Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add apt::keyring defined type #1120

Closed
wants to merge 4 commits into from
Closed

Conversation

jps-help
Copy link

Summary

Add a new defined type for adding GPG keyrings.

Additional Context

apt-key is deprecated in the latest Debian and Ubuntu releases. Therefore we should move away from the old apt::key defined type which relies on it.
With this we can manage apt keyrings directly with the apt module. Further work would be required to integrate this directly into the apt::source like how apt::key is currently.
Reference - https://wiki.debian.org/DebianRepository/UseThirdParty

Related Issues (if any)

#1034

Checklist

  • 🟢 Spec tests - I don't have much experience with this, so I've simply generated the bare-minumum one with pdk.
  • 🟢 Acceptance tests.
  • Manually verified. (For example puppet apply)

@jps-help jps-help requested review from a team, bastelfreak and smortex as code owners June 20, 2023 10:24
@CLAassistant
Copy link

CLAassistant commented Jun 20, 2023

CLA assistant check
All committers have signed the CLA.

# Ensure presence or absence of the resource.
#
define apt::keyring (
Stdlib::Absolutepath $keyring_dir = '/etc/apt/keyrings',

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is already defined as apt::params::trusted_gpg_d

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

True, but for new-style APT keyrings, /etc/apt/keyrings is the preferred location.

Changing it only here means the new-style keyrings can be deployed to /etc/apt/keyrings by default, without affecting the rest of the module.

manifests/keyring.pp Outdated Show resolved Hide resolved
manifests/keyring.pp Outdated Show resolved Hide resolved
Enum['present','absent'] $ensure = 'present',
) {
ensure_resource('file', $keyring_dir, { ensure => 'directory', mode => '0755', })
if $source and $content {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We probably want a similar check when none of source and content is set. The provided unit test in this regard is incomplete because I would expect such code to fail.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea. I have added another condition which will catch this scenario.

jamesps-ebi and others added 2 commits September 5, 2023 08:14
Applying suggestions from code review

Co-authored-by: Romain Tartière <[email protected]>
Fail when no source or content parameters are supplied.
@praj1001 praj1001 mentioned this pull request Sep 18, 2023
3 tasks
@kenyon
Copy link

kenyon commented Nov 20, 2023

Should be closed, was done in #1128.

@smortex
Copy link
Collaborator

smortex commented Nov 20, 2023

Thanks @kenyon!

@smortex smortex closed this Nov 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants