diff --git a/.fixtures.yml b/.fixtures.yml index f812b84d..21f514c8 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -4,6 +4,7 @@ fixtures: apt: 'puppetlabs-apt' powershell: 'puppetlabs-powershell' reboot: 'puppetlabs-reboot' + archive: 'puppet-archive' repositories: facts: 'https://github.com/puppetlabs/puppetlabs-facts.git' puppet_agent: diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e7a3a7c3..aced8499 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,3 +1,3 @@ # Contributing to Puppet modules -Check out our [Contributing to Supported Modules Blog Post](https://puppetlabs.github.io/iac/docs/contributing_to_a_module.html) to find all the information that you will need. +Check out our [Contributing to Supported Modules Blog Post](https://www.puppet.com/docs/puppet/latest/contributing.html) to find all the information that you will need. diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index edaaf389..946d8a1b 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -185,3 +185,4 @@ 1 Joshua Spence 1 Justin Riley 1 Schusler, Olaf + 1 Wernet, Marc-Oliver \ No newline at end of file diff --git a/manifests/init.pp b/manifests/init.pp index 29984e62..1e6bf1e9 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -347,6 +347,9 @@ # @param service_hasstatus # @param service_hasrestart # @param acknowledge_unsupported_os +# @param keyring +# Absolute path to a file containing the PGP keyring used to sign this repository. Value is used to set signed-by on the source entry. +# See https://wiki.debian.org/DebianRepository/UseThirdParty for details. # @param have_systemd_v230 # class docker ( @@ -467,6 +470,7 @@ Optional[Boolean] $service_hasrestart = $docker::params::service_hasrestart, Optional[Variant[String,Array]] $registry_mirror = $docker::params::registry_mirror, Boolean $acknowledge_unsupported_os = false, + Stdlib::Absolutepath $keyring = '/etc/apt/keyrings/docker.gpg', # Windows specific parameters Optional[String] $docker_msft_provider_version = $docker::params::docker_msft_provider_version, diff --git a/manifests/params.pp b/manifests/params.pp index c7d1e115..6c58b366 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -84,6 +84,7 @@ $storage_config_template = 'docker/etc/sysconfig/docker-storage.erb' $registry_mirror = undef $curl_ensure = true + $gpg_ensure = true $os_lc = downcase($facts['os']['name']) $docker_msft_provider_version = undef $nuget_package_provider_version = undef diff --git a/manifests/repos.pp b/manifests/repos.pp index b6c6a7a3..bdd4ba57 100644 --- a/manifests/repos.pp +++ b/manifests/repos.pp @@ -8,11 +8,20 @@ # # @param architecture # +# @param keyring +# Absolute path to a file containing the PGP keyring used to sign this repository. Value is used to set signed-by on the source entry. +# See https://wiki.debian.org/DebianRepository/UseThirdParty for details. +# +# @param gpg_ensure +# Whether or not the gpg package is ensured by this module. +# class docker::repos ( - Optional[String] $location = $docker::package_location, - Optional[String] $key_source = $docker::package_key_source, - Optional[Boolean] $key_check_source = $docker::package_key_check_source, - String $architecture = $facts['os']['architecture'], + Optional[String] $location = $docker::package_location, + Optional[String] $key_source = $docker::package_key_source, + Optional[Boolean] $key_check_source = $docker::package_key_check_source, + String $architecture = $facts['os']['architecture'], + Stdlib::Absolutepath $keyring = $docker::keyring, + Boolean $gpg_ensure = $docker::params::gpg_ensure, ) { stdlib::ensure_packages($docker::prerequired_packages) @@ -22,19 +31,58 @@ $package_key = $docker::package_key $package_repos = $docker::package_repos + if ( $facts['os']['name'] == 'Debian' and versioncmp($facts['os']['release']['major'],'11' ) >= 0 ) or ( $facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'],'22') >= 0 ) { # lint:ignore:140chars + include archive + # fix deprecated apt-key warnings + if $gpg_ensure { + ensure_packages(['gpg']) + } + + archive { $keyring: + ensure => present, + source => "https://download.docker.com/linux/${docker::os_lc}/gpg", + extract => true, + extract_command => 'gpg', + extract_flags => "--dearmor -o ${keyring}", + extract_path => '/tmp', + path => '/tmp/docker.gpg', + creates => $keyring, + cleanup => true, + require => Package['gpg'], + } + file { $keyring: + ensure => file, + mode => '0644', + owner => 'root', + group => 'root', + } + $key_options = { + keyring => $keyring, + } + apt::key { 'docker-key-in-trusted.gpg': + ensure => absent, + id => '9DC858229FC7DD38854AE2D88D81803C0EBFCD88', + } + } + else { + $key_options = { + key => { + id => $package_key, + source => $key_source, + }, + } + } + if ($docker::use_upstream_package_source) { apt::source { 'docker': location => $location, architecture => $architecture, release => $release, repos => $package_repos, - key => { - id => $package_key, - source => $key_source, - }, include => { src => false, }, + * => $key_options, } $url_split = split($location, '/') diff --git a/metadata.json b/metadata.json index 42d6827e..d789abdd 100644 --- a/metadata.json +++ b/metadata.json @@ -14,7 +14,7 @@ }, { "name": "puppetlabs/apt", - "version_requirement": ">= 4.4.1 < 10.0.0" + "version_requirement": ">= 8.1.0 < 10.0.0" }, { "name": "puppetlabs/powershell", @@ -23,6 +23,10 @@ { "name": "puppetlabs/reboot", "version_requirement": ">=2.0.0 < 6.0.0" + }, + { + "name": "puppet/archive", + "version_requirement": ">= 4.4.0 < 8.0.0" } ], "operatingsystem_support": [ diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index dc072224..9ab3b026 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -25,9 +25,12 @@ 'version' => '16' }, 'with ms parameter set' => { - 'version' => '16', - 'docker_msft_provider_version' => '123', - 'nuget_package_provider_version' => '41' + 'version' => '16', + 'docker_msft_provider_version' => '123', + 'nuget_package_provider_version' => '41', + }, + 'with keyring set to optional path' => { + 'keyring' => '/root/keyrings/docker.gpg', } } @@ -166,19 +169,20 @@ 'storage_min_data_size' => defaults['storage_min_data_size'], 'storage_pool_autoextend_percent' => defaults['storage_pool_autoextend_percent'], 'storage_pool_autoextend_threshold' => defaults['storage_pool_autoextend_threshold'], - 'storage_root_size' => defaults['storage_root_size'], - 'storage_setup_file' => defaults['storage_setup_file'], - 'storage_vg' => defaults['storage_vg'], - 'tcp_bind' => defaults['tcp_bind'], - 'tls_cacert' => defaults['tls_cacert'], - 'tls_cert' => defaults['tls_cert'], - 'tls_enable' => defaults['tls_enable'], - 'tls_key' => defaults['tls_key'], - 'tls_verify' => defaults['tls_verify'], - 'tmp_dir_config' => defaults['tmp_dir_config'], - 'tmp_dir' => defaults['tmp_dir'], - 'use_upstream_package_source' => defaults['use_upstream_package_source'], - 'version' => defaults['version'] + 'storage_root_size' => defaults['storage_root_size'], + 'storage_setup_file' => defaults['storage_setup_file'], + 'storage_vg' => defaults['storage_vg'], + 'tcp_bind' => defaults['tcp_bind'], + 'tls_cacert' => defaults['tls_cacert'], + 