From 813436c5524f6a715de9f4bdd21439772edcc256 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Sat, 19 Aug 2017 13:52:20 -0300
Subject: Remove obsolete packages and configure debsecan

---
 manifests/subsystem/security.pp          | 16 ++++++++++++++++
 manifests/utils.pp                       | 14 +-------------
 manifests/utils/android.pp               | 11 ++++++++++-
 manifests/utils/development/ide.pp       |  9 ++++++++-
 manifests/utils/development/toolchain.pp |  2 +-
 manifests/utils/latex.pp                 |  9 ++++++++-
 templates/debsecan/default.erb           | 17 +++++++++++++++++
 7 files changed, 61 insertions(+), 17 deletions(-)
 create mode 100644 templates/debsecan/default.erb

diff --git a/manifests/subsystem/security.pp b/manifests/subsystem/security.pp
index faf00bb..701b586 100644
--- a/manifests/subsystem/security.pp
+++ b/manifests/subsystem/security.pp
@@ -8,4 +8,20 @@ class nodo::subsystem::security {
     group   => "root",
     mode    => "0755",
   }
+
+  package { [ 'debsecan', 'debian-security-support' ]:
+    ensure => $::lsbdistcodename ? {
+      'trusty' => absent,
+      default  => present,
+    },
+  }
+
+  file { '/etc/default/debsecan' :
+    ensure  => present,
+    owner   => "root",
+    group   => "root",
+    mode    => "0644",
+    content => template("nodo/debsecan/default.erb"),
+    require => Package['debsecan'],
+  }
 }
diff --git a/manifests/utils.pp b/manifests/utils.pp
index 0bd6b59..d033b09 100644
--- a/manifests/utils.pp
+++ b/manifests/utils.pp
@@ -4,14 +4,7 @@ class nodo::utils inherits nodo::utils::base {
     ensure => present,
   }
 
-  package { 'debian-security-support':
-    ensure => $::lsbdistcodename ? {
-      'trusty' => absent,
-      default  => present,
-    },
-  }
-
-  package { [ 'debsecan', 'needrestart' ]:
+  package { 'needrestart':
     ensure  => present,
   }
 
@@ -22,11 +15,6 @@ class nodo::utils inherits nodo::utils::base {
     }
   }
 
-  # To be considered
-  #package { 'needrestart':
-  #  ensure  => present,
-  #}
-
   if !defined(Package['git']) {
     package { 'git':
       ensure => latest,
diff --git a/manifests/utils/android.pp b/manifests/utils/android.pp
index b3f9d29..ad68608 100644
--- a/manifests/utils/android.pp
+++ b/manifests/utils/android.pp
@@ -4,8 +4,17 @@ class nodo::utils::android (
   package { [
     'android-tools-adb',
     'android-tools-fastboot',
+  ]:
+    ensure => $ensure,
+  }
+
+  # Not available on stretch
+  package { [
     'android-tools-fsutils',
   ]:
-    ensure  => $ensure,
+    ensure => $::lsbdistcodename ? {
+      'stretch' => undef,
+      default   => present,
+    },
   }
 }
diff --git a/manifests/utils/development/ide.pp b/manifests/utils/development/ide.pp
index 99f9112..70045b0 100644
--- a/manifests/utils/development/ide.pp
+++ b/manifests/utils/development/ide.pp
@@ -3,7 +3,7 @@ class nodo::utils::development::ide (
 ) {
   # In use
   package { [
-    'mr',
+    'myrepos',
     'stow',
     'hexedit',
     'ack-grep',
@@ -25,4 +25,11 @@ class nodo::utils::development::ide (
   ]:
     ensure => $ensure,
   }
+
+  # Old stuff
+  package { [
+    'mr',
+  ]:
+    ensure => absent,
+  }
 }
diff --git a/manifests/utils/development/toolchain.pp b/manifests/utils/development/toolchain.pp
index 8adec01..5678d4e 100644
--- a/manifests/utils/development/toolchain.pp
+++ b/manifests/utils/development/toolchain.pp
@@ -3,7 +3,6 @@ class nodo::utils::development::toolchain (
 ) {
   package { [
     'emdebian-archive-keyring',
-    'scratchbox2',
     'qemu-user-static',
     'multistrap',
     'fakechroot',
@@ -15,6 +14,7 @@ class nodo::utils::development::toolchain (
   package { [
     'xapt',
     'pdebuild-cross',
+    'scratchbox2',
   ]:
     ensure => absent,
   }
diff --git a/manifests/utils/latex.pp b/manifests/utils/latex.pp
index d95b49b..c8c8086 100644
--- a/manifests/utils/latex.pp
+++ b/manifests/utils/latex.pp
@@ -8,11 +8,18 @@ class nodo::utils::latex (
     'texlive-latex-extra',
     'texlive-fonts-extra',
     'texlive-lang-portuguese',
+    'texlive-extra-utils',
     'vim-latexsuite',
-    'pdfjam',
     'pdftk',
     #'pdfsam',
   ]:
     ensure => $ensure,
   }
+
+  # Old stuff
+  package { [
+    'pdfjam',
+  ]:
+    ensure => absent,
+  }
 }
diff --git a/templates/debsecan/default.erb b/templates/debsecan/default.erb
new file mode 100644
index 0000000..7fc18e2
--- /dev/null
+++ b/templates/debsecan/default.erb
@@ -0,0 +1,17 @@
+# Configuration file for debsecan.  Contents of this file should
+# adhere to the KEY=VALUE shell syntax.  This file may be edited by
+# debsecan's scripts, but your modifications are preserved.
+
+# If true, enable daily reports, sent by email.
+REPORT=true
+
+# For better reporting, specify the correct suite here, using the code
+# name (that is, "sid" instead of "unstable").
+SUITE=<%= scope.lookupvar('::lsbdistcodename') %>
+
+# Mail address to which reports are sent.
+MAILTO=root
+
+# The URL from which vulnerability data is downloaded.  Empty for the
+# built-in default.
+SOURCE=
-- 
cgit v1.2.3