Skip to content

Commit

Permalink
Merge pull request puppetlabs#681 from kenyon/debian-keyring
Browse files Browse the repository at this point in the history 
(MODULES-9695) Debian: use modern APT keyring format
  • Loading branch information
@mhashizume
mhashizume authored Jul 9, 2024
2 parents 7e85c0c + 87d67b2 commit 4680ee4
Show file tree
Hide file tree
Showing 5 changed files with 28 additions and 88 deletions.
15 changes: 12 additions & 3 deletions acceptance/helpers.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,9 +177,9 @@ def new_puppet_testing_environment
# @param [String] environment The puppet environment to install the modules to, this must
# be a valid environment in the puppet install on the host.
def install_puppet_agent_module_on(host, environment)
on(host, puppet('module', 'install', 'puppetlabs-stdlib', '--version', '8.4.0', '--environment', environment), { acceptable_exit_codes: [0] })
on(host, puppet('module', 'install', 'puppetlabs-inifile', '--version', '5.3.0', '--environment', environment), { acceptable_exit_codes: [0] })
on(host, puppet('module', 'install', 'puppetlabs-apt', '--version', '9.0.0', '--environment', environment), { acceptable_exit_codes: [0] })
on(host, puppet('module', 'install', 'puppetlabs-stdlib', '--version', '9.0.0', '--environment', environment), { acceptable_exit_codes: [0] })
on(host, puppet('module', 'install', 'puppetlabs-inifile', '--version', '6.1.0', '--environment', environment), { acceptable_exit_codes: [0] })
on(host, puppet('module', 'install', 'puppetlabs-apt', '--version', '9.4.0', '--environment', environment), { acceptable_exit_codes: [0] })

install_dev_puppet_module_on(host,
source: File.join(File.dirname(__FILE__), '..'),
Expand Down Expand Up @@ -235,6 +235,15 @@ def set_up_initial_agent_on(host, initial_package_version_or_collection)
end

install_puppet_agent_on(host, agent_install_options)

# beaker-puppet doesn't add signing information to the apt source list, but this module does.
# This discrepancy causes apt to error, so we manually add signing info.
if %r{debian|ubuntu}.match?(host['platform'])
step '(Agent) Add apt signing information' do
on(host, "sed -e 's/^deb http/deb [signed-by=\\/etc\\/apt\\/keyrings\\/GPG-KEY-puppet-20250406.asc] http/' /etc/apt/sources.list.d/puppet*.list -i")
end
end

teardowns << -> do
remove_installed_agent(host)
end
Expand Down
35 changes: 3 additions & 32 deletions manifests/osfamily/debian.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,44 +71,15 @@
} else {
$source = $puppet_agent::apt_source
}
$legacy_keyname = 'GPG-KEY-puppet'
$legacy_gpg_path = "/etc/pki/deb-gpg/${legacy_keyname}"
$keyname = 'GPG-KEY-puppet-20250406'
$gpg_path = "/etc/pki/deb-gpg/${keyname}"

if getvar('::puppet_agent::manage_pki_dir') == true {
file { ['/etc/pki', '/etc/pki/deb-gpg']:
ensure => directory,
}
}

file { $legacy_gpg_path:
ensure => file,
owner => 0,
group => 0,
mode => '0644',
source => "puppet:///modules/puppet_agent/${legacy_keyname}",
}

apt::key { 'legacy key':
id => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
source => $legacy_gpg_path,
}

file { $gpg_path:
ensure => file,
owner => 0,
group => 0,
mode => '0644',
source => "puppet:///modules/puppet_agent/${keyname}",
}
$keyname = 'GPG-KEY-puppet-20250406'

apt::source { 'pc_repo':
location => $source,
repos => $puppet_agent::collection,
key => {
'id' => 'D6811ED3ADEEB8441AF5AA8F4528B6CD9E61EF26',
'source' => $gpg_path,
'name' => "${keyname}.asc",
'content' => file("${module_name}/${keyname}"),
},
notify => Exec['pc_repo_force'],
}
Expand Down
8 changes: 4 additions & 4 deletions metadata.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,15 @@
"dependencies": [
{
"name": "puppetlabs-stdlib",
"version_requirement": ">= 5.1.0 < 10.0.0"
"version_requirement": ">= 9.0.0 < 10.0.0"
},
{
"name": "puppetlabs-inifile",
"version_requirement": ">= 2.4.0 < 7.0.0"
"version_requirement": ">= 6.1.0 < 7.0.0"
},
{
"name": "puppetlabs-apt",
"version_requirement": ">= 7.7.1 < 10.0.0"
"version_requirement": ">= 9.2.0 < 10.0.0"
},
{
"name": "puppetlabs-facts",
Expand Down Expand Up @@ -75,7 +75,7 @@
"requirements": [
{
"name": "puppet",
"version_requirement": ">= 5.0.0 < 9.0.0"
"version_requirement": ">= 7.0.0 < 9.0.0"
}
],
"pdk-version": "3.2.0",
Expand Down
56 changes: 8 additions & 48 deletions spec/classes/puppet_agent_osfamily_debian_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,44 +151,14 @@
})
}

