diff --git a/REFERENCE.md b/REFERENCE.md
index d7173cf7e4..814771ce66 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -17,7 +17,7 @@
### Defined types
-* [`apt::auth`](#apt--auth)
+* [`apt::auth`](#apt--auth): Manages the Apt auth conf in /etc/apt/auth.conf.d/.
* [`apt::conf`](#apt--conf): Specifies a custom Apt configuration file.
* [`apt::key`](#apt--key): Manages the GPG keys that Apt uses to authenticate packages.
* [`apt::keyring`](#apt--keyring): Manage GPG keyrings for apt repositories
@@ -31,9 +31,7 @@
#### Private Resource types
-* `apt_key`: This type provides Puppet with the capabilities to manage GPG keys needed
-by apt to perform package validation. Apt has it's own GPG keyring that can
-be manipulated through the `apt-key` command.
+* `apt_key`: Manages GPG keys needed by apt to perform package validation.
### Data types
@@ -577,7 +575,19 @@ Default value: `{}`
### `apt::auth`
-The apt::auth class.
+Manages the Apt auth conf in /etc/apt/auth.conf.d/.
+
+#### Examples
+
+##### Install the puppetlabs apt auth
+
+```puppet
+apt::auth { 'puppetlabs':
+ machine => 'apt.puppetlabs.com',
+ login => 'apt',
+ password => 'password',
+}
+```
#### Parameters
@@ -592,7 +602,7 @@ The following parameters are available in the `apt::auth` defined type:
Data type: `String`
-
+Specifies whether the Apt auth file should exist. Valid options: 'present' and 'absent'.
Default value: `'present'`
@@ -600,7 +610,7 @@ Default value: `'present'`
Data type: `String`
-
+The machine entry specifies the auth URI.
Default value: `$name`
@@ -608,7 +618,7 @@ Default value: `$name`
Data type: `String`
-
+The username to be used.
Default value: `undef`
@@ -616,7 +626,7 @@ Default value: `undef`
Data type: `String`
-
+The password to be used.
Default value: `undef`
@@ -784,6 +794,21 @@ apt::source { 'puppet8-release':
}
```
+##### Deploy the apt source and associated keyring file with checksum
+
+```puppet
+apt::source { 'puppet8-release':
+ location => 'http://apt.puppetlabs.com',
+ repos => 'puppet8',
+ key => {
+ name => 'puppetlabs-keyring.gpg',
+ source => 'https://apt.puppetlabs.com/keyring.gpg'
+ checksum => 'sha256',
+ checksum_value => '9d7a61ab06b18454e9373edec4fc7c87f9a91bacfc891893ba0da37a33069771',
+ }
+}
+```
+
#### Parameters
The following parameters are available in the `apt::keyring` defined type:
@@ -794,6 +819,8 @@ The following parameters are available in the `apt::keyring` defined type:
* [`source`](#-apt--keyring--source)
* [`content`](#-apt--keyring--content)
* [`ensure`](#-apt--keyring--ensure)
+* [`checksum`](#-apt--keyring--checksum)
+* [`checksum_value`](#-apt--keyring--checksum_value)
##### `dir`
@@ -843,6 +870,29 @@ Ensure presence or absence of the resource.
Default value: `'present'`
+##### `checksum`
+
+Data type: `Optional[Enum['md5','sha256','sha224','sha384','sha512']]`
+
+Checksum type of the keyfile.
+Only md5, sha256, sha224, sha384 and sha512 are supported when specifying
+this parameter (due to checksum_value parameter).
+Optional, but is useful if the keyfile is from a remote HTTP source that
+does not provide the necessary headers for the file resource to determine if
+content has changed.
+
+Default value: `undef`
+
+##### `checksum_value`
+
+Data type: `Optional[String]`
+
+The value of the checksum, must be a String.
+Only md5, sha256, sha224, sha384 and sha512 are supported when specifying
+this parameter.
