diff --git a/manifests/source.pp b/manifests/source.pp index 776c5f7a43..1be5ef3f7b 100644 --- a/manifests/source.pp +++ b/manifests/source.pp @@ -14,13 +14,27 @@ # extension. Absence of extension will result in file formation with just name and no extension. # apt::source { 'puppetlabs': # location => 'http://apt.puppetlabs.com', -# comment => 'Puppet8', +# repos => 'puppet8' +# comment => 'Puppet 8 release', # key => { -# 'name' => 'puppetlabs.gpg', +# 'name' => 'puppetlabs-keyring.gpg', # 'source' => 'https://apt.puppetlabs.com/keyring.gpg', # }, # } # +# @example Deploy the apt source and associated keyring file with checksum +# apt::source { 'puppetlabs': +# location => 'http://apt.puppetlabs.com', +# repos => 'puppet8', +# comment => 'Puppet 8 release', +# key => { +# name => 'puppetlabs-keyring.gpg', +# source => 'https://apt.puppetlabs.com/keyring.gpg' +# checksum => 'sha256', +# checksum_value => '9d7a61ab06b18454e9373edec4fc7c87f9a91bacfc891893ba0da37a33069771', +# } +# } +# # @param location # Required, unless ensure is set to 'absent'. Specifies an Apt repository. Valid options: a string containing a repository URL. # @@ -47,7 +61,7 @@ # # @param key # Creates an `apt::keyring` in `/etc/apt/keyrings` (or anywhere on disk given `filename`) Valid options: -# * a hash of `parameter => value` pairs to be passed to `file`: `name` (title), `content`, `source`, `filename` +# * a hash of `parameter => value` pairs to be passed to `file`: `name` (title), `content`, `source`, `filename`, `checksum`, `checksum_value`. # # The following inputs are valid for the (deprecated) `apt::key` defined type. Valid options: # * a string to be passed to the `id` parameter of the `apt::key` defined type @@ -177,13 +191,15 @@ # Modern apt keyrings elsif $_key =~ Hash and $_key['name'] { apt::keyring { $_key['name']: - ensure => $_key_ensure, - content => $_key['content'], - source => $_key['source'], - dir => $_key['dir'], - filename => $_key['filename'], - mode => $_key['mode'], - before => $_before, + ensure => $_key_ensure, + content => $_key['content'], + source => $_key['source'], + dir => $_key['dir'], + filename => $_key['filename'], + mode => $_key['mode'], + checksum => $_key['checksum'], + checksum_value => $_key['checksum_value'], + before => $_before, } $_list_keyring = if $_key['dir'] and $_key['filename'] { diff --git a/spec/defines/source_spec.rb b/spec/defines/source_spec.rb index 5268c03a04..1805bb5a78 100644 --- a/spec/defines/source_spec.rb +++ b/spec/defines/source_spec.rb @@ -103,21 +103,20 @@ release: 'sid', repos: 'testing', key: { - 'ensure' => 'refreshed', - 'id' => id, - 'server' => 'pgp.mit.edu', - 'content' => 'GPG key content', - 'source' => 'http://apt.puppetlabs.com/pubkey.gpg', - 'weak_ssl' => true + 'name' => 'puppetlabs-keyring.gpg', + 'ensure' => 'present', + 'source' => 'https://apt.puppetlabs.com/pubkey.gpg', + 'checksum' => 'sha256', + 'checksum_value' => '050e8c0c43d4b43449ea89ffbea8a1c912a1bb3d008a70ad9623912024933e01', }, pin: '10', architecture: 'x86_64', - allow_unsigned: true + allow_insecure: true } end it { - expect(subject).to contain_apt__setting('list-my_source').with(ensure: 'present').with_content(%r{# foo\ndeb \[arch=x86_64 trusted=yes\] http://debian.mirror.iweb.ca/debian/ sid testing\n}) + expect(subject).to contain_apt__setting('list-my_source').with(ensure: 'present').with_content(%r{# foo\ndeb \[arch=x86_64 allow-insecure=yes signed-by=/etc/apt/keyrings/puppetlabs-keyring.gpg\] http://debian.mirror.iweb.ca/debian/ sid testing\n}) .without_content(%r{deb-src}) } @@ -128,12 +127,11 @@ } it { - expect(subject).to contain_apt__key("Add key: #{id} from Apt::Source my_source").that_comes_before('Apt::Setting[list-my_source]').with(ensure: 'refreshed', - id: id, - server: 'pgp.mit.edu', - content: 'GPG key content', - source: 'http://apt.puppetlabs.com/pubkey.gpg', - weak_ssl: true) + expect(subject).to contain_apt__keyring("puppetlabs-keyring.gpg").that_comes_before('Apt::Setting[list-my_source]').with(ensure: 'present', + name: 'puppetlabs-keyring.gpg', + source: 'https://apt.puppetlabs.com/pubkey.gpg', + checksum: 'sha256', + checksum_value: '050e8c0c43d4b43449ea89ffbea8a1c912a1bb3d008a70ad9623912024933e01') } end end