,7 +317,7 @@ Specifies the path of the sources_list file to use. Default value: `$apt::params::sources_list` -##### `sources_list_d` +##### `sources_list_d` Data type: `String` @@ -328,7 +325,7 @@ Specifies the path of the sources_list.d file to use. Default value: `$apt::params::sources_list_d` -##### `conf_d` +##### `conf_d` Data type: `String` @@ -336,7 +333,7 @@ Specifies the path of the conf.d file to use. Default value: `$apt::params::conf_d` -##### `preferences` +##### `preferences` Data type: `String` @@ -344,7 +341,7 @@ Specifies the path of the preferences file to use. Default value: `$apt::params::preferences` -##### `preferences_d` +##### `preferences_d` Data type: `String` @@ -352,7 +349,7 @@ Specifies the path of the preferences.d file to use. Default value: `$apt::params::preferences_d` -##### `config_files` +##### `config_files` Data type: `Hash` @@ -360,7 +357,7 @@ A hash made up of the various configuration files used by Apt. Default value: `$apt::params::config_files` -##### `sources_list_force` +##### `sources_list_force` Data type: `Boolean` @@ -368,7 +365,7 @@ Specifies whether to perform force purge or delete. Default false. Default value: `$apt::params::sources_list_force` -##### `include_defaults` +##### `include_defaults` Data type: `Hash` @@ -376,7 +373,7 @@ Data type: `Hash` Default value: `$apt::params::include_defaults` -##### `apt_conf_d` +##### `apt_conf_d` Data type: `String` @@ -384,20 +381,24 @@ The path to the file `apt.conf.d` Default value: `$apt::params::apt_conf_d` -##### `source_key_defaults` +##### `source_key_defaults` Data type: `Hash` -The default `source_key` settings +The fault `source_key` settings -Default value: `{ +Default value: + +```puppet +{ 'server' => $keyserver, 'options' => undef, 'content' => undef, 'source' => undef, - }` + } +``` -### `apt::backports` +### `apt::backports` Manages backports. @@ -421,14 +422,14 @@ class { 'apt::backports': The following parameters are available in the `apt::backports` class: -* [`location`](#location) -* [`release`](#release) -* [`repos`](#repos) -* [`key`](#key) -* [`pin`](#pin) -* [`include`](#include) +* [`location`](#-apt--backports--location) +* [`release`](#-apt--backports--release) +* [`repos`](#-apt--backports--repos) +* [`key`](#-apt--backports--key) +* [`pin`](#-apt--backports--pin) +* [`include`](#-apt--backports--include) -##### `location` +##### `location` Data type: `Optional[String]` @@ -439,9 +440,9 @@ Ubuntu varies: - Ubuntu: 'http://archive.ubuntu.com/ubuntu' -Default value: ``undef`` +Default value: `undef` -##### `release` +##### `release` Data type: `Optional[String]` @@ -449,9 +450,9 @@ Specifies a distribution of the Apt repository containing the backports to manag Default: on Debian and Ubuntu, `${fact('os.distro.codename')}-backports`. We recommend keeping this default, except on other operating systems. -Default value: ``undef`` +Default value: `undef` -##### `repos` +##### `repos` Data type: `Optional[String]` @@ -462,9 +463,9 @@ Default value for Debian and Ubuntu varies: - Ubuntu: 'main universe multiverse restricted' -Default value: ``undef`` +Default value: `undef` -##### `key` +##### `key` Data type: `Optional[Variant[String, Hash]]` @@ -476,9 +477,9 @@ for Debian and Ubuntu varies: - Ubuntu: '630239CC130E1A7FD81A27B140976EAF437D05B5' -Default value: ``undef`` +Default value: `undef` -##### `pin` +##### `pin` Data type: `Variant[Integer, String, Hash]` @@ -487,7 +488,7 @@ type, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corre Default value: `200` -##### `include` +##### `include` Data type: `Variant[Hash]` @@ -497,7 +498,7 @@ Default value: `{}` ## Defined types -### `apt::conf` +### `apt::conf` Specifies a custom Apt configuration file. @@ -505,20 +506,20 @@ Specifies a custom Apt configuration file. The following parameters are available in the `apt::conf` defined type: -* [`content`](#content) -* [`ensure`](#ensure) -* [`priority`](#priority) -* [`notify_update`](#notify_update) +* [`content`](#-apt--conf--content) +* [`ensure`](#-apt--conf--ensure) +* [`priority`](#-apt--conf--priority) +* [`notify_update`](#-apt--conf--notify_update) -##### `content` +##### `content` Data type: `Optional[String]` Required unless `ensure` is set to 'absent'. Directly supplies content for the configuration file. -Default value: ``undef`` +Default value: `undef` -##### `ensure` +##### `ensure` Data type: `Enum['present', 'absent']` @@ -526,7 +527,7 @@ Specifies whether the configuration file should exist. Valid options: 'present' Default value: `present` -##### `priority` +##### `priority` Data type: `Variant[String, Integer]` @@ -535,15 +536,15 @@ Valid options: a string containing an integer or an integer. Default value: `50` -##### `notify_update` +##### `notify_update` Data type: `Optional[Boolean]` Specifies whether to trigger an `apt-get update` run. -Default value: ``undef`` +Default value: `undef` -### `apt::key` +### `apt::key` Manages the GPG keys that Apt uses to authenticate packages. @@ -565,15 +566,15 @@ apt::key { 'puppetlabs': The following parameters are available in the `apt::key` defined type: -* [`id`](#id) -* [`ensure`](#ensure) -* [`content`](#content) -* [`source`](#source) -* [`server`](#server) -* [`weak_ssl`](#weak_ssl) -* [`options`](#options) +* [`id`](#-apt--key--id) +* [`ensure`](#-apt--key--ensure) +* [`content`](#-apt--key--content) +* [`source`](#-apt--key--source) +* [`server`](#-apt--key--server) +* [`weak_ssl`](#-apt--key--weak_ssl) +* [`options`](#-apt--key--options) -##### `id` +##### `id` Data type: `Pattern[/\A(0x)?