+
+Default value: `undef`
+
### `apt::mark`
Manages apt-mark settings
@@ -1149,14 +1199,31 @@ apt::source { 'puppetlabs':
extension. Absence of extension will result in file formation with just name and no extension.
apt::source { 'puppetlabs':
location => 'http://apt.puppetlabs.com',
- comment => 'Puppet8',
+ repos => 'puppet8'
+ comment => 'Puppet 8 release',
key => {
- 'name' => 'puppetlabs.gpg',
+ 'name' => 'puppetlabs-keyring.gpg',
'source' => 'https://apt.puppetlabs.com/keyring.gpg',
},
}
```
+##### Deploy the apt source and associated keyring file with checksum
+
+```puppet
+apt::source { 'puppetlabs':
+ location => 'http://apt.puppetlabs.com',
+ repos => 'puppet8',
+ comment => 'Puppet 8 release',
+ key => {
+ name => 'puppetlabs-keyring.gpg',
+ source => 'https://apt.puppetlabs.com/keyring.gpg'
+ checksum => 'sha256',
+ checksum_value => '9d7a61ab06b18454e9373edec4fc7c87f9a91bacfc891893ba0da37a33069771',
+ }
+}
+```
+
##### Install the puppetlabs apt source (deb822 format)
```puppet
@@ -1275,7 +1342,7 @@ Default value: `{}`
Data type: `Optional[Variant[String[1], Hash]]`
Creates an `apt::keyring` in `/etc/apt/keyrings` (or anywhere on disk given `filename`) Valid options:
- * a hash of `parameter => value` pairs to be passed to `file`: `name` (title), `content`, `source`, `filename`
+ * a hash of `parameter => value` pairs to be passed to `file`: `name` (title), `content`, `source`, `filename`, `checksum`, `checksum_value`.
The following inputs are valid for the (deprecated) `apt::key` defined type. Valid options:
* a string to be passed to the `id` parameter of the `apt::key` defined type
diff --git a/lib/puppet/type/apt_key.rb b/lib/puppet/type/apt_key.rb
index faa430be42..ae2d80661a 100644
--- a/lib/puppet/type/apt_key.rb
+++ b/lib/puppet/type/apt_key.rb
@@ -5,9 +5,10 @@
Puppet::Type.newtype(:apt_key) do
@doc = <<-MANIFEST
- @summary This type provides Puppet with the capabilities to manage GPG keys needed
- by apt to perform package validation. Apt has it's own GPG keyring that can
- be manipulated through the `apt-key` command.
+ @summary Manages GPG keys needed by apt to perform package validation.
+
+ Apt has its own GPG keyring that can be manipulated through the
+ `apt-key` command.
@example Basic usage
apt_key { '6F6B15509CF8E59E6E469F327F438280EF8D349F':
diff --git a/manifests/auth.pp b/manifests/auth.pp
index 23af75ec9b..4965e08c18 100644
--- a/manifests/auth.pp
+++ b/manifests/auth.pp
@@ -19,7 +19,6 @@
# @param password
# The password to be used.
#
-
define apt::auth (
String $ensure = 'present',
String $machine = $name,
diff --git a/manifests/backports.pp b/manifests/backports.pp
index f2acb98a40..27b622f33b 100644
--- a/manifests/backports.pp
+++ b/manifests/backports.pp
@@ -41,13 +41,13 @@
# Specifies whether to include 'deb' or 'src', or both.
#
class apt::backports (
- Optional[Stdlib::HTTPUrl] $location = undef,
- Optional[String[1]] $release = undef,
- Optional[String[1]] $repos = undef,
+ Optional[Stdlib::HTTPUrl] $location = undef,
+ Optional[String[1]] $release = undef,
+ Optional[String[1]] $repos = undef,
Optional[Variant[String[1], Hash]] $key = undef,
- Stdlib::AbsolutePath $keyring = "/usr/share/keyrings/${facts['os']['name'].downcase}-archive-keyring.gpg",
- Variant[Integer, String[1], Hash] $pin = 200,
- Hash $include = {},
+ Stdlib::AbsolutePath $keyring = "/usr/share/keyrings/${facts['os']['name'].downcase}-archive-keyring.gpg",
