Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use apt::source keyring to fix apt-key deprecated warnings #885

Open
wants to merge 38 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
dace42e
Use apt::source keyring to fix apt-key deprecated warnings
vegaaz Jan 2, 2023
0e75587
Change type to Stdlib::Absolutepath
vegaaz Jan 2, 2023
31a1d8c
Remove keyring-variable; not longer needed because of commit 0e75587b…
vegaaz Jan 2, 2023
ccd3074
Add param description
vegaaz Jan 3, 2023
46e2a9c
Use content => binary_file() instead of source
vegaaz Jan 3, 2023
d453a2b
Improve linting by removing obsolet spaces
vegaaz Jan 3, 2023
ee35dbb
Bump puppetlabs-apt required version to 8.1.0
vegaaz Jan 3, 2023
15bb484
Add param description in repos.pp
vegaaz Jan 3, 2023
9a8251c
Try unit tests
vegaaz Jan 4, 2023
006e604
Revert "Try unit tests"
vegaaz Jan 4, 2023
b3d5f7c
Working unit-test with STATIC keyring path (WIP)
vegaaz Jan 4, 2023
5373dea
Add additional unit-test; configure inheritance of param
vegaaz Jan 4, 2023
fe8cbe7
Satisfy Static & Syntax Tests
vegaaz Jan 4, 2023
d250ce3
Remove gpg-key from trusted.gpg store
vegaaz Jan 4, 2023
acce359
Add test for absence of docker-key
vegaaz Jan 4, 2023
04ef1a9
Correct syntax to satisfy static tests
vegaaz Jan 5, 2023
6dd2878
Remove trailing whitespace!
vegaaz Jan 5, 2023
a1b7602
Get keyring from official download.docker.com
vegaaz Jan 5, 2023
bc5ce1e
Remove not working tests
vegaaz Jan 5, 2023
ee6570d
Update manifests/init.pp
vegaaz Jan 12, 2023
84b217c
Update manifests/repos.pp
vegaaz Jan 12, 2023
177dfe6
Handle docker-Keyring download via archive-module
vegaaz Jan 17, 2023
19fa70a
Prepare Unit-Tests
vegaaz Jan 17, 2023
05d75b5
Add 'puppet/archive' Module as dependency
vegaaz Feb 3, 2023
8fdf2d5
Merge branch 'main' into main
vegaaz Feb 3, 2023
6c53719
remove lsb-release dependency, change to deb 11
vegaaz Feb 3, 2023
e5eab76
change upper and lower versions for archive dep
vegaaz Feb 3, 2023
75b70d8
Remove 'keyring_force_update' since not indempotent
vegaaz Feb 3, 2023
496b931
Change contribution information
vegaaz Feb 3, 2023
c4f50c7
metadata.json fix typo in version
vegaaz Feb 6, 2023
7238bd5
Satisfy Static & Syntax Tests
vegaaz Feb 7, 2023
d0582b0
Merge branch 'main' into main
vegaaz Mar 1, 2023
d83fb5b
Merge branch 'main' of github.com:vegaaz/puppetlabs-docker into main
vegaaz Mar 6, 2023
e6195fd
Merge branch 'main' into main
vegaaz Mar 21, 2023
400baac
Merge branch 'main' into main
vegaaz Apr 7, 2023
68958b2
Merge branch 'main' of https://github.com/vegaaz/puppetlabs-docker
vegaaz May 4, 2023
436a88a
Update metadata.json
vegaaz May 4, 2023
1ac0313
Merge branch 'main' into main
vegaaz Jul 2, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .fixtures.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ fixtures:
apt: 'puppetlabs-apt'
powershell: 'puppetlabs-powershell'
reboot: 'puppetlabs-reboot'
archive: 'puppet-archive'
repositories:
facts: 'https://github.com/puppetlabs/puppetlabs-facts.git'
puppet_agent:
Expand Down
2 changes: 1 addition & 1 deletion CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
# Contributing to Puppet modules

Check out our [Contributing to Supported Modules Blog Post](https://puppetlabs.github.io/iac/docs/contributing_to_a_module.html) to find all the information that you will need.
Check out our [Contributing to Supported Modules Blog Post](https://www.puppet.com/docs/puppet/latest/contributing.html) to find all the information that you will need.
1 change: 1 addition & 0 deletions CONTRIBUTORS.md
Original file line number Diff line number Diff line change
Expand Up @@ -185,3 +185,4 @@
1 Joshua Spence
1 Justin Riley
1 Schusler, Olaf
1 Wernet, Marc-Oliver
4 changes: 4 additions & 0 deletions manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -347,6 +347,9 @@
# @param service_hasstatus
# @param service_hasrestart
# @param acknowledge_unsupported_os
# @param keyring
vegaaz marked this conversation as resolved.
Show resolved Hide resolved
# Absolute path to a file containing the PGP keyring used to sign this repository. Value is used to set signed-by on the source entry.
# See https://wiki.debian.org/DebianRepository/UseThirdParty for details.
# @param have_systemd_v230
#
class docker (
Expand Down Expand Up @@ -467,6 +470,7 @@
Optional[Boolean] $service_hasrestart = $docker::params::service_hasrestart,
Optional[Variant[String,Array]] $registry_mirror = $docker::params::registry_mirror,
Boolean $acknowledge_unsupported_os = false,
Stdlib::Absolutepath $keyring = '/etc/apt/keyrings/docker.gpg',

