mirror of
https://github.com/zulip/zulip.git
synced 2025-11-11 01:16:19 +00:00
eab1d1d9e7
With modern apt-key, the fingerprints are displayed in the more fully written-out format with spaces, and so `apt-key add` was being run every time. This fixes some unnecessary work being done on each puppet run on Debian stretch. I would have preferred to not need to do this by upgrading to upstream, but see #7423 for notes on why that isn't going to work (basically they broke support for puppet older than 4).
91 lines
2.7 KiB
Puppet
91 lines
2.7 KiB
Puppet
define apt::key (
|
|
$key = $title,
|
|
$ensure = present,
|
|
$key_content = false,
|
|
$key_source = false,
|
|
$key_server = 'keyserver.ubuntu.com',
|
|
$key_options = false
|
|
) {
|
|
|
|
include apt::params
|
|
|
|
$upkey = upcase($key)
|
|
# trim the key to the last 8 chars so we can match longer keys with apt-key list too
|
|
$trimmedkey = regsubst($upkey, '^.*(.{8})$', '\1')
|
|
|
|
if $key_content {
|
|
$method = 'content'
|
|
} elsif $key_source {
|
|
$method = 'source'
|
|
} elsif $key_server {
|
|
$method = 'server'
|
|
}
|
|
|
|
# This is a hash of the parts of the key definition that we care about.
|
|
# It is used as a unique identifier for this instance of apt::key. It gets
|
|
# hashed to ensure that the resource name doesn't end up being pages and
|
|
# pages (e.g. in the situation where key_content is specified).
|
|
$digest = sha1("${upkey}/${key_content}/${key_source}/${key_server}/")
|
|
|
|
# Allow multiple ensure => present for the same key to account for many
|
|
# apt::source resources that all reference the same key.
|
|
case $ensure {
|
|
present: {
|
|
|
|
anchor { "apt::key/${title}": }
|
|
|
|
if defined(Exec["apt::key ${upkey} absent"]) {
|
|
fail("Cannot ensure Apt::Key[${upkey}] present; ${upkey} already ensured absent")
|
|
}
|
|
|
|
if !defined(Anchor["apt::key ${upkey} present"]) {
|
|
anchor { "apt::key ${upkey} present": }
|
|
}
|
|
|
|
if $key_options{
|
|
$options_string = "--keyserver-options ${key_options}"
|
|
}
|
|
else{
|
|
$options_string = ''
|
|
}
|
|
|
|
if !defined(Exec[$digest]) {
|
|
$digest_command = $method ? {
|
|
'content' => "echo '${key_content}' | /usr/bin/apt-key add -",
|
|
'source' => "wget -q '${key_source}' -O- | apt-key add -",
|
|
'server' => "apt-key adv --keyserver '${key_server}' ${options_string} --recv-keys '${upkey}'",
|
|
}
|
|
exec { $digest:
|
|
command => $digest_command,
|
|
path => '/bin:/usr/bin',
|
|
unless => "/usr/bin/apt-key list | sed 's| ||g' | /bin/grep '${trimmedkey}'",
|
|
logoutput => 'on_failure',
|
|
before => Anchor["apt::key ${upkey} present"],
|
|
}
|
|
}
|
|
|
|
Anchor["apt::key ${upkey} present"] -> Anchor["apt::key/${title}"]
|
|
|
|
}
|
|
absent: {
|
|
|
|
if defined(Anchor["apt::key ${upkey} present"]) {
|
|
fail("Cannot ensure Apt::Key[${upkey}] absent; ${upkey} already ensured present")
|
|
}
|
|
|
|
exec { "apt::key ${upkey} absent":
|
|
command => "apt-key del '${upkey}'",
|
|
path => '/bin:/usr/bin',
|
|
onlyif => "apt-key list | sed 's| ||g' | grep '${trimmedkey}'",
|
|
user => 'root',
|
|
group => 'root',
|
|
logoutput => 'on_failure',
|
|
}
|
|
}
|
|
|
|
default: {
|
|
fail "Invalid 'ensure' value '${ensure}' for aptkey"
|
|
}
|
|
}
|
|
}
|