+ Variant[Integer, String[1], Hash] $pin = 200,
+ Hash $include = {},
) {
include apt
diff --git a/manifests/conf.pp b/manifests/conf.pp
index 8bd712578e..c328bc372e 100644
--- a/manifests/conf.pp
+++ b/manifests/conf.pp
@@ -14,10 +14,10 @@
# Specifies whether to trigger an `apt-get update` run.
#
define apt::conf (
- Optional[String[1]] $content = undef,
- Enum['present', 'absent'] $ensure = present,
+ Optional[String[1]] $content = undef,
+ Enum['present', 'absent'] $ensure = present,
Variant[String[1], Integer[0]] $priority = 50,
- Optional[Boolean] $notify_update = undef,
+ Optional[Boolean] $notify_update = undef,
) {
unless $ensure == 'absent' {
unless $content {
diff --git a/manifests/init.pp b/manifests/init.pp
index c144bcf525..0b29911565 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -155,13 +155,13 @@
# The fault `source_key` settings
#
class apt (
- Hash $update_defaults = {
+ Hash $update_defaults = {
'frequency' => 'reluctantly',
'loglevel' => undef,
'timeout' => undef,
'tries' => undef,
},
- Hash $purge_defaults = {
+ Hash $purge_defaults = {
'sources.list' => false,
'sources.list.d' => false,
'preferences' => false,
@@ -169,7 +169,7 @@
'apt.conf.d' => false,
'auth.conf.d' => false,
},
- Hash $proxy_defaults = {
+ Hash $proxy_defaults = {
'ensure' => undef,
'host' => undef,
'port' => 8080,
@@ -177,39 +177,39 @@
'https_acng' => false,
'direct' => false,
},
- Hash $include_defaults = {
+ Hash $include_defaults = {
'deb' => true,
'src' => false,
},
- Stdlib::Absolutepath $provider = '/usr/bin/apt-get',
- Stdlib::Host $keyserver = 'keyserver.ubuntu.com',
- Optional[String[1]] $key_options = undef,
- Optional[Array[String[1]]] $ppa_options = undef,
- Optional[String[1]] $ppa_package = undef,
- Optional[Hash] $backports = undef,
- Hash $confs = {},
- Hash $update = {},
- Hash $purge = {},
- Apt::Proxy $proxy = {},
- Hash $sources = {},
- Hash $auths = {},
- Hash $keys = {},
- Hash $keyrings = {},
- Hash $ppas = {},
- Hash $pins = {},
- Hash $settings = {},
- Boolean $manage_auth_conf = true,
+ Stdlib::Absolutepath $provider = '/usr/bin/apt-get',
+ Stdlib::Host $keyserver = 'keyserver.ubuntu.com',
+ Optional[String[1]] $key_options = undef,
+ Optional[Array[String[1]]] $ppa_options = undef,
+ Optional[String[1]] $ppa_package = undef,
+ Optional[Hash] $backports = undef,
+ Hash $confs = {},
+ Hash $update = {},
+ Hash $purge = {},
+ Apt::Proxy $proxy = {},
+ Hash $sources = {},
+ Hash $auths = {},
+ Hash $keys = {},
+ Hash $keyrings = {},
+ Hash $ppas = {},
+ Hash $pins = {},
+ Hash $settings = {},
+ Boolean $manage_auth_conf = true,
Array[Apt::Auth_conf_entry] $auth_conf_entries = [],
- String[1] $auth_conf_owner = '_apt',
- Stdlib::Absolutepath $root = '/etc/apt',
- Stdlib::Absolutepath $sources_list = "${root}/sources.list",
- Stdlib::Absolutepath $sources_list_d = "${root}/sources.list.d",
- Stdlib::Absolutepath $conf_d = "${root}/apt.conf.d",
- Stdlib::Absolutepath $preferences = "${root}/preferences",
- Stdlib::Absolutepath $preferences_d = "${root}/preferences.d",
- Stdlib::Absolutepath $apt_conf_d = "${root}/apt.conf.d",
- Stdlib::Absolutepath $auth_conf_d = "${root}/auth.conf.d",
- Hash $config_files = {
+ String[1] $auth_conf_owner = '_apt',
