diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 064443f..8424781 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,65 +1,65 @@
name: "release"
on:
push:
branches:
- 'release'
jobs:
LitmusAcceptancePuppet5:
env:
HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6
HONEYCOMB_DATASET: litmus tests
runs-on: self-hosted
strategy:
matrix:
ruby_version: [2.5.x]
puppet_gem_version: [~> 6.0]
platform: [release_checks_5]
agent_family: ['puppet5']
steps:
- uses: actions/checkout@v1
- name: Litmus Parallel
- uses: puppetlabs/action-litmus_parallel@master
+ uses: puppetlabs/action-litmus_parallel@main
with:
platform: ${{ matrix.platform }}
agent_family: ${{ matrix.agent_family }}
LitmusAcceptancePuppet6:
env:
HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6
HONEYCOMB_DATASET: litmus tests
runs-on: self-hosted
strategy:
matrix:
ruby_version: [2.5.x]
puppet_gem_version: [~> 6.0]
platform: [release_checks_6]
agent_family: ['puppet6']
steps:
- uses: actions/checkout@v1
- name: Litmus Parallel
- uses: puppetlabs/action-litmus_parallel@master
+ uses: puppetlabs/action-litmus_parallel@main
with:
platform: ${{ matrix.platform }}
agent_family: ${{ matrix.agent_family }}
Spec:
runs-on: self-hosted
strategy:
matrix:
check: [parallel_spec, 'syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop']
ruby_version: [2.5.x]
puppet_gem_version: [~> 5.0, ~> 6.0]
exclude:
- puppet_gem_version: ~> 5.0
check: 'syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop'
- ruby_version: 2.5.x
puppet_gem_version: ~> 5.0
steps:
- uses: actions/checkout@v1
- name: Spec Tests
- uses: puppetlabs/action-litmus_spec@master
+ uses: puppetlabs/action-litmus_spec@main
with:
puppet_gem_version: ${{ matrix.puppet_gem_version }}
check: ${{ matrix.check }}
diff --git a/.github/workflows/weekly.yml b/.github/workflows/weekly.yml
index 8d23ec3..c243ad3 100644
--- a/.github/workflows/weekly.yml
+++ b/.github/workflows/weekly.yml
@@ -1,64 +1,64 @@
name: "weekly"
on:
schedule:
- cron: '0 6 * * 1'
jobs:
LitmusAcceptancePuppet5:
env:
HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6
HONEYCOMB_DATASET: litmus tests
runs-on: self-hosted
strategy:
matrix:
ruby_version: [2.5.x]
puppet_gem_version: [~> 6.0]
platform: [release_checks_5]
agent_family: ['puppet5']
steps:
- uses: actions/checkout@v1
- name: Litmus Parallel
- uses: puppetlabs/action-litmus_parallel@master
+ uses: puppetlabs/action-litmus_parallel@main
with:
platform: ${{ matrix.platform }}
agent_family: ${{ matrix.agent_family }}
LitmusAcceptancePuppet6:
env:
HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6
HONEYCOMB_DATASET: litmus tests
runs-on: self-hosted
strategy:
matrix:
ruby_version: [2.5.x]
puppet_gem_version: [~> 6.0]
platform: [release_checks_6]
agent_family: ['puppet6']
steps:
- uses: actions/checkout@v1
- name: Litmus Parallel
- uses: puppetlabs/action-litmus_parallel@master
+ uses: puppetlabs/action-litmus_parallel@main
with:
platform: ${{ matrix.platform }}
agent_family: ${{ matrix.agent_family }}
Spec:
runs-on: self-hosted
strategy:
matrix:
check: [parallel_spec, 'syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop']
ruby_version: [2.5.x]
puppet_gem_version: [~> 5.0, ~> 6.0]
exclude:
- puppet_gem_version: ~> 5.0
check: 'syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop'
- ruby_version: 2.5.x
puppet_gem_version: ~> 5.0
steps:
- uses: actions/checkout@v1
- name: Spec Tests
- uses: puppetlabs/action-litmus_spec@master
+ uses: puppetlabs/action-litmus_spec@main
with:
puppet_gem_version: ${{ matrix.puppet_gem_version }}
check: ${{ matrix.check }}
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 1a9fb3a..9c171f9 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,271 +1,271 @@
# Contributing to Puppet modules
So you want to contribute to a Puppet module: Great! Below are some instructions to get you started doing
that very thing while setting expectations around code quality as well as a few tips for making the
process as easy as possible.
### Table of Contents
1. [Getting Started](#getting-started)
1. [Commit Checklist](#commit-checklist)
1. [Submission](#submission)
1. [More about commits](#more-about-commits)
1. [Testing](#testing)
- [Running Tests](#running-tests)
- [Writing Tests](#writing-tests)
1. [Get Help](#get-help)
## Getting Started
- Fork the module repository on GitHub and clone to your workspace
- Make your changes!
## Commit Checklist
### The Basics
- [x] my commit is a single logical unit of work
- [x] I have checked for unnecessary whitespace with "git diff --check"
- [x] my commit does not include commented out code or unneeded files
### The Content
- [x] my commit includes tests for the bug I fixed or feature I added
- [x] my commit includes appropriate documentation changes if it is introducing a new feature or changing existing functionality
- [x] my code passes existing test suites
### The Commit Message
- [x] the first line of my commit message includes:
- [x] an issue number (if applicable), e.g. "(MODULES-xxxx) This is the first line"
- [x] a short description (50 characters is the soft limit, excluding ticket number(s))
- [x] the body of my commit message:
- [x] is meaningful
- [x] uses the imperative, present tense: "change", not "changed" or "changes"
- [x] includes motivation for the change, and contrasts its implementation with the previous behavior
## Submission
### Pre-requisites
- Make sure you have a [GitHub account](https://github.com/join)
- [Create a ticket](https://tickets.puppet.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppet.com/browse/) you are patching for.
