]> gitweb.fluxo.info Git - puppet-apt.git/commitdiff
projects / puppet-apt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 33acc00)
allow for binary keys that can be removed
authorAntoine Beaupré <anarcat@koumbit.org>
Thu, 11 Jun 2015 14:21:56 +0000 (10:21 -0400)
committerAntoine Beaupré <anarcat@koumbit.org>
Thu, 11 Jun 2015 14:26:10 +0000 (10:26 -0400)
README patch | blob | history
manifests/key.pp patch | blob | history
manifests/key/plain.pp [new file with mode: 0644] patch | blob

diff --git a/README b/README
index 835db79a23291409d6f36bda66bb377398a0ddee..d2cb71b0ffb400a542009136ad04a067aa863640 100644 (file)
--- a/README
+++ b/README
@@ -485,8 +485,25 @@ Deploys a secure apt OpenPGP key. This usually accompanies the
 sources.list snippets above for third party repositories. For example,
 you would do:
 
-  apt::key { 'neurodebian.key':
-    source => 'puppet:///modules/site_apt/neurodebian.key',
+  apt::key { 'neurodebian.gpg':
+    ensure => present,
+    source => 'puppet:///modules/site_apt/neurodebian.gpg',
+  }
+
+This deploys the key in the `/etc/apt/trusted.gpg.d` directory, which
+is assumed by secure apt to be binary OpenPGP keys and *not*
+"ascii-armored" or "plain text" OpenPGP key material. For the latter,
+use `apt::key::plain`.
+
+apt::key::plain
+---------------
+
+Deploys a secure apt OpenPGP key. This usually accompanies the
+sources.list snippets above for third party repositories. For example,
+you would do:
+
+  apt::key::asc { 'neurodebian.asc':
+    source => 'puppet:///modules/site_apt/neurodebian.asc',
   }
 
 This deploys the key in the `${apt_base_dir}/keys` directory (as
@@ -495,6 +512,10 @@ this exists on top of `$custom_key_dir` is to allow a more
 decentralised distribution of those keys, without having all modules
 throw their keys in the same directory in the manifests.
 
+Note that this model does *not* currently allow keys to be removed!
+Use `apt::key` instead for a more practical, revokable approach, but
+that needs binary keys.
+
 apt::upgrade_package
 --------------------
 
diff --git a/manifests/key.pp b/manifests/key.pp
index 0ef9721a8395b3715c1193cf8a3256757654b367..3f9660f1cb1bfa813e30559d2d9e28be8cf3cea4 100644 (file)
--- a/manifests/key.pp
+++ b/manifests/key.pp
@@ -1,13 +1,8 @@
-define apt::key ($source) {
+define apt::key ($ensure => 'present', $source) {
   file {
-    "${apt::apt_base_dir}/${name}":
-      source  => $source;
-    "${apt::apt_base_dir}/keys":
-      ensure  => directory;
-  }
-  exec { "apt-key add ${apt::apt_base_dir}/${name}":
-    subscribe   => File["${apt::apt_base_dir}/${name}"],
-    refreshonly => true,
-    notify      => Exec['refresh_apt'],
+    "/etc/apt/trusted.gpg.d/$name":
+      source => $source,
+      ensure => $ensure,
+      notify => Exec['refresh_apt'],
   }
 }
diff --git a/manifests/key/plain.pp b/manifests/key/plain.pp
new file mode 100644 (file)
index 0000000..a84e6dd
--- /dev/null
+++ b/manifests/key/plain.pp
@@ -0,0 +1,13 @@
+define apt::key::plain ($source) {
+  file {
+    "${apt::apt_base_dir}/${name}":
+      source  => $source;
+    "${apt::apt_base_dir}/keys":
+      ensure  => directory;
+  }
+  exec { "apt-key add ${apt::apt_base_dir}/${name}":
+    subscribe   => File["${apt::apt_base_dir}/${name}"],
+    refreshonly => true,
+    notify      => Exec['refresh_apt'],
+  }
+}
Puppet module for apt