From: Peter Palfrader Date: Sat, 7 Apr 2012 11:15:42 +0000 (+0000) Subject: Remove old backports.org key from apt-keyring X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=e69713f7d490e43797ef83b604553b3bdd10cdff;p=mirror%2Fdsa-puppet.git Remove old backports.org key from apt-keyring --- diff --git a/modules/debian-org/manifests/init.pp b/modules/debian-org/manifests/init.pp index 461f0a428..369aade3d 100644 --- a/modules/debian-org/manifests/init.pp +++ b/modules/debian-org/manifests/init.pp @@ -64,13 +64,18 @@ class debian-org { site::aptrepo { 'security': template => 'debian-org/etc/apt/sources.list.d/security.list.erb', } - site::aptrepo { 'backports.org': - template => 'debian-org/etc/apt/sources.list.d/backports.org.list.erb', + site::aptrepo { 'backports.debian.org': + template => 'debian-org/etc/apt/sources.list.d/backports.debian.org.list.erb', } site::aptrepo { 'volatile': template => 'debian-org/etc/apt/sources.list.d/volatile.list.erb', } } + site::aptrepo { 'backports.org': + ensure => absent, + keyid => '16BA136C', + key => 'puppet:///modules/debian-org/backports.org.asc', + } site::aptrepo { 'debian.org': ensure => absent, diff --git a/modules/debian-org/templates/etc/apt/sources.list.d/backports.debian.org.list.erb b/modules/debian-org/templates/etc/apt/sources.list.d/backports.debian.org.list.erb new file mode 100644 index 000000000..53485d11e --- /dev/null +++ b/modules/debian-org/templates/etc/apt/sources.list.d/backports.debian.org.list.erb @@ -0,0 +1,10 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +<% if lsbdistcodename == 'lenny' %> +deb http://archive.debian.org/debian-backports/ lenny-backports main contrib non-free +<% elsif lsbdistcodename != 'n/a' %> +deb http://backports.debian.org/debian-backports/ <%= lsbdistcodename %>-backports main contrib non-free +<% end %> diff --git a/modules/debian-org/templates/etc/apt/sources.list.d/backports.org.list.erb b/modules/debian-org/templates/etc/apt/sources.list.d/backports.org.list.erb deleted file mode 100644 index 53485d11e..000000000 --- a/modules/debian-org/templates/etc/apt/sources.list.d/backports.org.list.erb +++ /dev/null @@ -1,10 +0,0 @@ -## -## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -## - -<% if lsbdistcodename == 'lenny' %> -deb http://archive.debian.org/debian-backports/ lenny-backports main contrib non-free -<% elsif lsbdistcodename != 'n/a' %> -deb http://backports.debian.org/debian-backports/ <%= lsbdistcodename %>-backports main contrib non-free -<% end %> diff --git a/modules/site/manifests/aptrepo.pp b/modules/site/manifests/aptrepo.pp index 79d1a59c6..ae66d6f21 100644 --- a/modules/site/manifests/aptrepo.pp +++ b/modules/site/manifests/aptrepo.pp @@ -1,21 +1,41 @@ -define site::aptrepo ($key = undef, $template = undef, $config = undef, $ensure = present) { +define site::aptrepo ($key = undef, $keyid = undef, $template = undef, $config = undef, $ensure = present) { - if $key { - exec { "apt-key-update-${name}": - command => "apt-key add /etc/apt/trusted-keys.d/${name}.asc", - refreshonly => true, - } - - file { "/etc/apt/trusted-keys.d/${name}.asc": - source => $key, - mode => '0664', - notify => Exec["apt-key-update-${name}"] - } - } case $ensure { - present: {} - absent: {} + present: { + if $key { + exec { "apt-key-update-${name}": + command => "apt-key add /etc/apt/trusted-keys.d/${name}.asc", + refreshonly => true, + } + + file { "/etc/apt/trusted-keys.d/${name}.asc": + source => $key, + mode => '0664', + notify => Exec["apt-key-update-${name}"] + } + } + } + absent: { + if ($keyid) and ($key) { + file { "/etc/apt/trusted-keys.d/${name}.asc": + ensure => absent, + notify => Exec["apt-key-del-${keyid}"] + } + exec { "apt-key-del-${keyid}": + command => "apt-key del ${keyid}", + refreshonly => true, + } + } elsif $key { + file { "/etc/apt/trusted-keys.d/${name}.asc": + ensure => absent, + } + } elsif $keyid { + exec { "apt-key-del-${keyid}": + command => "apt-key del ${keyid}", + } + } + } default: { fail ( "Unknown ensure value: '$ensure'" ) } }