# Windows specific parameters
Optional[String] $docker_msft_provider_version = $docker::params::docker_msft_provider_version,
Expand Down
1 change: 1 addition & 0 deletions manifests/params.pp
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@
$storage_config_template = 'docker/etc/sysconfig/docker-storage.erb'
$registry_mirror = undef
$curl_ensure = true
$gpg_ensure = true
$os_lc = downcase($facts['os']['name'])
$docker_msft_provider_version = undef
$nuget_package_provider_version = undef
Expand Down
64 changes: 56 additions & 8 deletions manifests/repos.pp
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,20 @@
#
# @param architecture
#
# @param keyring
vegaaz marked this conversation as resolved.
Show resolved Hide resolved
# Absolute path to a file containing the PGP keyring used to sign this repository. Value is used to set signed-by on the source entry.
# See https://wiki.debian.org/DebianRepository/UseThirdParty for details.
#
# @param gpg_ensure
# Whether or not the gpg package is ensured by this module.
#
vegaaz marked this conversation as resolved.
Show resolved Hide resolved
class docker::repos (
Optional[String] $location = $docker::package_location,
Optional[String] $key_source = $docker::package_key_source,
Optional[Boolean] $key_check_source = $docker::package_key_check_source,
String $architecture = $facts['os']['architecture'],
Optional[String] $location = $docker::package_location,
Optional[String] $key_source = $docker::package_key_source,
Optional[Boolean] $key_check_source = $docker::package_key_check_source,
String $architecture = $facts['os']['architecture'],
Stdlib::Absolutepath $keyring = $docker::keyring,
Boolean $gpg_ensure = $docker::params::gpg_ensure,
) {
stdlib::ensure_packages($docker::prerequired_packages)

Expand All @@ -22,19 +31,58 @@
$package_key = $docker::package_key
$package_repos = $docker::package_repos

if ( $facts['os']['name'] == 'Debian' and versioncmp($facts['os']['release']['major'],'11' ) >= 0 ) or ( $facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'],'22') >= 0 ) { # lint:ignore:140chars
include archive
# fix deprecated apt-key warnings
if $gpg_ensure {
ensure_packages(['gpg'])
}

archive { $keyring:
ensure => present,
source => "https://download.docker.com/linux/${docker::os_lc}/gpg",
extract => true,
extract_command => 'gpg',
extract_flags => "--dearmor -o ${keyring}",
extract_path => '/tmp',
path => '/tmp/docker.gpg',
creates => $keyring,
cleanup => true,
require => Package['gpg'],
}
file { $keyring:
ensure => file,
mode => '0644',
owner => 'root',
group => 'root',
}
$key_options = {
keyring => $keyring,
}
apt::key { 'docker-key-in-trusted.gpg':
ensure => absent,
id => '9DC858229FC7DD38854AE2D88D81803C0EBFCD88',
}
}
else {
$key_options = {
key => {
id => $package_key,
source => $key_source,
},
}
}

if ($docker::use_upstream_package_source) {
apt::source { 'docker':
location => $location,
architecture => $architecture,
release => $release,
repos => $package_repos,
key => {
id => $package_key,
source => $key_source,
},
include => {
src => false,
},
* => $key_options,
}

$url_split = split($location, '/')
Expand Down
6 changes: 5 additions & 1 deletion metadata.json
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
},
{
"name": "puppetlabs/apt",
"version_requirement": ">= 4.4.1 < 10.0.0"
"version_requirement": ">= 8.1.0 < 10.0.0"
},
{
"name": "puppetlabs/powershell",
Expand All @@ -23,6 +23,10 @@
{
"name": "puppetlabs/reboot",
"version_requirement": ">=2.0.0 < 6.0.0"
},
{
"name": "puppet/archive",
"version_requirement": ">= 4.4.0 < 8.0.0"
}
],
"operatingsystem_support": [
Expand Down
36 changes: 20 additions & 16 deletions spec/classes/init_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -25,9 +25,12 @@
'version' => '16'
},
'with ms parameter set' => {
'version' => '16',
'docker_msft_provider_version' => '123',
'nuget_package_provider_version' => '41'
'version' => '16',
'docker_msft_provider_version' => '123',
'nuget_package_provider_version' => '41',
},
'with keyring set to optional path' => {
'keyring' => '/root/keyrings/docker.gpg',
}
}

