aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README22
-rw-r--r--files/backports.org.key33
-rw-r--r--manifests/init.pp58
-rw-r--r--manifests/preferences.pp11
-rw-r--r--manifests/preferences/absent.pp8
-rw-r--r--manifests/proxy-client.pp18
-rw-r--r--templates/sources.list.backports.erb8
-rw-r--r--templates/sources.list.erb6
8 files changed, 74 insertions, 90 deletions
diff --git a/README b/README
index 833008e..a6e37ce 100644
--- a/README
+++ b/README
@@ -1,3 +1,4 @@
+
Overview
========
@@ -6,7 +7,7 @@ This module manages apt on Debian.
It keeps dpkg's and apt's databases as well as the keyrings for securing
package download current.
-backports.org is added and an archive key is provided[1].
+backports.debian.org is added.
dselect is switched to expert mode to suppress superfluous help screens.
@@ -50,6 +51,21 @@ following variable before including this class will pull in the
templates/apt/sources.list file:
$custom_sources_list ='template("apt/sources.list")'
+$custom_preferences
+--------------------
+By default this module will use a basic apt/preferences file with
+unstable and testing pinned to very low values so that any package
+installation will not accidentally pull in packages from those suites
+unless you explicitly specify the version number. You can set this
+variable to pull in a customized apt/preferences template, for
+example, setting the following variable before including this class
+will pull in the templates/apt/preferences file:
+$custom_preferences = 'template("apt/preferences")'
+
+Also, if you need the preferences file to be absent, set this variable to false:
+
+$custom_preferences = false
+
$custom_key_dir
---------------
If you have different apt-key files that you want to get added to your
@@ -142,7 +158,3 @@ Sometimes -- especially when initially starting management or deploying new
packages -- a immediate update is really needed to be able to install the right
packages without errors. Thus a method should be devised to be able to specify
with high fidelity when a update should be run and when it is not needed.
-
-
-
-[1] Of course, you should check the validity of _this_ key yourself.
diff --git a/files/backports.org.key b/files/backports.org.key
deleted file mode 100644
index 6e66404..0000000
--- a/files/backports.org.key
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.3 (GNU/Linux)
-
-mQGiBEMIgw4RBADueqAzlq+rQT9JYSSWnNzo6C+9crI8lzW/fcl2Q3PO97MOQTOx
-Qsf/lOh0Ku7O+VdBa+BwVPuUkSw6wTY5Ku1y/6r1BQzJ9oHkryDDJXsHzKhpdyFc
-/lD4hNGqRkiNg5ulwAI0O1eqffPWDmeR9ZzSsqM40f1U4TNLfPAu1viWxwCgnbWz
-onY6RqSYlRsDQaPsNTwieVEEAJeX2FGgNepD1SvfEremAkWCrYYlSZI76iTIf6bd
-kGkWqIT0vJyE2MNenhDJ2ebbHJVFmL9x8S3m1daC4Zwnacm7aoCY/QgMJ+Js1Fex
-Acev48W9KHgpVbFMd1t8KAwRbmFcQf0C/FZUbE7xScpTxS4z3SsMOuRyfnGpDOi6
-m/SnA/9wpquf3pPwbPykzKWNJEDouiJgt0zaFLauKDPeyTWeJ6htaAPDglArewdq
-bJ9M8QgLFtzjhg/fBQlRRUk7YP4OYtp1OdPkg2D/1rPQNySWlDf21T3N/K8ydKhR
-bYi+AsPuJLQUi3d+lVTFOebaL9felePvDC2/Eod7PSD1/rnkZ7Q0QmFja3BvcnRz
-Lm9yZyBBcmNoaXZlIEtleSA8ZnRwLW1hc3RlckBiYWNrcG9ydHMub3JnPohGBBAR
-AgAGBQJDgImkAAoJEHFe1qB+e4rJ2x4An2oI4xJpDvOx8uDIo9ihG1M0MpUqAJ9S
-cqVUmiyYSPtu8MwcZecy9kmOIYheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
-FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AniaEBvlr4oVFMrGgPiye7iE/jv68AJ48
