Age | Commit message (Collapse) | Author |
|
The leap-archive keyring expired March 8th 2018.
We updated it, and published updated installation
docs at https://bitmask.net/en/install/linux.
For jessie, we dont install the leap-archive-keyring
package anymore but directly deploy the keys to
apt's trusted keystore.
- Fixes: https://0xacab.org/leap/bitmask-dev/issues/9279
|
|
Resolves: #8891
|
|
Fix the order of the leap repository so it matches the correct repository
layout. Fixes #8888.
|
|
The apt sources lines for people using more experimental software was
wrong, we abolished the 'experimental' repository some time ago and
develoment happens now in the master branch.
solves #8862, #8876
|
|
For newer than jessie the 'old' code was enough. This bug didn't show up
because our testing images had the keys and sources lines already
included within /etc/apt…
solves #8862
|
|
Needed to satisfy leap-mx dependency (>=17.0)
- Resolves: #8837
|
|
New soledad-common depends on `python-treq`, which
is only available in debian stretch.
We pin all stretch packages to 1 (same as for sid), which
means (from `man apt_preferences`):
"causes a version to be installed only if there is no
installed version of the package"
- Resolves: #8836
|
|
Resolves: #8792
|
|
This gets us a simple apt repository privilege separation:
(a) our key can't be used to forge other repos
(b) other keys can't be used to forge our repo.
From sources.list(5):
· Signed-By (signed-by) is either an absolute path to a keyring
file (has to be accessible and readable for the _apt user, so ensure
everyone has read-permissions on the file) or one or more
fingerprints of keys either in the trusted.gpg keyring or in the
keyrings in the trusted.gpg.d/ directory (see apt-key
fingerprint). If the option is set, only the key(s) in this keyring
or only the keys with these fingerprints are used for the
apt-secure(8) verification of this repository. Defaults to the value
of the option with the same name if set in the previously acquired
Release file. Otherwise all keys in the trusted keyrings are
considered valid signers for this repository.
|
|
|
|
|
|
|
|
New soledad packages now depend on Twisted 16.2.0 (see
https://leap.se/code/issues/8412), so we need to pin twisted to get
installed from jessie-backports.
- Resolves: #8418
|
|
Change-Id: If39222dc9ec68d1786c70c4b82b740e0a06773c4
|
|
|
|
Change-Id: I0305e33c743c15ec38abcf66979a1b2f582f693c
|
|
Change-Id: I5f04e31e49642597c69895b5aca3ff5326dfd6ec
|
|
|
|
`site_apt` aready ensures for installing packages after Exec[update_apt]
is run, so we don't need to duplicate this in `site_config::default.pp`.
|
|
Because this is the recommended way of depnending in the apt README.
|
|
`site_config::default.pp` takes care the all packages are
installed before `Exec['refresh_apt']`, so we don't need to
add it here for a single package.
|
|
The apt module now takes care of all the dependencies removed
from `site_apt`.
Also, the dependency to install the `lsb` package after
`refresh_apt` is unnesseccary because lsb facts won't work
anyway on the first run if `lsb` is not installed before, so
we can safely remove it.
|
|
- Resolves: #7842
|
|
|
|
|
|
Providing a custom sources.platform.apt.basic value worked
with the last commit, but without that the platform would fail.
So we provide a default value now in provider_base/common.json,
which can get overridden.
|
|
So we can use the experimental-0.8 repo instead of 0.8 i.e.
Use this to customize the main LEAP deb url:
"sources": {
"apt": {
"leap": {
"basic": "http://deb.leap.se/experimental-0.9"
}
}
}
|
|
so we can easily use the experimental-0.(8|9) deb repos, which are
signed with this key
|
|
This reverts commit 02b1b484ad9a5d065ceac72b8263b7bcc112c923.
Now that we have a proper couchdb jessie package we don't need to
install it from Debian unstable.
|
|
Configure the apt class together with "use_next_release => true", so
pnp4nagios* packages can get installed from strech.
No other package will be upgraded as the apt module pins stretch very
low, so that only packages are installed if there are no other sources
available.
- Resolves: #7604
|
|
Puppet 3 shows now deprecation warnings if the "@" is missing.
see https://docs.puppetlabs.com/puppet/latest/reference/lang_template_erb.html#non-printing-tags#[bug|feat|docs|style|refactor|test|pkg|i18n]
|
|
|
|
- Related: #6920
|
|
- Related: #6920
|
|
|
|
Change-Id: Iac4dc8428ff5e663870ed4dd6a2b840e0904e5be
|
|
Change-Id: Ia7a35c8613350ad75ff1ebbdda0a09efa0960ba6
|
|
file #6964"
This reverts commit 984684f56f15d9d89ea78ffe6ed67dabf3d63208.
Needed because:
Augeas fails after upgrading augeas packages during same puppetrun, but
only on first deploy - https://leap.se/code/issues/6997
|
|
Change-Id: I385c639e5c096deef4f81691a85c1b83cbab9421
|
|
Change-Id: I69e6a0f8e676be72bce492af32fef76c9167f5ee
|
|
Change-Id: I0587ee6d9033824ca66b70de09e4e0f65d67cab1
|
|
Change-Id: I110e93a64f82e4133a043ff3fa18ab14b69a5dcc
|
|
|
|
Change-Id: I5542b320bb1edb52c63350b5e4fd2af681991fb5
|
|
Change-Id: Ib18c9031df13dab3187e0bb0f2202ffddd0d228d
|
|
leap packages (#4425)
Change-Id: I78c00c4410ff9f712206f95854d8803e43acb286
|
|
unattended-upgrades is not able to upgrade itself in certain situations,
such as when the conffile prompt is generated due to the config being
changed. We want to set this package as latest in the platform so that
it is upgraded on every deploy (we deploy the config anyway).
Change-Id: I8c99bfb1b001079f0e1a4ffbf048e0e867633335
|
|
based on the hiera value 'major_version' (#6251)
Change-Id: I10532ef83e3aa2d35d9c0be241952a35e366bba4
|
|
This was a leftover from earlier versions, where we installed rsyslog
from the leap debian package repo.
Change-Id: I88a852f08b5aff3bd7b591b6220ac354463a9786
|
|
|