From d3bfabf48ab91a7778a2ffe6098a5defef04d4e0 Mon Sep 17 00:00:00 2001 From: NeatNerdPrime Date: Thu, 23 Apr 2026 11:41:43 +0200 Subject: [PATCH 1/3] (issues/1196) Add checksum support to apt::keyring Add checksum and checksum_value parameters to apt::keyring defined type, enabling integrity verification of keyring files from remote HTTP sources that do not provide the necessary headers for the file resource to detect content changes. Supported checksum types: md5, sha256, sha224, sha384, sha512. Ref: https://github.com/puppetlabs/puppetlabs-apt/issues/1196 --- manifests/keyring.pp | 52 +++++++++++++++++++++++++++--------- spec/defines/keyring_spec.rb | 12 +++++++++ 2 files changed, 52 insertions(+), 12 deletions(-) diff --git a/manifests/keyring.pp b/manifests/keyring.pp index c1617e17d7..822d01c0e6 100644 --- a/manifests/keyring.pp +++ b/manifests/keyring.pp @@ -13,6 +13,17 @@ # source => 'https://apt.puppetlabs.com/keyring.gpg' # } # } +# @example Deploy the apt source and associated keyring file with checksum +# apt::source { 'puppet8-release': +# location => 'http://apt.puppetlabs.com', +# repos => 'puppet8', +# key => { +# name => 'puppetlabs-keyring.gpg', +# source => 'https://apt.puppetlabs.com/keyring.gpg' +# checksum => 'sha256', +# checksum_value => '9d7a61ab06b18454e9373edec4fc7c87f9a91bacfc891893ba0da37a33069771', +# } +# } # # @param dir # Path to the directory where the keyring will be stored. @@ -32,13 +43,28 @@ # @param ensure # Ensure presence or absence of the resource. # +# @param checksum +# Checksum type of the keyfile. +# Only md5, sha256, sha224, sha384 and sha512 are supported when specifying +# this parameter (due to checksum_value parameter). +# Optional, but is useful if the keyfile is from a remote HTTP source that +# does not provide the necessary headers for the file resource to determine if +# content has changed. +# +# @param checksum_value +# The value of the checksum, must be a String. +# Only md5, sha256, sha224, sha384 and sha512 are supported when specifying +# this parameter. +# define apt::keyring ( - Stdlib::Absolutepath $dir = '/etc/apt/keyrings', - String[1] $filename = $name, - Stdlib::Filemode $mode = '0644', - Optional[Stdlib::Filesource] $source = undef, - Optional[String[1]] $content = undef, - Enum['present','absent'] $ensure = 'present', + Stdlib::Absolutepath $dir = '/etc/apt/keyrings', + String[1] $filename = $name, + Stdlib::Filemode $mode = '0644', + Optional[Stdlib::Filesource] $source = undef, + Optional[String[1]] $content = undef, + Enum['present','absent'] $ensure = 'present', + Optional[Enum['md5','sha256','sha224','sha384','sha512']] $checksum = undef, + Optional[String] $checksum_value = undef, ) { ensure_resource('file', $dir, { ensure => 'directory', mode => '0755', }) if $source and $content { @@ -52,12 +78,14 @@ case $ensure { 'present': { file { $file: - ensure => 'file', - mode => $mode, - owner => 'root', - group => 'root', - source => $source, - content => $content, + ensure => 'file', + mode => $mode, + owner => 'root', + group => 'root', + source => $source, + content => $content, + checksum => $checksum, + checksum_value => $checksum_value, } } 'absent': { diff --git a/spec/defines/keyring_spec.rb b/spec/defines/keyring_spec.rb index 6b3c65e1ef..cceeb78f74 100644 --- a/spec/defines/keyring_spec.rb +++ b/spec/defines/keyring_spec.rb @@ -15,6 +15,18 @@ let(:facts) { os_facts } it { is_expected.to compile } + + context 'with checksum verification enabled' do + let(:params) do + { + source: 'https://apt.puppetlabs.com/pubkey.gpg', + checksum: 'sha256', + checksum_value: '9d7a61ab06b18454e9373edec4fc7c87f9a91bacfc891893ba0da37a33069771', + } + end + + it { is_expected.to compile } + end end end end From