apt

Table of Contents

1. Module Description - What the module does and why it is useful
2. Setup - The basics of getting started with apt
   • What apt affects
   • Beginning with apt
3. Usage - Configuration options and additional functionality
   • Add GPG keys
   • Prioritize backports
   • Update the list of packages
   • Pin a specific release
   • Add a Personal Package Archive repository
   • Configure Apt from Hiera
   • Replace the default sources.list file
4. Reference - An under-the-hood peek at what the module is doing and how
5. Limitations - OS compatibility, etc.
6. License
7. Development - Guide for contributing to the module

Module Description

The apt module lets you use Puppet to manage APT (Advanced Package Tool) sources, keys, and other configuration options.

APT is a package manager available on Debian, Ubuntu, and several other operating systems. The apt module provides a series of classes, defines, types, and facts to help you automate APT package management.

Note: Prior to Puppet 7, for this module to correctly autodetect which version of Debian/Ubuntu (or derivative) you're running, you need to make sure the lsb-release package is installed. With Puppet 7 the lsb-release package is not needed.

Setup

What apt affects

• Your system's preferences file and preferences.d directory
• Your system's sources.list file and sources.list.d directory
• Your system's apt.conf.d directory
• System repositories
• Authentication keys

Note: This module offers purge parameters which, if set to true, destroy any configuration on the node's sources.list(.d), preferences(.d) and apt.conf.d that you haven't declared through Puppet. The default for these parameters is false.

Beginning with apt

To use the apt module with default parameters, declare the apt class.

include apt

Note: The main apt class is required by all other classes, types, and defined types in this module. You must declare it whenever you use the module.

Usage

Add GPG keys

You can fetch GPG keys via HTTP, Puppet URI, or local filesystem. The key can be in GPG binary format, or ASCII armored, but the filename should have the appropriate extension (.gpg for keys in binary format; or .asc for ASCII armored keys).

Fetch via HTTP

apt::keyring { 'puppetlabs-keyring.gpg':
  source => 'https://apt.puppetlabs.com/keyring.gpg',
}

Fetch via Puppet URI

apt::keyring { 'puppetlabs-keyring.gpg':
  source => 'puppet:///modules/my_module/local_puppetlabs-keyring.gpg',
}

Alternatively apt::key can be used.

Warning apt::key is deprecated in the latest Debian and Ubuntu releases. Please use apt::keyring instead.

Warning: Using short key IDs presents a serious security issue, potentially leaving you open to collision attacks. We recommend you always use full fingerprints to identify your GPG keys. This module allows short keys, but issues a security warning if you use them.

Declare the apt::key defined type:

apt::key { 'puppetlabs':
  id      => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
  server  => 'pgp.mit.edu',
  options => 'http-proxy="http://proxyuser:proxypass@example.org:3128"',
}

Prioritize backports

class { 'apt::backports':
  pin => 500,
}

By default, the apt::backports class drops a pin file for backports, pinning it to a priority of 200. This is lower than the normal default of 500, so packages with ensure => latest don't get upgraded from backports without your explicit permission.

If you raise the priority through the pin parameter to 500, normal policy goes into effect and Apt installs or upgrades to the newest version. This means that if a package is available from backports, it and its dependencies are pulled in from backports unless you explicitly set the ensure attribute of the package resource to installed/present or a specific version.

Update the list of packages

By default, Puppet runs apt-get update on the first Puppet run after you include the apt class, and anytime notify => Exec['apt_update'] occurs; i.e., whenever config files get updated or other relevant changes occur. If you set update['frequency'] to 'always', the update runs on every Puppet run. You can also set update['frequency'] to 'hourly', 'daily', 'weekly' or any integer value >= 60:

class { 'apt':
  update => {
    frequency => 'daily',
  },
}

When Exec['apt_update'] is triggered, it generates a notice-level message. Because the default logging level for agents is notice, this causes the repository update to appear in agent logs. To silence these updates from the default log output, set the loglevel metaparameter for Exec['apt_update'] above the agent logging level:

class { 'apt':
  update => {
    frequency => 'daily',
    loglevel  => 'debug',
  },
}

NOTE: Every Exec['apt_update'] run will generate a corrective change, even if the apt caches are not updated. For example, setting an update frequency of always can result in every Puppet run resulting in a corrective change. This is a known issue. For details, see MODULES-10763.

