Skip to content

Update debian source from list to deb822#526

Open
alaunay wants to merge 9 commits intovoxpupuli:masterfrom
cusae:newdeb822
Open

Update debian source from list to deb822#526
alaunay wants to merge 9 commits intovoxpupuli:masterfrom
cusae:newdeb822

Conversation

@alaunay
Copy link

@alaunay alaunay commented Jan 18, 2026

Pull Request (PR) description

Update debian source to deb822

@alaunay alaunay changed the title Newdeb822 Update debian source from list to deb822 Jan 18, 2026
}

apt::source { 'nodesource':
key => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why did you move the key information to a new defined resource?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because it's no longer supported as a key parameter (like pin) in deb822 format:

https://github.com/puppetlabs/puppetlabs-apt/blob/main/manifests/source.pp#L285

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And it's used, but it does not manage the apt::keyring resource.

if %w[16 18].include?(nodejs_version) && fact('os.family') == 'Debian' && %w[12 13].include?(fact('os.release.major'))
'1000'
repo_priority =
if fact('os.family') == 'Debian'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

isn't that now the default that's in init.pp/params.pp anyways?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're right. I dropped that logic in the next commit.

if ($ensure != 'absent') {
apt::keyring { 'nodesource':
source => 'https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key',
dir => '/usr/share/keyrings',

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why specify the directory explicitly here instead of letting it be installed in the default /etc/apt/keyrings?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello @stuartrobert , it's because of sources.list(5):

https://manpages.debian.org/trixie/apt/sources.list.5.en.html

"The recommended locations for keyrings are /usr/share/keyrings for keyrings managed by packages, and /etc/apt/keyrings for keyrings managed by the system operator"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My interpretation of that link is that keyrings delivered as part of a package contents (an explicit file in the package, not even one created with a heredoc from a post install script or similar) should be put in /usr/share/keyrings and all others should live in /etc/apt/keyrings. This then also means the /etc/apt/keyrings dir can be purged of all unmanaged files to clean out old keyrings without affecting packaged keyrings.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, commit added to change the directory to /etc/apt/keyrings/ (until Debian change it's policy again ;-) )

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/etc/apt/keyrings is the default: https://github.com/puppetlabs/puppetlabs-apt/blob/400e1a5ac112f83b49e502a5e7aff9122a58ee34/manifests/keyring.pp#L36

I think puppetlabs/apt should follow debian policies (which it does) and be the canonical source that needs to be updated if these change, so I would omit it here.

@stuartrobert
Copy link

Would be nice to see this merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants