Enable backports on buster

[mirror/dsa-puppet.git] / modules / debian_org / manifests / apt.pp

diff --git a/modules/debian_org/manifests/apt.pp b/modules/debian_org/manifests/apt.pp
index 4fcb87b..62feca2 100644 (file)
--- a/modules/debian_org/manifests/apt.pp
+++ b/modules/debian_org/manifests/apt.pp
@@ -15,27 +15,50 @@ class debian_org::apt {
                $mirror = [ $fallbackmirror ]
        }
 
-       site::aptrepo { 'debian':
-               url        => $mirror,
-               suite      => [ $::lsbdistcodename, "${::lsbdistcodename}-backports", "${::lsbdistcodename}-updates" ],
-               components => ['main','contrib','non-free']
+       # jessie
+       if versioncmp($::lsbmajdistrelease, '8') <= 0 {
+               site::aptrepo { 'debian':
+                       url        => $mirror,
+                       suite      => [ $::lsbdistcodename ],
+                       components => ['main','contrib','non-free']
+               }
+       # stretch or buster
+       } else {
+               site::aptrepo { 'debian':
+                       url        => $mirror,
+                       suite      => [ $::lsbdistcodename, "${::lsbdistcodename}-backports", "${::lsbdistcodename}-updates" ],
+                       components => ['main','contrib','non-free']
+               }
        }
 
-       if ($::hostname in [smetana]) {
+       if versioncmp($::lsbmajdistrelease, '8') <= 0 {
                site::aptrepo { 'security':
-                       ensure => absent,
+                       url        => [ 'http://security-cdn.debian.org/', 'http://security.debian.org/' ],
+                       suite      => "${::lsbdistcodename}/updates",
+                       components => ['main','contrib','non-free']
                }
        } else {
                site::aptrepo { 'security':
-                       url        => [ 'http://security-cdn.debian.org/', 'http://security.debian.org/' ],
+                       url        => [ 'http://security.debian.org/' ],
                        suite      => "${::lsbdistcodename}/updates",
                        components => ['main','contrib','non-free']
                }
        }
 
+       # ca-certificates is installed by the ssl module
+       if versioncmp($::lsbmajdistrelease, '9') <= 0 {
+               package { 'apt-transport-https':
+                       ensure => installed,
+               }
+       } else {
+               # transitional package in buster
+               package { 'apt-transport-https':
+                       ensure => purged,
+               }
+       }
        $dbdosuites = [ 'debian-all', $::lsbdistcodename ]
        site::aptrepo { 'db.debian.org':
-               url        => 'http://db.debian.org/debian-admin',
+               url        => 'https://db.debian.org/debian-admin',
                suite      => $dbdosuites,
                components => 'main',
                key        => 'puppet:///modules/debian_org/db.debian.org.gpg',
@@ -106,6 +129,9 @@ class debian_org::apt {
        file { '/etc/apt/apt.conf.d/local-langs':
                source => 'puppet:///modules/debian_org/apt.conf.d/local-langs',
        }
+       file { '/etc/apt/apt.conf.d/local-cainfo':
+               source => 'puppet:///modules/debian_org/apt.conf.d/local-cainfo',
+       }
 
        exec { 'apt-get update':
                path    => '/usr/bin:/usr/sbin:/bin:/sbin',