diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2024-08-19 09:48:40 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2024-08-19 09:48:40 -0300 |
| commit | 8cf2fef7ecefa4cff9ae1545eddc9a07c0dc4fc0 (patch) | |
| tree | 6b738c70e06ffeefa14021f34941d260ecb645c5 | |
| parent | 20658b1f3e41f2b1f7b0d796ac72f45c36d03730 (diff) | |
| download | puppet-nodo-8cf2fef7ecefa4cff9ae1545eddc9a07c0dc4fc0.tar.gz puppet-nodo-8cf2fef7ecefa4cff9ae1545eddc9a07c0dc4fc0.tar.bz2 | |
Changes on Tor, Signal and APT repository handling
| -rw-r--r-- | files/etc/apt/keyrings/signal.org.gpg (renamed from files/etc/apt/trusted.gpg.d/signal.org.gpg) | bin | 2223 -> 2223 bytes | |||
| -rw-r--r-- | files/usr/share/keyrings/deb.torproject.org-keyring.gpg (renamed from files/etc/apt/trusted.gpg.d/torproject.org.gpg) | bin | 37730 -> 38678 bytes | |||
| -rw-r--r-- | manifests/subsystem/apt/repo.pp | 24 | ||||
| -rw-r--r-- | manifests/utils/network/signal.pp | 4 | ||||
| -rw-r--r-- | manifests/utils/network/tor.pp | 21 |
5 files changed, 39 insertions, 10 deletions
diff --git a/files/etc/apt/trusted.gpg.d/signal.org.gpg b/files/etc/apt/keyrings/signal.org.gpg Binary files differindex b5e68a0..b5e68a0 100644 --- a/files/etc/apt/trusted.gpg.d/signal.org.gpg +++ b/files/etc/apt/keyrings/signal.org.gpg diff --git a/files/etc/apt/trusted.gpg.d/torproject.org.gpg b/files/usr/share/keyrings/deb.torproject.org-keyring.gpg Binary files differindex 7614b20..738ef5d 100644 --- a/files/etc/apt/trusted.gpg.d/torproject.org.gpg +++ b/files/usr/share/keyrings/deb.torproject.org-keyring.gpg diff --git a/manifests/subsystem/apt/repo.pp b/manifests/subsystem/apt/repo.pp index ca8f5e1..d6e03c0 100644 --- a/manifests/subsystem/apt/repo.pp +++ b/manifests/subsystem/apt/repo.pp @@ -1,15 +1,31 @@ define nodo::subsystem::apt::repo( $definition, $key_source, - $ensure = present, + $keyrings_folder = '/etc/apt/keyrings', + $ensure = present, ) { - file { "/etc/apt/trusted.gpg.d/${name}.gpg": + # The recommended locations for keyrings are /usr/share/keyrings for keyrings + # managed by packages, and /etc/apt/keyrings for keyrings managed by the + # system operator. If no keyring files are specified the default is the + # trusted.gpg keyring and all keyrings in the trusted.gpg.d/ directory (see + # apt-key fingerprint). + # + # -- sources.list(5) + file { "${keyrings_folder}/${name}.gpg": ensure => $ensure, owner => "root", group => "root", mode => "0644", source => $key_source, - notify => Exec["apt-repo-auto-update-${name}"], + } + + # Old location + file { "/etc/apt/trusted.gpg.d/${name}.gpg": + ensure => absent, + owner => "root", + group => "root", + mode => "0644", + source => $key_source, } file { "/etc/apt/sources.list.d/${name}.list": @@ -18,7 +34,7 @@ define nodo::subsystem::apt::repo( group => "root", mode => "0644", content => "${definition}\n", - require => [ File["/etc/apt/trusted.gpg.d/${name}.gpg"], Package['apt-transport-https'] ], + require => [ File["${keyrings_folder}/${name}.gpg"], Package['apt-transport-https'] ], notify => Exec["apt-repo-auto-update-${name}"], } diff --git a/manifests/utils/network/signal.pp b/manifests/utils/network/signal.pp index 037140a..6cd200b 100644 --- a/manifests/utils/network/signal.pp +++ b/manifests/utils/network/signal.pp @@ -1,7 +1,7 @@ class nodo::utils::network::signal { nodo::subsystem::apt::repo { 'signal.org': - definition => 'deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main', - key_source => 'puppet:///modules/nodo/etc/apt/trusted.gpg.d/signal.org.gpg', + definition => 'deb [signed-by=/etc/apt/keyrings/signal.org.gpg arch=amd64] https://updates.signal.org/desktop/apt xenial main', + key_source => 'puppet:///modules/nodo/etc/apt/keyrings/signal.org.gpg', } package { 'signal-desktop': diff --git a/manifests/utils/network/tor.pp b/manifests/utils/network/tor.pp index 78b08a4..f8726f7 100644 --- a/manifests/utils/network/tor.pp +++ b/manifests/utils/network/tor.pp @@ -3,9 +3,15 @@ class nodo::utils::network::tor ( $ensure = 'installed', ) { - nodo::subsystem::apt::repo { 'torproject.org': - definition => "deb [signed-by=/etc/apt/trusted.gpg.d/torproject.org.gpg] https://deb.torproject.org/torproject.org ${::lsbdistcodename} main", - key_source => 'puppet:///modules/nodo/etc/apt/trusted.gpg.d/torproject.org.gpg', + # Old keyring location + file { '/etc/apt/trusted.gpg.d/torproject.org.gpg': + ensure => absent, + } + + nodo::subsystem::apt::repo { 'deb.torproject.org-keyring.gpg': + definition => "deb [signed-by=/usr/share/keyrings/deb.torproject.org-keyring.gpg] https://deb.torproject.org/torproject.org ${::lsbdistcodename} main", + key_source => 'puppet:///modules/nodo/usr/share/keyrings/deb.torproject.org-keyring.gpg', + keyrings_folder => '/usr/share/keyrings', } package { "deb.torproject.org-keyring": @@ -14,8 +20,15 @@ class nodo::utils::network::tor ( } package { [ - 'tor-arm', + 'nyx', ]: ensure => $ensure, } + + # Package 'tor-arm' was renamed to 'nyx' + package { [ + 'tor-arm', + ]: + ensure => absent, + } } |