### Push and PR
- Push your changes to your fork
- [Open a Pull Request](https://help.github.com/articles/creating-a-pull-request-from-a-fork/) against the repository in the puppetlabs organization
## More about commits
1. Make separate commits for logically separate changes.
Please break your commits down into logically consistent units
which include new or changed tests relevant to the rest of the
change. The goal of doing this is to make the diff easier to
read for whoever is reviewing your code. In general, the easier
your diff is to read, the more likely someone will be happy to
review it and get it into the code base.
If you are going to refactor a piece of code, please do so as a
separate commit from your feature or bug fix changes.
We also really appreciate changes that include tests to make
sure the bug is not re-introduced, and that the feature is not
accidentally broken.
Describe the technical detail of the change(s). If your
description starts to get too long, that is a good sign that you
probably need to split up your commit into more finely grained
pieces.
Commits which plainly describe the things which help
reviewers check the patch and future developers understand the
code are much more likely to be merged in with a minimum of
bike-shedding or requested changes. Ideally, the commit message
would include information, and be in a form suitable for
inclusion in the release notes for the version of Puppet that
includes them.
Please also check that you are not introducing any trailing
whitespace or other "whitespace errors". You can do this by
running "git diff --check" on your changes before you commit.
2. Sending your patches
To submit your changes via a GitHub pull request, we _highly_
recommend that you have them on a topic branch, instead of
- directly on "master".
+ directly on "main".
It makes things much easier to keep track of, especially if
you decide to work on another thing before your first change
is merged in.
GitHub has some pretty good
[general documentation](http://help.github.com/) on using
their site. They also have documentation on
[creating pull requests](https://help.github.com/articles/creating-a-pull-request-from-a-fork/).
In general, after pushing your topic branch up to your
repository on GitHub, you can switch to the branch in the
GitHub UI and click "Pull Request" towards the top of the page
in order to open a pull request.
3. Update the related JIRA issue.
If there is a JIRA issue associated with the change you
submitted, then you should update the ticket to include the
location of your branch, along with any other commentary you
may wish to make.
# Testing
## Getting Started
Our Puppet modules provide [`Gemfile`](./Gemfile)s, which can tell a Ruby package manager such as [bundler](http://bundler.io/) what Ruby packages,
or Gems, are required to build, develop, and test this software.
Please make sure you have [bundler installed](http://bundler.io/#getting-started) on your system, and then use it to
install all dependencies needed for this project in the project root by running
```shell
% bundle install --path .bundle/gems
Fetching gem metadata from https://rubygems.org/........
Fetching gem metadata from https://rubygems.org/..
Using rake (10.1.0)
Using builder (3.2.2)
-- 8><-- many more --><8 --
Using rspec-system-puppet (2.2.0)
Using serverspec (0.6.3)
Using rspec-system-serverspec (1.0.0)
Using bundler (1.3.5)
Your bundle is complete!
Use `bundle show [gemname]` to see where a bundled gem is installed.
```
NOTE: some systems may require you to run this command with sudo.
If you already have those gems installed, make sure they are up-to-date:
```shell
% bundle update
```
## Running Tests
With all dependencies in place and up-to-date, run the tests:
### Unit Tests
```shell
% bundle exec rake spec
```
This executes all the [rspec tests](http://rspec-puppet.com/) in the directories defined [here](https://github.com/puppetlabs/puppetlabs_spec_helper/blob/699d9fbca1d2489bff1736bb254bb7b7edb32c74/lib/puppetlabs_spec_helper/rake_tasks.rb#L17) and so on.
rspec tests may have the same kind of dependencies as the module they are testing. Although the module defines these dependencies in its [metadata.json](./metadata.json),
rspec tests define them in [.fixtures.yml](./fixtures.yml).
### Acceptance Tests
Some Puppet modules also come with acceptance tests, which use [beaker][]. These tests spin up a virtual machine under
[VirtualBox](https://www.virtualbox.org/), controlled with [Vagrant](http://www.vagrantup.com/), to simulate scripted test
scenarios. In order to run these, you need both Virtualbox and Vagrant installed on your system.
Run the tests by issuing the following command
```shell
% bundle exec rake spec_clean
% bundle exec rspec spec/acceptance
```
This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml),
install Puppet, copy this module, and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb)
and then run all the tests under [spec/acceptance](./spec/acceptance).
## Writing Tests
### Unit Tests
When writing unit tests for Puppet, [rspec-puppet][] is your best friend. It provides tons of helper methods for testing your manifests against a
catalog (e.g. contain_file, contain_package, with_params, etc). It would be ridiculous to try and top rspec-puppet's [documentation][rspec-puppet_docs]
but here's a tiny sample:
Sample manifest:
```puppet
file { "a test file":
ensure => present,
path => "/etc/sample",
}
```
Sample test:
```ruby
it 'does a thing' do
expect(subject).to contain_file("a test file").with({:path => "/etc/sample"})
end
```
### Acceptance Tests
Writing acceptance tests for Puppet involves [beaker][] and its cousin [beaker-rspec][]. A common pattern for acceptance tests is to create a test manifest, apply it
twice to check for idempotency or errors, then run expectations.
```ruby
it 'does an end-to-end thing' do
pp = <<-EOF
file { 'a test file':
ensure => present,
path => "/etc/sample",
content => "test string",
}
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
end
describe file("/etc/sample") do
it { is_expected.to contain "test string" }
end
```
# If you have commit access to the repository
Even if you have commit access to the repository, you still need to go through the process above, and have someone else review and merge
in your changes. The rule is that **all changes must be reviewed by a project developer that did not write the code to ensure that
all changes go through a code review process.**
The record of someone performing the merge is the record that they performed the code review. Again, this should be someone other than the author of the topic branch.