'tls_cert' => defaults['tls_cert'], + 'tls_enable' => defaults['tls_enable'], + 'tls_key' => defaults['tls_key'], + 'tls_verify' => defaults['tls_verify'], + 'tmp_dir_config' => defaults['tmp_dir_config'], + 'tmp_dir' => defaults['tmp_dir'], + 'use_upstream_package_source' => defaults['use_upstream_package_source'], + 'version' => defaults['version'], + 'keyring' => defaults['keyring'], }.merge(default_params).merge(local_params) let(:facts) do diff --git a/spec/helper/get_defaults.rb b/spec/helper/get_defaults.rb index d22e00b8..16c6d2c3 100644 --- a/spec/helper/get_defaults.rb +++ b/spec/helper/get_defaults.rb @@ -88,6 +88,7 @@ def get_defaults(_facts) tmp_dir = '/tmp/' tmp_dir_config = true version = :undef + keyring = '/etc/apt/keyrings/docker.gpg' if _facts[:os]['family'] == 'windows' compose_install_path = "#{_facts['docker_program_files_path']}/Docker" @@ -473,6 +474,7 @@ def get_defaults(_facts) 'tmp_dir' => tmp_dir, 'tmp_dir_config' => tmp_dir_config, 'use_upstream_package_source' => use_upstream_package_source, - 'version' => version + 'version' => version, + 'keyring' => keyring, } end diff --git a/spec/shared_examples/repos.rb b/spec/shared_examples/repos.rb index 8330f8ee..4c0ca0bd 100644 --- a/spec/shared_examples/repos.rb +++ b/spec/shared_examples/repos.rb @@ -11,6 +11,8 @@ key_source = values['package_key_source'] key_check_source = values['package_key_check_source'] architecture = facts[:os]['architecture'] + keyring = params['keyring'] + os_lc = params['os_lc'] unless params['prerequired_packages'].empty? params['prerequired_packages'].each do |package| @@ -27,21 +29,62 @@ package_repos = values['package_repos'] if params['use_upstream_package_source'] - it { - expect(subject).to contain_apt__source('docker').with( - 'location' => location, - 'architecture' => architecture, - 'release' => release, - 'repos' => package_repos, - 'key' => { - 'id' => package_key, - 'source' => key_source - }, - 'include' => { - 'src' => false - }, - ) - } + # check if debian version is atleast 11 and ubuntu version is atleast 22 + if (facts[:operatingsystem] == 'Debian' && facts[:operatingsystemrelease] =~ /1[1-9]/) || (facts[:operatingsystem] == 'Ubuntu' && facts[:operatingsystemrelease] =~ /2[2-9]/) + it { + is_expected.to contain_class('archive') + is_expected.to contain_archive(keyring).with( + 'ensure' => 'present', + 'source' => "https://download.docker.com/linux/#{os_lc}/gpg", + 'extract' => true, + 'extract_command' => 'gpg', + 'extract_flags' => "--dearmor -o #{keyring}", + 'extract_path' => '/tmp', + 'path' => '/tmp/docker.gpg', + 'creates' => keyring, + 'cleanup' => true, + ).that_requires('Package[gpg]') + + is_expected.to contain_file(keyring).with( + 'ensure' => 'file', + 'mode' => '0644', + 'owner' => 'root', + 'group' => 'root', + ) + + is_expected.to contain_apt__source('docker').with( + 'location' => location, + 'architecture' => architecture, + 'release' => release, + 'repos' => package_repos, + 'keyring' => keyring, + 'include' => { + 'src' => false, + }, + ) + + is_expected.to contain_apt__key('docker-key-in-trusted.gpg').with( + 'ensure' => 'absent', + 'id' => '9DC858229FC7DD38854AE2D88D81803C0EBFCD88', + ) + } + else + it { + is_expected.to contain_apt__source('docker').with( + 'location' => location, + 'architecture' => architecture, + 'release' => release, + 'repos' => package_repos, + 'key' => { + 'id' => package_key, + 'source' => key_source, + }, + 'include' => { + 'src' => false, + }, + ) + } + end url_split = location.split('/') repo_host = url_split[2]