diff --git a/manifests/params.pp b/manifests/params.pp index b0c367c..149e4c9 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,122 +1,123 @@ # @summary Provides defaults for the Apt module parameters. # # @api private # class apt::params { if $::osfamily != 'Debian' { fail(translate('This module only works on Debian or derivatives like Ubuntu')) } $root = '/etc/apt' $provider = '/usr/bin/apt-get' $sources_list = "${root}/sources.list" $sources_list_d = "${root}/sources.list.d" $trusted_gpg_d = "${root}/trusted.gpg.d" $conf_d = "${root}/apt.conf.d" $preferences = "${root}/preferences" $preferences_d = "${root}/preferences.d" $apt_conf_d = "${root}/apt.conf.d" $keyserver = 'keyserver.ubuntu.com' $key_options = undef $confs = {} $update = {} $purge = {} $proxy = {} $sources = {} $keys = {} $ppas = {} $pins = {} $settings = {} $manage_auth_conf = true $auth_conf_entries = [] $config_files = { 'conf' => { 'path' => $conf_d, 'ext' => '', }, 'pref' => { 'path' => $preferences_d, 'ext' => '.pref', }, 'list' => { 'path' => $sources_list_d, 'ext' => '.list', } } $update_defaults = { 'frequency' => 'reluctantly', 'loglevel' => undef, 'timeout' => undef, 'tries' => undef, } $proxy_defaults = { - 'ensure' => undef, - 'host' => undef, - 'port' => 8080, - 'https' => false, - 'direct' => false, + 'ensure' => undef, + 'host' => undef, + 'port' => 8080, + 'https' => false, + 'https_acng' => false, + 'direct' => false, } $purge_defaults = { 'sources.list' => false, 'sources.list.d' => false, 'preferences' => false, 'preferences.d' => false, 'apt.conf.d' => false, } $source_key_defaults = { 'server' => $keyserver, 'options' => undef, 'content' => undef, 'source' => undef, } $include_defaults = { 'deb' => true, 'src' => false, } case $facts['os']['name']{ 'Debian': { $backports = { 'location' => 'http://deb.debian.org/debian', 'repos' => 'main contrib non-free', } $ppa_options = undef $ppa_package = undef if versioncmp($facts['os']['release']['major'], '9') >= 0 { $auth_conf_owner = '_apt' } else { $auth_conf_owner = 'root' } } 'Ubuntu': { $backports = { 'location' => 'http://archive.ubuntu.com/ubuntu', 'key' => '630239CC130E1A7FD81A27B140976EAF437D05B5', 'repos' => 'main universe multiverse restricted', } $ppa_options = '-y' $ppa_package = 'software-properties-common' if versioncmp($facts['os']['release']['full'], '16.04') >= 0 { $auth_conf_owner = '_apt' } else { $auth_conf_owner = 'root' } } undef: { fail(translate('Unable to determine value for fact os[\"name\"]')) } default: { $ppa_options = undef $ppa_package = undef $backports = undef $auth_conf_owner = 'root' } } } diff --git a/manifests/source.pp b/manifests/source.pp index cb75635..365ba13 100644 --- a/manifests/source.pp +++ b/manifests/source.pp @@ -1,165 +1,173 @@ # @summary Manages the Apt sources in /etc/apt/sources.list.d/. # # @example Install the puppetlabs apt source # apt::source { 'puppetlabs': # location => 'http://apt.puppetlabs.com', # repos => 'main', # key => { # id => '6F6B15509CF8E59E6E469F327F438280EF8D349F', # server => 'hkps.pool.sks-keyservers.net', # }, # } # # @param location # Required, unless ensure is set to 'absent'. Specifies an Apt repository. Valid options: a string containing a repository URL. # # @param comment # Supplies a comment for adding to the Apt source file. # # @param ensure # Specifies whether the Apt source file should exist. Valid options: 'present' and 'absent'. # # @param release # Specifies a distribution of the Apt repository. # # @param repos # Specifies a component of the Apt repository. # # @param include # Configures include options. Valid options: a hash of available keys. # # @option include [Boolean] :deb # Specifies whether to request the distribution's compiled binaries. Default true. # # @option include [Boolean] :src # Specifies whether to request the distribution's uncompiled source code. Default false. # # @param key # Creates a declaration of the apt::key defined type. Valid options: a string to be passed to the `id` parameter of the `apt::key` # defined type, or a hash of `parameter => value` pairs to be passed to `apt::key`'s `id`, `server`, `content`, `source`, and/or # `options` parameters. # # @param pin # Creates a declaration of the apt::pin defined type. Valid options: a number or string to be passed to the `id` parameter of the # `apt::pin` defined type, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corresponding parameters. # # @param architecture # Tells Apt to only download information for specified architectures. Valid options: a string containing one or more architecture names, # separated by commas (e.g., 'i386' or 'i386,alpha,powerpc'). Default: undef (if unspecified, Apt downloads information for all architectures # defined in the Apt::Architectures option). # # @param allow_unsigned # Specifies whether to authenticate packages from this release, even if the Release file is not signed or the signature can't be checked. # # @param notify_update # Specifies whether to trigger an `apt-get update` run. # define apt::source( Optional[String] $location = undef, String $comment = $name, String $ensure = present, Optional[String] $release = undef, String $repos = 'main', Optional[Variant[Hash]] $include = {}, Optional[Variant[String, Hash]] $key = undef, Optional[Variant[Hash, Numeric, String]] $pin = undef, Optional[String] $architecture = undef, Boolean $allow_unsigned = false, Boolean $notify_update = true, ) { include ::apt $_before = Apt::Setting["list-${title}"] if !$release { if $facts['lsbdistcodename'] { $_release = $facts['lsbdistcodename'] } else { fail(translate('lsbdistcodename fact not available: release parameter required')) } } else { $_release = $release } if $ensure == 'present' { if ! $location { fail(translate('cannot create a source entry without specifying a location')) } + elsif ($::apt::proxy['https_acng']) and ($location =~ /(?i:^https:\/\/)/) { + $_location = regsubst($location, 'https://','http://HTTPS///') + } + else { + $_location = $location + } # Newer oses, do not need the package for HTTPS transport. $_transport_https_releases = [ 'wheezy', 'jessie', 'stretch', 'trusty', 'xenial' ] - if ($facts['lsbdistcodename'] in $_transport_https_releases) and $location =~ /(?i:^https:\/\/)/ { + if ($facts['lsbdistcodename'] in $_transport_https_releases) and $_location =~ /(?i:^https:\/\/)/ { ensure_packages('apt-transport-https') } + } else { + $_location = undef } $includes = merge($::apt::include_defaults, $include) if $key { if $key =~ Hash { unless $key['id'] { fail(translate('key hash must contain at least an id entry')) } $_key = merge($::apt::source_key_defaults, $key) } else { $_key = { 'id' => assert_type(String[1], $key) } } } $header = epp('apt/_header.epp') $sourcelist = epp('apt/source.list.epp', { 'comment' => $comment, 'includes' => $includes, 'opt_architecture' => $architecture, 'allow_unsigned' => $allow_unsigned, - 'location' => $location, + 'location' => $_location, 'release' => $_release, 'repos' => $repos, }) apt::setting { "list-${name}": ensure => $ensure, content => "${header}${sourcelist}", notify_update => $notify_update, } if $pin { if $pin =~ Hash { $_pin = merge($pin, { 'ensure' => $ensure, 'before' => $_before }) } elsif ($pin =~ Numeric or $pin =~ String) { $url_split = split($location, '[:\/]+') $host = $url_split[1] $_pin = { 'ensure' => $ensure, 'priority' => $pin, 'before' => $_before, 'origin' => $host, } } else { fail(translate('Received invalid value for pin parameter')) } create_resources('apt::pin', { "${name}" => $_pin }) } # We do not want to remove keys when the source is absent. if $key and ($ensure == 'present') { if $_key =~ Hash { if $_key['ensure'] != undef { $_ensure = $_key['ensure'] } else { $_ensure = $ensure } apt::key { "Add key: ${$_key['id']} from Apt::Source ${title}": ensure => $_ensure, id => $_key['id'], server => $_key['server'], content => $_key['content'], source => $_key['source'], options => $_key['options'], before => $_before, } } } } diff --git a/types/proxy.pp b/types/proxy.pp index 0aae395..20cbfec 100644 --- a/types/proxy.pp +++ b/types/proxy.pp @@ -1,26 +1,27 @@ # @summary Configures Apt to connect to a proxy server. # # @param ensure # Specifies whether the proxy should exist. Valid options: 'file', 'present', and 'absent'. Prefer 'file' over 'present'. # # @param host # Specifies a proxy host to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: a string containing a hostname. # # @param port # Specifies a proxy port to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: an integer containing a port number. # # @param https # Specifies whether to enable https proxies. # # @param direct # Specifies whether or not to use a `DIRECT` https proxy if http proxy is used but https is not. # type Apt::Proxy = Struct[ { - ensure => Optional[Enum['file', 'present', 'absent']], - host => Optional[String], - port => Optional[Integer[0, 65535]], - https => Optional[Boolean], - direct => Optional[Boolean], + ensure => Optional[Enum['file', 'present', 'absent']], + host => Optional[String], + port => Optional[Integer[0, 65535]], + https => Optional[Boolean], + https_acng => Optional[Boolean], + direct => Optional[Boolean], } ]