# Get Help
### On the web
* [Puppet help messageboard](http://puppet.com/community/get-help)
* [Writing tests](https://docs.puppet.com/guides/module_guides/bgtm.html#step-three-module-testing)
* [General GitHub documentation](http://help.github.com/)
* [GitHub pull request documentation](http://help.github.com/send-pull-requests/)
### On chat
* Slack (slack.puppet.com) #forge-modules, #puppet-dev, #windows, #voxpupuli
* IRC (freenode) #puppet-dev, #voxpupuli
[rspec-puppet]: http://rspec-puppet.com/
[rspec-puppet_docs]: http://rspec-puppet.com/documentation/
[beaker]: https://github.com/puppetlabs/beaker
[beaker-rspec]: https://github.com/puppetlabs/beaker-rspec
diff --git a/README.md b/README.md
index df9ec50..53f0228 100644
--- a/README.md
+++ b/README.md
@@ -1,321 +1,321 @@
# apt
#### Table of Contents
1. [Module Description - What the module does and why it is useful](#module-description)
1. [Setup - The basics of getting started with apt](#setup)
* [What apt affects](#what-apt-affects)
* [Beginning with apt](#beginning-with-apt)
1. [Usage - Configuration options and additional functionality](#usage)
* [Add GPG keys](#add-gpg-keys)
* [Prioritize backports](#prioritize-backports)
* [Update the list of packages](#update-the-list-of-packages)
* [Pin a specific release](#pin-a-specific-release)
* [Add a Personal Package Archive repository](#add-a-personal-package-archive-repository)
* [Configure Apt from Hiera](#configure-apt-from-hiera)
* [Replace the default sources.list file](#replace-the-default-sourceslist-file)
1. [Reference - An under-the-hood peek at what the module is doing and how](#reference)
1. [Limitations - OS compatibility, etc.](#limitations)
1. [Development - Guide for contributing to the module](#development)
## Module Description
The apt module lets you use Puppet to manage APT (Advanced Package Tool) sources, keys, and other configuration options.
APT is a package manager available on Debian, Ubuntu, and several other operating systems. The apt module provides a series of classes, defines, types, and facts to help you automate APT package management.
**Note**: For this module to correctly autodetect which version of Debian/Ubuntu (or derivative) you're running, you need to make sure the 'lsb-release' package is installed. We highly recommend you either make this part of your provisioning layer, if you run many Debian or derivative systems, or ensure that you have Facter 2.2.0 or later installed, which will pull this dependency in for you.
## Setup
### What apt affects
* Your system's `preferences` file and `preferences.d` directory
* Your system's `sources.list` file and `sources.list.d` directory
* Your system's `apt.conf.d` directory
* System repositories
* Authentication keys
**Note:** This module offers `purge` parameters which, if set to `true`, **destroy** any configuration on the node's `sources.list(.d)`, `preferences(.d)` and `apt.conf.d` that you haven't declared through Puppet. The default for these parameters is `false`.
### Beginning with apt
To use the apt module with default parameters, declare the `apt` class.
```puppet
include apt
```
**Note:** The main `apt` class is required by all other classes, types, and defined types in this module. You must declare it whenever you use the module.
## Usage
### Add GPG keys
**Warning:** Using short key IDs presents a serious security issue, potentially leaving you open to collision attacks. We recommend you always use full fingerprints to identify your GPG keys. This module allows short keys, but issues a security warning if you use them.
Declare the `apt::key` defined type:
```puppet
apt::key { 'puppetlabs':
id => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
server => 'pgp.mit.edu',
options => 'http-proxy="http://proxyuser:proxypass@example.org:3128"',
}
```
### Prioritize backports
```puppet
class { 'apt::backports':
pin => 500,
}
```
By default, the `apt::backports` class drops a pin file for backports, pinning it to a priority of 200. This is lower than the normal default of 500, so packages with `ensure => latest` don't get upgraded from backports without your explicit permission.
If you raise the priority through the `pin` parameter to 500, normal policy goes into effect and Apt installs or upgrades to the newest version. This means that if a package is available from backports, it and its dependencies are pulled in from backports unless you explicitly set the `ensure` attribute of the `package` resource to `installed`/`present` or a specific version.
### Update the list of packages
By default, Puppet runs `apt-get update` on the first Puppet run after you include the `apt` class, and anytime `notify => Exec['apt_update']` occurs; i.e., whenever config files get updated or other relevant changes occur. If you set `update['frequency']` to 'always', the update runs on every Puppet run. You can also set `update['frequency']` to 'daily' or 'weekly':
```puppet
class { 'apt':
update => {
frequency => 'daily',
},
}
```
When `Exec['apt_update']` is triggered, it generates a `notice`-level message. Because the default [logging level for agents](https://puppet.com/docs/puppet/latest/configuration.html#loglevel) is `notice`, this causes the repository update to appear in agent logs. To silence these updates from the default log output, set the [loglevel](https://puppet.com/docs/puppet/latest/metaparameter.html#loglevel) metaparameter for `Exec['apt_update']` above the agent logging level:
```puppet
class { 'apt':
update => {
frequency => 'daily',
loglevel => 'debug',
},
}
```
> **NOTE:** Every `Exec['apt_update']` run will generate a corrective change, even if the apt caches are not updated. For example, setting an update frequency of `always` can result in every Puppet run resulting in a corrective change. This is a known issue. For details, see [MODULES-10763](https://tickets.puppetlabs.com/browse/MODULES-10763).
### Pin a specific release
```puppet
apt::pin { 'karmic': priority => 700 }
apt::pin { 'karmic-updates': priority => 700 }
apt::pin { 'karmic-security': priority => 700 }
```
You can also specify more complex pins using distribution properties:
```puppet
apt::pin { 'stable':
priority => -10,
originator => 'Debian',
release_version => '3.0',
component => 'main',
label => 'Debian'
}
```
To pin multiple packages, pass them to the `packages` parameter as an array or a space-delimited string.
### Add a Personal Package Archive (PPA) repository
```puppet
apt::ppa { 'ppa:drizzle-developers/ppa': }
```
### Add an Apt source to `/etc/apt/sources.list.d/`
```puppet
apt::source { 'debian_unstable':
comment => 'This is the iWeb Debian unstable mirror',
location => 'http://debian.mirror.iweb.ca/debian/',
release => 'unstable',
repos => 'main contrib non-free',
pin => '-10',
key => {
'id' => 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553',
'server' => 'subkeys.pgp.net',
},
include => {
'src' => true,
'deb' => true,
},
}
```
To use the Puppet Apt repository as a source:
```puppet
apt::source { 'puppetlabs':
location => 'http://apt.puppetlabs.com',
repos => 'main',
key => {
'id' => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
'server' => 'pgp.mit.edu',
},
}
```
### Configure Apt from Hiera
Instead of specifying your sources directly as resources, you can instead just include the `apt` class, which will pick up the values automatically from hiera.