-OkIfwcKJt7N8ImPAboeimFvWgIheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
-FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AnjdB14rGa/rzz1ohwsi1oEnDRYuyAJ44
-Nv8MTPjOaeEZArQ0flg8OXwF37kCDQRDCIMREAgAzXu6DGSDAz4JH+mlthtiQwNZ
-FU8bjWanGT3DL6zubxwc3ZQmRaMOiVuvJUuaJv8fdGRSvp09dP2/x5mzq2rACiEn
-DwZssNSK5sigxgy2W9zeO9bOtg6bhqZLwlsL8Y2xZhyGL3qGeP4zL1QbXZ1QdJuO
-90Xu7GWYS6Wsj+Y6dUsZFYvTZwSiLkEmgFUTxkNue3DQtZ/KNkwoKc+aqU+S7gDN
-StQDvTNtR6IV11KbKcY1iQ0B2bkh4zShWwloIr83V6huAhfH8GA7UW6saRJAof5D
-JWUb+PRmU2TAOOlyZoM4nMH+sFFDPOeG8fbecwlox5BRTMqcCB5ELbQXoVZT+wAD
-BQf/ffI9R53f9USQkhsSak+k82JjRo9hqKAvPwBv3fDhMYqX3XRmwgNeax2y6Ub0
-AQkDhIC6eJILP5hTb2gjpmYYP7YE/7F1h37lUg7dDYeyPQF54mUXPnIg3uQ/V9HB
-TY+ZW8rsVe1KRvPAuVFU77FfCvIFdLSXVi1HSUcGv9Y7Kk4Tkr7vzKshlcIp6zZr
-O0Y3t/+ekBwTTQqEoUylVYkCSt3z6bjpVWbepkL88rbqJnPueTATw9shjbFYaND8
-cXZox9tQmlOIZ6gDeH1YvFf7ObRLxULm7C6hwik6agtXWkNABVXSxM6MB4hcP9QC
-+FEhK6y/7wC3SyNRBuFujDG1aohJBBgRAgAJBQJDCIMRAhsMAAoJEOqOiyEWuhNs
-VVMAoJ1gbL0PHVf7yDwMjO3HuJBErxLdAJ4v9ojJnvJu2yUl4W586soBm+wsLg==
-=fBrI
------END PGP PUBLIC KEY BLOCK-----
diff --git a/manifests/init.pp b/manifests/init.pp
index 675c78d..4db120d 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -29,7 +29,21 @@ class apt {
}
}
- include apt::preferences
+ config_file {
+ # little default settings which keep the system sane
+ "/etc/apt/apt.conf.d/from_puppet":
+ content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n",
+ before => Concatenated_file['/etc/apt/preferences'];
+ }
+
+ case $custom_preferences {
+ false: {
+ include apt::preferences::absent
+ }
+ default: {
+ include apt::preferences
+ }
+ }
if $apt_unattended_upgrades {
include apt::unattended_upgrades
@@ -55,48 +69,14 @@ class apt {
'/etc/apt/preferences'],
loglevel => info,
# Another Semaphor for all packages to reference
- alias => apt_updated;
+ alias => "apt_updated";
}
## This package should really always be current
package { "debian-archive-keyring": ensure => latest }
-
- case $lsbdistcodename {
- etch: {
- package { "debian-backports-keyring": ensure => latest }
-
- # This key was downloaded from
- # http://backports.org/debian/archive.key
- # and is needed to bootstrap the backports trustpath
- file { "${apt_base_dir}/backports.org.key":
- source => "puppet:///modules/apt/backports.org.key",
- mode => 0444, owner => root, group => root,
- }
- exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
- alias => "backports_key",
- refreshonly => true,
- subscribe => File["${apt_base_dir}/backports.org.key"],
- before => [ Concatenated_file[apt_config], Package["debian-backports-keyring"] ]
- }
- }
- lenny: {
- package { "debian-backports-keyring": ensure => latest }
- # This key was downloaded from
- # http://backports.org/debian/archive.key
- # and is needed to bootstrap the backports trustpath
- file { "${apt_base_dir}/backports.org.key":
- source => "puppet:///modules/apt/backports.org.key",
- mode => 0444, owner => root, group => root,
- }
- exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
- alias => "backports_key",
- refreshonly => true,
- subscribe => File["${apt_base_dir}/backports.org.key"],
- before => [ Concatenated_file[apt_config], Package["debian-backports-keyring"] ]
- }
- }
- }
+ # backports uses the normal archive key now