Pin a specific release

apt::pin { 'karmic': priority => 700 }
apt::pin { 'karmic-updates': priority => 700 }
apt::pin { 'karmic-security': priority => 700 }

You can also specify more complex pins using distribution properties:

apt::pin { 'stable':
  priority        => -10,
  originator      => 'Debian',
  release_version => '3.0',
  component       => 'main',
  label           => 'Debian'
}

To pin multiple packages, pass them to the packages parameter as an array or a space-delimited string.

Add a Personal Package Archive (PPA) repository

apt::ppa { 'ppa:drizzle-developers/ppa': }

Add an Apt source to /etc/apt/sources.list.d/

apt::source { 'debian_unstable':
  comment  => 'This is the iWeb Debian unstable mirror',
  location => 'http://debian.mirror.iweb.ca/debian/',
  release  => 'unstable',
  repos    => 'main contrib non-free',
  pin      => '-10',
  key      => {
    'id'     => 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553',
    'server' => 'subkeys.pgp.net',
  },
  include  => {
    'src' => true,
    'deb' => true,
  },
}

To use the Puppet Apt repository as a source:

apt::source { 'puppetlabs':
  location => 'http://apt.puppetlabs.com',
  repos    => 'main',
  key      => {
    'id'     => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
    'server' => 'pgp.mit.edu',
  },
}

Adding name and source to the key parameter of apt::source, which then manages modern apt gpg keyrings

The name parameter of key hash should contain the filename with extension (such as puppetlabs.gpg).

apt::source { 'puppetlabs':
  comment  => 'Puppet8',
  location => 'https://apt.puppetlabs.com/',
  repos    => 'puppet8',
  key      => {
    'name'   => 'puppetlabs.gpg',
    'source' => 'https://apt.puppetlabs.com/keyring.gpg',
  },
}

Configure Apt from Hiera

Instead of specifying your sources directly as resources, you can instead just include the apt class, which will pick up the values automatically from hiera.

apt::sources:
  'debian_unstable':
    comment: 'This is the iWeb Debian unstable mirror'
    location: 'http://debian.mirror.iweb.ca/debian/'
    release: 'unstable'
    repos: 'main contrib non-free'
    pin: '-10'
    key:
      id: 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553'
      server: 'subkeys.pgp.net'
    include:
      src: true
      deb: true

  'puppetlabs':
    location: 'http://apt.puppetlabs.com'
    repos: 'main'
    key:
      id: '6F6B15509CF8E59E6E469F327F438280EF8D349F'
      server: 'pgp.mit.edu'

Replace the default sources.list file

The following example replaces the default /etc/apt/sources.list. Along with this code, be sure to use the purge parameter, or you might get duplicate source warnings when running Apt.

apt::source { "archive.ubuntu.com-${facts['os']['distro']['codename']}":
  location => 'http://archive.ubuntu.com/ubuntu',
  key      => '630239CC130E1A7FD81A27B140976EAF437D05B5',
  repos    => 'main universe multiverse restricted',
}

apt::source { "archive.ubuntu.com-${facts['os']['distro']['codename']}-security":
  location => 'http://archive.ubuntu.com/ubuntu',
  key      => '630239CC130E1A7FD81A27B140976EAF437D05B5',
  repos    => 'main universe multiverse restricted',
  release  => "${facts['os']['distro']['codename']}-security"
}

apt::source { "archive.ubuntu.com-${facts['os']['distro']['codename']}-updates":
  location => 'http://archive.ubuntu.com/ubuntu',
  key      => '630239CC130E1A7FD81A27B140976EAF437D05B5',
  repos    => 'main universe multiverse restricted',
  release  => "${facts['os']['distro']['codename']}-updates"
}

apt::source { "archive.ubuntu.com-${facts['os']['distro']['codename']}-backports":
 location => 'http://archive.ubuntu.com/ubuntu',
 key      => '630239CC130E1A7FD81A27B140976EAF437D05B5',
 repos    => 'main universe multiverse restricted',
 release  => "${facts['os']['distro']['codename']}-backports"
}

Manage login configuration settings for an APT source or proxy in /etc/apt/auth.conf

Starting with APT version 1.5, you can define login configuration settings, such as username and password, for APT sources or proxies that require authentication in the /etc/apt/auth.conf file. This is preferable to embedding login information directly in source.list entries, which are usually world-readable.