eb0bdc9d2d7fab20fd9cefed8adfc0da7bd6b8f5 Mon Sep 17 00:00:00 2001 From: NeatNerdPrime Date: Thu, 23 Apr 2026 11:41:55 +0200 Subject: [PATCH 2/3] (issues/1196) Pass checksum params through apt::source to apt::keyring Trickle up the checksum-related parameters from apt::keyring to apt::source, allowing users to specify checksum and checksum_value in the key hash when declaring an apt::source resource. Update documentation examples, key param description, REFERENCE.md, and source spec tests to cover the new parameters. Ref: https://github.com/puppetlabs/puppetlabs-apt/issues/1196 --- REFERENCE.md | 63 +++++++++++++++++++++++++++++++++++-- manifests/source.pp | 36 +++++++++++++++------ spec/defines/source_spec.rb | 40 ++++++++++++----------- 3 files changed, 108 insertions(+), 31 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index d7173cf7e4..ff494f4c03 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -784,6 +784,21 @@ apt::source { 'puppet8-release': } ``` +##### Deploy the apt source and associated keyring file with checksum + +```puppet +apt::source { 'puppet8-release': + location => 'http://apt.puppetlabs.com', + repos => 'puppet8', + key => { + name => 'puppetlabs-keyring.gpg', + source => 'https://apt.puppetlabs.com/keyring.gpg' + checksum => 'sha256', + checksum_value => '9d7a61ab06b18454e9373edec4fc7c87f9a91bacfc891893ba0da37a33069771', + } +} +``` + #### Parameters The following parameters are available in the `apt::keyring` defined type: @@ -794,6 +809,8 @@ The following parameters are available in the `apt::keyring` defined type: * [`source`](#-apt--keyring--source) * [`content`](#-apt--keyring--content) * [`ensure`](#-apt--keyring--ensure) +* [`checksum`](#-apt--keyring--checksum) +* [`checksum_value`](#-apt--keyring--checksum_value) ##### `dir` @@ -843,6 +860,29 @@ Ensure presence or absence of the resource. Default value: `'present'` +##### `checksum` + +Data type: `Optional[Enum['md5','sha256','sha224','sha384','sha512']]` + +Checksum type of the keyfile. +Only md5, sha256, sha224, sha384 and sha512 are supported when specifying +this parameter (due to checksum_value parameter). +Optional, but is useful if the keyfile is from a remote HTTP source that +does not provide the necessary headers for the file resource to determine if +content has changed. + +Default value: `undef` + +##### `checksum_value` + +Data type: `Optional[String]` + +The value of the checksum, must be a String. +Only md5, sha256, sha224, sha384 and sha512 are supported when specifying +this parameter. + +Default value: `undef` + ### `apt::mark` Manages apt-mark settings @@ -1149,14 +1189,31 @@ apt::source { 'puppetlabs': extension. Absence of extension will result in file formation with just name and no extension. apt::source { 'puppetlabs': location => 'http://apt.puppetlabs.com', - comment => 'Puppet8', + repos => 'puppet8' + comment => 'Puppet 8 release', key => { - 'name' => 'puppetlabs.gpg', + 'name' => 'puppetlabs-keyring.gpg', 'source' => 'https://apt.puppetlabs.com/keyring.gpg', }, } ``` +##### Deploy the apt source and associated keyring file with checksum + +```puppet +apt::source { 'puppetlabs': + location => 'http://apt.puppetlabs.com', + repos => 'puppet8', + comment => 'Puppet 8 release', + key => { + name => 'puppetlabs-keyring.gpg', + source => 'https://apt.puppetlabs.com/keyring.gpg' + checksum => 'sha256', + checksum_value => '9d7a61ab06b18454e9373edec4fc7c87f9a91bacfc891893ba0da37a33069771', + } +} +``` + ##### Install the puppetlabs apt source (deb822 format) ```puppet @@ -1275,7 +1332,7 @@ Default value: `{}` Data type: `Optional[Variant[String[1], Hash]]` Creates an `apt::keyring` in `/etc/apt/keyrings` (or anywhere on disk given `filename`) Valid options: - * a hash of `parameter => value` pairs