```yaml
apt::sources:
'debian_unstable':
comment: 'This is the iWeb Debian unstable mirror'
location: 'http://debian.mirror.iweb.ca/debian/'
release: 'unstable'
repos: 'main contrib non-free'
pin: '-10'
key:
id: 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553'
server: 'subkeys.pgp.net'
include:
src: true
deb: true
'puppetlabs':
location: 'http://apt.puppetlabs.com'
repos: 'main'
key:
id: '6F6B15509CF8E59E6E469F327F438280EF8D349F'
server: 'pgp.mit.edu'
```
### Replace the default `sources.list` file
The following example replaces the default `/etc/apt/sources.list`. Along with this code, be sure to use the `purge` parameter, or you might get duplicate source warnings when running Apt.
```puppet
apt::source { "archive.ubuntu.com-${lsbdistcodename}":
location => 'http://archive.ubuntu.com/ubuntu',
key => '630239CC130E1A7FD81A27B140976EAF437D05B5',
repos => 'main universe multiverse restricted',
}
apt::source { "archive.ubuntu.com-${lsbdistcodename}-security":
location => 'http://archive.ubuntu.com/ubuntu',
key => '630239CC130E1A7FD81A27B140976EAF437D05B5',
repos => 'main universe multiverse restricted',
release => "${lsbdistcodename}-security"
}
apt::source { "archive.ubuntu.com-${lsbdistcodename}-updates":
location => 'http://archive.ubuntu.com/ubuntu',
key => '630239CC130E1A7FD81A27B140976EAF437D05B5',
repos => 'main universe multiverse restricted',
release => "${lsbdistcodename}-updates"
}
apt::source { "archive.ubuntu.com-${lsbdistcodename}-backports":
location => 'http://archive.ubuntu.com/ubuntu',
key => '630239CC130E1A7FD81A27B140976EAF437D05B5',
repos => 'main universe multiverse restricted',
release => "${lsbdistcodename}-backports"
}
```
### Manage login configuration settings for an APT source or proxy in `/etc/apt/auth.conf`
Starting with APT version 1.5, you can define login configuration settings, such as
username and password, for APT sources or proxies that require authentication
in the `/etc/apt/auth.conf` file. This is preferable to embedding login
information directly in `source.list` entries, which are usually world-readable.
The `/etc/apt/auth.conf` file follows the format of netrc (used by ftp or
curl) and has restrictive file permissions. See [here](https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html) for details.
Use the optional `apt::auth_conf_entries` parameter to specify an array of hashes containing login configuration settings. These hashes may only contain the `machine`, `login` and `password` keys.
```puppet
class { 'apt':
auth_conf_entries => [
{
'machine' => 'apt-proxy.example.net',
'login' => 'proxylogin',
'password' => 'proxypassword',
},
{
'machine' => 'apt.example.com/ubuntu',
'login' => 'reader',
'password' => 'supersecret',
},
],
}
```
## Reference
### Facts
* `apt_updates`: The number of installed packages with available updates from `upgrade`.
* `apt_dist_updates`: The number of installed packages with available updates from `dist-upgrade`.
* `apt_security_updates`: The number of installed packages with available security updates from `upgrade`.
* `apt_security_dist_updates`: The number of installed packages with available security updates from `dist-upgrade`.
* `apt_package_updates`: The names of all installed packages with available updates from `upgrade`. In Facter 2.0 and later this data is formatted as an array; in earlier versions it is a comma-delimited string.
* `apt_package_dist_updates`: The names of all installed packages with available updates from `dist-upgrade`. In Facter 2.0 and later this data is formatted as an array; in earlier versions it is a comma-delimited string.
* `apt_update_last_success`: The date, in epochtime, of the most recent successful `apt-get update` run (based on the mtime of /var/lib/apt/periodic/update-success-stamp).
* `apt_reboot_required`: Determines if a reboot is necessary after updates have been installed.
### More Information
-See [REFERENCE.md](https://github.com/puppetlabs/puppetlabs-apt/blob/master/REFERENCE.md) for all other reference documentation.
+See [REFERENCE.md](https://github.com/puppetlabs/puppetlabs-apt/blob/main/REFERENCE.md) for all other reference documentation.
## Limitations
This module is not designed to be split across [run stages](https://docs.puppetlabs.com/puppet/latest/reference/lang_run_stages.html).
-For an extensive list of supported operating systems, see [metadata.json](https://github.com/puppetlabs/puppetlabs-apt/blob/master/metadata.json)
+For an extensive list of supported operating systems, see [metadata.json](https://github.com/puppetlabs/puppetlabs-apt/blob/main/metadata.json)
### Adding new sources or PPAs
If you are adding a new source or PPA and trying to install packages from the new source or PPA on the same Puppet run, your `package` resource should depend on `Class['apt::update']`, as well as depending on the `Apt::Source` or the `Apt::Ppa`. You can also add [collectors](https://docs.puppetlabs.com/puppet/latest/reference/lang_collectors.html) to ensure that all packages happen after `apt::update`, but this can lead to dependency cycles and has implications for [virtual resources](https://docs.puppetlabs.com/puppet/latest/reference/lang_collectors.html#behavior). Before running the command below, ensure that all packages have the provider set to apt.
```puppet
Class['apt::update'] -> Package <| provider == 'apt' |>
```
## Development
Acceptance tests for this module leverage [puppet_litmus](https://github.com/puppetlabs/puppet_litmus).
To run the acceptance tests follow the instructions [here](https://github.com/puppetlabs/puppet_litmus/wiki/Tutorial:-use-Litmus-to-execute-acceptance-tests-with-a-sample-module-(MoTD)#install-the-necessary-gems-for-the-module).