The /etc/apt/auth.conf file follows the format of netrc (used by ftp or curl) and has restrictive file permissions. See here for details.

Use the optional apt::auth_conf_entries parameter to specify an array of hashes containing login configuration settings. These hashes may only contain the machine, login and password keys.

class { 'apt':
  auth_conf_entries => [
    {
      'machine'  => 'apt-proxy.example.net',
      'login'    => 'proxylogin',
      'password' => 'proxypassword',
    },
    {
      'machine'  => 'apt.example.com/ubuntu',
      'login'    => 'reader',
      'password' => 'supersecret',
    },
  ],
}

Reference

Facts

• apt_updates: The number of installed packages with available updates from upgrade.

• apt_dist_updates: The number of installed packages with available updates from dist-upgrade.

• apt_security_updates: The number of installed packages with available security updates from upgrade.

• apt_security_dist_updates: The number of installed packages with available security updates from dist-upgrade.

• apt_package_updates: The names of all installed packages with available updates from upgrade. In Facter 2.0 and later this data is formatted as an array; in earlier versions it is a comma-delimited string.

• apt_package_dist_updates: The names of all installed packages with available updates from dist-upgrade. In Facter 2.0 and later this data is formatted as an array; in earlier versions it is a comma-delimited string.

• apt_update_last_success: The date, in epochtime, of the most recent successful apt-get update run (based on the mtime of /var/lib/apt/periodic/update-success-stamp).

• apt_reboot_required: Determines if a reboot is necessary after updates have been installed.

More Information

See REFERENCE.md for all other reference documentation.

Limitations

This module is not designed to be split across run stages.

For an extensive list of supported operating systems, see metadata.json

Adding new sources or PPAs

If you are adding a new source or PPA and trying to install packages from the new source or PPA on the same Puppet run, your package resource should depend on Class['apt::update'], as well as depending on the Apt::Source or the Apt::Ppa. You can also add collectors to ensure that all packages happen after apt::update, but this can lead to dependency cycles and has implications for virtual resources. Before running the command below, ensure that all packages have the provider set to apt.

Class['apt::update'] -> Package <| provider == 'apt' |>

License

This codebase is licensed under the Apache2.0 licensing, however due to the nature of the codebase the open source dependencies may also use a combination of AGPL, BSD-2, BSD-3, GPL2.0, LGPL, MIT and MPL Licensing.

Development

Acceptance tests for this module leverage puppet_litmus. To run the acceptance tests follow the instructions here. You can also find a tutorial and walkthrough of using Litmus and the PDK on YouTube.

If you run into an issue with this module, or if you would like to request a feature, please file a ticket. Every Monday the Puppet IA Content Team has office hours in the Puppet Community Slack, alternating between an EMEA friendly time (1300 UTC) and an Americas friendly time (0900 Pacific, 1700 UTC).

If you have problems getting this module up and running, please contact Support.

If you submit a change to this module, be sure to regenerate the reference documentation as follows:

puppet strings generate --format markdown --out REFERENCE.md

Reference

Table of Contents

Classes

Public Classes

• apt: Main class, includes all other classes.
• apt::backports: Manages backports.

Private Classes

• apt::params: Provides defaults for the Apt module parameters.
• apt::update: Updates the list of available packages using apt-get update.