to be passed to `file`: `name` (title), `content`, `source`, `filename` + * a hash of `parameter => value` pairs to be passed to `file`: `name` (title), `content`, `source`, `filename`, `checksum`, `checksum_value`. The following inputs are valid for the (deprecated) `apt::key` defined type. Valid options: * a string to be passed to the `id` parameter of the `apt::key` defined type diff --git a/manifests/source.pp b/manifests/source.pp index 7422fecbd9..9eca84ad5d 100644 --- a/manifests/source.pp +++ b/manifests/source.pp @@ -14,13 +14,27 @@ # extension. Absence of extension will result in file formation with just name and no extension. # apt::source { 'puppetlabs': # location => 'http://apt.puppetlabs.com', -# comment => 'Puppet8', +# repos => 'puppet8' +# comment => 'Puppet 8 release', # key => { -# 'name' => 'puppetlabs.gpg', +# 'name' => 'puppetlabs-keyring.gpg', # 'source' => 'https://apt.puppetlabs.com/keyring.gpg', # }, # } # +# @example Deploy the apt source and associated keyring file with checksum +# apt::source { 'puppetlabs': +# location => 'http://apt.puppetlabs.com', +# repos => 'puppet8', +# comment => 'Puppet 8 release', +# key => { +# name => 'puppetlabs-keyring.gpg', +# source => 'https://apt.puppetlabs.com/keyring.gpg' +# checksum => 'sha256', +# checksum_value => '9d7a61ab06b18454e9373edec4fc7c87f9a91bacfc891893ba0da37a33069771', +# } +# } +# # @example Install the puppetlabs apt source (deb822 format) # apt::source { 'puppetlabs': # source_format => 'sources' @@ -67,7 +81,7 @@ # # @param key # Creates an `apt::keyring` in `/etc/apt/keyrings` (or anywhere on disk given `filename`) Valid options: -# * a hash of `parameter => value` pairs to be passed to `file`: `name` (title), `content`, `source`, `filename` +# * a hash of `parameter => value` pairs to be passed to `file`: `name` (title), `content`, `source`, `filename`, `checksum`, `checksum_value`. # # The following inputs are valid for the (deprecated) `apt::key` defined type. Valid options: # * a string to be passed to the `id` parameter of the `apt::key` defined type @@ -207,13 +221,15 @@ # Modern apt keyrings elsif $_key =~ Hash and $_key['name'] { apt::keyring { $_key['name']: - ensure => $_key_ensure, - content => $_key['content'], - source => $_key['source'], - dir => $_key['dir'], - filename => $_key['filename'], - mode => $_key['mode'], - before => $_before, + ensure => $_key_ensure, + content => $_key['content'], + source => $_key['source'], + dir => $_key['dir'], + filename => $_key['filename'], + mode => $_key['mode'], + checksum => $_key['checksum'], + checksum_value => $_key['checksum_value'], + before => $_before, } $_list_keyring = if $_key['dir'] and $_key['filename'] { diff --git a/spec/defines/source_spec.rb b/spec/defines/source_spec.rb index be25caa564..da3867b67d 100644 --- a/spec/defines/source_spec.rb +++ b/spec/defines/source_spec.rb @@ -121,37 +121,41 @@ release: 'sid', repos: 'testing', key: { - 'ensure' => 'refreshed', - 'id' => id, - 'server' => 'pgp.mit.edu', - 'content' => 'GPG key content', - 'source' => 'http://apt.puppetlabs.com/pubkey.gpg', - 'weak_ssl' => true + 'name' => 'puppetlabs-keyring.gpg', + 'ensure' => 'present', + 'source' => 'https://apt.puppetlabs.com/pubkey.gpg', + 'checksum' => 'sha256', + 'checksum_value' => '050e8c0c43d4b43449ea89ffbea8a1c912a1bb3d008a70ad9623912024933e01', }, pin: '10', architecture: 'x86_64', - allow_unsigned: true + allow_insecure: true } end it { - expect(subject).to contain_apt__setting('list-my_source').with(ensure: 'present').with_content(%r{# foo\ndeb \[arch=x86_64 trusted=yes\] http://debian.mirror.iweb.ca/debian/ sid testing\n}) - .without_content(%r{deb-src}) + expect(subject).to contain_apt__setting('list-my_source') + .with(ensure: 