You can also find a tutorial and walkthrough of using Litmus and the PDK on [YouTube](https://www.youtube.com/watch?v=FYfR7ZEGHoE).
If you run into an issue with this module, or if you would like to request a feature, please [file a ticket](https://tickets.puppetlabs.com/browse/MODULES/).
Every Monday the Puppet IA Content Team has [office hours](https://puppet.com/community/office-hours) in the [Puppet Community Slack](http://slack.puppet.com/), alternating between an EMEA friendly time (1300 UTC) and an Americas friendly time (0900 Pacific, 1700 UTC).
If you have problems getting this module up and running, please [contact Support](http://puppetlabs.com/services/customer-support).
If you submit a change to this module, be sure to regenerate the reference documentation as follows:
```bash
puppet strings generate --format markdown --out REFERENCE.md
```
diff --git a/readmes/README_ja_JP.md b/readmes/README_ja_JP.md
index c4c9a9a..eb0803c 100644
--- a/readmes/README_ja_JP.md
+++ b/readmes/README_ja_JP.md
@@ -1,291 +1,291 @@
# apt
#### 目次
1. [説明 - モジュールの機能とその有益性](#module-description)
1. [セットアップ - apt導入の基本](#setup)
* [aptが影響を与えるもの](#what-apt-affects)
* [aptの使用を開始する](#beginning-with-apt)
1. [使用 - 設定オプションと追加機能](#usage)
* [GPGキーの追加](#add-gpg-keys)
* [バックポートの優先度を上げる](#prioritize-backports)
* [パッケージリストの更新](#update-the-list-of-packages)
* [特定のリリースのピン止め](#pin-a-specific-release)
* [PPA (Personal Package Archive)レポジトリの追加](#add-a-personal-package-archive-repository)
* [HieraからのAptの構成](#configure-apt-from-hiera)
* [デフォルトのsources.listファイルの置き換え](#replace-the-default-sourceslist-file)
1. [参考 - モジュールの機能と動作について](#reference)
1. [制約 - OS互換性など](#limitations)
1. [開発 - モジュール貢献についてのガイド](#development)
## モジュールの概要
aptモジュールを導入すると、Puppetを使用してAPT (Advanced Package Tool)のソース、キー、その他の構成オプションを管理できます。
APTとは、Debian、Ubuntu、およびその他いくつかのオペレーティングシステムで利用可能なパッケージマネージャです。aptモジュールは、APTのパッケージ管理を自動化するのに役立つ一連のクラス、定義型、およびfactsを提供します。
**注意**: このモジュールが実行中のDebian/Ubuntu (もしくは派生OS)のバージョンを正しく自動検出するためには、'lsb-release'パッケージがインストールされていることを確認する必要があります。これをプロビジョニングレイヤの一部にするか(多くのDebianシステムまたは派生OSシステムを実行する場合はこちらを推奨)、この依存関係を自動的に取得する機能をもつFacter 2.2.0以降をインストールしておくことを強くお勧めします。
## セットアップ
### aptが影響を与えるもの
* システムの`preferences`ファイルと`preferences.d`ディレクトリ
* システムの `sources.list`ファイルと`sources.list.d`ディレクトリ
* システムレポジトリ
* 認証キー
**注意:** このモジュールには`purge`パラメータがあります。このパラメータを`true`に設定すると、 ノードの `sources.list(.d)`および`preferences(.d)`の構成のうち、Puppetを通して宣言されていないものがすべて**破棄**されます。このパラメータのデフォルトは`false`です。
### aptの使用を開始する
デフォルトのパラメータでaptモジュールを使用するには、`apt`クラスを宣言します。
```puppet
include apt
```
**注意:** メインの`apt`クラスは、このモジュールに含まれるその他すべてのクラス、型、定義型によって要求されます。このモジュールを使用する際は、このクラスを必ず宣言する必要があります。
## 使用
### GPGキーの追加
**警告:** 短いキーIDを使用すると、衝突攻撃が有効になる可能性があり、セキュリティに深刻な問題が生じます。常に、完全なフィンガープリントを使用してGPGキーを識別することを推奨します。このモジュールでは短いキーの使用が許可されていますが、それを使用した場合、セキュリティ警告が発行されます。
`apt::key`の定義型を宣言するには、次のように記述します。
```puppet
apt::key { 'puppetlabs':
id => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
server => 'pgp.mit.edu',
options => 'http-proxy="http://proxyuser:proxypass@example.org:3128"',
}
```
### バックポートの優先度を上げる
```puppet
class { 'apt::backports':
pin => 500,
}
```
デフォルトでは、`apt::backports`クラスはバックポート用のピンファイルをドロップし、優先度200にピン止めします。これは、通常のデフォルト値である500よりも低いため、`ensure => latest`に設定されているパッケージは、明示的な許可がない限り、バックポートからアップグレードされることはありません。
`pin`パラメータを使用して優先度を500に上げると、通常のポリシーが有効になり、Aptは最新のバージョンをインストールするか、最新のバージョンにアップグレードします。これはつまり、`package`リソースの`ensure`属性を明示的に`installed`/`present`もしくは特定のバージョンに設定していない限り、あるパッケージがバックポートから利用できる場合は、そのパッケージと依存関係がバックポートから取得されるということです。
### パッケージリストの更新
デフォルトでは、`apt`クラスをインクルードした後の最初のPuppet実行時と、`notify => Exec['apt_update']`が発生するたびに(別の言い方をすれば、構成ファイルが更新されるか、関連するその他の変更が行われるたびに)、Puppetは`apt-get update`を実行します。`update['frequency']`を'always'に設定すると、Puppet実行時に毎回更新が行われます。`update['frequency']`は'daily'や'weekly'に設定することも可能です。
```puppet
class { 'apt':
update => {
frequency => 'daily',
},
}
```
`Exec['apt_update']`がトリガされると、`Notice`メッセージが生成されます。デフォルトの[agentロギングレベル](https://docs.puppet.com/puppet/latest/configuration.html#loglevel)は`notice`であるため、このレポジトリの更新は、ログおよびagentレポートに記録されます。[Foreman](https://www.theforeman.org)など、一部のツールでは、このような更新通知が重要な変更としてレポートされます。これらの更新がレポートに記録されないようにするには、`Exec['apt_update']`の[loglevel](https://docs.puppet.com/puppet/latest/metaparameter.html#loglevel)メタパラメータをagentロギングレベルよりも高い値に設定します。
```puppet
class { 'apt':
update => {
frequency => 'daily',
loglevel => 'debug',
},
}
```
### 特定のリリースのピン止め
```puppet
apt::pin { 'karmic': priority => 700 }
