Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backports: add keyring support #1162

Merged
merged 3 commits into from
Feb 15, 2024
Merged

Backports: add keyring support #1162

merged 3 commits into from
Feb 15, 2024

Conversation

kenyon
Copy link

@kenyon kenyon commented Jan 2, 2024

This adds support for the keyring parameter of apt::source (

puppetlabs-apt/manifests/source.pp

Line 90 in 0871cad

Optional[Stdlib::AbsolutePath] $keyring = undef,
) to the apt::backports class. This is needed to allow for adding signed-by=… to the backports sources.list.d entry created by this class. The default is to use the Debian or Ubuntu archive keyring installed by the debian-archive-keyring or ubuntu-keyring packages. If $key is specified, then that parameter takes precedence to avoid breaking existing setups that specify $key, since otherwise we would be providing both $key and $keyring to apt::source, which is an error (

puppetlabs-apt/manifests/source.pp

Line 136 in 0871cad

fail('parameters key and keyring are mutually exclusive')
).

I didn't make an effort to support linuxmint or other OSes besides Debian and Ubuntu, since we only declare support for Debian and Ubuntu:

puppetlabs-apt/metadata.json

Lines 16 to 32 in 0871cad

"operatingsystem_support": [
{
"operatingsystem": "Debian",
"operatingsystemrelease": [
"10",
"11"
]
},
{
"operatingsystem": "Ubuntu",
"operatingsystemrelease": [
"18.04",
"20.04",
"22.04"
]
}
],
But, the best way to support other OSes would be to eliminate params.pp and use hiera data, since the default value for $keyring would be different (linuxmint would use /usr/share/keyrings/linuxmint-keyring.gpg, for example).

Easiest to review the individual commits.

@kenyon kenyon requested review from bastelfreak, smortex and a team as code owners January 2, 2024 19:44
@kenyon kenyon force-pushed the backports-keyring branch from 09a3532 to 2f891cb Compare January 2, 2024 19:53
@kenyon kenyon mentioned this pull request Jan 3, 2024
Merged
3 tasks
smortex
smortex approved these changes Jan 3, 2024
View reviewed changes
Copy link
Collaborator

@smortex smortex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@smortex
Copy link
Collaborator

smortex commented Jan 3, 2024

But, the best way to support other OSes would be to eliminate params.pp and use hiera data, since the default value for $keyring would be different (linuxmint would use /usr/share/keyrings/linuxmint-keyring.gpg, for example).

That would be great indeed!

@smortex smortex added the feature label Jan 3, 2024
@kenyon @bastelfreak
backports unit tests: minor fixes and updates
4b6742b 
* Use `include apt` instead of a resource-like class declaration

* Use modern Debian and Ubuntu releases

* Correct the Ubuntu major version
@kenyon @bastelfreak
backports: improve test formatting
2239623
@kenyon @bastelfreak
backports: add keyring support
46f53b8
@bastelfreak bastelfreak merged commit a843b84 into puppetlabs:main Feb 15, 2024
16 of 18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bastelfreak bastelfreak bastelfreak approved these changes

@smortex smortex smortex approved these changes

Assignees
No one assigned
Labels
community feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kenyon @smortex @bastelfreak @ia-content