Skip to content

Commit

Permalink
Merge pull request #815 from simondeziel/modules-8081
Browse files Browse the repository at this point in the history
(MODULES-8081): add support for hkps:// protocol in apt::key
david22swan authored Oct 31, 2018

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
2 parents 948a172 + b28ddac commit 44c9018
Showing 4 changed files with 40 additions and 14 deletions.
10 changes: 5 additions & 5 deletions REFERENCE.md
Original file line number Diff line number Diff line change
@@ -65,8 +65,8 @@ Default value: $apt::params::provider

Data type: `String`

Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://, or
hkp://).
Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://,
hkp:// or hkps://). The hkps:// protocol is currently only supported on Ubuntu 18.04.

Default value: $apt::params::keyserver

@@ -481,10 +481,10 @@ Default value: `undef`

##### `server`

Data type: `Pattern[/\A((hkp|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?$/]`
Data type: `Pattern[/\A((hkp|hkps|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?$/]`

Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://, or
hkp://).
Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://,
hkp:// or hkps://). The hkps:// protocol is currently only supported on Ubuntu 18.04.

Default value: $::apt::keyserver

2 changes: 1 addition & 1 deletion lib/puppet/type/apt_key.rb
Original file line number Diff line number Diff line change
@@ -68,7 +68,7 @@
desc 'The key server to fetch the key from based on the ID. It can either be a domain name or url.'
defaultto :'keyserver.ubuntu.com'

newvalues(%r{\A((hkp|http|https)://)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?$})
newvalues(%r{\A((hkp|hkps|http|https)://)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?$})
end

newparam(:options) do
16 changes: 8 additions & 8 deletions manifests/key.pp
Original file line number Diff line number Diff line change
@@ -26,19 +26,19 @@
# an absolute path.
#
# @param server
# Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://, or
# hkp://).
# Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://,
# hkp:// or hkps://). The hkps:// protocol is currently only supported on Ubuntu 18.04.
#
# @param options
# Passes additional options to `apt-key adv --keyserver-options`.
#
define apt::key (
Pattern[/\A(0x)?[0-9a-fA-F]{8}\Z/, /\A(0x)?[0-9a-fA-F]{16}\Z/, /\A(0x)?[0-9a-fA-F]{40}\Z/] $id = $title,
Enum['present', 'absent', 'refreshed'] $ensure = present,
Optional[String] $content = undef,
Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]] $source = undef,
Pattern[/\A((hkp|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?$/] $server = $::apt::keyserver,
Optional[String] $options = undef,
Pattern[/\A(0x)?[0-9a-fA-F]{8}\Z/, /\A(0x)?[0-9a-fA-F]{16}\Z/, /\A(0x)?[0-9a-fA-F]{40}\Z/] $id = $title,
Enum['present', 'absent', 'refreshed'] $ensure = present,
Optional[String] $content = undef,
Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]] $source = undef,
Pattern[/\A((hkp|hkps|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?$/] $server = $::apt::keyserver,
Optional[String] $options = undef,
) {

case $ensure {
26 changes: 26 additions & 0 deletions spec/acceptance/apt_key_provider_spec.rb
Original file line number Diff line number Diff line change
@@ -478,6 +478,19 @@ def apply_manifest_twice(manifest_pp)
}
MANIFEST

hkps_protocol_supported = fact('operatingsystem') =~ %r{Ubuntu} && \
fact('operatingsystemrelease') =~ %r{^18\.04}

if hkps_protocol_supported
hkps_ubuntu_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
server => 'hkps://keyserver.ubuntu.com',
}
MANIFEST
end

nonexistant_key_server_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
@@ -786,6 +799,19 @@ def apply_manifest_twice(manifest_pp)
end
end

if hkps_protocol_supported
context 'with hkps://keyserver.ubuntu.com' do
it 'works' do
retry_on_error_matching do
apply_manifest(hkps_ubuntu_pp, catch_failures: true)
end

apply_manifest(hkps_ubuntu_pp, catch_changes: true)
shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
end
end

context 'with nonexistant.key.server' do
it 'fails' do
apply_manifest(nonexistant_key_server_pp, expect_failures: true) do |r|

0 comments on commit 44c9018

Please sign in to comment.