[0-9a-fA-F]{8}\Z/, /\A(0x)?[0-9a-fA-F]{16}\Z/, /\A(0x)?[0-9a-fA-F]{40}\Z/]` @@ -582,7 +583,7 @@ characters, optionally prefixed with "0x") or a full key fingerprint (40 hexadec Default value: `$title` -##### `ensure` +##### `ensure` Data type: `Enum['present', 'absent', 'refreshed']` @@ -591,24 +592,24 @@ update when they have expired (assuming a new key exists on the key server). Default value: `present` -##### `content` +##### `content` Data type: `Optional[String]` Supplies the entire GPG key. Useful in case the key can't be fetched from a remote location and using a file resource is inconvenient. -Default value: ``undef`` +Default value: `undef` -##### `source` +##### `source` Data type: `Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]]` Specifies the location of an existing GPG key file to copy. Valid options: a string containing a URL (ftp://, http://, or https://) or an absolute path. -Default value: ``undef`` +Default value: `undef` -##### `server` +##### `server` Data type: `Pattern[/\A((hkp|hkps|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?(\/[a-zA-Z\d\-_.]+)*\/?$/]` @@ -617,15 +618,15 @@ hkp:// or hkps://). The hkps:// protocol is currently only supported on Ubuntu 1 Default value: `$apt::keyserver` -##### `weak_ssl` +##### `weak_ssl` Data type: `Boolean` Specifies whether strict SSL verification on a https URL should be disabled. Valid options: true or false. -Default value: ``false`` +Default value: `false` -##### `options` +##### `options` Data type: `Optional[String]` @@ -633,38 +634,46 @@ Passes additional options to `apt-key adv --keyserver-options`. Default value: `$apt::key_options` -### `apt::keyring` +### `apt::keyring` Manage GPG keyrings for apt repositories #### Examples -##### Install the puppetlabs apt source with keyring. +##### Download the puppetlabs apt keyring ```puppet -apt::source { 'puppet7-release': - location => 'http://apt.puppetlabs.com', - repos => 'main', - keyring => '/etc/apt/keyrings/puppetlabs-keyring.gpg', -} -apt::keyring {'puppetlabs-keyring.gpg': +apt::keyring { 'puppetlabs-keyring.gpg': source => 'https://apt.puppetlabs.com/keyring.gpg', } ``` +##### Deploy the apt source and associated keyring file + +```puppet +apt::source { 'puppet8-release': + location => 'http://apt.puppetlabs.com', + repos => 'puppet8', + key => { + name => 'puppetlabs-keyring.gpg', + source => 'https://apt.puppetlabs.com/keyring.gpg' + } +} +``` + #### Parameters The following parameters are available in the `apt::keyring` defined type: -* [`keyring_dir`](#keyring_dir) -* [`keyring_filename`](#keyring_filename) -* [`keyring_file`](#keyring_file) -* [`keyring_file_mode`](#keyring_file_mode) -* [`source`](#source) -* [`content`](#content) -* [`ensure`](#ensure) +* [`keyring_dir`](#-apt--keyring--keyring_dir) +* [`keyring_filename`](#-apt--keyring--keyring_filename) +* [`keyring_file`](#-apt--keyring--keyring_file) +* [`keyring_file_mode`](#-apt--keyring--keyring_file_mode) +* [`source`](#-apt--keyring--source) +* [`content`](#-apt--keyring--content) +* [`ensure`](#-apt--keyring--ensure) -##### `keyring_dir` +##### `keyring_dir` Data type: `Stdlib::Absolutepath` @@ -672,15 +681,15 @@ Path to the directory where the keyring will be stored. Default value: `'/etc/apt/keyrings'` -##### `keyring_filename` +##### `keyring_filename` -Data type: `Optional[String]` +Data type: `String[1]` -Optional filename for the keyring. +Optional filename for the keyring. It should also contain extension along with the filename. Default value: `$name` -##### `keyring_file` +##### `keyring_file` Data type: `Stdlib::Absolutepath` @@ -688,31 +697,31 @@ File path of the keyring. Default value: `"${keyring_dir}/${keyring_filename}"` -##### `keyring_file_mode` +##### `keyring_file_mode` -Data type: `String` +Data type: `Stdlib::Filemode` File permissions of the keyring. Default value: `'0644'` -##### `source` +##### `source` Data type: `Optional[Stdlib::Filesource]` Source of the keyring file. Mutually exclusive with 'content'. -Default value: ``undef`` +Default value: `undef` -##### `content` +##### `content` -Data type: `Optional[String]` +Data type: `Optional[String[1]]` Content of the keyring file. Mutually exclusive with 'source'. -Default value: ``undef`` +Default value: `undef` -##### `ensure` +##### `ensure` Data type: `Enum['present','absent']` @@ -720,7 +729,7 @@ Ensure presence or absence of the resource. Default value: `'present'` -### `apt::mark` +### `apt::mark` Manages apt-mark settings @@ -728,9 +737,9 @@ Manages apt-mark settings The following parameters are available in the `apt::mark` defined type: -* [`setting`](#setting) +* [`setting`](#-apt--mark--setting) -##### `setting` +##### `setting` Data type: `Enum['auto','manual','hold','unhold']` @@ -738,7 +747,7 @@ auto, manual, hold, unhold specifies the behavior of apt in case of no more dependencies installed https://manpages.debian.org/stable/apt/apt-mark.8.en.html -### `apt::pin` +### `apt::pin` Manages Apt pins. Does not trigger an apt-get update run. @@ -750,21 +759,21 @@ Manages Apt pins. Does not trigger an apt-get update run. The following parameters are available in the `apt::pin` defined type: -* [`ensure`](#ensure) -* [`explanation`](#explanation) -* [`order`](#order) -* [`packages`](#packages) -* [`priority`](#priority) -* [`release`](#release) -* [`release_version`](#release_version) -* [`component`](#component) -* [`originator`](#originator) -* [`label`](#label) -* [`origin`](#origin) -* [`version`](#version) -* [`codename`](#codename) - -##### `ensure` +* [`ensure`](#-apt--pin--ensure) +* [`explanation`](#-apt--pin--explanation) +* [`order`](#-apt--pin--order) +* [`packages`](#-apt--pin--packages) +* [`priority`](#-apt--pin--priority) +* [`release`](#-apt--pin--release) +* [`release_version`](#-apt--pin--release_version) +* [`component`](#-apt--pin--component) +* [`originator`](#-apt--pin--originator) +* [`label`](#-apt--pin--label) +* [`origin`](#-apt--pin--origin) +* [`version`](#-apt--pin--version) +* [`codename`](#-apt--pin--codename) + +##### `ensure` Data type: `Enum['file', 'present', 'absent']` @@ -772,15 +781,15 @@ Specifies whether the pin should exist. Valid options: 'file', 'present', and 'a Default value: `present` -##### `explanation` +##### `explanation` Data type: `Optional[String]` Supplies a comment to explain the pin. Default: "${caller_module_name}: ${name}". -Default value: ``undef`` +Default value: `undef` -##### `order` +##### `order` Data type: `Variant[Integer]` @@ -788,7 +797,7 @@ Determines the order in which Apt processes the pin file. Files with lower order Default value: `50` -##### `packages` +##### `packages` Data type: `Variant[String, Array]` @@ -796,7 +805,7 @@ Specifies which package(s) to pin. Default value: `'*'` -##### `priority` +##### `priority` Data type: `Variant[Numeric, String]` @@ -805,71 +814,71 @@ priority number (subject to dependency constraints). Valid options: an integer. Default value: `0` -##### `release` +##### `release` Data type: `Optional[String]` Tells APT to prefer packages that support the specified release. Typical values include 'stable', 'testing', and 'unstable'. -Default value: ``undef`` +Default value: `undef` -##### `release_version` +##### `release_version` Data type: `Optional[String]` Tells APT to prefer packages that support the specified operating system release version (such as Debian release version 7). -Default value: ``undef`` +Default value: `undef` -##### `component` +##### `component` Data type: `Optional[String]` Names the licensing component associated with the packages in the directory tree of the Release file. -Default value: ``undef`` +Default value: `undef` -##### `originator` +##### `originator` Data type: `Optional[String]` Names the originator of the packages in the directory tree of the Release file. -Default value: ``undef`` +Default value: `undef` -##### `label` +##### `label` Data type: `Optional[String]` Names the label of the packages in the directory tree of the Release file. -Default value: ``undef`` +Default value: `undef` -##### `origin` +##### `origin` Data type: `Optional[String]` The package origin -Default value: ``undef`` +Default value: `undef` -##### `version` +##### `version` Data type: `Optional[String]` The version of the package -Default value: ``undef`` +Default value: `undef` -##### `codename` +##### `codename` Data type: `Optional[String]` The codename of the package -Default value: ``undef`` +Default value: `undef` -### `apt::ppa` +### `apt::ppa` Manages PPA repositories using `add-apt-repository`. Not supported on Debian. @@ -885,14 +894,14 @@ apt::ppa{ 'ppa:openstack-ppa/bleeding-edge': } The following parameters are available in the `apt::ppa` defined type: -* [`ensure`](#ensure) -* [`options`](#options) -* [`release`](#release) -* [`dist`](#dist) -* [`package_name`](#package_name) -* [`package_manage`](#package_manage) +* [`ensure`](#-apt--ppa--ensure) +* [`options`](#-apt--ppa--options) +* [`release`](#-apt--ppa--release) +* [`dist`](#-apt--ppa--dist) +* [`package_name`](#-apt--ppa--package_name) +* [`package_manage`](#-apt--ppa--package_manage) -##### `ensure` +##### `ensure` Data type: `String` @@ -900,7 +909,7 @@ Specifies whether the PPA should exist. Valid options: 'present' and 'absent'. Default value: `'present'` -##### `options` +##### `options` Data type: `Optional[Array[String]]` @@ -908,7 +917,7 @@ Supplies options to be passed to the `add-apt-repository` command. Default: '-y' Default value: `$apt::ppa_options` -##### `release` +##### `release` Data type: `Optional[String]` @@ -917,7 +926,7 @@ Optional if `puppet facts show os.distro.codename` returns your correct distribu