Defined types

• apt::conf: Specifies a custom Apt configuration file.
• apt::key: Manages the GPG keys that Apt uses to authenticate packages.
• apt::keyring: Manage GPG keyrings for apt repositories
• apt::mark: Manages apt-mark settings
• apt::pin: Manages Apt pins. Does not trigger an apt-get update run.
• apt::ppa: Manages PPA repositories using add-apt-repository. Not supported on Debian.
• apt::setting: Manages Apt configuration files.
• apt::source: Manages the Apt sources in /etc/apt/sources.list.d/.

Resource types

Private Resource types

• apt_key: This type provides Puppet with the capabilities to manage GPG keys needed by apt to perform package validation. Apt has it's own GPG keyring that can be manipulated through the apt-key command.

Data types

• Apt::Auth_conf_entry: Login configuration settings that are recorded in the file /etc/apt/auth.conf.
• Apt::Proxy: Configures Apt to connect to a proxy server.
• Apt::Proxy_Per_Host: Adds per-host overrides to the system default APT proxy configuration

Tasks

• init: Allows you to perform apt-get functions

Classes

apt

Main class, includes all other classes.

• See also
  • https://docs.puppetlabs.com/references/latest/function.html#createresources
    • for the create resource function

Parameters

The following parameters are available in the apt class:

• provider
• keyserver
• key_options
• ppa_options
• ppa_package
• backports
• confs
• update
• update_defaults
• purge
• purge_defaults
• proxy
• proxy_defaults
• sources
• keys
• keyrings
• ppas
• pins
• settings
• manage_auth_conf
• auth_conf_entries
• auth_conf_owner
• root
• sources_list
• sources_list_d
• conf_d
• preferences
• preferences_d
• config_files
• sources_list_force
• include_defaults
• apt_conf_d
• source_key_defaults

provider

Data type: String

Specifies the provider that should be used by apt::update.

Default value: $apt::params::provider

keyserver

Data type: String

Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://, or hkp://).

Default value: $apt::params::keyserver

key_options

Data type: Optional[String]

Specifies the default options for apt::key resources.

Default value: $apt::params::key_options

ppa_options

Data type: Optional[Array[String]]

Supplies options to be passed to the add-apt-repository command.

Default value: $apt::params::ppa_options

ppa_package

Data type: Optional[String]

Names the package that provides the apt-add-repository command.

Default value: $apt::params::ppa_package

backports

Data type: Optional[Hash]

Specifies some of the default parameters used by apt::backports. Valid options: a hash made up from the following keys:

Options:

• :location String: See apt::backports for documentation.
• :repos String: See apt::backports for documentation.
• :key String: See apt::backports for documentation.

Default value: $apt::params::backports

confs

Data type: Hash

Creates new apt::conf resources. Valid options: a hash to be passed to the create_resources function linked above.

Default value: $apt::params::confs

update

Data type: Hash

Configures various update settings. Valid options: a hash made up from the following keys:

Options:

• :frequency String: Specifies how often to run apt-get update. If the exec resource apt_update is notified, apt-get update runs regardless of this value. Valid options: 'always' (at every Puppet run); 'hourly' (if the value of apt_update_last_success is less than current epoch time minus 3600); 'daily' (if the value of apt_update_last_success is less than current epoch time minus 86400); 'weekly' (if the value of apt_update_last_success is less than current epoch time minus 604800); Integer (if the value of apt_update_last_success is less than current epoch time minus provided Integer value); 'reluctantly' (only if the exec resource apt_update is notified). Default: 'reluctantly'.
• :loglevel Integer: Specifies the log level of logs outputted to the console. Default: undef.
• :timeout Integer: Specifies how long to wait for the update to complete before canceling it. Valid options: an integer, in seconds. Default: undef.
• :tries Integer: Specifies how many times to retry the update after receiving a DNS or HTTP error. Default: undef.

Default value: $apt::params::update

update_defaults

Data type: Hash

The default update settings that are combined and merged with the passed update value

Default value: $apt::params::update_defaults

purge

Data type: Hash

Specifies whether to purge any existing settings that aren't managed by Puppet. Valid options: a hash made up from the following keys:

Options:

• :sources.list Boolean: Specifies whether to purge any unmanaged entries from sources.list. Default false.
• :sources.list.d Boolean: Specifies whether to purge any unmanaged entries from sources.list.d. Default false.
• :preferences Boolean: Specifies whether to purge any unmanaged entries from preferences. Default false.
• :preferences.d. Boolean: Specifies whether to purge any unmanaged entries from preferences.d. Default false.

