class nodo::utils::network::tor (
$ensure = 'installed',
) {
- # Old keyring location
- file { '/etc/apt/trusted.gpg.d/torproject.org.gpg':
- ensure => absent,
+ $keyrings_folder = "/usr/share/keyrings"
+ $keyring = "${keyrings_folder}/deb.torproject.org-keyring.gpg"
+
+ nodo::subsystem::apt::repo { 'torproject.org':
+ definition => "deb [signed-by=${keyring}] https://deb.torproject.org/torproject.org ${::lsbdistcodename} main",
+ key_source => "puppet:///modules/nodo/${keyring}",
+ keyrings_folder => "${keyrings_folder}",
}
- nodo::subsystem::apt::repo { 'deb.torproject.org-keyring.gpg':
- definition => "deb [signed-by=/usr/share/keyrings/deb.torproject.org-keyring.gpg] https://deb.torproject.org/torproject.org ${::lsbdistcodename} main",
- key_source => 'puppet:///modules/nodo/usr/share/keyrings/deb.torproject.org-keyring.gpg',
- keyrings_folder => '/usr/share/keyrings',
+ # Puppet should setup the Tor Project's APT keyring only in the first time
+ # Afterwards ${keyring} will be managed by the deb.torproject.org-keyring package
+ #
+ # References:
+ #
+ # * https://support.torproject.org/apt/tor-deb-repo/
+ # * https://gitlab.torproject.org/tpo/web/support/-/merge_requests/220
+ exec { 'torproject-keyring-copy':
+ command => "cp ${keyrings_folder}/torproject.org.gpg ${keyring}",
+ onlyif => "/bin/test ! -e ${keyring}",
+ creates => "${keyring}",
+ require => File["${keyrings_folder}/torproject.org.gpg"],
+ notify => Exec["apt-repo-auto-update-torproject.org"],
}
package { "deb.torproject.org-keyring":
projects / puppet-nodo.git / commitdiff