leap_platform.git/puppet/modules/site_apt/manifests, branch master [leap_platform] Bug: Directly deploy leap-archive keyrings 2018-03-20T20:58:35+00:00 Varac varac@leap.se 2018-03-20T19:39:08+00:00 09031d90055e80c8101f06951b824f5c7fa96e14 The leap-archive keyring expired March 8th 2018. We updated it, and published updated installation docs at https://bitmask.net/en/install/linux. For jessie, we dont install the leap-archive-keyring package anymore but directly deploy the keys to apt's trusted keystore. - Fixes: https://0xacab.org/leap/bitmask-dev/issues/9279 
The leap-archive keyring expired March 8th 2018.
We updated it, and published updated installation
docs at https://bitmask.net/en/install/linux.

For jessie, we dont install the leap-archive-keyring
package anymore but directly deploy the keys to
apt's trusted keystore.

- Fixes: https://0xacab.org/leap/bitmask-dev/issues/9279
Bug: fix repository layout 2017-10-31T16:16:29+00:00 Micah Anderson micah@riseup.net 2017-10-31T16:16:29+00:00 71d10f85c5c9cc75dfb3f032a09877102833f739 Fix the order of the leap repository so it matches the correct repository layout. Fixes #8888. 
Fix the order of the leap repository so it matches the correct repository
layout. Fixes #8888.
Bug: jessie apt keys stable/experimental/staging 2017-10-03T20:52:25+00:00 kwadronaut kwadronaut@leap.se 2017-10-03T20:52:25+00:00 aac73fbe01660f5a231ab891c967c16b635fc78d The apt sources lines for people using more experimental software was wrong, we abolished the 'experimental' repository some time ago and develoment happens now in the master branch. solves #8862, #8876 
The apt sources lines for people using more experimental software was
wrong, we abolished the 'experimental' repository some time ago and
develoment happens now in the master branch.

solves #8862, #8876
Bug: jessie apt keys must be in /etc/apt/trusted.gpg.d 2017-09-28T20:32:37+00:00 kwadronaut kwadronaut@leap.se 2017-09-26T08:54:27+00:00 258a7ecfa9e6ac3d32ad5280e856265c5b463bd7 For newer than jessie the 'old' code was enough. This bug didn't show up because our testing images had the keys and sources lines already included within /etc/apt… solves #8862 
For newer than jessie the 'old' code was enough. This bug didn't show up
because our testing images had the keys and sources lines already
included within /etc/apt…

solves #8862
Pin python-cryptography to jessie-backports 2017-06-27T18:34:43+00:00 Varac varac@leap.se 2017-06-27T18:26:04+00:00 03ff5b1d22f4487d97818da3693e9a33ba1421a3 Needed to satisfy leap-mx dependency (>=17.0) - Resolves: #8837 
Needed to satisfy leap-mx dependency (>=17.0)

- Resolves: #8837
Install python-treq from strech on jessie nodes 2017-06-27T18:14:09+00:00 Varac varac@leap.se 2017-06-27T14:12:37+00:00 98b6713afff0eec77fdbfe5d1a079607e6ed5b2c New soledad-common depends on `python-treq`, which is only available in debian stretch. We pin all stretch packages to 1 (same as for sid), which means (from `man apt_preferences`): "causes a version to be installed only if there is no installed version of the package" - Resolves: #8836 
New soledad-common depends on `python-treq`, which
is only available in debian stretch.
We pin all stretch packages to 1 (same as for sid), which
means (from `man apt_preferences`):

    "causes a version to be installed only if there is no
    installed version of the package"

- Resolves: #8836
Add configured apt component to the unattended-upgrades whitelist 2017-06-24T10:26:08+00:00 Varac varac@leap.se 2017-06-24T10:14:10+00:00 fc907004a75ab2f8f8302706150b68a9cdd6baf0 Resolves: #8792 
Resolves: #8792
Add signed-by option to sources.list (Closes: #8425) 2017-05-02T18:41:49+00:00 Micah Anderson micah@riseup.net 2017-05-02T16:32:05+00:00 22c947c33a452e912859832c78bd3660b6734cc6 This gets us a simple apt repository privilege separation: (a) our key can't be used to forge other repos (b) other keys can't be used to forge our repo. From sources.list(5): · Signed-By (signed-by) is either an absolute path to a keyring file (has to be accessible and readable for the _apt user, so ensure everyone has read-permissions on the file) or one or more fingerprints of keys either in the trusted.gpg keyring or in the keyrings in the trusted.gpg.d/ directory (see apt-key fingerprint). If the option is set, only the key(s) in this keyring or only the keys with these fingerprints are used for the apt-secure(8) verification of this repository. Defaults to the value of the option with the same name if set in the previously acquired Release file. Otherwise all keys in the trusted keyrings are considered valid signers for this repository. 
This gets us a simple apt repository privilege separation:
  (a) our key can't be used to forge other repos
  (b) other keys can't be used to forge our repo.

From sources.list(5):

  · Signed-By (signed-by) is either an absolute path to a keyring
    file (has to be accessible and readable for the _apt user, so ensure
    everyone has read-permissions on the file) or one or more
    fingerprints of keys either in the trusted.gpg keyring or in the
    keyrings in the trusted.gpg.d/ directory (see apt-key
    fingerprint). If the option is set, only the key(s) in this keyring
    or only the keys with these fingerprints are used for the
    apt-secure(8) verification of this repository. Defaults to the value
    of the option with the same name if set in the previously acquired
    Release file. Otherwise all keys in the trusted keyrings are
    considered valid signers for this repository.
Make platform apt dist/component configurable 2017-03-16T13:00:48+00:00 varac varacanero@zeromail.org 2017-03-13T23:04:15+00:00 168013abf257df1576bc69f907729db60c1fb04a 






[feat] dont use backports for rsyslog anymore
2017-02-23T09:56:21+00:00

varac
varacanero@zeromail.org

2016-04-18T13:10:06+00:00

8b8ddde128d949f041f62dcf26ac65bfcf4b0875