Default value: $apt::params::purge

purge_defaults

Data type: Hash

The default purge settings that are combined and merged with the passed purge value

Default value: $apt::params::purge_defaults

proxy

Data type: Apt::Proxy

Configures Apt to connect to a proxy server. Valid options: a hash matching the locally defined type apt::proxy.

Default value: $apt::params::proxy

proxy_defaults

Data type: Hash

The default proxy settings that are combined and merged with the passed proxy value

Default value: $apt::params::proxy_defaults

sources

Data type: Hash

Creates new apt::source resources. Valid options: a hash to be passed to the create_resources function linked above.

Default value: $apt::params::sources

keys

Data type: Hash

Creates new apt::key resources. Valid options: a hash to be passed to the create_resources function linked above.

Default value: $apt::params::keys

keyrings

Data type: Hash

Hash of apt::keyring resources.

Default value: {}

ppas

Data type: Hash

Creates new apt::ppa resources. Valid options: a hash to be passed to the create_resources function linked above.

Default value: $apt::params::ppas

pins

Data type: Hash

Creates new apt::pin resources. Valid options: a hash to be passed to the create_resources function linked above.

Default value: $apt::params::pins

settings

Data type: Hash

Creates new apt::setting resources. Valid options: a hash to be passed to the create_resources function linked above.

Default value: $apt::params::settings

manage_auth_conf

Data type: Boolean

Specifies whether to manage the /etc/apt/auth.conf file. When true, the file will be overwritten with the entries specified in the auth_conf_entries parameter. When false, the file will be ignored (note that this does not set the file to absent.

Default value: $apt::params::manage_auth_conf

auth_conf_entries

Data type: Array[Apt::Auth_conf_entry]

An optional array of login configuration settings (hashes) that are recorded in the file /etc/apt/auth.conf. This file has a netrc-like format (similar to what curl uses) and contains the login configuration for APT sources and proxies that require authentication. See https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html for details. If specified each hash must contain the keys machine, login and password and no others. Specifying manage_auth_conf and not specifying this parameter will set /etc/apt/auth.conf to absent.

Default value: $apt::params::auth_conf_entries

auth_conf_owner

Data type: String

The owner of the file /etc/apt/auth.conf. Default: '_apt' or 'root' on old releases.

Default value: $apt::params::auth_conf_owner

root

Data type: String

Specifies root directory of Apt executable.

Default value: $apt::params::root

sources_list

Data type: String

Specifies the path of the sources_list file to use.

Default value: $apt::params::sources_list

sources_list_d

Data type: String

Specifies the path of the sources_list.d file to use.

Default value: $apt::params::sources_list_d

conf_d

Data type: String

Specifies the path of the conf.d file to use.

Default value: $apt::params::conf_d

preferences

Data type: String

Specifies the path of the preferences file to use.

Default value: $apt::params::preferences

preferences_d

Data type: String

Specifies the path of the preferences.d file to use.

Default value: $apt::params::preferences_d

config_files

Data type: Hash

A hash made up of the various configuration files used by Apt.

Default value: $apt::params::config_files

sources_list_force

Data type: Boolean

Specifies whether to perform force purge or delete. Default false.

Default value: $apt::params::sources_list_force

include_defaults

Data type: Hash

Default value: $apt::params::include_defaults

apt_conf_d

Data type: String

The path to the file apt.conf.d

Default value: $apt::params::apt_conf_d

source_key_defaults

Data type: Hash

The fault source_key settings

Default value:

{
    'server'  => $keyserver,
    'options' => undef,
    'content' => undef,
    'source'  => undef,
  }

apt::backports

Manages backports.

