diff options
-rw-r--r-- | README | 27 | ||||
-rw-r--r-- | files/incoming | 2 | ||||
-rwxr-xr-x | files/inoticoming.init | 162 | ||||
-rw-r--r-- | files/uploaders-sid | 2 | ||||
-rw-r--r-- | manifests/init.pp | 271 | ||||
-rw-r--r-- | templates/distributions.erb | 32 | ||||
-rw-r--r-- | templates/index.html.erb | 12 | ||||
-rw-r--r-- | templates/inoticoming.default.erb | 8 | ||||
-rw-r--r-- | templates/reprepro-export-key.sh.erb | 19 | ||||
-rw-r--r-- | templates/uploaders.erb | 5 | ||||
-rw-r--r-- | tests/init.pp | 5 |
11 files changed, 312 insertions, 233 deletions
@@ -0,0 +1,27 @@ +Parameters +========== + +manage_distributions_conf, manage_incoming_conf +----------------------------------------------- + +If true, the content of -respectively- the conf/distributions and +conf/incoming files is managed by this module. Else, only the +existence, ownership and permissions are. + +Default: true. + +basedir_mode +------------ + +This module manages the reprepro base directory and sets its +permissions to `basedir_mode`. + +Default: 0771 + +incoming_mode +------------- + +This module manages the reprepro incoming directory and sets its +permissions to `incoming_mode`. + +Default: 1777 diff --git a/files/incoming b/files/incoming index 6825981..57c6a5f 100644 --- a/files/incoming +++ b/files/incoming @@ -1,3 +1,5 @@ +# This file is managed by Puppet. Do not edit, any changes will be overwritten! + Name: incoming IncomingDir: incoming TempDir: tmp diff --git a/files/inoticoming.init b/files/inoticoming.init index e16ffd1..9b658d7 100755 --- a/files/inoticoming.init +++ b/files/inoticoming.init @@ -1,27 +1,27 @@ #! /bin/sh +# +# This file is managed by Puppet. Do not edit, any changes will be overwritten! +# ### BEGIN INIT INFO # Provides: reprepro -# Required-Start: $local_fs $syslog -# Required-Stop: $local_fs $syslog +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 -# Short-Description: Reprepro startup script for inoticoming support -# Description: This script an instance of inoticoming via an initscript. +# Short-Description: reprepro incoming queue monitor +# Description: Monitors the incoming queue for the package repository +# managed by reprepro. ### END INIT INFO -# Copyright (c) 2008 by Tilman Koschnick <til@subnetz.org> -# Based on /etc/init.d/skeleton from Debian package initscripts -# Distributed under the GPLv2 - # Do NOT "set -e" -# PATH should only include /usr/* if it runs after the mountnfs.sh script PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC="reprepro incoming queue monitor" NAME=reprepro DAEMON=/usr/bin/inoticoming PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME +USER=root # Exit if the package is not installed [ -x "$DAEMON" ] || exit 0 @@ -33,7 +33,8 @@ SCRIPTNAME=/etc/init.d/$NAME . /lib/init/vars.sh # Define LSB log_* functions. -# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. . /lib/lsb/init-functions # @@ -41,31 +42,31 @@ SCRIPTNAME=/etc/init.d/$NAME # do_start() { - # Return - # 0 if daemon has been started - # 1 if daemon was already running - # 2 if daemon could not be started + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started - # make sure inoticoming can write the PID to $PIDFILE - [ -f $PIDFILE ] || touch $PIDFILE - chown $USER $PIDFILE - OPTIONS="--pid-file $PIDFILE" + # make sure inoticoming can write the PID to $PIDFILE + [ -f $PIDFILE ] || touch $PIDFILE + chown $USER $PIDFILE + OPTIONS="--pid-file $PIDFILE" - # make sure inoticoming can write to $LOGFILE - if [ -n $LOGFILE ] ; then - [ -f $LOGFILE ] || touch $LOGFILE - chown $USER $LOGFILE - OPTIONS="$OPTIONS --logfile $LOGFILE" - fi + # make sure inoticoming can write to $LOGFILE + if [ -n $LOGFILE ] ; then + [ -f $LOGFILE ] || touch $LOGFILE + chown $USER $LOGFILE + OPTIONS="$OPTIONS --logfile $LOGFILE" + fi - # should we do an initial search of the directory? - [ "$INITIALSEARCH" != "0" ] && OPTIONS="$OPTIONS --initialsearch" + # should we do an initial search of the directory? + [ "$INITIALSEARCH" != "0" ] && OPTIONS="$OPTIONS --initialsearch" - start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ - || return 1 - start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --chuid $USER -- \ - $OPTIONS $DIR $ACTIONS \ - || return 2 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --chuid $USER -- \ + $OPTIONS $DIR $ACTIONS \ + || return 2 } # @@ -73,57 +74,60 @@ do_start() # do_stop() { - # Return - # 0 if daemon has been stopped - # 1 if daemon was already stopped - # 2 if daemon could not be stopped - # other if a failure occurred - start-stop-daemon --stop --quiet --pidfile $PIDFILE - RETVAL="$?" - [ "$RETVAL" = 2 ] && return 2 - rm -f $PIDFILE - return "$RETVAL" + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --pidfile $PIDFILE + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + rm -f $PIDFILE + return "$RETVAL" } case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - do_start - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - restart|force-reload) - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 - exit 3 - ;; + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc -p "$PIDFILE" "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + restart|force-reload) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; esac : diff --git a/files/uploaders-sid b/files/uploaders-sid index 48d4a65..825694a 100644 --- a/files/uploaders-sid +++ b/files/uploaders-sid @@ -1,2 +1,4 @@ +# This file is managed by Puppet. Do not edit, any changes will be overwritten! + allow * by key 7B75921E allow * by key 6C914A46 diff --git a/manifests/init.pp b/manifests/init.pp index f7f0a34..095ea3c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,31 +1,16 @@ -class reprepro { - - case $reprepro_origin { - '': { $reprepro_origin = $domain } - } - - case $reprepro_uploaders { - '': { fail("You need the repository uploaders! Please set \$reprepro_uploaders in your config") } - } - - $basedir = $reprepro_basedir ? { - '' => '/srv/reprepro', - default => $reprepro_basedir, - } - - case $lsbdistcodename { - etch: { - package { - "reprepro": ensure => '3.9.2-1~bpo40+1'; - "inoticoming": ensure => '0.2.0-1~bpo40+1'; - } - } - default: { - package { - "reprepro": ensure => 'installed'; - "inoticoming": ensure => 'installed'; - } - } +class reprepro ( + $uploaders, + $basedir = '/srv/reprepro', + $origin = $::domain, + $basedir_mode = '0771', + $incoming_mode = '1777', + $manage_distributions_conf = true, + $manage_incoming_conf = true, + $handle_incoming_with_cron = false, + $handle_incoming_with_inotify = false, +){ + package { + "reprepro": ensure => 'installed'; } user { "reprepro": @@ -43,125 +28,163 @@ class reprepro { } } - file { - "$basedir": - ensure => directory, - mode => 0771, owner => reprepro, group => reprepro; + File { + owner => reprepro, + group => reprepro, + } - "$basedir/conf": + file { "$basedir": ensure => directory, - mode => 0770, owner => root, group => reprepro; - - "$basedir/db": + mode => $basedir_mode, + } + file { "$basedir/conf": ensure => directory, - mode => 0770, owner => reprepro, group => reprepro; - - "$basedir/dists": + mode => '0770', + } + file { "$basedir/db": ensure => directory, - mode => 0775, owner => reprepro, group => reprepro; - - "$basedir/pool": + mode => '0770', + } + file { "$basedir/dists": ensure => directory, - mode => 0775, owner => reprepro, group => reprepro; - - "$basedir/incoming": + mode => '0775', + } + file { "$basedir/pool": ensure => directory, - mode => 1777, owner => reprepro, group => reprepro; - - "$basedir/logs": + mode => '0775', + } + file { "$basedir/incoming": ensure => directory, - mode => 0775, owner => reprepro, group => reprepro; - - "$basedir/tmp": + mode => $incoming_mode, + } + file { "$basedir/logs": ensure => directory, - mode => 0775, owner => reprepro, group => reprepro; - - "$basedir/conf/distributions": - mode => 0664, owner => root, group => reprepro, - content => template("reprepro/distributions.erb"); - - "$basedir/conf/uploaders": - mode => 0660, owner => root, group => reprepro, - content => template("reprepro/uploaders.erb"); - - "$basedir/conf/incoming": - mode => 0664, owner => root, group => reprepro, - source => "puppet://$server/modules/reprepro/incoming"; - - "$basedir/index.html": - mode => 0664, owner => root, group => reprepro, - content => template("reprepro/index.html.erb"); - - "$basedir/.gnupg": - mode => 700, owner => reprepro, group => reprepro, - ensure => directory; - - "$basedir/.gnupg/secring.gpg": - mode => 600, owner => reprepro, group => reprepro, - ensure => present; + mode => '0775', + } + file { "$basedir/tmp": + ensure => directory, + mode => '0775', + } + file { "$basedir/conf/uploaders": + mode => '0660', owner => root, + content => template("reprepro/uploaders.erb"), + } + file { "$basedir/index.html": + mode => '0664', owner => root, + content => template("reprepro/index.html.erb"), + } - "/usr/local/bin/reprepro-export-key": + file { "$basedir/.gnupg": + ensure => directory, + mode => '0700', + } + file { "$basedir/.gnupg/secring.gpg": + ensure => present, + mode => '0600', + } + file { '/usr/local/bin/reprepro-export-key': ensure => present, content => template('reprepro/reprepro-export-key.sh.erb'), owner => root, group => root, - mode => 755, - } - - exec { - "reprepro -b $basedir createsymlinks": - refreshonly => true, - subscribe => File["$basedir/conf/distributions"], - user => reprepro, - path => "/usr/bin:/bin"; - "reprepro -b $basedir export": - refreshonly => true, - user => reprepro, - subscribe => File["$basedir/conf/distributions"], - path => "/usr/bin:/bin"; - "/usr/local/bin/reprepro-export-key": - creates => "$basedir/key.asc", - user => reprepro, - subscribe => File["$basedir/.gnupg/secring.gpg"], - require => File["/usr/local/bin/reprepro-export-key"], - refreshonly => true, + mode => '0755', + } + exec { "/usr/local/bin/reprepro-export-key": + creates => "$basedir/key.asc", + user => reprepro, + subscribe => File["$basedir/.gnupg/secring.gpg"], + require => File["/usr/local/bin/reprepro-export-key"], } -# TODO: setup needeed lines in apache site config file -} + file { "$basedir/conf/distributions": + ensure => present, + } + if $manage_distributions_conf { + File["$basedir/conf/distributions"] { + owner => root, + mode => '0664', + content => template("reprepro/distributions.erb"), + } + + exec { "reprepro -b $basedir createsymlinks": + refreshonly => true, + subscribe => File["$basedir/conf/distributions"], + user => reprepro, + path => "/usr/bin:/bin", + } + exec { "reprepro -b $basedir export": + refreshonly => true, + user => reprepro, + subscribe => File["$basedir/conf/distributions"], + path => "/usr/bin:/bin", + } + } -class reprepro::cron inherits reprepro { - cron { reprepro: + file { "$basedir/conf/incoming": + ensure => present, + } + if $manage_incoming_conf { + File["$basedir/conf/incoming"] { + mode => '0664', + owner => root, + source => "puppet:///modules/reprepro/incoming" + } + } + + # Handling of incoming with cron + + $cron_presence = $handle_incoming_with_cron ? { + true => present, + default => absent, + } + + cron { 'reprepro': + ensure => $cron_presence, command => "/usr/bin/reprepro --silent -b $basedir processincoming incoming", - user => reprepro, - minute => '*/5', - require => [ Package['reprepro'], File["$basedir/conf/distributions"] ] + user => reprepro, + minute => '*/5', + require => [ Package['reprepro'], File["$basedir/conf/distributions"], + File["$basedir/incoming"], ], } -} -class reprepro::inotify inherits reprepro { - file { "/etc/init.d/reprepro": - owner => root, group => root, mode => 0755, - source => "puppet://$server/modules/reprepro/inoticoming.init"; + # Handling of incoming with inoticoming + + $inoticoming_presence = $handle_incoming_with_inotify ? { + true => present, + default => absent, } - file { "/etc/default/reprepro": - ensure => present, - owner => root, group => root, mode => 0755, - content => template('reprepro/inoticoming.default.erb'), + $inoticoming_enabled = $handle_incoming_with_inotify ? { + true => true, + default => false, } - exec { "reprepro_init_script": - command => "/usr/sbin/update-rc.d reprepro defaults", - unless => "/bin/ls /etc/rc3.d/ | /bin/grep reprepro", - require => File["/etc/init.d/reprepro"], + package { 'inoticoming': + ensure => $inoticoming_presence, + } + file { '/etc/init.d/reprepro': + ensure => $inoticoming_presence, + owner => root, + group => root, + mode => '0755', + source => "puppet:///modules/reprepro/inoticoming.init", } - service { "reprepro": - ensure => "running", - pattern => "inoticoming.*reprepro.*processincoming", - hasstatus => false, - require => [File["/etc/default/reprepro"], - Exec["reprepro_init_script"], - File["/etc/init.d/reprepro"] ], + file { '/etc/default/reprepro': + ensure => $inoticoming_presence, + owner => root, group => root, mode => '0755', + content => template('reprepro/inoticoming.default.erb'), + } + + service { 'reprepro': + ensure => $inoticoming_enabled, + enable => $inoticoming_enabled, + pattern => 'inoticoming.*reprepro.*processincoming', + require => [ Package['inoticoming'], + File['/etc/default/reprepro'], + File['/etc/init.d/reprepro'], + File["$basedir/incoming"] ], } + +# TODO: setup needeed lines in apache site config file + } diff --git a/templates/distributions.erb b/templates/distributions.erb index e004778..52533e8 100644 --- a/templates/distributions.erb +++ b/templates/distributions.erb @@ -1,55 +1,57 @@ -Origin: <%= reprepro_origin %> -Label: <%= reprepro_origin %> +# This file is managed by Puppet. Do not edit, any changes will be overwritten! + +Origin: <%= @origin %> +Label: <%= @origin %> Suite: reallyoldstable Codename: etch Version: 3.0 Architectures: i386 amd64 source kfreebsd-amd64 kfreebsd-i386 Components: main non-free contrib -Description: <%= reprepro_origin %> specific (or backported) packages +Description: <%= @origin %> specific (or backported) packages SignWith: yes Uploaders: uploaders -Origin: <%= reprepro_origin %> -Label: <%= reprepro_origin %> +Origin: <%= @origin %> +Label: <%= @origin %> Suite: oldstable Pull: stable Codename: lenny Version: 5.0 Architectures: i386 amd64 source kfreebsd-amd64 kfreebsd-i386 Components: main non-free contrib -Description: <%= reprepro_origin %> specific (or backported) packages +Description: <%= @origin %> specific (or backported) packages SignWith: yes Uploaders: uploaders -Origin: <%= reprepro_origin %> -Label: <%= reprepro_origin %> +Origin: <%= @origin %> +Label: <%= @origin %> Suite: stable Pull: testing Codename: squeeze Version: 6.0 Architectures: i386 amd64 source kfreebsd-amd64 kfreebsd-i386 Components: main non-free contrib -Description: koumbit specific (or backported) packages +Description: <%= @origin %> specific (or backported) packages SignWith: yes Uploaders: uploaders -Origin: koumbit -Label: koumbit +Origin: <%= @origin %> +Label: <%= @origin %> Suite: testing Pull: unstable Codename: wheezy Architectures: i386 amd64 source kfreebsd-amd64 kfreebsd-i386 Components: main non-free contrib -Description: <%= reprepro_origin %> specific (or backported) packages +Description: <%= @origin %> specific (or backported) packages SignWith: yes Uploaders: uploaders -Origin: <%= reprepro_origin %> -Label: <%= reprepro_origin %> +Origin: <%= @origin %> +Label: <%= @origin %> Suite: unstable Codename: sid Architectures: i386 amd64 source kfreebsd-amd64 kfreebsd-i386 Components: main non-free contrib -Description: <%= reprepro_origin %> specific (or backported) packages +Description: <%= @origin %> specific (or backported) packages SignWith: yes Uploaders: uploaders-sid diff --git a/templates/index.html.erb b/templates/index.html.erb index 5f50754..e4c70cb 100644 --- a/templates/index.html.erb +++ b/templates/index.html.erb @@ -1,11 +1,11 @@ -<html> +<html><!