'present') + .with_content(%r{# foo\ndeb \[arch=x86_64 allow-insecure=yes signed-by=/etc/apt/keyrings/puppetlabs-keyring.gpg\] http://debian.mirror.iweb.ca/debian/ sid testing\n}) + .without_content(%r{deb-src}) } it { - expect(subject).to contain_apt__pin('my_source').that_comes_before('Apt::Setting[list-my_source]').with(ensure: 'present', - priority: '10', - origin: 'debian.mirror.iweb.ca') + expect(subject).to contain_apt__pin('my_source') + .that_comes_before('Apt::Setting[list-my_source]') + .with(ensure: 'present', + priority: '10', + origin: 'debian.mirror.iweb.ca') } it { - expect(subject).to contain_apt__key("Add key: #{id} from Apt::Source my_source").that_comes_before('Apt::Setting[list-my_source]').with(ensure: 'refreshed', - id:, - server: 'pgp.mit.edu', - content: 'GPG key content', - source: 'http://apt.puppetlabs.com/pubkey.gpg', - weak_ssl: true) + expect(subject).to contain_apt__keyring('puppetlabs-keyring.gpg') + .that_comes_before('Apt::Setting[list-my_source]') + .with(ensure: 'present', + name: 'puppetlabs-keyring.gpg', + source: 'https://apt.puppetlabs.com/pubkey.gpg', + checksum: 'sha256', + checksum_value: '050e8c0c43d4b43449ea89ffbea8a1c912a1bb3d008a70ad9623912024933e01') } end end From 0aa3d36f4a38172adbdf05c21c5510b5bd2bc5af Mon Sep 17 00:00:00 2001 From: NeatNerdPrime Date: Thu, 23 Apr 2026 11:50:58 +0200 Subject: [PATCH 3/3] Fix pre-existing documentation warnings and align parameter defaults - Remove blank line before `define apt::auth` that caused puppet-strings to miss the @summary tag, resulting in an undocumented defined type. - Shorten apt_key @summary to under 140 characters and move the detail into the description body. - Align parameter default `=` signs across all manifests for consistent readability: auth, backports, conf, init, key, pin, ppa, setting, and source. - Regenerate REFERENCE.md. Documentation coverage is now 100%. --- REFERENCE.md | 28 +++++++++++----- lib/puppet/type/apt_key.rb | 7 ++-- manifests/auth.pp | 1 - manifests/backports.pp | 12 +++---- manifests/conf.pp | 6 ++-- manifests/init.pp | 68 +++++++++++++++++++------------------- manifests/key.pp | 12 +++---- manifests/pin.pp | 24 +++++++------- manifests/setting.pp | 8 ++--- manifests/source.pp | 32 +++++++++--------- 10 files changed, 104 insertions(+), 94 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index ff494f4c03..814771ce66 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -17,7 +17,7 @@ ### Defined types -* [`apt::auth`](#apt--auth) +* [`apt::auth`](#apt--auth): Manages the Apt auth conf in /etc/apt/auth.conf.d/. * [`apt::conf`](#apt--conf): Specifies a custom Apt configuration file. * [`apt::key`](#apt--key): Manages the GPG keys that Apt uses to authenticate packages. * [`apt::keyring`](#apt--keyring): Manage GPG keyrings for apt repositories @@ -31,9 +31,7 @@ #### Private Resource types -* `apt_key`: This type provides Puppet with the capabilities to manage GPG keys needed -by apt to perform package validation. Apt has it's own GPG keyring that can -be manipulated through the `apt-key` command. +* `apt_key`: Manages GPG keys needed by apt to perform package validation. ### Data types @@ -577,7 +575,19 @@ Default value: `{}` ### `apt::auth` -The apt::auth class. +Manages the Apt auth conf in /etc/apt/auth.conf.d/. + +#### Examples + +##### Install the puppetlabs apt auth + +```puppet +apt::auth { 'puppetlabs': + machine => 'apt.puppetlabs.com', + login => 'apt', + password => 'password', +} +``` #### Parameters @@ -592,7 +602,7 @@ The following parameters are available in the `apt::auth` defined type: Data type: `String` - +Specifies whether the Apt auth file should exist. Valid options: 'present' and 'absent'. Default value: `'present'` @@ -600,7 +610,7 @@ Default value: `'present'` Data type: `String` - +The machine entry specifies the auth URI. Default value: `$name` @@ -608,7 +618,7 @@ Default value: `$name` Data type: `String` - +The username to be used. Default value: `undef` @@ -616,7 +626,7 @@ Default value: `undef` Data type: `String` - +The password to be used. Default value: `undef` diff --git a/lib/puppet/type/apt_key.rb b/lib/puppet/type/apt_key.rb index faa430be42..ae2d80661a 100644 --- a/lib/puppet/type/apt_key.rb +++ b/lib/puppet/type/apt_key.rb @@ -5,9 +5,10 @@ Puppet::Type.newtype(:apt_key) do @doc = <<-MANIFEST - @summary This type provides Puppet with the capabilities to manage GPG keys needed - by apt to perform package validation. Apt has it's own GPG keyring that can - be manipulated through the `apt-key` command. + @summary Manages GPG keys needed by apt to perform package validation. + + Apt has its own GPG keyring that can be manipulated through the + `apt-key` command. @example Basic usage apt_key { '6F6B15509CF8E59E6E469F327F438280EF8D349F': diff --git a/manifests/auth.pp b/manifests/auth.pp index 23af75ec9b..4965e08c18 100644 --- a/manifests/auth.pp +++ b/manifests/auth.pp @@ -19,7 +19,6 @@ # @param password # The password to be used. # - define apt::auth ( String $ensure = 'present', String $machine = $name, diff --git a/manifests/backports.pp b/manifests/backports.pp index f2acb98a40..27b622f33b 100644 --- a/manifests/backports.pp +++ b/manifests/backports.pp @@ -41,13 +41,13 @@ # Specifies whether to include 'deb' or 'src', or both. # class apt::backports ( - Optional[Stdlib::HTTPUrl] $location = undef, - Optional[String[1]] $release = undef, - Optional[String[1]] $repos = undef, + Optional[Stdlib::HTTPUrl] $location = undef, + Optional[String[1]] $release = undef, + Optional[String[1]] $repos = undef, Optional[Variant[String[1], Hash]] $key = undef, - Stdlib::AbsolutePath $keyring = "/usr/share/keyrings/${facts['os']['name'].downcase}-archive-keyring.gpg", - Variant[Integer, String[1], Hash] $pin = 200, - Hash $include = {}, + Stdlib::AbsolutePath $keyring = "/usr/share/keyrings/${facts['os']['name'].downcase}-archive-keyring.gpg", + Variant[Integer, String[1], Hash] $pin = 200, + Hash $include = {}, ) { include apt diff --git a/manifests/conf.pp b/manifests/conf.pp index 8bd712578e..c328bc372e 100644 --- a/manifests/conf.pp +++ b/manifests/conf.pp @@ -14,10 +14,10 @@ # Specifies whether to trigger an `apt-get update` run. # define apt::conf ( - Optional[String[1]] $content = undef, - Enum['present', 'absent'] $ensure = present, + Optional[String[1]] $content = undef, + Enum['present', 'absent'] $ensure = present, Variant[String[1], Integer[0]] $priority = 50, - Optional[Boolean] $notify_update = undef, + Optional[Boolean] $notify_update = undef, ) { unless $ensure == 'absent' { unless $content { diff --git a/manifests/init.pp b/manifests/init.pp index c144bcf525..0b29911565 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -155,13 +155,13 @@ # The fault `source_key` settings # class apt ( - Hash $update_defaults = { + Hash $update_defaults = { 'frequency' => 'reluctantly', 'loglevel' => undef, 'timeout' => undef, 'tries' => undef, }, - Hash $purge_defaults = { + Hash $purge_defaults = { 'sources.list' => false, 'sources.list.d' => false, 'preferences' => false, @@ -169,7 +169,7 @@ 'apt.conf.d' => false, 'auth.conf.d' => false, }, - Hash $proxy_defaults = { + Hash $proxy_defaults = { 'ensure' => undef, 'host' => undef, 'port' => 8080, @@ -177,39 +177,39 @@ 'https_acng' => false, 'direct' => false, }, - Hash $include_defaults = { + Hash $include_defaults = { 'deb' => true, 'src' => false, }, - Stdlib::Absolutepath $provider = '/usr/bin/apt-get', - Stdlib::Host $keyserver = 'keyserver.ubuntu.com', - Optional[String[1]] $key_options = undef, - Optional[Array[String[1]]] $ppa_options = undef, - Optional[String[1]] $ppa_package = undef, - Optional[Hash] $backports = undef, - Hash $confs = {}, - Hash $update = {}, - Hash $purge = {}, - Apt::Proxy $proxy = {}, - Hash $sources = {}, - Hash $auths = {}, - Hash $keys = {}, - Hash $keyrings = {}, - Hash $ppas = {}, - Hash $pins = {}, - Hash $settings = {}, - Boolean $manage_auth_conf = true, + Stdlib::Absolutepath $provider = '/usr/bin/apt-get', + Stdlib::Host $keyserver = 'keyserver.ubuntu.com', + Optional[String[1]] $key_options = undef, + Optional[Array[String[1]]] $ppa_options = undef, + Optional[String[1]] $ppa_package = undef, + Optional[Hash] $backports = undef, + Hash $confs = {}, + Hash $update = {}, + Hash $purge = {}, + Apt::Proxy $proxy = {}, + Hash $sources = {}, + Hash $auths = {}, + Hash $keys = {}, + Hash $keyrings = {}, + Hash $ppas = {}, + Hash $pins = {}, + Hash $settings = {}, + Boolean $manage_auth_conf = true, Array[Apt::Auth_conf_entry] $auth_conf_entries = [], - String[1] $auth_conf_owner = '_apt', - Stdlib::Absolutepath $root = '/etc/apt', - Stdlib::Absolutepath $sources_list = "${root}/sources.list", - Stdlib::Absolutepath $sources_list_d = "${root}/sources.list.d", - Stdlib::Absolutepath $conf_d = "${root}/apt.conf.d", - Stdlib::Absolutepath $preferences = "${root}/preferences", - Stdlib::Absolutepath $preferences_d = "${root}/preferences.d", - Stdlib::Absolutepath $apt_conf_d = "${root}/apt.conf.d", - Stdlib::Absolutepath $auth_conf_d = "${root}/auth.conf.d", - Hash $config_files = { + String[1] $auth_conf_owner = '_apt', + Stdlib::Absolutepath $root = '/etc/apt', + Stdlib::Absolutepath $sources_list = "${root}/sources.list", + Stdlib::Absolutepath $sources_list_d = "${root}/sources.list.d", + Stdlib::Absolutepath $conf_d = "${root}/apt.conf.d", + Stdlib::Absolutepath $preferences = "${root}/preferences", + Stdlib::Absolutepath $preferences_d = "${root}/preferences.d", + Stdlib::Absolutepath $apt_conf_d = "${root}/apt.conf.d", + Stdlib::Absolutepath $auth_conf_d = "${root}/auth.conf.d", + Hash $config_files = { 'conf' => { 'path' => $conf_d, 'ext' => '', @@ -227,8 +227,8 @@ 'ext' => '.sources', }, }, - Boolean $sources_list_force = false, - Hash $source_key_defaults = { + Boolean $sources_list_force = false, + Hash $source_key_defaults = { 'server' => $keyserver, 'options' => undef, 'content' => undef, diff --git a/manifests/key.pp b/manifests/key.pp index 8549742caf..9e4894a7b2 100644 --- a/manifests/key.pp +++ b/manifests/key.pp @@ -37,13 +37,13 @@ # Passes additional options to `apt-key adv --keyserver-options`. # define apt::key ( - Pattern[/\A(0x)?[0-9a-fA-F]{8}\Z/, /\A(0x)?[0-9a-fA-F]{16}\Z/, /\A(0x)?[0-9a-fA-F]{40}\Z/] $id = $title, - Enum['present', 'absent', 'refreshed'] $ensure = present, - Optional[String[1]] $content = undef, - Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]] $source = undef, + Pattern[/\A(0x)?[0-9a-fA-F]{8}\Z/, /\A(0x)?[0-9a-fA-F]{16}\Z/, /\A(0x)?[0-9a-fA-F]{40}\Z/] $id = $title, + Enum['present', 'absent', 'refreshed'] $ensure = present, + Optional[String[1]] $content = undef, + Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]] $source = undef, Pattern[/\A((hkp|hkps|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?(\/[a-zA-Z\d\-_.]+)*\/?