aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2024-08-19 09:48:40 -0300
committerSilvio Rhatto <rhatto@riseup.net>2024-08-19 09:48:40 -0300
commit8cf2fef7ecefa4cff9ae1545eddc9a07c0dc4fc0 (patch)
tree6b738c70e06ffeefa14021f34941d260ecb645c5
parent20658b1f3e41f2b1f7b0d796ac72f45c36d03730 (diff)
downloadpuppet-nodo-8cf2fef7ecefa4cff9ae1545eddc9a07c0dc4fc0.tar.gz
puppet-nodo-8cf2fef7ecefa4cff9ae1545eddc9a07c0dc4fc0.tar.bz2
Changes on Tor, Signal and APT repository handling
-rw-r--r--files/etc/apt/keyrings/signal.org.gpg (renamed from files/etc/apt/trusted.gpg.d/signal.org.gpg)bin2223 -> 2223 bytes
-rw-r--r--files/usr/share/keyrings/deb.torproject.org-keyring.gpg (renamed from files/etc/apt/trusted.gpg.d/torproject.org.gpg)bin37730 -> 38678 bytes
-rw-r--r--manifests/subsystem/apt/repo.pp24
-rw-r--r--manifests/utils/network/signal.pp4
-rw-r--r--manifests/utils/network/tor.pp21
5 files changed, 39 insertions, 10 deletions
diff --git a/files/etc/apt/trusted.gpg.d/signal.org.gpg b/files/etc/apt/keyrings/signal.org.gpg
index b5e68a0..b5e68a0 100644
--- a/files/etc/apt/trusted.gpg.d/signal.org.gpg
+++ b/files/etc/apt/keyrings/signal.org.gpg
Binary files differ
diff --git a/files/etc/apt/trusted.gpg.d/torproject.org.gpg b/files/usr/share/keyrings/deb.torproject.org-keyring.gpg
index 7614b20..738ef5d 100644
--- a/files/etc/apt/trusted.gpg.d/torproject.org.gpg
+++ b/files/usr/share/keyrings/deb.torproject.org-keyring.gpg
Binary files differ
diff --git a/manifests/subsystem/apt/repo.pp b/manifests/subsystem/apt/repo.pp
index ca8f5e1..d6e03c0 100644
--- a/manifests/subsystem/apt/repo.pp
+++ b/manifests/subsystem/apt/repo.pp
@@ -1,15 +1,31 @@
define nodo::subsystem::apt::repo(
$definition,
$key_source,
- $ensure = present,
+ $keyrings_folder = '/etc/apt/keyrings',
+ $ensure = present,
) {
- file { "/etc/apt/trusted.gpg.d/${name}.gpg":
+ # The recommended locations for keyrings are /usr/share/keyrings for keyrings
+ # managed by packages, and /etc/apt/keyrings for keyrings managed by the
+ # system operator. If no keyring files are specified the default is the
+ # trusted.gpg keyring and all keyrings in the trusted.gpg.d/ directory (see
+ # apt-key fingerprint).
+ #
+ # -- sources.list(5)
+ file { "${keyrings_folder}/${name}.gpg":
ensure => $ensure,
owner => "root",
group => "root",
mode => "0644",
source => $key_source,
- notify => Exec["apt-repo-auto-update-${name}"],
+ }
+
+ # Old location
+ file { "/etc/apt/trusted.gpg.d/${name}.gpg":
+ ensure => absent,
+ owner => "root",
+ group => "root",
+ mode => "0644",
+ source => $key_source,
}
file { "/etc/apt/sources.list.d/${name}.list":
@@ -18,7 +34,7 @@ define nodo::subsystem::apt::repo(
group => "root",
mode => "0644",
content => "${definition}\n",
- require => [ File["/etc/apt/trusted.gpg.d/${name}.gpg"], Package['apt-transport-https'] ],
+ require => [ File["${keyrings_folder}/${name}.gpg"], Package['apt-transport-https'] ],
notify => Exec["apt-repo-auto-update-${name}"],
}
diff --git a/manifests/utils/network/signal.pp b/manifests/utils/network/signal.pp
index 037140a..6cd200b 100644
--- a/manifests/utils/network/signal.pp
+++ b/manifests/utils/network/signal.pp
@@ -1,7 +1,7 @@
class nodo::utils::network::signal {
nodo::subsystem::apt::repo { 'signal.org':
- definition => 'deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main',
- key_source => 'puppet:///modules/nodo/etc/apt/trusted.gpg.d/signal.org.gpg',
+ definition => 'deb [signed-by=/etc/apt/keyrings/signal.org.gpg arch=amd64] https://updates.signal.org/desktop/apt xenial main',
+ key_source => 'puppet:///modules/nodo/etc/apt/keyrings/signal.org.gpg',
}
package { 'signal-desktop':
diff --git a/manifests/utils/network/tor.pp b/manifests/utils/network/tor.pp
index 78b08a4..f8726f7 100644
--- a/manifests/utils/network/tor.pp
+++ b/manifests/utils/network/tor.pp
@@ -3,9 +3,15 @@
class nodo::utils::network::tor (
$ensure = 'installed',
) {
- nodo::subsystem::apt::repo { 'torproject.org':
- definition => "deb [signed-by=/etc/apt/trusted.gpg.d/torproject.org.gpg] https://deb.torproject.org/torproject.org ${::lsbdistcodename} main",
- key_source => 'puppet:///modules/nodo/etc/apt/trusted.gpg.d/torproject.org.gpg',
+ # Old keyring location
+ file { '/etc/apt/trusted.gpg.d/torproject.org.gpg':
+ ensure => absent,
+ }
+
+ nodo::subsystem::apt::repo { 'deb.torproject.org-keyring.gpg':
+ definition => "deb [signed-by=/usr/share/keyrings/deb.torproject.org-keyring.gpg] https://deb.torproject.org/torproject.org ${::lsbdistcodename} main",
+ key_source => 'puppet:///modules/nodo/usr/share/keyrings/deb.torproject.org-keyring.gpg',
+ keyrings_folder => '/usr/share/keyrings',
}
package { "deb.torproject.org-keyring":
@@ -14,8 +20,15 @@ class nodo::utils::network::tor (
}
package { [
- 'tor-arm',
+ 'nyx',
]:
ensure => $ensure,
}
+
+ # Package 'tor-arm' was renamed to 'nyx'
+ package { [
+ 'tor-arm',
+ ]:
+ ensure => absent,
+ }
}