+ Stdlib::Absolutepath $root = '/etc/apt',
+ Stdlib::Absolutepath $sources_list = "${root}/sources.list",
+ Stdlib::Absolutepath $sources_list_d = "${root}/sources.list.d",
+ Stdlib::Absolutepath $conf_d = "${root}/apt.conf.d",
+ Stdlib::Absolutepath $preferences = "${root}/preferences",
+ Stdlib::Absolutepath $preferences_d = "${root}/preferences.d",
+ Stdlib::Absolutepath $apt_conf_d = "${root}/apt.conf.d",
+ Stdlib::Absolutepath $auth_conf_d = "${root}/auth.conf.d",
+ Hash $config_files = {
'conf' => {
'path' => $conf_d,
'ext' => '',
@@ -227,8 +227,8 @@
'ext' => '.sources',
},
},
- Boolean $sources_list_force = false,
- Hash $source_key_defaults = {
+ Boolean $sources_list_force = false,
+ Hash $source_key_defaults = {
'server' => $keyserver,
'options' => undef,
'content' => undef,
diff --git a/manifests/key.pp b/manifests/key.pp
index 8549742caf..9e4894a7b2 100644
--- a/manifests/key.pp
+++ b/manifests/key.pp
@@ -37,13 +37,13 @@
# Passes additional options to `apt-key adv --keyserver-options`.
#
define apt::key (
- Pattern[/\A(0x)?[0-9a-fA-F]{8}\Z/, /\A(0x)?[0-9a-fA-F]{16}\Z/, /\A(0x)?[0-9a-fA-F]{40}\Z/] $id = $title,
- Enum['present', 'absent', 'refreshed'] $ensure = present,
- Optional[String[1]] $content = undef,
- Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]] $source = undef,
+ Pattern[/\A(0x)?[0-9a-fA-F]{8}\Z/, /\A(0x)?[0-9a-fA-F]{16}\Z/, /\A(0x)?[0-9a-fA-F]{40}\Z/] $id = $title,
+ Enum['present', 'absent', 'refreshed'] $ensure = present,
+ Optional[String[1]] $content = undef,
+ Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]] $source = undef,
Pattern[/\A((hkp|hkps|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?(\/[a-zA-Z\d\-_.]+)*\/?$/] $server = $apt::keyserver,
- Boolean $weak_ssl = false,
- Optional[String[1]] $options = $apt::key_options,
+ Boolean $weak_ssl = false,
+ Optional[String[1]] $options = $apt::key_options,
) {
case $ensure {
/^(refreshed|present)$/: {
diff --git a/manifests/keyring.pp b/manifests/keyring.pp
index c1617e17d7..822d01c0e6 100644
--- a/manifests/keyring.pp
+++ b/manifests/keyring.pp
@@ -13,6 +13,17 @@
# source => 'https://apt.puppetlabs.com/keyring.gpg'
# }
# }
+# @example Deploy the apt source and associated keyring file with checksum
+# apt::source { 'puppet8-release':
+# location => 'http://apt.puppetlabs.com',
+# repos => 'puppet8',
+# key => {
+# name => 'puppetlabs-keyring.gpg',
+# source => 'https://apt.puppetlabs.com/keyring.gpg'
+# checksum => 'sha256',
+# checksum_value => '9d7a61ab06b18454e9373edec4fc7c87f9a91bacfc891893ba0da37a33069771',
+# }
+# }
#
# @param dir
# Path to the directory where the keyring will be stored.
@@ -32,13 +43,28 @@
# @param ensure
# Ensure presence or absence of the resource.
#
+# @param checksum
+# Checksum type of the keyfile.
+# Only md5, sha256, sha224, sha384 and sha512 are supported when specifying
+# this parameter (due to checksum_value parameter).
+# Optional, but is useful if the keyfile is from a remote HTTP source that
+# does not provide the necessary headers for the file resource to determine if
+# content has changed.
+#
+# @param checksum_value
+# The value of the checksum, must be a String.
+# Only md5, sha256, sha224, sha384 and sha512 are supported when specifying
+# this parameter.