apt::pin { 'karmic-updates': priority => 700 }
apt::pin { 'karmic-security': priority => 700 }
```
ディストリビューションのプロパティを使用して、より複雑なピンを指定することもできます。
```puppet
apt::pin { 'stable':
priority => -10,
originator => 'Debian',
release_version => '3.0',
component => 'main',
label => 'Debian'
}
```
複数のパッケージをピン止めするには、配列またはスペース区切りの文字列としてその情報を`packages`パラメータに渡します。
### PPA (Personal Package Archive)レポジトリの追加
```puppet
apt::ppa { 'ppa:drizzle-developers/ppa': }
```
### `/etc/apt/sources.list.d/`へのAptソースの追加
```puppet
apt::source { 'debian_unstable':
comment => 'This is the iWeb Debian unstable mirror',
location => 'http://debian.mirror.iweb.ca/debian/',
release => 'unstable',
repos => 'main contrib non-free',
pin => '-10',
key => {
'id' => 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553',
'server' => 'subkeys.pgp.net',
},
include => {
'src' => true,
'deb' => true,
},
}
```
Puppet Aptレポジトリをソースとして使用するには、次のように記述します。
```puppet
apt::source { 'puppetlabs':
location => 'http://apt.puppetlabs.com',
repos => 'main',
key => {
'id' => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
'server' => 'pgp.mit.edu',
},
}
```
### HieraからのAptの構成
ソースをリソースとして直接指定するかわりに、単純に`apt`クラスをインクルードして、値をHieraから自動的に取得するように構成できます。
```yaml
apt::sources:
'debian_unstable':
comment: 'This is the iWeb Debian unstable mirror'
location: 'http://debian.mirror.iweb.ca/debian/'
release: 'unstable'
repos: 'main contrib non-free'
pin: '-10'
key:
id: 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553'
server: 'subkeys.pgp.net'
include:
src: true
deb: true
'puppetlabs':
location: 'http://apt.puppetlabs.com'
repos: 'main'
key:
id: '6F6B15509CF8E59E6E469F327F438280EF8D349F'
server: 'pgp.mit.edu'
```
### デフォルトの`sources.list`ファイルの置き換え
デフォルトの`/etc/apt/sources.list`を置き換える例を以下に示します。以下のコードと合わせて、`purge`パラメータを必ず使用してください。使用しない場合、Apt実行時にソース重複の警告が出ます。
```puppet
apt::source { "archive.ubuntu.com-${lsbdistcodename}":
location => 'http://archive.ubuntu.com/ubuntu',
key => '630239CC130E1A7FD81A27B140976EAF437D05B5',
repos => 'main universe multiverse restricted',
}
apt::source { "archive.ubuntu.com-${lsbdistcodename}-security":
location => 'http://archive.ubuntu.com/ubuntu',
key => '630239CC130E1A7FD81A27B140976EAF437D05B5',
repos => 'main universe multiverse restricted',
release => "${lsbdistcodename}-security"
}
apt::source { "archive.ubuntu.com-${lsbdistcodename}-updates":
location => 'http://archive.ubuntu.com/ubuntu',
key => '630239CC130E1A7FD81A27B140976EAF437D05B5',
repos => 'main universe multiverse restricted',
release => "${lsbdistcodename}-updates"
}
apt::source { "archive.ubuntu.com-${lsbdistcodename}-backports":
location => 'http://archive.ubuntu.com/ubuntu',
key => '630239CC130E1A7FD81A27B140976EAF437D05B5',
repos => 'main universe multiverse restricted',
release => "${lsbdistcodename}-backports"
}
```
### APTソースやプロキシのログイン設定を`/etc/apt/auth.conf`で管理する
APTバージョン1.5以降、認証が必要なAPTソースやプロキシについて、ユーザ名やパスワードなどのログイン設定を`/etc/apt/auth.conf`ファイルに定義できるようになりました。この方法は、`source.list`内にログイン情報を直接記述するよりも推奨されます。直接記述した場合、通常、あらゆるユーザから読み取り可能になるためです。
`/etc/apt/auth.confファイルのフォーマットは、(ftpやcurlによって使用される) netrcに従い、ファイルパーミッションが制限されています。詳しくは、[こちら](https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html)を参照してください。
オプションの`apt::auth_conf_entries`パラメータを使用して、ログイン設定を含むハッシュの配列を指定します。このハッシュに含めることができるのは、`machine`、`login`、および`password`キーのみです。
```puppet
class { 'apt':
auth_conf_entries => [
{
'machine' => 'apt-proxy.example.net',
'login' => 'proxylogin',
'password' => 'proxypassword',
},
{
'machine' => 'apt.example.com/ubuntu',
'login' => 'reader',
'password' => 'supersecret',
},
],
}
```
## リファレンス
### Facts
* `apt_updates`: `upgrade`で入手可能な更新がある、インストール済みパッケージの数。
* `apt_dist_updates`: `dist-upgrade`で入手可能な更新がある、インストール済みパッケージの数。
* `apt_security_updates`: `upgrade`で入手可能なセキュリティ更新がある、インストール済みパッケージの数。
* `apt_security_dist_updates`: `dist-upgrade`で入手可能なセキュリティ更新がある、インストール済みパッケージの数。
* `apt_package_updates`: `upgrade`で入手可能な更新がある、すべてのインストール済みパッケージの名前。Facter 2.0以降では、このデータのフォーマットは配列で、それ以前のバージョンでは、コンマ区切りの文字列です。
* `apt_package_dist_updates`: `dist-upgrade`で入手可能な更新がある、すべてのインストール済みパッケージの名前。Facter 2.0以降では、このデータのフォーマットは配列で、それ以前のバージョンでは、コンマ区切りの文字列です。
* `apt_update_last_success`: 直近で成功した`apt-get update`実行のエポックタイムによる日付(/var/lib/apt/periodic/update-success-stampのmtimeに基づく)。
* `apt_reboot_required`: 更新がインストールされた後に再起動が必要かどうかを決定します。
### 詳細情報
-その他すべてのリファレンスマニュアルについては、[REFERENCE.md](https://github.com/puppetlabs/puppetlabs-apt/blob/master/REFERENCE.md)を参照してください。