Default value: `fact('os.distro.codename')` -##### `dist` +##### `dist` Data type: `Optional[String]` @@ -926,7 +935,7 @@ Optional if `puppet facts show os.name` returns your correct distribution name. Default value: `$facts['os']['name']` -##### `package_name` +##### `package_name` Data type: `Optional[String]` @@ -934,15 +943,15 @@ Names the package that provides the `apt-add-repository` command. Default: 'soft Default value: `$apt::ppa_package` -##### `package_manage` +##### `package_manage` Data type: `Boolean` Specifies whether Puppet should manage the package that provides `apt-add-repository`. -Default value: ``false`` +Default value: `false` -### `apt::setting` +### `apt::setting` Manages Apt configuration files. @@ -954,13 +963,13 @@ Manages Apt configuration files. The following parameters are available in the `apt::setting` defined type: -* [`priority`](#priority) -* [`ensure`](#ensure) -* [`source`](#source) -* [`content`](#content) -* [`notify_update`](#notify_update) +* [`priority`](#-apt--setting--priority) +* [`ensure`](#-apt--setting--ensure) +* [`source`](#-apt--setting--source) +* [`content`](#-apt--setting--content) +* [`notify_update`](#-apt--setting--notify_update) -##### `priority` +##### `priority` Data type: `Variant[String, Integer, Array]` @@ -968,7 +977,7 @@ Determines the order in which Apt processes the configuration file. Files with h Default value: `50` -##### `ensure` +##### `ensure` Data type: `Enum['file', 'present', 'absent']` @@ -976,33 +985,33 @@ Specifies whether the file should exist. Valid options: 'present', 'absent', and Default value: `file` -##### `source` +##### `source` Data type: `Optional[String]` Required, unless `content` is set. Specifies a source file to supply the content of the configuration file. Cannot be used in combination with `content`. Valid options: see link above for Puppet's native file type source attribute. -Default value: ``undef`` +Default value: `undef` -##### `content` +##### `content` Data type: `Optional[String]` Required, unless `source` is set. Directly supplies content for the configuration file. Cannot be used in combination with `source`. Valid options: see link above for Puppet's native file type content attribute. -Default value: ``undef`` +Default value: `undef` -##### `notify_update` +##### `notify_update` Data type: `Boolean` Specifies whether to trigger an `apt-get update` run. -Default value: ``true`` +Default value: `true` -### `apt::source` +### `apt::source` Manages the Apt sources in /etc/apt/sources.list.d/. @@ -1021,34 +1030,48 @@ apt::source { 'puppetlabs': } ``` +##### Download key behaviour to handle modern apt gpg keyrings. The `name` parameter in the key hash should be given with + +```puppet +extension. Absence of extension will result in file formation with just name and no extension. +apt::source { 'puppetlabs': + location => 'http://apt.puppetlabs.com', + comment => 'Puppet8', + key => { + 'name' => 'puppetlabs.gpg', + 'source' => 'https://apt.puppetlabs.com/keyring.gpg', + }, +} +``` + #### Parameters The following parameters are available in the `apt::source` defined type: -* [`location`](#location) -* [`comment`](#comment) -* [`ensure`](#ensure) -* [`release`](#release) -* [`repos`](#repos) -* [`include`](#include) -* [`key`](#key) -* [`keyring`](#keyring) -* [`pin`](#pin) -* [`architecture`](#architecture) -* [`allow_unsigned`](#allow_unsigned) -* [`allow_insecure`](#allow_insecure) -* [`notify_update`](#notify_update) -* [`check_valid_until`](#check_valid_until) - -##### `location` +* [`location`](#-apt--source--location) +* [`comment`](#-apt--source--comment) +* [`ensure`](#-apt--source--ensure) +* [`release`](#-apt--source--release) +* [`repos`](#-apt--source--repos) +* [`include`](#-apt--source--include) +* [`key`](#-apt--source--key) +* [`keyring`](#-apt--source--keyring) +* [`pin`](#-apt--source--pin) +* [`architecture`](#-apt--source--architecture) +* [`allow_unsigned`](#-apt--source--allow_unsigned) +* [`allow_insecure`](#-apt--source--allow_insecure) +* [`notify_update`](#-apt--source--notify_update) +* [`check_valid_until`](#-apt--source--check_valid_until) + +##### `location` Data type: `Optional[String]` Required, unless ensure is set to 'absent'. Specifies an Apt repository. Valid options: a string containing a repository URL. -Default value: ``undef`` +Default value: `undef` -##### `comment` +##### `comment` Data type: `String` @@ -1056,7 +1079,7 @@ Supplies a comment for adding to the Apt source file. Default value: `$name` -##### `ensure` +##### `ensure` Data type: `String` @@ -1064,15 +1087,15 @@ Specifies whether the Apt source file should exist. Valid options: 'present' and Default value: `present` -##### `release` +##### `release` Data type: `Optional[String]` Specifies a distribution of the Apt repository. -Default value: ``undef`` +Default value: `undef` -##### `repos` +##### `repos` Data type: `String` @@ -1080,7 +1103,7 @@ Specifies a component of the Apt repository. Default value: `'main'` -##### `include` +##### `include` Data type: `Variant[Hash]` @@ -1093,85 +1116,83 @@ Options: Default value: `{}` -##### `key` +##### `key` Data type: `Optional[Variant[String, Hash]]` -Creates an apt::keyring in /etc/apt/keyrings (or anywhere on disk given `filename`) Valid options: +Creates an `apt::keyring` in `/etc/apt/keyrings` (or anywhere on disk given `filename`) Valid options: * a hash of `parameter => value` pairs to be passed to `file`: `name` (title), `content`, `source`, `filename` -The following inputs are valid for the (deprecated) apt::key defined type. Valid options: +The following inputs are valid for the (deprecated) `apt::key` defined type. Valid options: * a string to be passed to the `id` parameter of the `apt::key` defined type * a hash of `parameter => value` pairs to be passed to `apt::key`: `id`, `server`, `content`, `source`, `weak_ssl`, `options` -Default value: ``undef`` +Default value: `undef` -##### `keyring` +##### `keyring` Data type: `Optional[Stdlib::AbsolutePath]` Absolute path to a file containing the PGP keyring used to sign this repository. Value is used to set signed-by on the source entry. -This is not necessary if the key is installed with key param above. +This is not necessary if the key is installed with `key` param above. See https://wiki.debian.org/DebianRepository/UseThirdParty for details. -Default value: ``undef`` +Default value: `undef` -##### `pin` +##### `pin` Data type: `Optional[Variant[Hash, Numeric, String]]` Creates a declaration of the apt::pin defined type. Valid options: a number or string to be passed to the `id` parameter of the `apt::pin` defined type, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corresponding parameters. -Default value: ``undef`` +Default value: `undef` -##### `architecture` +##### `architecture` Data type: `Optional[String]` Tells Apt to only download information for specified architectures. Valid options: a string containing one or more architecture names, -separated by commas (e.g., 'i386' or 'i386,alpha,powerpc'). Default: undef +separated by commas (e.g., 'i386' or 'i386,alpha,powerpc'). (if unspecified, Apt downloads information for all architectures defined in the Apt::Architectures option) -Default value: ``undef`` +Default value: `undef` -##### `allow_unsigned` +##### `allow_unsigned` Data type: `Boolean` Specifies whether to authenticate packages from this release, even if the Release file is not signed or the signature can't be checked. -Default value: ``false`` +Default value: `false` -##### `allow_insecure` +##### `allow_insecure` Data type: `Boolean` Specifies whether to allow downloads from insecure repositories. -Default value: ``false`` +Default value: `false` -##### `notify_update` +##### `notify_update` Data type: `Boolean` Specifies whether to trigger an `apt-get update` run. -Default value: ``true`` +Default value: `true` -##### `check_valid_until` +##### `check_valid_until` Data type: `Boolean` Specifies whether to check if the package release date is valid. Defaults to `True`. -Default value: ``true`` - -## Resource types +Default value: `true` ## Data types -### `Apt::Auth_conf_entry` +### `Apt::Auth_conf_entry` Login configuration settings that are recorded in the file `/etc/apt/auth.conf`. @@ -1193,23 +1214,23 @@ Struct[{ The following parameters are available in the `Apt::Auth_conf_entry` data type: -* [`machine`](#machine) -* [`login`](#login) -* [`password`](#password) +* [`machine`](#-Apt--Auth_conf_entry--machine) +* [`login`](#-Apt--Auth_conf_entry--login) +* [`password`](#-Apt--Auth_conf_entry--password) -##### `machine` +##### `machine` Hostname of machine to connect to. -##### `login` +##### `login` Specifies the username to connect with. -##### `password` +##### `password` Specifies the password to connect with. -### `Apt::Proxy` +### `Apt::Proxy` Configures Apt to connect to a proxy server. @@ -1231,33 +1252,33 @@ Struct[{ The following parameters are available in the `Apt::Proxy` data type: -* [`ensure`](#ensure) -* [`host`](#host) -* [`port`](#port) -* [`https`](#https) -* [`direct`](#direct) +* [`ensure`](#-Apt--Proxy--ensure) +* [`host`](#-Apt--Proxy--host) +* [`port`](#-Apt--Proxy--port) +* [`https`](#-Apt--Proxy--https) +* [`direct`](#-Apt--Proxy--direct) -##### `ensure` +##### `ensure` Specifies whether the proxy should exist. Valid options: 'file', 'present', and 'absent'. Prefer 'file' over 'present'. -##### `host` +##### `host` Specifies a proxy host to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: a string containing a hostname. -##### `port` +##### `port` Specifies a proxy port to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: an integer containing a port number. -##### `https` +##### `https` Specifies whether to enable https proxies. -##### `direct` +##### `direct` Specifies whether or not to use a `DIRECT` https proxy if http proxy is used but https is not. -### `Apt::Proxy_Per_Host` +### `Apt::Proxy_Per_Host` Adds per-host overrides to the system default APT proxy configuration @@ -1277,29 +1298,29 @@ Struct[{ The following parameters are available in the `Apt::Proxy_Per_Host` data type: -* [`scope`](#scope) -* [`host`](#host) -* [`port`](#port) -* [`https`](#https) -* [`direct`](#direct) +* [`scope`](#-Apt--Proxy_Per_Host--scope) +* [`host`](#-Apt--Proxy_Per_Host--host) +* [`port`](#-Apt--Proxy_Per_Host--port) +* [`https`](#-Apt--Proxy_Per_Host--https) +* [`direct`](#-Apt--Proxy_Per_Host--direct) -##### `scope` +##### `scope` Specifies the scope of the override. Valid options: a string containing a hostname. -##### `host` +##### `host` Specifies a proxy host to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: a string containing a hostname. -##### `port` +##### `port` Specifies a proxy port to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: an integer containing a port number. -##### `https` +##### `https` Specifies whether to enable https for this override. -##### `direct` +##### `direct` Specifies whether or not to use a `DIRECT` target to bypass the system default proxy. @@ -1318,3 +1339,4 @@ Allows you to perform apt-get functions Data type: `Enum[update, upgrade, dist-upgrade, autoremove]` Action to perform with apt-get + From 62a3ddca0cc307c36e2b982fbf5f8bc9e068297d Mon Sep 17 00:00:00 2001 From: Ramesh Sencha Date: Mon, 2 Oct 2023 12:20:20 +0530 Subject: [PATCH 22/36] Update README.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Romain Tartière --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 209509f18e..3b6d7c537e 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,7 @@ include apt ### Add GPG keys -You can fetch GPG keys via HTTP, Puppet URI, or local filesystem. The key can be in GPG binary format, or ASCII armored, but the filename should have the appropriate extension (`.gpg` or `.asc`). +You can fetch GPG keys via HTTP, Puppet URI, or local filesystem. The key can be in GPG binary format, or ASCII armored, but the filename should have the appropriate extension (`.gpg` for keys in binary format; or `.asc` for ASCII armored keys). #### Fetch via HTTP From ca1d98ae7bc48c069cd816f430d4f382a4adbbec Mon Sep 17 00:00:00 2001 From: praj1001 <134480625+praj1001@users.noreply.github.com> Date: Wed, 18 Oct 2023 16:42:17 +0530 Subject: [PATCH 23/36] Added acceptance for keyring --- spec/acceptance/apt_keyring_spec.rb | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 spec/acceptance/apt_keyring_spec.rb diff --git a/spec/acceptance/apt_keyring_spec.rb b/spec/acceptance/apt_keyring_spec.rb new file mode 100644 index 0000000000..09264bca9c --- /dev/null +++ b/spec/acceptance/apt_keyring_spec.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +require 'spec_helper_acceptance' + +describe 'apt::keyring' do + context 'when using default values and source specified explicitly' do + keyring_pp = <<-MANIFEST + apt::keyring { 'puppetlabs-keyring.gpg': + source => 'https://apt.puppetlabs.com/keyring.gpg', + } + MANIFEST + + it 'applies idempotently' do + retry_on_error_matching do + idempotent_apply(pp) + end + end + end +end From 35c47366e6a48457a875e4a11da9d29ca5f693d9 Mon Sep 17 00:00:00 2001 From: praj1001 <134480625+praj1001@users.noreply.github.com> Date: Wed, 18 Oct 2023 16:51:33 +0530 Subject: [PATCH 24/36] Fixing rubocops --- spec/acceptance/apt_keyring_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/apt_keyring_spec.rb b/spec/acceptance/apt_keyring_spec.rb index 09264bca9c..9435caabb3 100644 --- a/spec/acceptance/apt_keyring_spec.rb +++ b/spec/acceptance/apt_keyring_spec.rb @@ -12,7 +12,7 @@ it 'applies idempotently' do retry_on_error_matching do - idempotent_apply(pp) + idempotent_apply(keyring_pp) end end end From 9f49af5fdc9d218748deca7346f8077fe174b813 Mon Sep 17 00:00:00 2001 From: praj1001 <134480625+praj1001@users.noreply.github.com> Date: Wed, 18 Oct 2023 17:25:10 +0530 Subject: [PATCH 25/36] Changed implementation for variable declaration --- spec/acceptance/apt_keyring_spec.rb | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/spec/acceptance/apt_keyring_spec.rb b/spec/acceptance/apt_keyring_spec.rb index 9435caabb3..7d77b73257 100644 --- a/spec/acceptance/apt_keyring_spec.rb +++ b/spec/acceptance/apt_keyring_spec.rb @@ -4,11 +4,13 @@ describe 'apt::keyring' do context 'when using default values and source specified explicitly' do - keyring_pp = <<-MANIFEST - apt::keyring { 'puppetlabs-keyring.gpg': - source => 'https://apt.puppetlabs.com/keyring.gpg', - } - MANIFEST + let (:keyring_pp) do + <<-MANIFEST + apt::keyring { 'puppetlabs-keyring.gpg': + source => 'https://apt.puppetlabs.com/keyring.gpg', + } + MANIFEST + end it 'applies idempotently' do retry_on_error_matching do From dedcfc290a782226ff5d6be7e326cb27b73cc263 Mon Sep 17 00:00:00 2001 From: praj1001 Date: Fri, 20 Oct 2023 09:43:58 +0530 Subject: [PATCH 26/36] Changed puppetlabs spec helper version --- Gemfile | 2 +- spec/acceptance/apt_keyring_spec.rb | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Gemfile b/Gemfile index 7904c15fa5..d78e86d278 100644 --- a/Gemfile +++ b/Gemfile @@ -22,7 +22,7 @@ group :development do gem "voxpupuli-puppet-lint-plugins", '~> 4.0', require: false gem "facterdb", '~> 1.18', require: false gem "metadata-json-lint", '~> 3.0', require: false - gem "puppetlabs_spec_helper", '~> 6.0', require: false + gem "puppetlabs_spec_helper", '~> 7.0', require: false gem "rspec-puppet-facts", '~> 2.0', require: false gem "codecov", '~> 0.2', require: false gem "dependency_checker", '~> 1.0.0', require: false diff --git a/spec/acceptance/apt_keyring_spec.rb b/spec/acceptance/apt_keyring_spec.rb index 7d77b73257..5b1fb5b9d6 100644 --- a/spec/acceptance/apt_keyring_spec.rb +++ b/spec/acceptance/apt_keyring_spec.rb @@ -4,13 +4,13 @@ describe 'apt::keyring' do context 'when using default values and source specified explicitly' do - let (:keyring_pp) do - <<-MANIFEST + let(:keyring_pp) do + <<-MANIFEST apt::keyring { 'puppetlabs-keyring.gpg': source => 'https://apt.puppetlabs.com/keyring.gpg', } - MANIFEST - end + MANIFEST + end it 'applies idempotently' do retry_on_error_matching do From 1abcb69d9d9f51bfe11f170775c4e63952ffe7a9 Mon Sep 17 00:00:00 2001 From: praj1001 Date: Sat, 21 Oct 2023 12:42:15 +0530 Subject: [PATCH 27/36] Added file location just an extra check --- spec/acceptance/apt_keyring_spec.rb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/spec/acceptance/apt_keyring_spec.rb b/spec/acceptance/apt_keyring_spec.rb index 5b1fb5b9d6..9876343ebc 100644 --- a/spec/acceptance/apt_keyring_spec.rb +++ b/spec/acceptance/apt_keyring_spec.rb @@ -2,6 +2,8 @@ require 'spec_helper_acceptance' +PUPPETLABS_FILE_CHECK_COMMAND = 'ls /etc/apt/keyrings | grep \'puppetlabs-keyring.gpg\'' + describe 'apt::keyring' do context 'when using default values and source specified explicitly' do let(:keyring_pp) do @@ -17,5 +19,9 @@ idempotent_apply(keyring_pp) end end + + it 'expects file to be present at default location' do + run_shell(PUPPETLABS_FILE_CHECK_COMMAND.to_s) + end end end From 072b41229c693646f98dd8607414a7ddff721992 Mon Sep 17 00:00:00 2001 From: praj1001 Date: Tue, 24 Oct 2023 20:35:08 +0530 Subject: [PATCH 28/36] Deleting the file --- spec/acceptance/apt_keyring_spec.rb | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/spec/acceptance/apt_keyring_spec.rb b/spec/acceptance/apt_keyring_spec.rb index 9876343ebc..5fe57728c0 100644 --- a/spec/acceptance/apt_keyring_spec.rb +++ b/spec/acceptance/apt_keyring_spec.rb @@ -2,17 +2,13 @@ require 'spec_helper_acceptance' -PUPPETLABS_FILE_CHECK_COMMAND = 'ls /etc/apt/keyrings | grep \'puppetlabs-keyring.gpg\'' - describe 'apt::keyring' do context 'when using default values and source specified explicitly' do - let(:keyring_pp) do - <<-MANIFEST - apt::keyring { 'puppetlabs-keyring.gpg': - source => 'https://apt.puppetlabs.com/keyring.gpg', - } - MANIFEST - end + keyring_pp = <<-MANIFEST + apt::keyring { 'puppetlabs-keyring.gpg': + source => 'https://apt.puppetlabs.com/keyring.gpg', + } + MANIFEST it 'applies idempotently' do retry_on_error_matching do @@ -21,7 +17,7 @@ end it 'expects file to be present at default location' do - run_shell(PUPPETLABS_FILE_CHECK_COMMAND.to_s) + run_shell('rm /etc/apt/keyrings/puppetlabs-keyring.gpg') end end end From 63883a8696bb1c58cd265a7f505dfb96707ca058 Mon Sep 17 00:00:00 2001 From: praj1001 Date: Tue, 24 Oct 2023 20:37:09 +0530 Subject: [PATCH 29/36] removed tabs --- spec/acceptance/apt_keyring_spec.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/spec/acceptance/apt_keyring_spec.rb b/spec/acceptance/apt_keyring_spec.rb index 5fe57728c0..e537bfdf3b 100644 --- a/spec/acceptance/apt_keyring_spec.rb +++ b/spec/acceptance/apt_keyring_spec.rb @@ -5,9 +5,9 @@ describe 'apt::keyring' do context 'when using default values and source specified explicitly' do keyring_pp = <<-MANIFEST - apt::keyring { 'puppetlabs-keyring.gpg': - source => 'https://apt.puppetlabs.com/keyring.gpg', - } + apt::keyring { 'puppetlabs-keyring.gpg': + source => 'https://apt.puppetlabs.com/keyring.gpg', + } MANIFEST it 'applies idempotently' do From 2ee7f97798996c05f7a4d2d261f5e522ca860b5d Mon Sep 17 00:00:00 2001 From: praj1001 Date: Tue, 24 Oct 2023 20:37:56 +0530 Subject: [PATCH 30/36] indent fix --- spec/acceptance/apt_keyring_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/apt_keyring_spec.rb b/spec/acceptance/apt_keyring_spec.rb index e537bfdf3b..6322471de2 100644 --- a/spec/acceptance/apt_keyring_spec.rb +++ b/spec/acceptance/apt_keyring_spec.rb @@ -6,7 +6,7 @@ context 'when using default values and source specified explicitly' do keyring_pp = <<-MANIFEST apt::keyring { 'puppetlabs-keyring.gpg': - source => 'https://apt.puppetlabs.com/keyring.gpg', + source => 'https://apt.puppetlabs.com/keyring.gpg', } MANIFEST From 68327364c4a00649a797dfd083903028c0517aec Mon Sep 17 00:00:00 2001 From: praj1001 Date: Tue, 24 Oct 2023 20:38:58 +0530 Subject: [PATCH 31/36] fixed closing braces --- spec/acceptance/apt_keyring_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/apt_keyring_spec.rb b/spec/acceptance/apt_keyring_spec.rb index 6322471de2..260c871009 100644 --- a/spec/acceptance/apt_keyring_spec.rb +++ b/spec/acceptance/apt_keyring_spec.rb @@ -7,7 +7,7 @@ keyring_pp = <<-MANIFEST apt::keyring { 'puppetlabs-keyring.gpg': source => 'https://apt.puppetlabs.com/keyring.gpg', - } + } MANIFEST it 'applies idempotently' do From 795dcb2e138e516442257022479ca55ee68ba9c3 Mon Sep 17 00:00:00 2001 From: praj1001 Date: Wed, 25 Oct 2023 15:13:31 +0530 Subject: [PATCH 32/36] Added spec for comparing contents of keyring file --- spec/acceptance/apt_keyring_spec.