+#
define apt::keyring (
- Stdlib::Absolutepath $dir = '/etc/apt/keyrings',
- String[1] $filename = $name,
- Stdlib::Filemode $mode = '0644',
- Optional[Stdlib::Filesource] $source = undef,
- Optional[String[1]] $content = undef,
- Enum['present','absent'] $ensure = 'present',
+ Stdlib::Absolutepath $dir = '/etc/apt/keyrings',
+ String[1] $filename = $name,
+ Stdlib::Filemode $mode = '0644',
+ Optional[Stdlib::Filesource] $source = undef,
+ Optional[String[1]] $content = undef,
+ Enum['present','absent'] $ensure = 'present',
+ Optional[Enum['md5','sha256','sha224','sha384','sha512']] $checksum = undef,
+ Optional[String] $checksum_value = undef,
) {
ensure_resource('file', $dir, { ensure => 'directory', mode => '0755', })
if $source and $content {
@@ -52,12 +78,14 @@
case $ensure {
'present': {
file { $file:
- ensure => 'file',
- mode => $mode,
- owner => 'root',
- group => 'root',
- source => $source,
- content => $content,
+ ensure => 'file',
+ mode => $mode,
+ owner => 'root',
+ group => 'root',
+ source => $source,
+ content => $content,
+ checksum => $checksum,
+ checksum_value => $checksum_value,
}
}
'absent': {
diff --git a/manifests/pin.pp b/manifests/pin.pp
index d627fa992b..4ae33a9e24 100644
--- a/manifests/pin.pp
+++ b/manifests/pin.pp
@@ -43,19 +43,19 @@
# The codename of the release
#
define apt::pin (
- Enum['file', 'present', 'absent'] $ensure = present,
- Optional[String[1]] $explanation = undef,
- Variant[Integer[0]] $order = 50,
+ Enum['file', 'present', 'absent'] $ensure = present,
+ Optional[String[1]] $explanation = undef,
+ Variant[Integer[0]] $order = 50,
Variant[String[1], Array[String[1]]] $packages = '*',
- Variant[Integer, String[1]] $priority = 0,
- Optional[String[1]] $release = undef, # a=
- Optional[String[1]] $origin = undef,
- Optional[String[1]] $version = undef,
- Optional[String[1]] $codename = undef, # n=
- Optional[String[1]] $release_version = undef, # v=
- Optional[String[1]] $component = undef, # c=
- Optional[String[1]] $originator = undef, # o=
- Optional[String[1]] $label = undef, # l=
+ Variant[Integer, String[1]] $priority = 0,
+ Optional[String[1]] $release = undef, # a=
+ Optional[String[1]] $origin = undef,
+ Optional[String[1]] $version = undef,
+ Optional[String[1]] $codename = undef, # n=
+ Optional[String[1]] $release_version = undef, # v=
+ Optional[String[1]] $component = undef, # c=
+ Optional[String[1]] $originator = undef, # o=
+ Optional[String[1]] $label = undef, # l=
) {
if $explanation {
$_explanation = $explanation
diff --git a/manifests/setting.pp b/manifests/setting.pp
index f057d1aa2a..89d9d66354 100644
--- a/manifests/setting.pp
+++ b/manifests/setting.pp
@@ -20,11 +20,11 @@
# Specifies whether to trigger an `apt-get update` run.
#
define apt::setting (
- Variant[String[1], Integer[0]] $priority = 50,
+ Variant[String[1], Integer[0]] $priority = 50,
Enum['file', 'present', 'absent'] $ensure = file,
- Optional[String[1]] $source = undef,
- Optional[String[1]] $content = undef,
- Boolean $notify_update = true,
+ Optional[String[1]] $source = undef,
+ Optional[String[1]] $content = undef,
+ Boolean $notify_update = true,
) {
if $content and $source {
fail('apt::setting cannot have both content and source')
