diff options
| author | Micah Anderson <micah@riseup.net> | 2013-02-06 14:07:17 -0500 |
|---|---|---|
| committer | Micah Anderson <micah@riseup.net> | 2013-02-06 14:07:17 -0500 |
| commit | ce1ebea7cc3911ebac616a8a065a484b9452e72b (patch) | |
| tree | aab52e2f06ae31b39a34d59b5432311f30a22911 | |
| parent | 31a7ed2a84d909215f1f12ed2bb78bb5fe28bbcd (diff) | |
| parent | 50075192d8827d7fa8721ffb6847fedbb4a99c60 (diff) | |
Merge branch 'master' into leap
There were merge conflicts with this merge, but I deliberately
merged with '-s recursive -X theirs' to take the shared modules
version of the changes.
We had some changes that we made, that I will incorporate as
separate commits on top of shared
| -rw-r--r-- | README | 50 | ||||
| -rw-r--r-- | files/incoming | 2 | ||||
| -rwxr-xr-x | files/inoticoming.init | 162 | ||||
| -rw-r--r-- | files/uploaders-sid | 2 | ||||
| -rw-r--r-- | manifests/init.pp | 276 | ||||
| -rw-r--r-- | templates/distributions.erb | 42 | ||||
| -rw-r--r-- | templates/index.html.erb | 29 | ||||
| -rw-r--r-- | templates/inoticoming.default.erb | 8 | ||||
| -rw-r--r-- | templates/reprepro-export-key.sh.erb | 19 | ||||
| -rw-r--r-- | templates/uploaders.erb | 5 | ||||
| -rw-r--r-- | tests/init.pp | 5 |
11 files changed, 352 insertions, 248 deletions
@@ -0,0 +1,50 @@ +Reprepro module for Puppet +========================== + +This module allows you to create a reprepro install easily. It can +configure cron or a inotify daemon to process the incoming queue and +takes care of configuration, user creation and so on. + +Upgrading from previous versions +================================ + +Older version were using a single monolithic class with global +variables. We are now using a parametrized class instead, so you need +to port your manifests. + +Instead of: + + $reprepro_origin = 'example.com' + include reprepro + +... you should use: + + class { 'reprepro': origin => 'example.com' } + +Parameters +========== + +manage_distributions_conf, manage_incoming_conf +----------------------------------------------- + +If true, the content of -respectively- the conf/distributions and +conf/incoming files is managed by this module. Else, only the +existence, ownership and permissions are. + +Default: true. + +basedir_mode +------------ + +This module manages the reprepro base directory and sets its +permissions to `basedir_mode`. + +Default: 0771 + +incoming_mode +------------- + +This module manages the reprepro incoming directory and sets its +permissions to `incoming_mode`. + +Default: 1777 diff --git a/files/incoming b/files/incoming index 6825981..57c6a5f 100644 --- a/files/incoming +++ b/files/incoming @@ -1,3 +1,5 @@ +# This file is managed by Puppet. Do not edit, any changes will be overwritten! + Name: incoming IncomingDir: incoming TempDir: tmp diff --git a/files/inoticoming.init b/files/inoticoming.init index e16ffd1..9b658d7 100755 --- a/files/inoticoming.init +++ b/files/inoticoming.init @@ -1,27 +1,27 @@ #! /bin/sh +# +# This file is managed by Puppet. Do not edit, any changes will be overwritten! +# ### BEGIN INIT INFO # Provides: reprepro -# Required-Start: $local_fs $syslog -# Required-Stop: $local_fs $syslog +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 -# Short-Description: Reprepro startup script for inoticoming support -# Description: This script an instance of inoticoming via an initscript. +# Short-Description: reprepro incoming queue monitor +# Description: Monitors the incoming queue for the package repository +# managed by reprepro. ### END INIT INFO -# Copyright (c) 2008 by Tilman Koschnick <til@subnetz.org> -# Based on /etc/init.d/skeleton