| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
 | # apt.pp - common components and defaults for handling apt
# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at>
# See LICENSE for the full license granted to you.
#
# With hints from
#  Micah Anderson <micah@riseup.net>
#  * backports key
class apt {
	# See README
	$real_apt_clean = $apt_clean ? {
		'' => 'auto',
		default => $apt_clean,
	}
	package { apt: ensure => installed }
	# a few templates need lsbdistcodename
	include assert_lsbdistcodename
	case $custom_sources_list {
		'': {
			include default_sources_list
		}
		default: {
			config_file { "/etc/apt/sources.list":
				content => $custom_sources_list
				require => Exec[assert_lsbdistcodename];
			}
		}
	}
	class default_sources_list {
		config_file {
			# include main, security and backports
			# additional sources could be included via an array
			"/etc/apt/sources.list":
				content => template("apt/sources.list.erb"),
				require => Exec[assert_lsbdistcodename];
		}
	}
	config_file {
		# this just pins unstable and testing to very low values
		"/etc/apt/preferences":
			source => "puppet://$servername/apt/preferences",
			# use File[apt_config] to reference a completed configuration
			# See "The Puppet Semaphor" 2007-06-25 on the puppet-users ML
			alias => apt_config,
			# only update together
			require => File["/etc/apt/sources.list"];
		# little default settings which keep the system sane
		"/etc/apt/apt.conf.d/from_puppet":
			content => "APT::Get::Show-Upgraded true;\nDSelect::Clean $real_apt_clean;\n",
			before => File[apt_config];
	}
	$apt_base_dir = "/var/lib/puppet/modules/apt"
	modules_dir { apt: }
	# watch apt.conf.d
	file { "/etc/apt/apt.conf.d": ensure => directory, checksum => mtime; }
	exec {
		# "&& sleep 1" is workaround for older(?) clients
		"/usr/bin/apt-get update && sleep 1 #on refresh":
			refreshonly => true,
			subscribe => [ File["/etc/apt/sources.list"],
				File["/etc/apt/preferences"], File["/etc/apt/apt.conf.d"],
				File[apt_config] ];
		"/usr/bin/apt-get update && /usr/bin/apt-get autoclean #hourly":
			require => [ File["/etc/apt/sources.list"],
				File["/etc/apt/preferences"], File[apt_config] ],
			# Another Semaphor for all packages to reference
			alias => apt_updated;
	}
	case $lsbdistcodename {
		etch: {
			## This package should really always be current
			package {
				[ "debian-archive-keyring", "debian-backports-keyring" ]:
					ensure => latest,
				}
			# This key was downloaded from
			# http://backports.org/debian/archive.key
			# and is needed to bootstrap the backports trustpath
			file { "${apt_base_dir}/backports.org.key":
				source => "puppet://$servername/apt/backports.org.key",
				mode => 0444, owner => root, group => root,
			}
			exec { "/usr/bin/apt-key add ${apt_base_dir}/backports.org.key && apt-get update":
				alias => "backports_key",
				refreshonly => true,
				subscribe => File["${apt_base_dir}/backports.org.key"],
				before => [ File[apt_config], Package["debian-backports-keyring"] ]
			}
		}
	}
}
class dselect {
	# suppress annoying help texts of dselect
	line { dselect_expert:
		file => "/etc/dpkg/dselect.cfg",
		line => "expert",
		ensure => present,
	}
	package { dselect: ensure => installed }
}
 |