diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2024-08-19 10:13:06 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2024-08-19 10:13:06 -0300 |
| commit | 56aa0e556b74c0864fc5733ebd751aa67517e164 (patch) | |
| tree | e58b038d890c9556c2d069190937826123f33b25 | |
| parent | 8cf2fef7ecefa4cff9ae1545eddc9a07c0dc4fc0 (diff) | |
| download | puppet-nodo-56aa0e556b74c0864fc5733ebd751aa67517e164.tar.gz puppet-nodo-56aa0e556b74c0864fc5733ebd751aa67517e164.tar.bz2 | |
Fix: nodo::utils::network::tor: setup the keyring only in the first time, then let deb.torproject.org-keyring package to manage it
| -rw-r--r-- | manifests/subsystem/apt/repo.pp | 1 | ||||
| -rw-r--r-- | manifests/utils/network/tor.pp | 27 |
2 files changed, 21 insertions, 7 deletions
diff --git a/manifests/subsystem/apt/repo.pp b/manifests/subsystem/apt/repo.pp index d6e03c0..0495a0f 100644 --- a/manifests/subsystem/apt/repo.pp +++ b/manifests/subsystem/apt/repo.pp @@ -2,6 +2,7 @@ define nodo::subsystem::apt::repo( $definition, $key_source, $keyrings_folder = '/etc/apt/keyrings', + $keyring_name = $name, $ensure = present, ) { # The recommended locations for keyrings are /usr/share/keyrings for keyrings diff --git a/manifests/utils/network/tor.pp b/manifests/utils/network/tor.pp index f8726f7..f93d37a 100644 --- a/manifests/utils/network/tor.pp +++ b/manifests/utils/network/tor.pp @@ -3,15 +3,28 @@ class nodo::utils::network::tor ( $ensure = 'installed', ) { - # Old keyring location - file { '/etc/apt/trusted.gpg.d/torproject.org.gpg': - ensure => absent, + $keyrings_folder = "/usr/share/keyrings" + $keyring = "${keyrings_folder}/deb.torproject.org-keyring.gpg" + + nodo::subsystem::apt::repo { 'torproject.org': + definition => "deb [signed-by=${keyring}] https://deb.torproject.org/torproject.org ${::lsbdistcodename} main", + key_source => "puppet:///modules/nodo/${keyring}", + keyrings_folder => "${keyrings_folder}", } - nodo::subsystem::apt::repo { 'deb.torproject.org-keyring.gpg': - definition => "deb [signed-by=/usr/share/keyrings/deb.torproject.org-keyring.gpg] https://deb.torproject.org/torproject.org ${::lsbdistcodename} main", - key_source => 'puppet:///modules/nodo/usr/share/keyrings/deb.torproject.org-keyring.gpg', - keyrings_folder => '/usr/share/keyrings', + # Puppet should setup the Tor Project's APT keyring only in the first time + # Afterwards ${keyring} will be managed by the deb.torproject.org-keyring package + # + # References: + # + # * https://support.torproject.org/apt/tor-deb-repo/ + # * https://gitlab.torproject.org/tpo/web/support/-/merge_requests/220 + exec { 'torproject-keyring-copy': + command => "cp ${keyrings_folder}/torproject.org.gpg ${keyring}", + onlyif => "/bin/test ! -e ${keyring}", + creates => "${keyring}", + require => File["${keyrings_folder}/torproject.org.gpg"], + notify => Exec["apt-repo-auto-update-torproject.org"], } package { "deb.torproject.org-keyring": |