from Debian package initscripts -# Distributed under the GPLv2 - # Do NOT "set -e" -# PATH should only include /usr/* if it runs after the mountnfs.sh script PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC="reprepro incoming queue monitor" NAME=reprepro DAEMON=/usr/bin/inoticoming PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME +USER=root # Exit if the package is not installed [ -x "$DAEMON" ] || exit 0 @@ -33,7 +33,8 @@ SCRIPTNAME=/etc/init.d/$NAME . /lib/init/vars.sh # Define LSB log_* functions. -# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. . /lib/lsb/init-functions # @@ -41,31 +42,31 @@ SCRIPTNAME=/etc/init.d/$NAME # do_start() { - # Return - # 0 if daemon has been started - # 1 if daemon was already running - # 2 if daemon could not be started + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started - # make sure inoticoming can write the PID to $PIDFILE - [ -f $PIDFILE ] || touch $PIDFILE - chown $USER $PIDFILE - OPTIONS="--pid-file $PIDFILE" + # make sure inoticoming can write the PID to $PIDFILE + [ -f $PIDFILE ] || touch $PIDFILE + chown $USER $PIDFILE + OPTIONS="--pid-file $PIDFILE" - # make sure inoticoming can write to $LOGFILE - if [ -n $LOGFILE ] ; then - [ -f $LOGFILE ] || touch $LOGFILE - chown $USER $LOGFILE - OPTIONS="$OPTIONS --logfile $LOGFILE" - fi + # make sure inoticoming can write to $LOGFILE + if [ -n $LOGFILE ] ; then + [ -f $LOGFILE ] || touch $LOGFILE + chown $USER $LOGFILE + OPTIONS="$OPTIONS --logfile $LOGFILE" + fi - # should we do an initial search of the directory? - [ "$INITIALSEARCH" != "0" ] && OPTIONS="$OPTIONS --initialsearch" + # should we do an initial search of the directory? + [ "$INITIALSEARCH" != "0" ] && OPTIONS="$OPTIONS --initialsearch" - start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ - || return 1 - start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --chuid $USER -- \ - $OPTIONS $DIR $ACTIONS \ - || return 2 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --chuid $USER -- \ + $OPTIONS $DIR $ACTIONS \ + || return 2 } # @@ -73,57 +74,60 @@ do_start() # do_stop() { - # Return - # 0 if daemon has been stopped - # 1 if daemon was already stopped - # 2 if daemon could not be stopped - # other if a failure occurred - start-stop-daemon --stop --quiet --pidfile $PIDFILE - RETVAL="$?" - [ "$RETVAL" = 2 ] && return 2 - rm -f $PIDFILE - return "$RETVAL" + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --pidfile $PIDFILE + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + rm -f $PIDFILE + return "$RETVAL" } case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - do_start - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - restart|force-reload) - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 - exit 3 - ;; + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc -p "$PIDFILE" "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + restart|force-reload) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; esac : diff --git a/files/uploaders-sid b/files/uploaders-sid deleted file mode 100644 index 48d4a65..0000000 --- a/files/uploaders-sid +++ /dev/null @@ -1,2 +0,0 @@ -allow * by key 7B75921E -allow * by key 6C914A46 diff --git a/manifests/init.pp b/manifests/init.pp index bb3f74d..e96cf2d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,35 +1,17 @@ -class reprepro { - - case $reprepro_origin { - '': { $reprepro_origin = $domain } - } - - case $reprepro_uploaders { - '': { fail("You need the repository uploaders! Please set \$reprepro_uploaders in your config") } - } - - $basedir = $reprepro_basedir ? { - '' => '/srv/reprepro', - default => $reprepro_basedir, - } - - case $reprepro_signwith { - '': { $reprepro_signwith = 'yes' } - } - - case $lsbdistcodename { - etch: { - package { - "reprepro": ensure => '3.9.2-1~bpo40+1'; - "inoticoming": ensure => '0.2.0-1~bpo40+1'; - } - } - default: { - package { - "reprepro": ensure => 'installed'; - "inoticoming": ensure => 'installed'; - } - } +class reprepro ( + $uploaders, + $basedir = '/srv/reprepro', + $origin = $::domain, + $architectures = [ 'amd64', 'i386', 'source' ], + $basedir_mode = '0771', + $incoming_mode = '1777', + $manage_distributions_conf = true, + $manage_incoming_conf = true, + $handle_incoming_with_cron = false, + $handle_incoming_with_inotify = false +){ + package { + "reprepro": ensure => 'installed'; } user { "reprepro": @@ -47,125 +29,163 @@ class reprepro { } } - file { - "$basedir": - ensure => directory, - mode => 0771, owner => reprepro, group => reprepro; + File { + owner => reprepro, + group => reprepro, + } - "$basedir/conf": + file { "$basedir": ensure => directory, - mode => 0770, owner => root, group => reprepro; - - "$basedir/db": + mode => $basedir_mode, + } + file { "$basedir/conf": ensure => directory, - mode => 0770, owner => reprepro, group => reprepro; - - "$basedir/dists": + mode => '0770', + } + file { "$basedir/db": ensure => directory, - mode => 0775, owner => reprepro, group => reprepro; - - "$basedir/pool": + mode => '0770', + } + file { "$basedir/dists": ensure => directory, - mode => 0775, owner => reprepro, group => reprepro; - - "$basedir/incoming": + mode => '0775', + } + file { "$basedir/pool": ensure => directory, - mode => 1777, owner => reprepro, group => reprepro; - - "$basedir/logs": + mode => '0775', + } + file { "$basedir/incoming": ensure => directory, - mode => 0775, owner => reprepro, group => reprepro; - - "$basedir/tmp": + mode => $incoming_mode, + } + file { "$basedir/logs": ensure => directory, - mode => 0775, owner => reprepro, group => reprepro; - - "$basedir/conf/distributions": - mode => 0664, owner => root, group => reprepro, - content => template("reprepro/distributions.erb"); - - "$basedir/conf/uploaders": - mode => 0660, owner => root, group => reprepro, - content => template("reprepro/uploaders.erb"); - - "$basedir/conf/incoming": - mode => 0664, owner => root, group => reprepro, - source => "puppet://$server/modules/reprepro/incoming"; - - "$basedir/index.html": - mode => 0664, owner => root, group => reprepro, - content => template("reprepro/index.html.erb"); - - "$basedir/.gnupg": - mode => 700, owner => reprepro, group => reprepro, - ensure => directory; - - "$basedir/.gnupg/secring.gpg": - mode => 600, owner => reprepro, group => reprepro, - ensure => present; + mode => '0775', + } + file { "$basedir/tmp": + ensure => directory, + mode => '0775', + } + file { "$basedir/conf/uploaders": + mode => '0660', owner => root, + content => template("reprepro/uploaders.erb"), + } + file { "$basedir/index.html": + mode => '0664', owner => root, + content => template("reprepro/index.html.erb"), + } - "/usr/local/bin/reprepro-export-key": + file { "$basedir/.gnupg": + ensure => directory, + mode => '0700', + } + file { "$basedir/.gnupg/secring.gpg": + ensure => present, + mode => '0600', + } + file { '/usr/local/bin/reprepro-export-key': ensure => present, content => template('reprepro/reprepro-export-key.sh.erb'), owner => root, group => root, - mode => 755, - } - - exec { - "reprepro -b $basedir createsymlinks": - refreshonly => true, - subscribe => File["$basedir/conf/distributions"], - user => reprepro, - path => "/usr/bin:/bin"; - "reprepro -b $basedir export": - refreshonly => true, - user => reprepro, - subscribe => File["$basedir/conf/distributions"], - path => "/usr/bin:/bin"; - "/usr/local/bin/reprepro-export-key": - creates => "$basedir/key.asc", - user => reprepro, - subscribe => File["$basedir/.gnupg/secring.gpg"], - require => File["/usr/local/bin/reprepro-export-key"], - refreshonly => true, + mode => '0755', + } + exec { "/usr/local/bin/reprepro-export-key": + creates => "$basedir/key.asc", + user => reprepro, + subscribe => File["$basedir/.gnupg/secring.gpg"], + require => File["/usr/local/bin/reprepro-export-key"], } -# TODO: setup needeed lines in apache site config file -} + file { "$basedir/conf/distributions": + ensure => present, + } + if $manage_distributions_conf { + File["$basedir/conf/distributions"] { + owner => root, + mode => '0664', + content => template("reprepro/distributions.erb"), + } + + exec { "reprepro -b $basedir createsymlinks": + refreshonly => true, + subscribe => File["$basedir/conf/distributions"], + user => reprepro, + path => "/usr/bin:/bin", + } + exec { "reprepro -b $basedir export": + refreshonly => true, + user => reprepro, + subscribe => File["$basedir/conf/distributions"], + path => "/usr/bin:/bin", + } + } -class reprepro::cron inherits reprepro { - cron { reprepro: + file { "$basedir/conf/incoming": + ensure => present, + } + if $manage_incoming_conf { + File["$basedir/conf/incoming"] { + mode => '0664', + owner => root, + source => "puppet:///modules/reprepro/incoming" + } + } + + # Handling of incoming with cron + + $cron_presence = $handle_incoming_with_cron ? { + true => present, + default => absent, + } + + cron { 'reprepro': + ensure => $cron_presence, command => "/usr/bin/reprepro --silent -b $basedir processincoming incoming", - user => reprepro, - minute => '*/5', - require => [ Package['reprepro'], File["$basedir/conf/distributions"] ] + user => reprepro, + minute => '*/5', + require => [ Package['reprepro'], File["$basedir/conf/distributions"], + File["$basedir/incoming"], ], } -} -class reprepro::inotify inherits reprepro { - file { "/etc/init.d/reprepro": - owner => root, group => root, mode => 0755, - source => "puppet://$server/modules/reprepro/inoticoming.init"; + # Handling of incoming with inoticoming + + $inoticoming_presence = $handle_incoming_with_inotify ? { + true => present, + default => absent, } - file { "/etc/default/reprepro": - ensure => present, - owner => root, group => root, mode => 0755, - content => template('reprepro/inoticoming.default.erb'), + $inoticoming_enabled = $handle_incoming_with_inotify ? { + true => true, + default => false, } - exec { "reprepro_init_script": - command => "/usr/sbin/update-rc.d reprepro defaults", - unless => "/bin/ls /etc/rc3.d/ | /bin/grep reprepro", - require => File["/etc/init.d/reprepro"], + package { 'inoticoming': + ensure => $inoticoming_presence, + } + file { '/etc/init.d/reprepro': + ensure => $inoticoming_presence, + owner => root, + group => root, + mode => '0755', + source => "puppet:///modules/reprepro/inoticoming.init", } - service { "reprepro": - ensure => "running", - pattern => "inoticoming.*reprepro.*processincoming", - hasstatus => false, - require => [File["/etc/default/reprepro"], - Exec["reprepro_init_script"], - File["/etc/init.d/reprepro"] ], + file { '/etc/default/reprepro': + ensure => $inoticoming_presence, + owner => root, group => root, mode => '0755', + content => template('reprepro/inoticoming.default.erb'), + } + + service { 'reprepro': + ensure => $inoticoming_enabled, + enable => $inoticoming_enabled, + pattern => 'inoticoming.*reprepro.