diff --git a/manifests/source.pp b/manifests/source.pp
index 7422fecbd9..8fbf304a9d 100644
--- a/manifests/source.pp
+++ b/manifests/source.pp
@@ -14,13 +14,27 @@
# extension. Absence of extension will result in file formation with just name and no extension.
# apt::source { 'puppetlabs':
# location => 'http://apt.puppetlabs.com',
-# comment => 'Puppet8',
+# repos => 'puppet8'
+# comment => 'Puppet 8 release',
# key => {
-# 'name' => 'puppetlabs.gpg',
+# 'name' => 'puppetlabs-keyring.gpg',
# 'source' => 'https://apt.puppetlabs.com/keyring.gpg',
# },
# }
#
+# @example Deploy the apt source and associated keyring file with checksum
+# apt::source { 'puppetlabs':
+# location => 'http://apt.puppetlabs.com',
+# repos => 'puppet8',
+# comment => 'Puppet 8 release',
+# key => {
+# name => 'puppetlabs-keyring.gpg',
+# source => 'https://apt.puppetlabs.com/keyring.gpg'
+# checksum => 'sha256',
+# checksum_value => '9d7a61ab06b18454e9373edec4fc7c87f9a91bacfc891893ba0da37a33069771',
+# }
+# }
+#
# @example Install the puppetlabs apt source (deb822 format)
# apt::source { 'puppetlabs':
# source_format => 'sources'
@@ -67,7 +81,7 @@
#
# @param key
# Creates an `apt::keyring` in `/etc/apt/keyrings` (or anywhere on disk given `filename`) Valid options:
-# * a hash of `parameter => value` pairs to be passed to `file`: `name` (title), `content`, `source`, `filename`
+# * a hash of `parameter => value` pairs to be passed to `file`: `name` (title), `content`, `source`, `filename`, `checksum`, `checksum_value`.
#
# The following inputs are valid for the (deprecated) `apt::key` defined type. Valid options:
# * a string to be passed to the `id` parameter of the `apt::key` defined type
@@ -101,23 +115,23 @@
# Specifies whether to check if the package release date is valid.
#
define apt::source (
- Enum['list', 'sources'] $source_format = 'list',
- Array[Enum['deb','deb-src'], 1, 2] $types = ['deb'],
- Optional[Variant[String[1], Array[String[1]]]] $location = undef,
- String[1] $comment = $name,
- Boolean $enabled = true, # deb822
- Enum['present', 'absent'] $ensure = present,
- Optional[Variant[String[0], Array[String[0]]]] $release = undef,
- Variant[String[1], Array[String[1]]] $repos = 'main',
- Hash $include = {},
- Optional[Variant[String[1], Hash]] $key = undef,
- Optional[Stdlib::AbsolutePath] $keyring = undef,
- Optional[Variant[Hash, Integer, String[1]]] $pin = undef,
+ Enum['list', 'sources'] $source_format = 'list',
+ Array[Enum['deb','deb-src'], 1, 2] $types = ['deb'],
+ Optional[Variant[String[1], Array[String[1]]]] $location = undef,
+ String[1] $comment = $name,
+ Boolean $enabled = true, # deb822
+ Enum['present', 'absent'] $ensure = present,
+ Optional[Variant[String[0], Array[String[0]]]] $release = undef,
+ Variant[String[1], Array[String[1]]] $repos = 'main',
+ Hash $include = {},
+ Optional[Variant[String[1], Hash]] $key = undef,
+ Optional[Stdlib::AbsolutePath] $keyring = undef,
+ Optional[Variant[Hash, Integer, String[1]]] $pin = undef,
Optional[Variant[String[1], Array[String[1]]]] $architecture = undef,
- Optional[Boolean] $allow_unsigned = undef,
- Optional[Boolean] $allow_insecure = undef,
- Optional[Boolean] $check_valid_until = undef,
- Boolean $notify_update = true,
+ Optional[Boolean] $allow_unsigned = undef,
+ Optional[Boolean] $allow_insecure = undef,
+ Optional[Boolean] $check_valid_until = undef,
+ Boolean $notify_update = true,
) {
include apt
@@ -207,13 +221,15 @@
