Update debian source from list to deb822#526
Update debian source from list to deb822#526alaunay wants to merge 9 commits intovoxpupuli:masterfrom
Conversation
| } | ||
|
|
||
| apt::source { 'nodesource': | ||
| key => { |
There was a problem hiding this comment.
why did you move the key information to a new defined resource?
There was a problem hiding this comment.
Because it's no longer supported as a key parameter (like pin) in deb822 format:
https://github.com/puppetlabs/puppetlabs-apt/blob/main/manifests/source.pp#L285
There was a problem hiding this comment.
There was a problem hiding this comment.
And it's used, but it does not manage the apt::keyring resource.
spec/acceptance/class_spec.rb
Outdated
| if %w[16 18].include?(nodejs_version) && fact('os.family') == 'Debian' && %w[12 13].include?(fact('os.release.major')) | ||
| '1000' | ||
| repo_priority = | ||
| if fact('os.family') == 'Debian' |
There was a problem hiding this comment.
isn't that now the default that's in init.pp/params.pp anyways?
There was a problem hiding this comment.
You're right. I dropped that logic in the next commit.
…ult from params.pp
manifests/repo/nodesource/apt.pp
Outdated
| if ($ensure != 'absent') { | ||
| apt::keyring { 'nodesource': | ||
| source => 'https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key', | ||
| dir => '/usr/share/keyrings', |
There was a problem hiding this comment.
Why specify the directory explicitly here instead of letting it be installed in the default /etc/apt/keyrings?
There was a problem hiding this comment.
Hello @stuartrobert , it's because of sources.list(5):
https://manpages.debian.org/trixie/apt/sources.list.5.en.html
"The recommended locations for keyrings are /usr/share/keyrings for keyrings managed by packages, and /etc/apt/keyrings for keyrings managed by the system operator"
There was a problem hiding this comment.
My interpretation of that link is that keyrings delivered as part of a package contents (an explicit file in the package, not even one created with a heredoc from a post install script or similar) should be put in /usr/share/keyrings and all others should live in /etc/apt/keyrings. This then also means the /etc/apt/keyrings dir can be purged of all unmanaged files to clean out old keyrings without affecting packaged keyrings.
There was a problem hiding this comment.
Ok, commit added to change the directory to /etc/apt/keyrings/ (until Debian change it's policy again ;-) )
There was a problem hiding this comment.
/etc/apt/keyrings is the default: https://github.com/puppetlabs/puppetlabs-apt/blob/400e1a5ac112f83b49e502a5e7aff9122a58ee34/manifests/keyring.pp#L36
I think puppetlabs/apt should follow debian policies (which it does) and be the canonical source that needs to be updated if these change, so I would omit it here.
|
Would be nice to see this merged. |
5 participants
Pull Request (PR) description
Update debian source to deb822