diff --git a/manifests/init.pp b/manifests/init.pp index 79fe4d0..b8c420d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,82 +1,85 @@ class unattended_upgrades ( Unattended_upgrades::Age $age = {}, Unattended_upgrades::Auto $auto = {}, Unattended_upgrades::Backup $backup = {}, Array[String[1]] $blacklist = [], Array[String[1]] $whitelist = [], Optional[Integer[0]] $dl_limit = undef, Integer[0, 1] $enable = 1, Boolean $install_on_shutdown = false, Boolean $legacy_origin = $unattended_upgrades::params::legacy_origin, Unattended_upgrades::Mail $mail = {}, Boolean $minimal_steps = true, Array[String[1]] $origins = $unattended_upgrades::params::origins, String[1] $package_ensure = installed, Array[String[1]] $extra_origins = [], Optional[Integer[0]] $random_sleep = undef, Optional[String] $sender = undef, Integer[0] $size = 0, Integer[0] $update = 1, Integer[0] $upgrade = 1, Unattended_upgrades::Upgradeable_packages $upgradeable_packages = {}, Integer[0] $verbose = 0, Boolean $notify_update = false, Unattended_upgrades::Options $options = {}, Array[String[1]] $days = [], Optional[Boolean] $remove_unused_kernel = undef, Optional[Boolean] $remove_new_unused_deps = undef, Optional[Boolean] $syslog_enable = undef, Optional[String] $syslog_facility = undef, ) inherits unattended_upgrades::params { # apt::conf settings require the apt class to work include apt $_age = merge($unattended_upgrades::default_age, $age) assert_type(Unattended_upgrades::Age, $_age) $_auto = merge($unattended_upgrades::default_auto, $auto) assert_type(Unattended_upgrades::Auto, $_auto) $_backup = merge($unattended_upgrades::default_backup, $backup) assert_type(Unattended_upgrades::Backup, $_backup) $_mail = merge($unattended_upgrades::default_mail, $mail) assert_type(Unattended_upgrades::Mail, $_mail) $_upgradeable_packages = merge($unattended_upgrades::default_upgradeable_packages, $upgradeable_packages) assert_type(Unattended_upgrades::Upgradeable_packages, $_upgradeable_packages) + if $options != {} { + warning('passing "options" is deprecated, use apt::conf directly instead') + } $_options = merge($unattended_upgrades::default_options, $options) assert_type(Unattended_upgrades::Options, $_options) package { 'unattended-upgrades': ensure => $package_ensure, } apt::conf { 'unattended-upgrades': priority => 50, content => template("${module_name}/unattended-upgrades.erb"), require => Package['unattended-upgrades'], notify_update => $notify_update, } apt::conf { 'periodic': priority => 10, content => template("${module_name}/periodic.erb"), require => Package['unattended-upgrades'], notify_update => $notify_update, } apt::conf { 'auto-upgrades': ensure => absent, priority => 20, require => Package['unattended-upgrades'], notify_update => $notify_update, } apt::conf { 'options': priority => 10, content => template("${module_name}/options.erb"), require => Package['unattended-upgrades'], notify_update => $notify_update, } } diff --git a/manifests/params.pp b/manifests/params.pp index 8081b09..1663a30 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,69 +1,70 @@ # class unattended_upgrades::params { if $facts['os']['family'] != 'Debian' { fail('This module only works on Debian or derivatives like Ubuntu') } $default_auto = { 'fix_interrupted_dpkg' => true, 'remove' => true, 'reboot' => false, 'clean' => 0, 'reboot_time' => 'now', } $default_mail = { 'only_on_error' => true, } $default_backup = { 'archive_interval' => 0, 'level' => 3, } $default_age = { 'min' => 2, 'max' => 0, } $default_upgradeable_packages = { 'download_only' => 0, 'debdelta' => 1, } + # those are DEPRECATED and will be removed in a future releaseq $default_options = { - 'force_confdef' => true, - 'force_confold' => true, + 'force_confdef' => false, + 'force_confold' => false, 'force_confnew' => false, 'force_confmiss' => false, } case fact('lsbdistid') { 'debian', 'raspbian': { case fact('lsbdistcodename') { 'buster': { $legacy_origin = false $origins = [ 'origin=Debian,codename=${distro_codename},label=Debian', #lint:ignore:single_quote_string_with_variables 'origin=Debian,codename=${distro_codename},label=Debian-Security', #lint:ignore:single_quote_string_with_variables ] } default: { $legacy_origin = false $origins = [ 'origin=Debian,codename=${distro_codename},label=Debian-Security', #lint:ignore:single_quote_string_with_variables ] } } } 'ubuntu', 'neon': { # Ubuntu: https://ubuntu.com/about/release-cycle and https://wiki.ubuntu.com/Releases $legacy_origin = true $origins = [ '${distro_id}:${distro_codename}', #lint:ignore:single_quote_string_with_variables '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables '${distro_id}ESMApps:${distro_codename}-apps-security', #lint:ignore:single_quote_string_with_variables '${distro_id}ESM:${distro_codename}-infra-security', #lint:ignore:single_quote_string_with_variables ] } 'LinuxMint': { case fact('lsbmajdistrelease') { # Linux Mint 18* is based on Ubuntu 16.04 '18': { $legacy_origin = true $origins = [ 'Ubuntu:xenial-security', ] } default: { $legacy_origin = true $origins = [ '${distro_id}:${distro_codename}-security', #lint:ignore:single_quote_string_with_variables ] } } } default: { $legacy_origin = undef $origins = undef } } } diff --git a/spec/classes/os_spec.rb b/spec/classes/os_spec.rb index 69918e6..b748be9 100644 --- a/spec/classes/os_spec.rb +++ b/spec/classes/os_spec.rb @@ -1,81 +1,81 @@ require 'spec_helper' describe 'unattended_upgrades' do on_supported_os.each do |os, os_facts| context "on #{os}" do let(:facts) { os_facts } let(:file_unattended) { '/etc/apt/apt.conf.d/50unattended-upgrades' } it { is_expected.to compile.with_all_deps } it do is_expected.to create_file('/etc/apt/apt.conf.d/10periodic'). with_owner('root'). with_group('root'). with_content(%r{APT::Periodic::Enable "1";}). with_content(%r{APT::Periodic::BackupArchiveInterval "0";}). with_content(%r{APT::Periodic::BackupLevel "3";}). with_content(%r{APT::Periodic::MaxAge "0";}). with_content(%r{APT::Periodic::MinAge "2";}). with_content(%r{APT::Periodic::MaxSize "0";}). with_content(%r{APT::Periodic::Update-Package-Lists "1";}). with_content(%r{APT::Periodic::Download-Upgradeable-Packages "0";}). with_content(%r{APT::Periodic::Download-Upgradeable-Packages-Debdelta "1";}). with_content(%r{APT::Periodic::Unattended-Upgrade "1";}). with_content(%r{APT::Periodic::AutocleanInterval "0";}). with_content(%r{APT::Periodic::Verbose "0";}) end it { is_expected.to contain_apt__conf('auto-upgrades').with_ensure('absent') } it do is_expected.to create_file('/etc/apt/apt.conf.d/10options'). with_owner('root'). with_group('root'). with_content(%r{^Dpkg::Options\s\{}). - with_content(%r{^\s+\"--force-confdef\";}). - with_content(%r{^\s+\"--force-confold\";}). + without_content(%r{^\s+\"--force-confdef\";}). + without_content(%r{^\s+\"--force-confold\";}). without_content(%r{\"--force-confnew\";}). without_content(%r{\"--force-confmiss\";}) end it { is_expected.to create_file(file_unattended).with_owner('root').with_group('root') } # rubocop:disable Style/RegexpLiteral case os_facts[:operatingsystem] when 'Debian' case os_facts[:lsbdistcodename] when 'jessie', 'stretch' it do is_expected.to create_file(file_unattended).with_content( /Unattended-Upgrade::Origins-Pattern\ {\n \t"origin=Debian,codename=\${distro_codename},label=Debian-Security";\n };/x ) end when 'buster' it do is_expected.to create_file(file_unattended).with_content( /Unattended-Upgrade::Origins-Pattern\ {\n \t"origin=Debian,codename=\${distro_codename},label=Debian";\n \t"origin=Debian,codename=\${distro_codename},label=Debian-Security";\n };/x ) end end when 'Ubuntu' it do is_expected.to create_file(file_unattended).with_content( /Unattended-Upgrade::Allowed-Origins\ {\n \t"\${distro_id}\:\${distro_codename}";\n \t"\${distro_id}\:\${distro_codename}-security";\n \t"\${distro_id}ESMApps\:\${distro_codename}-apps-security";\n \t"\${distro_id}ESM\:\${distro_codename}-infra-security";\n };/x ) end end # rubocop:enable Style/RegexpLiteral end end end