$/] $server = $apt::keyserver, - Boolean $weak_ssl = false, - Optional[String[1]] $options = $apt::key_options, + Boolean $weak_ssl = false, + Optional[String[1]] $options = $apt::key_options, ) { case $ensure { /^(refreshed|present)$/: { diff --git a/manifests/pin.pp b/manifests/pin.pp index d627fa992b..4ae33a9e24 100644 --- a/manifests/pin.pp +++ b/manifests/pin.pp @@ -43,19 +43,19 @@ # The codename of the release # define apt::pin ( - Enum['file', 'present', 'absent'] $ensure = present, - Optional[String[1]] $explanation = undef, - Variant[Integer[0]] $order = 50, + Enum['file', 'present', 'absent'] $ensure = present, + Optional[String[1]] $explanation = undef, + Variant[Integer[0]] $order = 50, Variant[String[1], Array[String[1]]] $packages = '*', - Variant[Integer, String[1]] $priority = 0, - Optional[String[1]] $release = undef, # a= - Optional[String[1]] $origin = undef, - Optional[String[1]] $version = undef, - Optional[String[1]] $codename = undef, # n= - Optional[String[1]] $release_version = undef, # v= - Optional[String[1]] $component = undef, # c= - Optional[String[1]] $originator = undef, # o= - Optional[String[1]] $label = undef, # l= + Variant[Integer, String[1]] $priority = 0, + Optional[String[1]] $release = undef, # a= + Optional[String[1]] $origin = undef, + Optional[String[1]] $version = undef, + Optional[String[1]] $codename = undef, # n= + Optional[String[1]] $release_version = undef, # v= + Optional[String[1]] $component = undef, # c= + Optional[String[1]] $originator = undef, # o= + Optional[String[1]] $label = undef, # l= ) { if $explanation { $_explanation = $explanation diff --git a/manifests/setting.pp b/manifests/setting.pp index f057d1aa2a..89d9d66354 100644 --- a/manifests/setting.pp +++ b/manifests/setting.pp @@ -20,11 +20,11 @@ # Specifies whether to trigger an `apt-get update` run. # define apt::setting ( - Variant[String[1], Integer[0]] $priority = 50, + Variant[String[1], Integer[0]] $priority = 50, Enum['file', 'present', 'absent'] $ensure = file, - Optional[String[1]] $source = undef, - Optional[String[1]] $content = undef, - Boolean $notify_update = true, + Optional[String[1]] $source = undef, + Optional[String[1]] $content = undef, + Boolean $notify_update = true, ) { if $content and $source { fail('apt::setting cannot have both content and source') diff --git a/manifests/source.pp b/manifests/source.pp index 9eca84ad5d..8fbf304a9d 100644 --- a/manifests/source.pp +++ b/manifests/source.pp @@ -115,23 +115,23 @@ # Specifies whether to check if the package release date is valid. # define apt::source ( - Enum['list', 'sources'] $source_format = 'list', - Array[Enum['deb','deb-src'], 1, 2] $types = ['deb'], - Optional[Variant[String[1], Array[String[1]]]] $location = undef, - String[1] $comment = $name, - Boolean $enabled = true, # deb822 - Enum['present', 'absent'] $ensure = present, - Optional[Variant[String[0], Array[String[0]]]] $release = undef, - Variant[String[1], Array[String[1]]] $repos = 'main', - Hash $include = {}, - Optional[Variant[String[1], Hash]] $key = undef, - Optional[Stdlib::AbsolutePath] $keyring = undef, - Optional[Variant[Hash, Integer, String[1]]] $pin = undef, + Enum['list', 'sources'] $source_format = 'list', + Array[Enum['deb','deb-src'], 1, 2] $types = ['deb'], + Optional[Variant[String[1], Array[String[1]]]] $location = undef, + String[1] $comment = $name, + Boolean $enabled = true, # deb822 + Enum['present', 'absent'] $ensure = present, + Optional[Variant[String[0], Array[String[0]]]] $release = undef, + Variant[String[1], Array[String[1]]] $repos = 'main', + Hash $include = {}, + Optional[Variant[String[1], Hash]] $key = undef, + Optional[Stdlib::AbsolutePath] $keyring = undef, + Optional[Variant[Hash, Integer, String[1]]] $pin = undef, Optional[Variant[String[1], Array[String[1]]]] $architecture = undef, - Optional[Boolean] $allow_unsigned = undef, - Optional[Boolean] $allow_insecure = undef, - Optional[Boolean] $check_valid_until = undef, - Boolean $notify_update = true, + Optional[Boolean] $allow_unsigned = undef, + Optional[Boolean] $allow_insecure = undef, + Optional[Boolean] $check_valid_until = undef, + Boolean $notify_update = true, ) { include apt