# Modern apt keyrings
elsif $_key =~ Hash and $_key['name'] {
apt::keyring { $_key['name']:
- ensure => $_key_ensure,
- content => $_key['content'],
- source => $_key['source'],
- dir => $_key['dir'],
- filename => $_key['filename'],
- mode => $_key['mode'],
- before => $_before,
+ ensure => $_key_ensure,
+ content => $_key['content'],
+ source => $_key['source'],
+ dir => $_key['dir'],
+ filename => $_key['filename'],
+ mode => $_key['mode'],
+ checksum => $_key['checksum'],
+ checksum_value => $_key['checksum_value'],
+ before => $_before,
}
$_list_keyring = if $_key['dir'] and $_key['filename'] {
diff --git a/spec/defines/keyring_spec.rb b/spec/defines/keyring_spec.rb
index 6b3c65e1ef..cceeb78f74 100644
--- a/spec/defines/keyring_spec.rb
+++ b/spec/defines/keyring_spec.rb
@@ -15,6 +15,18 @@
let(:facts) { os_facts }
it { is_expected.to compile }
+
+ context 'with checksum verification enabled' do
+ let(:params) do
+ {
+ source: 'https://apt.puppetlabs.com/pubkey.gpg',
+ checksum: 'sha256',
+ checksum_value: '9d7a61ab06b18454e9373edec4fc7c87f9a91bacfc891893ba0da37a33069771',
+ }
+ end
+
+ it { is_expected.to compile }
+ end
end
end
end
diff --git a/spec/defines/source_spec.rb b/spec/defines/source_spec.rb
index be25caa564..da3867b67d 100644
--- a/spec/defines/source_spec.rb
+++ b/spec/defines/source_spec.rb
@@ -121,37 +121,41 @@
release: 'sid',
repos: 'testing',
key: {
- 'ensure' => 'refreshed',
- 'id' => id,
- 'server' => 'pgp.mit.edu',
- 'content' => 'GPG key content',
- 'source' => 'http://apt.puppetlabs.com/pubkey.gpg',
- 'weak_ssl' => true
+ 'name' => 'puppetlabs-keyring.gpg',
+ 'ensure' => 'present',
+ 'source' => 'https://apt.puppetlabs.com/pubkey.gpg',
+ 'checksum' => 'sha256',
+ 'checksum_value' => '050e8c0c43d4b43449ea89ffbea8a1c912a1bb3d008a70ad9623912024933e01',
},
pin: '10',
architecture: 'x86_64',
- allow_unsigned: true
+ allow_insecure: true
}
end
it {
- expect(subject).to contain_apt__setting('list-my_source').with(ensure: 'present').with_content(%r{# foo\ndeb \[arch=x86_64 trusted=yes\] http://debian.mirror.iweb.ca/debian/ sid testing\n})
- .without_content(%r{deb-src})
+ expect(subject).to contain_apt__setting('list-my_source')
+ .with(ensure: 'present')
+ .with_content(%r{# foo\ndeb \[arch=x86_64 allow-insecure=yes signed-by=/etc/apt/keyrings/puppetlabs-keyring.gpg\] http://debian.mirror.iweb.ca/debian/ sid testing\n})
+ .without_content(%r{deb-src})
}
it {
- expect(subject).to contain_apt__pin('my_source').that_comes_before('Apt::Setting[list-my_source]').with(ensure: 'present',
- priority: '10',
- origin: 'debian.mirror.iweb.ca')
+ expect(subject).to contain_apt__pin('my_source')
+ .that_comes_before('Apt::Setting[list-my_source]')
+ .with(ensure: 'present',
+ priority: '10',
+ origin: 'debian.mirror.iweb.ca')
}
it {
- expect(subject).to contain_apt__key("Add key: #{id} from Apt::Source my_source").that_comes_before('Apt::Setting[list-my_source]').with(ensure: 'refreshed',
- id:,
- server: 'pgp.mit.edu',
- content: 'GPG key content',
- source: 'http://apt.puppetlabs.com/pubkey.gpg',
- weak_ssl: true)
+ expect(subject).to contain_apt__keyring('puppetlabs-keyring.gpg')
+ .that_comes_before('Apt::Setting[list-my_source]')
+ .with(ensure: 'present',
+ name: 'puppetlabs-keyring.gpg',
+ source: 'https://apt.puppetlabs.com/pubkey.gpg',
+ checksum: 'sha256',
+ checksum_value: '050e8c0c43d4b43449ea89ffbea8a1c912a1bb3d008a70ad9623912024933e01')
}
end
end