Examples

Set up a backport source for Ubuntu

include apt::backports

Parameters

The following parameters are available in the apt::backports class:

• location
• release
• repos
• key
• keyring
• pin
• include

location

Data type: Optional[String]

Specifies an Apt repository containing the backports to manage. Valid options: a string containing a URL. Default value for Debian and Ubuntu varies:

• Debian: 'http://deb.debian.org/debian'

• Ubuntu: 'http://archive.ubuntu.com/ubuntu'

Default value: undef

release

Data type: Optional[String]

Specifies a distribution of the Apt repository containing the backports to manage. Used in populating the source.list configuration file. Default: on Debian and Ubuntu, ${fact('os.distro.codename')}-backports. We recommend keeping this default, except on other operating systems.

Default value: undef

repos

Data type: Optional[String]

Specifies a component of the Apt repository containing the backports to manage. Used in populating the source.list configuration file. Default value for Debian and Ubuntu varies:

• Debian: 'main contrib non-free'

• Ubuntu: 'main universe multiverse restricted'

Default value: undef

key

Data type: Optional[Variant[String, Hash]]

Specifies a key to authenticate the backports. Valid options: a string to be passed to the id parameter of the apt::key defined type, or a hash of parameter => value pairs to be passed to apt::key's id, server, content, source, and/or options parameters.

Default value: undef

keyring

Data type: Stdlib::AbsolutePath

Absolute path to a file containing the PGP keyring used to sign this repository. Value is passed to the apt::source and used to set signed-by on the source entry.

Default value: "/usr/share/keyrings/${facts['os']['name'].downcase}-archive-keyring.gpg"

pin

Data type: Variant[Integer, String, Hash]

Specifies a pin priority for the backports. Valid options: a number or string to be passed to the id parameter of the apt::pin defined type, or a hash of parameter => value pairs to be passed to apt::pin's corresponding parameters.

Default value: 200

include

Data type: Variant[Hash]

Specifies whether to include 'deb' or 'src', or both.

Default value: {}

Defined types

apt::conf

Specifies a custom Apt configuration file.

Parameters

The following parameters are available in the apt::conf defined type:

• content
• ensure
• priority
• notify_update

content

Data type: Optional[String]

Required unless ensure is set to 'absent'. Directly supplies content for the configuration file.

Default value: undef

ensure

Data type: Enum['present', 'absent']

Specifies whether the configuration file should exist. Valid options: 'present' and 'absent'.

Default value: present

priority

Data type: Variant[String, Integer]

Determines the order in which Apt processes the configuration file. Files with lower priority numbers are loaded first. Valid options: a string containing an integer or an integer.

Default value: 50

notify_update

Data type: Optional[Boolean]

Specifies whether to trigger an apt-get update run.

Default value: undef

apt::key

Manages the GPG keys that Apt uses to authenticate packages.

• Note The apt::key defined type makes use of the apt_key type, but includes extra functionality to help prevent duplicate keys.

Examples

Declare Apt key for apt.puppetlabs.com source

apt::key { 'puppetlabs':
  id      => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
  server  => 'keyserver.ubuntu.com',
  options => 'http-proxy="http://proxyuser:proxypass@example.org:3128"',
}

Parameters

The following parameters are available in the apt::key defined type:

• id
• ensure
• content
• source
• server
• weak_ssl
• options

id

Data type: Pattern[/\A(0x)?[0-9a-fA-F]{8}\Z/, /\A(0x)?[0-9a-fA-F]{16}\Z/, /\A(0x)?[0-9a-fA-F]{40}\Z/]

Specifies a GPG key to authenticate Apt package signatures. Valid options: a string containing a key ID (8 or 16 hexadecimal characters, optionally prefixed with "0x") or a full key fingerprint (40 hexadecimal characters).

Default value: $title

ensure

Data type: Enum['present', 'absent', 'refreshed']

Specifies whether the key should exist. Valid options: 'present', 'absent' or 'refreshed'. Using 'refreshed' will make keys auto update when they have expired (assuming a new key exists on the key server).

Default value: present

content

Data type: Optional[String]

Supplies the entire GPG key. Useful in case the key can't be fetched from a remote location and using a file resource is inconvenient.

Default value: undef

source

Data type: Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]]

Specifies the location of an existing GPG key file to copy. Valid options: a string containing a URL (ftp://, http://, or https://) or an absolute path.

