7 files changed, 62 insertions, 49 deletions

diff --git a/README b/README
index 87b303a..5c13fc4 100644
--- a/README
+++ b/README
@@ -17,6 +17,10 @@ Ubuntu support is lagging behind but not absent either.
 
 ! Upgrade Notice !
 
+ * If you were using custom 50unattended-upgrades.${::lsbdistcodename} in your
+   site_apt, these are no longer supported. You should migrate to passing
+   $blacklisted_packages to the apt::unattended_upgrades class.
+
  * the apt class has been moved to a paramterized class. if you were including
    this class before, after passing some variables, you will need to move to
    instantiating the class with those variables instead. For example, if you 
@@ -370,6 +374,17 @@ apt::unattended_upgrades
 If this class is included, it will install the package 'unattended-upgrades'
 and configure it to daily upgrade the system.
 
+The class has the following parameters that you can use to change the contents
+of the configuration file. The values shown here are the default values:
+
+ * $config_content = undef
+ * $mailonlyonerror = true
+ * $mail_recipient = 'root'
+ * $blacklisted_packages = []
+
+Note that using $config_content actually specifies all of the configuration
+contents and thus makes the other parameters useless.
+
 Defines
 =======
 
diff --git a/files/Debian/50unattended-upgrades b/files/Debian/50unattended-upgrades
deleted file mode 100644
index 075f680..0000000
--- a/files/Debian/50unattended-upgrades
+++ /dev/null
@@ -1,12 +0,0 @@
-// this file is managed by puppet !
-
-Unattended-Upgrade::Origins-Pattern {
-        "o=Debian,a=oldstable,l=Debian-Security";
-        "o=Debian,a=stable,l=Debian-Security";
-}
-
-APT::Periodic::Update-Package-Lists "1";
-APT::Periodic::Download-Upgradeable-Packages "1";
-APT::Periodic::Unattended-Upgrade "1";
-
-Unattended-Upgrade::Mail "root";
diff --git a/files/Debian/50unattended-upgrades.squeeze b/files/Debian/50unattended-upgrades.squeeze
deleted file mode 100644
index 77f715d..0000000
--- a/files/Debian/50unattended-upgrades.squeeze
+++ /dev/null
@@ -1,14 +0,0 @@
-// this file is managed by puppet !
-
-Unattended-Upgrade::Allowed-Origins {
-//  "${distro-id} oldstable";
-//  "${distro_id} ${distro_codename}-backports";
-    "${distro_id} ${distro_codename}-security";
-    "${distro_id} ${distro_codename}-lts";
-};
-
-APT::Periodic::Update-Package-Lists "1";
-APT::Periodic::Download-Upgradeable-Packages "1";
-APT::Periodic::Unattended-Upgrade "1";
-
-Unattended-Upgrade::Mail "root";
diff --git a/files/Ubuntu/50unattended-upgrades b/files/Ubuntu/50unattended-upgrades
deleted file mode 100644
index 25c7758..0000000
--- a/files/Ubuntu/50unattended-upgrades
+++ /dev/null
@@ -1,16 +0,0 @@
-// this file is managed by puppet !
-
-Unattended-Upgrade::Allowed-Origins {
-  "${distro_id}:${distro_codename}-security";
-  "${distro_id}:${distro_codename}-updates";
-  "${distro_id}:${distro_codename}-backports";
-  //"${distro_id}:${distro_codename}-proposed";
-};
-
-
-APT::Periodic::Update-Package-Lists "1";
-APT::Periodic::Download-Upgradeable-Packages "1";
-APT::Periodic::Unattended-Upgrade "1";
-
-Unattended-Upgrade::Mail "root";
-Unattended-Upgrade::MailOnlyOnError "true";
diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp
index 80939e3..9f74bbd 100644
--- a/manifests/unattended_upgrades.pp
+++ b/manifests/unattended_upgrades.pp
@@ -1,15 +1,21 @@
-class apt::unattended_upgrades {
+class apt::unattended_upgrades (
+  $config_content = undef,
+  $mailonlyonerror = true,
+  $mail_recipient = 'root',
+  $blacklisted_packages = [],
+) {
 
   package { 'unattended-upgrades':
     ensure  => present
   }
 
+  $file_content = $config_content ? {
+    undef   => template('apt/50unattended-upgrades.erb'),
+    default => $config_content
+  }
+
   apt_conf { '50unattended-upgrades':
-    source  => [
-                "puppet:///modules/site_apt/${::lsbdistid}/50unattended-upgrades.${::lsbdistcodename}",
-                "puppet:///modules/site_apt/${::lsbdistid}/50unattended-upgrades",
-                "puppet:///modules/apt/${::lsbdistid}/50unattended-upgrades.${::lsbdistcodename}",
-                "puppet:///modules/apt/${::lsbdistid}/50unattended-upgrades" ],
+    content => $file_content,
     require => Package['unattended-upgrades'],
   }
 }
diff --git a/templates/50unattended-upgrades.erb b/templates/50unattended-upgrades.erb
new file mode 100644
index 0000000..4492c2d
--- /dev/null
+++ b/templates/50unattended-upgrades.erb
@@ -0,0 +1,34 @@
+// this file is managed by puppet !
+
+Unattended-Upgrade::Allowed-Origins {
+<% if scope.lookupvar('::operatingsystem') == 'Ubuntu' -%>
+  "${distro_id}:${distro_codename}-security";
+  "${distro_id}:${distro_codename}-updates";
+  "${distro_id}:${distro_codename}-backports";
+<% else -%>
+<% if scope.lookupvar('::lsbdistcodename') == 'squeeze' -%>
+  "${distro-id} ${distro-codename}-security";
+  "${distro-id} ${distro-codename}-lts";
+<% else -%>
+  # See Debian bug #704087
+  "o=Debian,a=oldstable,l=Debian-Security";
+  "o=Debian,a=stable,l=Debian-Security";
+<% end -%>
+};
+
+<% if not @blacklisted_packages.empty?  -%>
+Unattended-Upgrade::Package-Blacklist {
+<% @blacklisted_packages.each do |pkg| -%>
+  "<%= pkg %>";
+<% end -%>
+}
+<% end -%>
+
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "1";
+APT::Periodic::Unattended-Upgrade "1";
+
+Unattended-Upgrade::Mail "<%= @mail_recipient -%>";
+<% if @mailonlyonerror -%>
+Unattended-Upgrade::MailOnlyOnError "true";
+<% end -%>
diff --git a/templates/Ubuntu/sources.list.erb b/templates/Ubuntu/sources.list.erb
index c1a6115..8d2585d 100644
--- a/templates/Ubuntu/sources.list.erb
+++ b/templates/Ubuntu/sources.list.erb
@@ -20,7 +20,7 @@ deb-src <%= ubuntu_url %> <%= codename %>-security <%= lrepos %>
 <% end -%>
 
 # backports
-deb <%= ubuntu_url %> <%= codename %>-backports main <%= lrepos %>
+deb <%= ubuntu_url %> <%= codename %>-backports <%= lrepos %>
 <% if include_src -%>
 deb-src <%= ubuntu_url %> <%= codename %>-backports <%= lrepos %>
 <% end -%>