+その他すべてのリファレンスマニュアルについては、[REFERENCE.md](https://github.com/puppetlabs/puppetlabs-apt/blob/main/REFERENCE.md)を参照してください。
## 制約
このモジュールは、[実行ステージ](https://docs.puppetlabs.com/puppet/latest/reference/lang_run_stages.html)に分割するようには設計されていません。
-サポート対象のオペレーティングシステムの全リストについては、[metadata.json](https://github.com/puppetlabs/puppetlabs-apt/blob/master/metadata.json)を参照してください。
+サポート対象のオペレーティングシステムの全リストについては、[metadata.json](https://github.com/puppetlabs/puppetlabs-apt/blob/main/metadata.json)を参照してください。
### 新しいソースまたはPPAの追加
新しいソースまたはPPAを追加し、同一のPuppet実行において、その新しいソースまたはPPAからパッケージをインストールするには、`package`リソースが`Apt::Source`または`Apt::Ppa`に従属し、かつ`Class['apt::update']に従属する必要があります。[コレクタ](https://docs.puppetlabs.com/puppet/latest/reference/lang_collectors.html)を追加することによって、すべてのパッケージが`apt::update`の後に来るように制御することもできますが、その場合、循環依存が発生したり、[仮想リソース](https://docs.puppetlabs.com/puppet/latest/reference/lang_collectors.html#behavior)と関係したりすることがあります。以下のコマンドを実行する前に、すべてのパッケージのプロバイダがaptに設定されていることを確認してください。
```puppet
Class['apt::update'] -> Package <| provider == 'apt' |>
```
## 開発
Puppet ForgeのPuppet Labsモジュールはオープンプロジェクトで、良い状態に保つためには、コミュニティの貢献が必要不可欠です。Puppetが役に立つはずでありながら、私たちがアクセスできないプラットフォームやハードウェア、ソフトウェア、デプロイ構成は無数にあります。私たちの目標は、できる限り簡単に変更に貢献し、みなさまの環境で私たちのモジュールが機能できるようにすることにあります。最高の状態を維持できるようにするために、コントリビュータが従う必要のあるいくつかのガイドラインが存在します。
詳細については、[モジュール貢献ガイド](https://docs.puppetlabs.com/forge/contributing.html)を参照してください。
すでにご協力いただいている方のリストについては、[コントリビュータのリスト](https://github.com/puppetlabs/puppetlabs-apt/graphs/contributors)をご覧ください。
diff --git a/spec/unit/puppet/provider/apt_key_spec.rb b/spec/unit/puppet/provider/apt_key_spec.rb
index ca35ff7..7b87017 100644
--- a/spec/unit/puppet/provider/apt_key_spec.rb
+++ b/spec/unit/puppet/provider/apt_key_spec.rb
@@ -1,215 +1,216 @@
require 'spec_helper'
describe Puppet::Type.type(:apt_key).provider(:apt_key) do
describe 'instances' do
it 'has an instance method' do
expect(described_class).to respond_to :instances
end
end
describe 'prefetch' do
it 'has a prefetch method' do
expect(described_class).to respond_to :prefetch
end
end
context 'self.instances no key' do
before :each do
+ # Unable to remove `master` from below terminology as it relies on outside code
allow(described_class).to receive(:apt_key).with(
['adv', '--no-tty', '--list-keys', '--with-colons', '--fingerprint', '--fixed-list-mode'],
).and_return('uid:-::::1284991450::07BEBE04F4AE4A8E885A761325717D8509D9C1DC::Ubuntu Extras Archive Automatic Signing Key ::::::::::0:')
end
it 'returns no resources' do
expect(described_class.instances.size).to eq(0)
end
end
context 'self.instances multiple keys' do
before :each do
command_output = <<-OUTPUT
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.DU0GdRxjmE --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/puppetlabs-pc1-keyring.gpg --no-tty --list-keys --with-colons --fingerprint --fixed-list-mode
tru:t:1:1549900774:0:3:1:5
pub:-:1024:17:40976EAF437D05B5:1095016255:::-:::scESC:
fpr:::::::::630239CC130E1A7FD81A27B140976EAF437D05B5:
uid:-::::1095016255::B84AE656F4F5A826C273A458512EF8E282754CE1::Ubuntu Archive Automatic Signing Key :
sub:-:2048:16:251BEFF479164387:1095016263::::::e:
pub:-:1024:17:46181433FBB75451:1104433784:::-:::scSC:
fpr:::::::::C5986B4F1257FFA86632CBA746181433FBB75451:
OUTPUT
allow(described_class).to receive(:apt_key).with(
['adv', '--no-tty', '--list-keys', '--with-colons', '--fingerprint', '--fixed-list-mode'],
).and_return(command_output)
end
it 'returns 2 resources' do
expect(described_class.instances.size).to eq(2)
expect(described_class.instances[0].name).to eq('630239CC130E1A7FD81A27B140976EAF437D05B5')
expect(described_class.instances[0].id).to eq('40976EAF437D05B5')
expect(described_class.instances[1].name).to eq('C5986B4F1257FFA86632CBA746181433FBB75451')
expect(described_class.instances[1].id).to eq('46181433FBB75451')
end
end
context 'create apt_key resource' do
it 'apt_key with content set and source nil' do
expect(described_class).to receive(:apt_key).with(['adv', '--no-tty',
'--keyserver',
:"keyserver.ubuntu.com",
'--recv-keys',
'C105B9DE'])
resource = Puppet::Type::Apt_key.new(name: 'source and content nil',
id: 'C105B9DE',
ensure: 'present')
provider = described_class.new(resource)
expect(provider).not_to be_exist
provider.create
expect(provider).to be_exist
end
it 'apt_key content and source nil, options set' do
expect(described_class).to receive(:apt_key).with(['adv', '--no-tty',