*processincoming', + require => [ Package['inoticoming'], + File['/etc/default/reprepro'], + File['/etc/init.d/reprepro'], + File["$basedir/incoming"] ], } + +# TODO: setup needeed lines in apache site config file + } diff --git a/templates/distributions.erb b/templates/distributions.erb index e93baaf..3e8dea8 100644 --- a/templates/distributions.erb +++ b/templates/distributions.erb @@ -1,43 +1,45 @@ -Origin: <%= reprepro_origin %> -Label: <%= reprepro_origin %> +# This file is managed by Puppet. Do not edit, any changes will be overwritten! + +Origin: <%= @origin %> +Label: <%= @origin %> Suite: oldstable Pull: stable Codename: lenny Version: 5.0 -Architectures: i386 amd64 source kfreebsd-amd64 kfreebsd-i386 +Architectures: <%= @architectures.join(' ') %> Components: main non-free contrib -Description: <%= reprepro_origin %> specific (or backported) packages -SignWith: <%= reprepro_signwith %> +Description: <%= @origin %> specific (or backported) packages +SignWith: yes Uploaders: uploaders -Origin: <%= reprepro_origin %> -Label: <%= reprepro_origin %> +Origin: <%= @origin %> +Label: <%= @origin %> Suite: stable Pull: testing Codename: squeeze Version: 6.0 -Architectures: i386 amd64 source kfreebsd-amd64 kfreebsd-i386 +Architectures: <%= @architectures.join(' ') %> Components: main non-free contrib -Description: <%= reprepro_origin %> specific (or backported) packages -SignWith: <%= reprepro_signwith %> +Description: <%= @origin %> specific (or backported) packages +SignWith: yes Uploaders: uploaders -Origin: <%= reprepro_origin %> -Label: <%= reprepro_origin %> +Origin: <%= @origin %> +Label: <%= @origin %> Suite: testing Codename: wheezy -Architectures: i386 amd64 source kfreebsd-amd64 kfreebsd-i386 +Architectures: <%= @architectures.join(' ') %> Components: main non-free contrib -Description: <%= reprepro_origin %> specific (or backported) packages -SignWith: <%= reprepro_signwith %> +Description: <%= @origin %> specific (or backported) packages +SignWith: yes Uploaders: uploaders -Origin: <%= reprepro_origin %> -Label: <%= reprepro_origin %> +Origin: <%= @origin %> +Label: <%= @origin %> Suite: unstable Codename: sid -Architectures: i386 amd64 source kfreebsd-amd64 kfreebsd-i386 +Architectures: <%= @architectures.join(' ') %> Components: main non-free contrib -Description: <%= reprepro_origin %> specific (or backported) packages -SignWith: <%= reprepro_signwith %> +Description: <%= @origin %> specific (or backported) packages +SignWith: yes Uploaders: uploaders diff --git a/templates/index.html.erb b/templates/index.html.erb index 65ac222..7990d51 100644 --- a/templates/index.html.erb +++ b/templates/index.html.erb @@ -1,11 +1,11 @@ -<html> +<html><!-- This file is managed by Puppet. Do not edit, any changes will be overwritten! --> <head> -<title><%= domain %> Debian package repository</title> +<title><%= @domain %> Debian package repository</title> </head> <body> <h1>Introduction</h1> -<p>This is the Debian package repository of <%= reprepro_origin %>. It is used for internal +<p>This is the Debian package repository of <%= @origin %>. It is used for internal distribution of locally built packages not yet part of Debian. Feel free to use it for yourself, but it comes at no warranty. @@ -14,13 +14,13 @@ it for yourself, but it comes at no warranty. <p>In your /etc/apt/source.list: <pre> -deb http://debian.<%= domain %>/debian lenny main -deb-src http://debian.<%= domain %>/debian lenny main +deb http://debian.<%= @domain %>/debian stable main +deb-src http://debian.<%= @domain %>/debian stable main </pre> -"lenny", of course, can be replaced by your distribution. Know that we usually -package straight for etch or lenny. Packages will likely not be available in -squeeze or sid.</p> +<code>stable</code> can be replaced by <code>testing</code> +or <code>unstable</code> if you wish to test the development version +of packages.</p> <h2>Adding the archive key to your keyring</h2> @@ -28,10 +28,19 @@ squeeze or sid.</p> verified against a whitelist of trusted uploaders) using OpenPGP (GnuPG, to be more precise).</p> -<p>The key of the archive is in the <a href="/key.asc">key.asc file</a>. You should add the key using something like this:</p> +<p>The key of the archive is in the <a href="/debian/key.asc">key.asc file</a>. You should add the key using something like this:</p> <pre> -wget http://debian.<%= domain %>/debian/key.asc +wget http://debian.<%= @domain %>/debian/key.asc apt-key add key.asc apt-get update </pre> + +<h2>Browsing the archive</h2> + +There is no interactive interface to browse the archive. + +<ul> +<li>To see the list of all packages regardless of the distribution, see the <a href="/debian/pool">pool directory</a></li> +<li>To see the package descriptions per distribution, see the <a href="/debian/dists">dists directory</a> +</li> diff --git a/templates/inoticoming.default.erb b/templates/inoticoming.default.erb index b666851..a298a16 100644 --- a/templates/inoticoming.default.erb +++ b/templates/inoticoming.default.erb @@ -1,3 +1,5 @@ +# This file is managed by Puppet. Do not edit, any changes will be overwritten! + # /etc/default/inoticoming # # for an explanation of options and actions, see inoticoming(1) @@ -11,12 +13,12 @@ LOGFILE="/var/log/incoming.log" # first search the directory for files already existing # 0 for false, 1 for true -INITIALSEARCH=0 +INITIALSEARCH=1 # directory to monitor -DIR=<%= basedir %>/incoming +DIR=<%= @basedir %>/incoming # actions -BASEDIR=<%= basedir %> +BASEDIR=<%= @basedir %> RULENAME=incoming ACTIONS="--suffix .changes --stderr-to-log reprepro -s -b $BASEDIR --waitforlock 1000 processincoming $RULENAME {} ;" diff --git a/templates/reprepro-export-key.sh.erb b/templates/reprepro-export-key.sh.erb index c99f06b..bbc195c 100644 --- a/templates/reprepro-export-key.sh.erb +++ b/templates/reprepro-export-key.sh.erb @@ -1,7 +1,18 @@ -#!/bin/bash +#!/bin/sh +# +# This file is managed by Puppet. Do not edit, any changes will be overwritten! +# -KEY="`gpg --homedir <%= basedir %>/.gnupg --with-colon --list-secret-keys | cut -d : -f 5 | head -n 1`" +set -e -if [ ! -z "$KEY" ]; then - gpg --homedir <%= basedir %>/.gnupg --export --armor $KEY > <%= basedir %>/key.asc +KEY="$(gpg --homedir '<%= @basedir %>/.gnupg' --with-colon --list-secret-keys | cut -d : -f 5 | head -n 1)" + +if [ -n "$KEY" ]; then + TEMPFILE=$(mktemp --tmpdir='<%= @basedir %>') + trap "rm -f '$TEMPFILE'" EXIT + DESTFILE='<%= @basedir %>/key.asc' + gpg --homedir '<%= @basedir %>/.gnupg' --export --armor "$KEY" > "$TEMPFILE" + mv "$TEMPFILE" "$DESTFILE" + chown reprepro:reprepro "$DESTFILE" + chmod 0664 "$DESTFILE" fi diff --git a/templates/uploaders.erb b/templates/uploaders.erb index ce5897d..84559a8 100644 --- a/templates/uploaders.erb +++ b/templates/uploaders.erb @@ -1,4 +1,5 @@ -# reprepro uploaders, file managed by puppet -<% reprepro_uploaders.each do |uploader| -%> +# This file is managed by Puppet. Do not edit, any changes will be overwritten! + +<% @uploaders.each do |uploader| -%> allow * by key <%= uploader %> <% end -%> diff --git a/tests/init.pp b/tests/init.pp new file mode 100644 index 0000000..d8d40ed --- /dev/null +++ b/tests/init.pp @@ -0,0 +1,5 @@ +class { 'reprepro': + uploaders => ['DEADBEEF'], + handle_incoming_with_cron => true, + handle_incoming_with_inotify => true, +} |