-- This file is managed by Puppet. Do not edit, any changes will be overwritten! --> <head> -<title><%= domain %> Debian package repository</title> +<title><%= @domain %> Debian package repository</title> </head> <body> <h1>Introduction</h1> -<p>This is the Debian package repository of <%= reprepro_origin %>. It is used for internal +<p>This is the Debian package repository of <%= @origin %>. It is used for internal distribution of locally built packages not yet part of Debian. Feel free to use it for yourself, but it comes at no warranty. @@ -14,8 +14,8 @@ it for yourself, but it comes at no warranty. <p>In your /etc/apt/source.list: <pre> -deb http://debian.<%= domain %>/debian lenny main -deb-src http://debian.<%= domain %>/debian lenny main +deb http://debian.<%= @domain %>/debian lenny main +deb-src http://debian.<%= @domain %>/debian lenny main </pre> "lenny", of course, can be replaced by your distribution. Know that we usually @@ -31,7 +31,7 @@ more precise).</p> <p>The key of the archive is in the <a href="/debian/key.asc">key.asc file</a>. You should add the key using something like this:</p> <pre> -wget http://debian.<%= domain %>/debian/key.asc +wget http://debian.<%= @domain %>/debian/key.asc apt-key add key.asc apt-get update </pre> diff --git a/templates/inoticoming.default.erb b/templates/inoticoming.default.erb index b666851..a298a16 100644 --- a/templates/inoticoming.default.erb +++ b/templates/inoticoming.default.erb @@ -1,3 +1,5 @@ +# This file is managed by Puppet. Do not edit, any changes will be overwritten! + # /etc/default/inoticoming # # for an explanation of options and actions, see inoticoming(1) @@ -11,12 +13,12 @@ LOGFILE="/var/log/incoming.log" # first search the directory for files already existing # 0 for false, 1 for true -INITIALSEARCH=0 +INITIALSEARCH=1 # directory to monitor -DIR=<%= basedir %>/incoming +DIR=<%= @basedir %>/incoming # actions -BASEDIR=<%= basedir %> +BASEDIR=<%= @basedir %> RULENAME=incoming ACTIONS="--suffix .changes --stderr-to-log reprepro -s -b $BASEDIR --waitforlock 1000 processincoming $RULENAME {} ;" diff --git a/templates/reprepro-export-key.sh.erb b/templates/reprepro-export-key.sh.erb index c99f06b..bbc195c 100644 --- a/templates/reprepro-export-key.sh.erb +++ b/templates/reprepro-export-key.sh.erb @@ -1,7 +1,18 @@ -#!/bin/bash +#!/bin/sh +# +# This file is managed by Puppet. Do not edit, any changes will be overwritten! +# -KEY="`gpg --homedir <%= basedir %>/.gnupg --with-colon --list-secret-keys | cut -d : -f 5 | head -n 1`" +set -e -if [ ! -z "$KEY" ]; then - gpg --homedir <%= basedir %>/.gnupg --export --armor $KEY > <%= basedir %>/key.asc +KEY="$(gpg --homedir '<%= @basedir %>/.gnupg' --with-colon --list-secret-keys | cut -d : -f 5 | head -n 1)" + +if [ -n "$KEY" ]; then + TEMPFILE=$(mktemp --tmpdir='<%= @basedir %>') + trap "rm -f '$TEMPFILE'" EXIT + DESTFILE='<%= @basedir %>/key.asc' + gpg --homedir '<%= @basedir %>/.gnupg' --export --armor "$KEY" > "$TEMPFILE" + mv "$TEMPFILE" "$DESTFILE" + chown reprepro:reprepro "$DESTFILE" + chmod 0664 "$DESTFILE" fi diff --git a/templates/uploaders.erb b/templates/uploaders.erb index ce5897d..84559a8 100644 --- a/templates/uploaders.erb +++ b/templates/uploaders.erb @@ -1,4 +1,5 @@ -# reprepro uploaders, file managed by puppet -<% reprepro_uploaders.each do |uploader| -%> +# This file is managed by Puppet. Do not edit, any changes will be overwritten! + +<% @uploaders.each do |uploader| -%> allow * by key <%= uploader %> <% end -%> diff --git a/tests/init.pp b/tests/init.pp new file mode 100644 index 0000000..d8d40ed --- /dev/null +++ b/tests/init.pp @@ -0,0 +1,5 @@ +class { 'reprepro': + uploaders => ['DEADBEEF'], + handle_incoming_with_cron => true, + handle_incoming_with_inotify => true, +} |