'--keyserver',
:"keyserver.ubuntu.com",
'--keyserver-options',
'jimno',
'--recv-keys',
'C105B9DE'])
resource = Puppet::Type::Apt_key.new(name: 'source and content nil',
id: 'C105B9DE',
options: 'jimno',
ensure: 'present')
provider = described_class.new(resource)
expect(provider).not_to be_exist
provider.create
expect(provider).to be_exist
end
it 'apt_key with content set' do
expect(described_class).to receive(:apt_key).with(array_including('add', kind_of(String)))
resource = Puppet::Type::Apt_key.new(name: 'gsd',
id: 'C105B9DE',
content: 'asad',
ensure: 'present')
provider = described_class.new(resource)
expect(provider).not_to be_exist
expect(provider).to receive(:tempfile).and_return(Tempfile.new('foo'))
provider.create
expect(provider).to be_exist
end
it 'apt_key with source set' do
expect(described_class).to receive(:apt_key).with(array_including('add', kind_of(String)))
resource = Puppet::Type::Apt_key.new(name: 'gsd',
id: 'C105B9DE',
source: 'ftp://bla/herpderp.gpg',
ensure: 'present')
provider = described_class.new(resource)
expect(provider).not_to be_exist
expect(provider).to receive(:source_to_file).and_return(Tempfile.new('foo'))
provider.create
expect(provider).to be_exist
end
it 'apt_key with source and weak ssl verify set' do
expect(described_class).to receive(:apt_key).with(array_including('add', kind_of(String)))
resource = Puppet::Type::Apt_key.new(name: 'gsd',
id: 'C105B9DE',
source: 'https://bla/herpderp.gpg',
ensure: 'present',
weak_ssl: true)
provider = described_class.new(resource)
expect(provider).not_to be_exist
expect(provider).to receive(:source_to_file).and_return(Tempfile.new('foo'))
provider.create
expect(provider).to be_exist
end
describe 'different valid id keys' do
hash_of_keys = {
'32bit key id' => 'EF8D349F',
'64bit key id' => '7F438280EF8D349F',
'160bit key fingerprint' => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
'32bit key id lowercase' => 'EF8D349F'.downcase,
'64bit key id lowercase' => '7F438280EF8D349F'.downcase,
'160bit key fingerprint lowercase' => '6F6B15509CF8E59E6E469F327F438280EF8D349F'.downcase,
'32bit key id 0x formatted' => '0xEF8D349F',
'64bit key id 0x formatted' => '0x7F438280EF8D349F',
'160bit key fingerprint 0x formatted' => '0x6F6B15509CF8E59E6E469F327F438280EF8D349F',
}
hash_of_keys.each do |key_type, value|
it "#{key_type} #{value} is valid" do
expect(described_class).to receive(:apt_key).with(array_including('adv', '--no-tty',
'--keyserver',
:"keyserver.ubuntu.com",
'--recv-keys'))
resource = Puppet::Type::Apt_key.new(name: 'source and content nil',
id: value,
ensure: 'present')
provider = described_class.new(resource)
expect(provider).not_to be_exist
provider.create
expect(provider).to be_exist
end
end
end
it 'apt_key with invalid key length' do
expect {
Puppet::Type::Apt_key.new(name: 'source and content nil',
id: '1',
ensure: 'present')
}.to raise_error(Puppet::ResourceError, %r{Parameter id failed on Apt_key})
end
end
context 'key_line_hash function' do
it 'matches rsa' do
expect(described_class.key_line_hash('pub:-:1024:1:40976EAF437D05B5:1095016255:::-:::scESC:', 'fpr:::::::::630239CC130E1A7FD81A27B140976EAF437D05B5:')).to include(
key_expiry: nil,
key_fingerprint: '630239CC130E1A7FD81A27B140976EAF437D05B5',
key_long: '40976EAF437D05B5',
key_short: '437D05B5',
key_size: '1024',
key_type: :rsa,
)
end
it 'matches dsa' do
expect(described_class.key_line_hash('pub:-:1024:17:40976EAF437D05B5:1095016255:::-:::scESC:', 'fpr:::::::::630239CC130E1A7FD81A27B140976EAF437D05B5:')).to include(
key_expiry: nil,
key_fingerprint: '630239CC130E1A7FD81A27B140976EAF437D05B5',
key_long: '40976EAF437D05B5',
key_short: '437D05B5',
key_size: '1024',
key_type: :dsa,
)
end
it 'matches ecc' do
expect(described_class.key_line_hash('pub:-:1024:18:40976EAF437D05B5:1095016255:::-:::scESC:', 'fpr:::::::::630239CC130E1A7FD81A27B140976EAF437D05B5:')).to include(
key_expiry: nil,
key_fingerprint: '630239CC130E1A7FD81A27B140976EAF437D05B5',
key_long: '40976EAF437D05B5',
key_short: '437D05B5',
key_size: '1024',
key_type: :ecc,
)
end
it 'matches ecdsa' do
expect(described_class.key_line_hash('pub:-:1024:19:40976EAF437D05B5:1095016255:::-:::scESC:', 'fpr:::::::::630239CC130E1A7FD81A27B140976EAF437D05B5:')).to include(
key_expiry: nil,
key_fingerprint: '630239CC130E1A7FD81A27B140976EAF437D05B5',
key_long: '40976EAF437D05B5',
key_short: '437D05B5',
key_size: '1024',
key_type: :ecdsa,
)
end
end
end