Default value: undef

server

Data type: Pattern[/\A((hkp|hkps|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?(\/[a-zA-Z\d\-_.]+)*\/?$/]

Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://, hkp:// or hkps://). The hkps:// protocol is currently only supported on Ubuntu 18.04.

Default value: $apt::keyserver

weak_ssl

Data type: Boolean

Specifies whether strict SSL verification on a https URL should be disabled. Valid options: true or false.

Default value: false

options

Data type: Optional[String]

Passes additional options to apt-key adv --keyserver-options.

Default value: $apt::key_options

apt::keyring

Manage GPG keyrings for apt repositories

Examples

Download the puppetlabs apt keyring

apt::keyring { 'puppetlabs-keyring.gpg':
  source => 'https://apt.puppetlabs.com/keyring.gpg',
}

Deploy the apt source and associated keyring file

apt::source { 'puppet8-release':
  location => 'http://apt.puppetlabs.com',
  repos    => 'puppet8',
  key      => {
    name   => 'puppetlabs-keyring.gpg',
    source => 'https://apt.puppetlabs.com/keyring.gpg'
  }
}

Parameters

The following parameters are available in the apt::keyring defined type:

• dir
• filename
• mode
• source
• content
• ensure

dir

Data type: Stdlib::Absolutepath

Path to the directory where the keyring will be stored.

Default value: '/etc/apt/keyrings'

filename

Data type: String[1]

Optional filename for the keyring. It should also contain extension along with the filename.

Default value: $name

mode

Data type: Stdlib::Filemode

File permissions of the keyring.

Default value: '0644'

source

Data type: Optional[Stdlib::Filesource]

Source of the keyring file. Mutually exclusive with 'content'.

Default value: undef

content

Data type: Optional[String[1]]

Content of the keyring file. Mutually exclusive with 'source'.

Default value: undef

ensure

Data type: Enum['present','absent']

Ensure presence or absence of the resource.

Default value: 'present'

apt::mark

Manages apt-mark settings

Parameters

The following parameters are available in the apt::mark defined type:

• setting

setting

Data type: Enum['auto','manual','hold','unhold']

auto, manual, hold, unhold specifies the behavior of apt in case of no more dependencies installed https://manpages.debian.org/stable/apt/apt-mark.8.en.html

apt::pin

Manages Apt pins. Does not trigger an apt-get update run.

• See also
  • http://linux.die.net/man/5/apt_preferences
    • for context on these parameters

Parameters

The following parameters are available in the apt::pin defined type:

• ensure
• explanation
• order
• packages
• priority
• release
• release_version
• component
• originator
• label
• origin
• version
• codename

ensure

Data type: Enum['file', 'present', 'absent']

Specifies whether the pin should exist. Valid options: 'file', 'present', and 'absent'.

Default value: present

explanation

Data type: Optional[String]

Supplies a comment to explain the pin. Default: "${caller_module_name}: ${name}".

Default value: undef

order

Data type: Variant[Integer]

Determines the order in which Apt processes the pin file. Files with lower order numbers are loaded first.

Default value: 50

packages

Data type: Variant[String, Array]

Specifies which package(s) to pin.

Default value: '*'

priority

Data type: Variant[Numeric, String]

Sets the priority of the package. If multiple versions of a given package are available, apt-get installs the one with the highest priority number (subject to dependency constraints). Valid options: an integer.

Default value: 0

release

Data type: Optional[String]

Tells APT to prefer packages that support the specified release. Typical values include 'stable', 'testing', and 'unstable'.

Default value: undef

release_version

Data type: Optional[String]

Tells APT to prefer packages that support the specified operating system release version (such as Debian release version 7).

Default value: undef

component

Data type: Optional[String]

Names the licensing component associated with the packages in the directory tree of the Release file.

Default value: undef

originator

Data type: Optional[String]

Names the originator of the packages in the directory tree of the Release file.

Default value: undef

label

Data type: Optional[String]

Names the label of the packages in the directory tree of the Release file.