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/spec/acceptance/apt_keyring_spec.rb b/spec/acceptance/apt_keyring_spec.rb index 260c871009..fa1a08c317 100644 --- a/spec/acceptance/apt_keyring_spec.rb +++ b/spec/acceptance/apt_keyring_spec.rb @@ -2,6 +2,8 @@ require 'spec_helper_acceptance' +PUPPETLABS_KEYRING_CHECK_COMMAND = 'gpg --show-keys /etc/apt/keyrings/puppetlabs-keyring.gpg | grep -F -A 1 \'pub rsa4096 2019-04-08 [SC] [expires: 2025-04-06]\' | grep \'D6811ED3ADEEB8441AF5AA8F4528B6CD9E61EF26\'' + describe 'apt::keyring' do context 'when using default values and source specified explicitly' do keyring_pp = <<-MANIFEST @@ -16,8 +18,8 @@ end end - it 'expects file to be present at default location' do - run_shell('rm /etc/apt/keyrings/puppetlabs-keyring.gpg') + it 'expects file content to be present and correct' do + run_shell(PUPPETLABS_KEYRING_CHECK_COMMAND.to_s) end end end From faacdf03135e276785b2863e755737fc02eebd6d Mon Sep 17 00:00:00 2001 From: praj1001 Date: Wed, 25 Oct 2023 15:20:16 +0530 Subject: [PATCH 33/36] Rubocop fixed --- spec/acceptance/apt_keyring_spec.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/spec/acceptance/apt_keyring_spec.rb b/spec/acceptance/apt_keyring_spec.rb index fa1a08c317..b840aa281c 100644 --- a/spec/acceptance/apt_keyring_spec.rb +++ b/spec/acceptance/apt_keyring_spec.rb @@ -2,7 +2,8 @@ require 'spec_helper_acceptance' -PUPPETLABS_KEYRING_CHECK_COMMAND = 'gpg --show-keys /etc/apt/keyrings/puppetlabs-keyring.gpg | grep -F -A 1 \'pub rsa4096 2019-04-08 [SC] [expires: 2025-04-06]\' | grep \'D6811ED3ADEEB8441AF5AA8F4528B6CD9E61EF26\'' +PUPPETLABS_KEYRING_CHECK_COMMAND = 'gpg --show-keys /etc/apt/keyrings/puppetlabs-keyring.gpg | grep -F -A 1 \'pub rsa4096 2019-04-08 [SC] [expires: 2025-04-06]\'' \ +'| grep \'D6811ED3ADEEB8441AF5AA8F4528B6CD9E61EF26\'' describe 'apt::keyring' do context 'when using default values and source specified explicitly' do From 90749931cab3848f0d06297f1333e7cd4f42df92 Mon Sep 17 00:00:00 2001 From: praj1001 Date: Wed, 25 Oct 2023 21:35:29 +0530 Subject: [PATCH 34/36] Fixed import and list keys options --- spec/acceptance/apt_keyring_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/apt_keyring_spec.rb b/spec/acceptance/apt_keyring_spec.rb index b840aa281c..5f8592547a 100644 --- a/spec/acceptance/apt_keyring_spec.rb +++ b/spec/acceptance/apt_keyring_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper_acceptance' -PUPPETLABS_KEYRING_CHECK_COMMAND = 'gpg --show-keys /etc/apt/keyrings/puppetlabs-keyring.gpg | grep -F -A 1 \'pub rsa4096 2019-04-08 [SC] [expires: 2025-04-06]\'' \ +PUPPETLABS_KEYRING_CHECK_COMMAND = 'gpg --import /etc/apt/keyrings/puppetlabs-keyring.gpg | gpg --list-keys | grep -F -A 1 \'pub rsa4096 2019-04-08 [SC] [expires: 2025-04-06]\'' \ '| grep \'D6811ED3ADEEB8441AF5AA8F4528B6CD9E61EF26\'' describe 'apt::keyring' do From ea379705bc131efafae8601203c02cc8b00845a4 Mon Sep 17 00:00:00 2001 From: praj1001 Date: Wed, 25 Oct 2023 22:23:09 +0530 Subject: [PATCH 35/36] retry on error matching --- spec/acceptance/apt_keyring_spec.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/spec/acceptance/apt_keyring_spec.rb b/spec/acceptance/apt_keyring_spec.rb index 5f8592547a..8982553020 100644 --- a/spec/acceptance/apt_keyring_spec.rb +++ b/spec/acceptance/apt_keyring_spec.rb @@ -20,7 +20,9 @@ end it 'expects file content to be present and correct' do - run_shell(PUPPETLABS_KEYRING_CHECK_COMMAND.to_s) + retry_on_error_matching do + run_shell(PUPPETLABS_KEYRING_CHECK_COMMAND.to_s) + end end end end From 9ada84415debd1d99778aebf6dca901891218372 Mon Sep 17 00:00:00 2001 From: praj1001 Date: Thu, 26 Oct 2023 08:13:30 +0530 Subject: [PATCH 36/36] PR comments resolution --- spec/acceptance/apt_keyring_spec.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/spec/acceptance/apt_keyring_spec.rb b/spec/acceptance/apt_keyring_spec.rb index 8982553020..0104464ff4 100644 --- a/spec/acceptance/apt_keyring_spec.rb +++ b/spec/acceptance/apt_keyring_spec.rb @@ -2,15 +2,15 @@ require 'spec_helper_acceptance' -PUPPETLABS_KEYRING_CHECK_COMMAND = 'gpg --import /etc/apt/keyrings/puppetlabs-keyring.gpg | gpg --list-keys | grep -F -A 1 \'pub rsa4096 2019-04-08 [SC] [expires: 2025-04-06]\'' \ +PUPPETLABS_KEYRING_CHECK_COMMAND = 'gpg --import /etc/apt/keyrings/puppetlabs-keyring.gpg && gpg --list-keys | grep -F -A 1 \'pub rsa4096 2019-04-08 [SC] [expires: 2025-04-06]\'' \ '| grep \'D6811ED3ADEEB8441AF5AA8F4528B6CD9E61EF26\'' describe 'apt::keyring' do context 'when using default values and source specified explicitly' do keyring_pp = <<-MANIFEST - apt::keyring { 'puppetlabs-keyring.gpg': - source => 'https://apt.puppetlabs.com/keyring.gpg', - } + apt::keyring { 'puppetlabs-keyring.gpg': + source => 'https://apt.puppetlabs.com/keyring.gpg', + } MANIFEST it 'applies idempotently' do