it {
is_expected.to contain_file('/etc/pki/deb-gpg/GPG-KEY-puppet-20250406')
.with({
'ensure' => 'file',
'owner' => '0',
'group' => '0',
'mode' => '0644',
'source' => 'puppet:///modules/puppet_agent/GPG-KEY-puppet-20250406',
})
}

it {
is_expected.to contain_file('/etc/pki/deb-gpg/GPG-KEY-puppet')
.with({
'ensure' => 'file',
'owner' => '0',
'group' => '0',
'mode' => '0644',
'source' => 'puppet:///modules/puppet_agent/GPG-KEY-puppet',
})
}

it {
is_expected.to contain_apt__key('legacy key')
.with({
'id' => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
'source' => '/etc/pki/deb-gpg/GPG-KEY-puppet',
})
}

it {
is_expected.to contain_apt__source('pc_repo')
.with({
'location' => 'https://master.example.vm:8140/packages/2000.0.0/debian-7-x86_64',
'repos' => 'PC1',
'key' => {
'id' => 'D6811ED3ADEEB8441AF5AA8F4528B6CD9E61EF26',
'source' => '/etc/pki/deb-gpg/GPG-KEY-puppet-20250406',
'name' => 'GPG-KEY-puppet-20250406.asc',
'content' => Puppet::FileSystem.read_preserve_line_endings('files/GPG-KEY-puppet-20250406'),
},
})
}
Expand All @@ -209,8 +179,8 @@
'location' => 'https://fake-apt-mirror.com/packages/2000.0.0/debian-7-x86_64',
'repos' => 'PC1',
'key' => {
'id' => 'D6811ED3ADEEB8441AF5AA8F4528B6CD9E61EF26',
'source' => '/etc/pki/deb-gpg/GPG-KEY-puppet-20250406',
'name' => 'GPG-KEY-puppet-20250406.asc',
'content' => Puppet::FileSystem.read_preserve_line_endings('files/GPG-KEY-puppet-20250406'),
},
})
}
Expand All @@ -225,7 +195,6 @@
end

it { is_expected.not_to contain_apt__setting('conf-pc_repo') }
it { is_expected.not_to contain_apt__key('legacy key') }
it { is_expected.not_to contain_apt__source('pc_repo') }
end

Expand All @@ -245,22 +214,14 @@
}
end

it {
is_expected.to contain_apt__key('legacy key')
.with({
'id' => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
'source' => '/etc/pki/deb-gpg/GPG-KEY-puppet',
})
}

it {
is_expected.to contain_apt__source('pc_repo')
.with({
'location' => 'https://apt.puppet.com',
'repos' => 'puppet5',
'key' => {
'id' => 'D6811ED3ADEEB8441AF5AA8F4528B6CD9E61EF26',
'source' => '/etc/pki/deb-gpg/GPG-KEY-puppet-20250406',
'name' => 'GPG-KEY-puppet-20250406.asc',
'content' => Puppet::FileSystem.read_preserve_line_endings('files/GPG-KEY-puppet-20250406'),
},
})
}
Expand All @@ -282,8 +243,8 @@
'location' => 'https://fake-apt-mirror.com/',
'repos' => 'puppet5',
'key' => {
'id' => 'D6811ED3ADEEB8441AF5AA8F4528B6CD9E61EF26',
'source' => '/etc/pki/deb-gpg/GPG-KEY-puppet-20250406',
'name' => 'GPG-KEY-puppet-20250406.asc',
'content' => Puppet::FileSystem.read_preserve_line_endings('files/GPG-KEY-puppet-20250406'),
},
})
}
Expand All @@ -297,7 +258,6 @@
}
end

it { is_expected.not_to contain_apt__key('legacy key') }
it { is_expected.not_to contain_apt__source('pc_repo') }
end

Expand Down
2 changes: 1 addition & 1 deletion spec/spec_helper_acceptance.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ def teardown_puppet_on(host)
# the machine after each run.
case host['platform']
when %r{debian|ubuntu}
on host, '/opt/puppetlabs/bin/puppet module install puppetlabs-apt --version 9.0.0', { acceptable_exit_codes: [0, 1] }
on host, '/opt/puppetlabs/bin/puppet module install puppetlabs-apt --version 9.4.0', { acceptable_exit_codes: [0, 1] }
clean_repo = "include apt\napt::source { 'pc_repo': ensure => absent, notify => Package['puppet-agent'] }"
when %r{fedora|el|centos}
clean_repo = "yumrepo { 'pc_repo': ensure => absent, notify => Package['puppet-agent'] }"
Expand Down

0 comments on commit 4680ee4

Please sign in to comment.