+ package { "debian-backports-keyring": ensure => absent }
if $custom_key_dir {
file { "${apt_base_dir}/keys.d":
@@ -114,4 +94,4 @@ class apt {
# workaround for preseeded_package component
file { [ "/var/cache", "/var/cache/local", "/var/cache/local/preseeding" ]: ensure => directory }
-}
+}
diff --git a/manifests/preferences.pp b/manifests/preferences.pp
index 232b8f7..772b426 100644
--- a/manifests/preferences.pp
+++ b/manifests/preferences.pp
@@ -4,7 +4,8 @@ class apt::preferences {
$apt_preferences_dir = "${common::moduledir::module_dir_path}/apt/preferences"
module_dir{'apt/preferences': }
file{"${apt_preferences_dir}_header":
- content => 'Package: *
+ content => $custom_preferences ? {
+ '' => 'Package: *
Pin: release a=unstable
Pin-Priority: 1
@@ -13,6 +14,8 @@ Pin: release a=testing
Pin-Priority: 2
',
+ default => $custom_preferences
+ },
}
concatenated_file{'/etc/apt/preferences':
@@ -25,10 +28,4 @@ Pin-Priority: 2
require => File["/etc/apt/sources.list"];
}
- config_file {
- # little default settings which keep the system sane
- "/etc/apt/apt.conf.d/from_puppet":
- content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n",
- before => Concatenated_file[apt_config];
- }
}
diff --git a/manifests/preferences/absent.pp b/manifests/preferences/absent.pp
new file mode 100644
index 0000000..3131aff
--- /dev/null
+++ b/manifests/preferences/absent.pp
@@ -0,0 +1,8 @@
+class apt::preferences::absent {
+ include common::moduledir
+ $apt_preferences_dir = "${common::moduledir::module_dir_path}/apt/preferences"
+ concatenated_file{'/etc/apt/preferences':
+ dir => $apt_preferences_dir,
+ ensure => absent,
+ }
+}
diff --git a/manifests/proxy-client.pp b/manifests/proxy-client.pp
new file mode 100644
index 0000000..ea0a29c
--- /dev/null
+++ b/manifests/proxy-client.pp
@@ -0,0 +1,18 @@
+class apt::proxy-client {
+
+ $real_apt_proxy = $apt_proxy ? {
+ "" => "localhost",
+ default => $apt_proxy
+ }
+
+ $real_apt_proxy_port = $apt_proxy_port ? {
+ "" => "3142",
+ default => $apt_proxy_port
+ }
+
+ file { "/etc/apt/apt.conf.d/20proxy":
+ ensure => present,
+ content => "Acquire::http { Proxy \"http://$real_apt_proxy:$real_apt_proxy_port\"; };\n",
+ owner => root, group => 0, mode => 0644;
+ }
+}
diff --git a/templates/sources.list.backports.erb b/templates/sources.list.backports.erb
new file mode 100644
index 0000000..b271ca7
--- /dev/null
+++ b/templates/sources.list.backports.erb
@@ -0,0 +1,8 @@
+# This file is brought to you by puppet
+
+# backports
+<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%>
+# There are no backports for for <%= lsbdistcodename %>
+<% else -%>
+deb http://backports.debian.org/debian-backports/ <%= lsbdistcodename %>-backports main
+<% end -%>
diff --git a/templates/sources.list.erb b/templates/sources.list.erb
index 169d7b5..feb5603 100644
--- a/templates/sources.list.erb
+++ b/templates/sources.list.erb
@@ -9,9 +9,3 @@ deb http://ftp.debian.org/debian/ <%= lsbdistcodename %> main contrib non-free
deb http://security.debian.org/ <%= lsbdistcodename %>/updates main contrib non-free
<% end -%>
-# backports
-<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%>
-# There are no backports for for <%= lsbdistcodename %>
-<% else -%>
-deb http://www.backports.org/debian/ <%= lsbdistcodename %>-backports main
-<% end -%>