From 724698018f5814a84d5d9fb6d9b933c5adb560f0 Mon Sep 17 00:00:00 2001 From: Kenyon Ralph Date: Tue, 2 Jan 2024 22:36:33 -0800 Subject: [PATCH] Use modern APT keyrings on Debian family This makes use of https://github.com/puppetlabs/puppetlabs-apt/pull/1128 to store the public key in `/etc/apt/keyrings` and add a `signed-by` option to the `sources.list.d` entry. --- manifests/init.pp | 9 --------- manifests/params.pp | 16 ---------------- manifests/repos.pp | 3 +-- metadata.json | 2 +- 4 files changed, 2 insertions(+), 28 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 29984e62..20491855 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -312,12 +312,10 @@ # @param docker_ce_cli_package_name # @param docker_ce_source_location # @param docker_ce_key_source -# @param docker_ce_key_id # @param docker_ce_release # @param docker_package_location # @param docker_package_key_source # @param docker_package_key_check_source -# @param docker_package_key_id # @param docker_package_release # @param docker_engine_start_command # @param docker_engine_package_name @@ -326,7 +324,6 @@ # @param docker_ee_package_name # @param docker_ee_source_location # @param docker_ee_key_source -# @param docker_ee_key_id # @param docker_ee_repos # @param docker_ee_release # @param package_release @@ -359,12 +356,10 @@ String[1] $docker_ce_cli_package_name = $docker::params::docker_ce_cli_package_name, Optional[String] $docker_ce_source_location = $docker::params::package_ce_source_location, Optional[String] $docker_ce_key_source = $docker::params::package_ce_key_source, - Optional[String] $docker_ce_key_id = $docker::params::package_ce_key_id, Optional[String] $docker_ce_release = $docker::params::package_ce_release, Optional[String] $docker_package_location = $docker::params::package_source_location, Optional[String] $docker_package_key_source = $docker::params::package_key_source, Optional[Boolean] $docker_package_key_check_source = $docker::params::package_key_check_source, - Optional[String] $docker_package_key_id = $docker::params::package_key_id, Optional[String] $docker_package_release = $docker::params::package_release, String $docker_engine_start_command = $docker::params::docker_engine_start_command, String $docker_engine_package_name = $docker::params::docker_engine_package_name, @@ -373,7 +368,6 @@ Optional[String] $docker_ee_package_name = $docker::params::package_ee_package_name, Optional[String] $docker_ee_source_location = $docker::params::package_ee_source_location, Optional[String] $docker_ee_key_source = $docker::params::package_ee_key_source, - Optional[String] $docker_ee_key_id = $docker::params::package_ee_key_id, Optional[String] $docker_ee_repos = $docker::params::package_ee_repos, Optional[String] $docker_ee_release = $docker::params::package_ee_release, Optional[Variant[String,Array[String]]] $tcp_bind = $docker::params::tcp_bind, @@ -548,7 +542,6 @@ $package_location = $docker::docker_ee_source_location $package_key_source = $docker::docker_ee_key_source $package_key_check_source = $docker_package_key_check_source - $package_key = $docker::docker_ee_key_id $package_repos = $docker::docker_ee_repos $release = $docker::docker_ee_release $docker_start_command = $docker::docker_ee_start_command @@ -558,7 +551,6 @@ 'Debian' : { $package_location = $docker_ce_source_location $package_key_source = $docker_ce_key_source - $package_key = $docker_ce_key_id $package_repos = $docker_ce_channel $release = $docker_ce_release } @@ -586,7 +578,6 @@ $package_location = $docker_package_location $package_key_source = $docker_package_key_source $package_key_check_source = $docker_package_key_check_source - $package_key = $docker_package_key_id $package_repos = 'main' $release = $docker_package_release } diff --git a/manifests/params.pp b/manifests/params.pp index 540abee9..ea467c7e 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -13,7 +13,6 @@ $docker_ee_start_command = 'dockerd' $docker_ee_source_location = undef $docker_ee_key_source = undef - $docker_ee_key_id = undef $docker_ee_repos = stable $tcp_bind = undef $tls_enable = false @@ -168,7 +167,6 @@ $package_ce_source_location = "https://download.docker.com/linux/${os_lc}" $package_ce_key_source = "https://download.docker.com/linux/${os_lc}/gpg" - $package_ce_key_id = '9DC858229FC7DD38854AE2D88D81803C0EBFCD88' if (versioncmp($facts['facterversion'], '2.4.6') <= 0) { $package_ce_release = $facts['os']['lsb']['distcodename'] } else { @@ -177,10 +175,8 @@ $package_source_location = 'http://apt.dockerproject.org/repo' $package_key_source = 'https://apt.dockerproject.org/gpg' $package_key_check_source = undef - $package_key_id = '58118E89F3A912897C070ADBF76221572C52609D' $package_ee_source_location = $docker_ee_source_location $package_ee_key_source = $docker_ee_key_source - $package_ee_key_id = $docker_ee_key_id if (versioncmp($facts['facterversion'], '2.4.6') <= 0) { $package_ee_release = $facts['os']['lsb']['distcodename'] } else { @@ -211,18 +207,15 @@ $apt_source_pin_level = undef $detach_service_in_init = false - $package_ce_key_id = undef $package_ce_key_source = 'https://download.docker.com/linux/centos/gpg' $package_ce_release = undef $package_ce_source_location = "https://download.docker.com/linux/centos/${facts['os']['release']['major']}/${facts['os']['architecture']}/${docker_ce_channel}" - $package_ee_key_id = $docker_ee_key_id $package_ee_key_source = $docker_ee_key_source $package_ee_package_name = $docker_ee_package_name $package_ee_release = undef $package_ee_repos = $docker_ee_repos $package_ee_source_location = $docker_ee_source_location $package_key_check_source = true - $package_key_id = undef $package_key_source = 'https://yum.dockerproject.org/gpg' $package_release = undef $package_source_location = "https://yum.dockerproject.org/repo/main/centos/${facts['os']['release']['major']}" @@ -247,10 +240,8 @@ $docker_group = 'docker' $package_ce_source_location = undef $package_ce_key_source = undef - $package_ce_key_id = undef $package_ce_repos = undef $package_ce_release = undef - $package_key_id = undef $package_release = undef $package_source_location = undef $package_key_source = undef @@ -258,7 +249,6 @@ $package_ee_source_location = undef $package_ee_package_name = $docker_ee_package_name $package_ee_key_source = undef - $package_ee_key_id = undef $package_ee_repos = undef $package_ee_release = undef $use_upstream_package_source = undef @@ -284,17 +274,14 @@ $package_key_source = undef $package_key_check_source = undef $package_source_location = undef - $package_key_id = undef $package_repos = undef $package_release = undef $package_ce_key_source = undef $package_ce_source_location = undef - $package_ce_key_id = undef $package_ce_repos = undef $package_ce_release = undef $package_ee_source_location = undef $package_ee_key_source = undef - $package_ee_key_id = undef $package_ee_release = undef $package_ee_repos = undef $package_ee_package_name = undef @@ -324,17 +311,14 @@ $package_key_source = undef $package_key_check_source = undef $package_source_location = undef - $package_key_id = undef $package_repos = undef $package_release = undef $package_ce_key_source = undef $package_ce_source_location = undef - $package_ce_key_id = undef $package_ce_repos = undef $package_ce_release = undef $package_ee_source_location = undef $package_ee_key_source = undef - $package_ee_key_id = undef $package_ee_release = undef $package_ee_repos = undef $package_ee_package_name = undef diff --git a/manifests/repos.pp b/manifests/repos.pp index b6c6a7a3..a1c2816d 100644 --- a/manifests/repos.pp +++ b/manifests/repos.pp @@ -19,7 +19,6 @@ case $facts['os']['family'] { 'Debian': { $release = $docker::release - $package_key = $docker::package_key $package_repos = $docker::package_repos if ($docker::use_upstream_package_source) { @@ -29,7 +28,7 @@ release => $release, repos => $package_repos, key => { - id => $package_key, + name => 'docker.asc', source => $key_source, }, include => { diff --git a/metadata.json b/metadata.json index c2694b25..e4adb8c3 100644 --- a/metadata.json +++ b/metadata.json @@ -14,7 +14,7 @@ }, { "name": "puppetlabs/apt", - "version_requirement": ">= 4.4.1 < 10.0.0" + "version_requirement": ">= 9.2.0 < 10.0.0" }, { "name": "puppetlabs/powershell",