Expand Down Expand Up @@ -166,19 +169,20 @@
'storage_min_data_size' => defaults['storage_min_data_size'],
'storage_pool_autoextend_percent' => defaults['storage_pool_autoextend_percent'],
'storage_pool_autoextend_threshold' => defaults['storage_pool_autoextend_threshold'],
'storage_root_size' => defaults['storage_root_size'],
'storage_setup_file' => defaults['storage_setup_file'],
'storage_vg' => defaults['storage_vg'],
'tcp_bind' => defaults['tcp_bind'],
'tls_cacert' => defaults['tls_cacert'],
'tls_cert' => defaults['tls_cert'],
'tls_enable' => defaults['tls_enable'],
'tls_key' => defaults['tls_key'],
'tls_verify' => defaults['tls_verify'],
'tmp_dir_config' => defaults['tmp_dir_config'],
'tmp_dir' => defaults['tmp_dir'],
'use_upstream_package_source' => defaults['use_upstream_package_source'],
'version' => defaults['version']
'storage_root_size' => defaults['storage_root_size'],
'storage_setup_file' => defaults['storage_setup_file'],
'storage_vg' => defaults['storage_vg'],
'tcp_bind' => defaults['tcp_bind'],
'tls_cacert' => defaults['tls_cacert'],
'tls_cert' => defaults['tls_cert'],
'tls_enable' => defaults['tls_enable'],
'tls_key' => defaults['tls_key'],
'tls_verify' => defaults['tls_verify'],
'tmp_dir_config' => defaults['tmp_dir_config'],
'tmp_dir' => defaults['tmp_dir'],
'use_upstream_package_source' => defaults['use_upstream_package_source'],
'version' => defaults['version'],
'keyring' => defaults['keyring'],
}.merge(default_params).merge(local_params)

let(:facts) do
Expand Down
4 changes: 3 additions & 1 deletion spec/helper/get_defaults.rb
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ def get_defaults(_facts)
tmp_dir = '/tmp/'
tmp_dir_config = true
version = :undef
keyring = '/etc/apt/keyrings/docker.gpg'

if _facts[:os]['family'] == 'windows'
compose_install_path = "#{_facts['docker_program_files_path']}/Docker"
Expand Down Expand Up @@ -473,6 +474,7 @@ def get_defaults(_facts)
'tmp_dir' => tmp_dir,
'tmp_dir_config' => tmp_dir_config,
'use_upstream_package_source' => use_upstream_package_source,
'version' => version
'version' => version,
'keyring' => keyring,
}
end
73 changes: 58 additions & 15 deletions spec/shared_examples/repos.rb
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@
key_source = values['package_key_source']
key_check_source = values['package_key_check_source']
architecture = facts[:os]['architecture']
keyring = params['keyring']
os_lc = params['os_lc']

unless params['prerequired_packages'].empty?
params['prerequired_packages'].each do |package|
Expand All @@ -27,21 +29,62 @@
package_repos = values['package_repos']

if params['use_upstream_package_source']
it {
expect(subject).to contain_apt__source('docker').with(
'location' => location,
'architecture' => architecture,
'release' => release,
'repos' => package_repos,
'key' => {
'id' => package_key,
'source' => key_source
},
'include' => {
'src' => false
},
)
}
# check if debian version is atleast 11 and ubuntu version is atleast 22
if (facts[:operatingsystem] == 'Debian' && facts[:operatingsystemrelease] =~ /1[1-9]/) || (facts[:operatingsystem] == 'Ubuntu' && facts[:operatingsystemrelease] =~ /2[2-9]/)
it {
is_expected.to contain_class('archive')
is_expected.to contain_archive(keyring).with(
'ensure' => 'present',
'source' => "https://download.docker.com/linux/#{os_lc}/gpg",
'extract' => true,
'extract_command' => 'gpg',
'extract_flags' => "--dearmor -o #{keyring}",
'extract_path' => '/tmp',
'path' => '/tmp/docker.gpg',
'creates' => keyring,
'cleanup' => true,
).that_requires('Package[gpg]')

is_expected.to contain_file(keyring).with(
'ensure' => 'file',
'mode' => '0644',
'owner' => 'root',
'group' => 'root',
)

is_expected.to contain_apt__source('docker').with(
'location' => location,
'architecture' => architecture,
'release' => release,
'repos' => package_repos,
'keyring' => keyring,
'include' => {
'src' => false,
},
)

is_expected.to contain_apt__key('docker-key-in-trusted.gpg').with(
'ensure' => 'absent',
'id' => '9DC858229FC7DD38854AE2D88D81803C0EBFCD88',
)
}
else
it {
is_expected.to contain_apt__source('docker').with(
'location' => location,
'architecture' => architecture,
'release' => release,
'repos' => package_repos,
'key' => {
'id' => package_key,
'source' => key_source,
},
'include' => {
'src' => false,
},
)
}
end

url_split = location.split('/')
repo_host = url_split[2]
Expand Down