Default value: undef

origin

Data type: Optional[String]

The package origin

Default value: undef

version

Data type: Optional[String]

The version of the package

Default value: undef

codename

Data type: Optional[String]

The codename of the package

Default value: undef

apt::ppa

Manages PPA repositories using add-apt-repository. Not supported on Debian.

Examples

Example declaration of an Apt PPA

apt::ppa{ 'ppa:openstack-ppa/bleeding-edge': }

Parameters

The following parameters are available in the apt::ppa defined type:

• ensure
• options
• release
• dist
• package_name
• package_manage

ensure

Data type: String

Specifies whether the PPA should exist. Valid options: 'present' and 'absent'.

Default value: 'present'

options

Data type: Optional[Array[String]]

Supplies options to be passed to the add-apt-repository command. Default: '-y'.

Default value: $apt::ppa_options

release

Data type: Optional[String]

Specifies the operating system of your node. Valid options: a string containing a valid LSB distribution codename. Optional if puppet facts show os.distro.codename returns your correct distribution release codename.

Default value: fact('os.distro.codename')

dist

Data type: Optional[String]

Specifies the distribution of your node. Valid options: a string containing a valid distribution codename. Optional if puppet facts show os.name returns your correct distribution name.

Default value: $facts['os']['name']

package_name

Data type: Optional[String]

Names the package that provides the apt-add-repository command. Default: 'software-properties-common'.

Default value: $apt::ppa_package

package_manage

Data type: Boolean

Specifies whether Puppet should manage the package that provides apt-add-repository.

Default value: false

apt::setting

Manages Apt configuration files.

• See also
  • https://docs.puppetlabs.com/references/latest/type.html#file-attributes
    • for more information on source and content parameters

Parameters

The following parameters are available in the apt::setting defined type:

• priority
• ensure
• source
• content
• notify_update

priority

Data type: Variant[String, Integer, Array]

Determines the order in which Apt processes the configuration file. Files with higher priority numbers are loaded first.

Default value: 50

ensure

Data type: Enum['file', 'present', 'absent']

Specifies whether the file should exist. Valid options: 'present', 'absent', and 'file'.

Default value: file

source

Data type: Optional[String]

Required, unless content is set. Specifies a source file to supply the content of the configuration file. Cannot be used in combination with content. Valid options: see link above for Puppet's native file type source attribute.

Default value: undef

content

Data type: Optional[String]

Required, unless source is set. Directly supplies content for the configuration file. Cannot be used in combination with source. Valid options: see link above for Puppet's native file type content attribute.

Default value: undef

notify_update

Data type: Boolean

Specifies whether to trigger an apt-get update run.

Default value: true

apt::source

Manages the Apt sources in /etc/apt/sources.list.d/.

Examples

Install the puppetlabs apt source

apt::source { 'puppetlabs':
  location => 'http://apt.puppetlabs.com',
  repos    => 'main',
  key      => {
    id     => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
    server => 'keyserver.ubuntu.com',
  },
}

Download key behaviour to handle modern apt gpg keyrings. The name parameter in the key hash should be given with

extension. Absence of extension will result in file formation with just name and no extension.
apt::source { 'puppetlabs':
  location => 'http://apt.puppetlabs.com',
  comment  => 'Puppet8',
  key      => {
    'name'   => 'puppetlabs.gpg',
    'source' => 'https://apt.puppetlabs.com/keyring.gpg',
  },
}

Parameters

The following parameters are available in the apt::source defined type:

• location
• comment
• ensure
• release
• repos
• include
• key
• keyring
• pin
• architecture
• allow_unsigned
• allow_insecure
• notify_update
• check_valid_until

location

Data type: Optional[String]

Required, unless ensure is set to 'absent'. Specifies an Apt repository. Valid options: a string containing a repository URL.

Default value: undef

comment

Data type: String

Supplies a comment for adding to the Apt source file.

Default value: $name

ensure

Data type: String

Specifies whether the Apt source file should exist. Valid options: 'present' and 'absent'.

Default value: present

release

Data type: Optional[String]

Specifies a distribution of the Apt repository.

Default value: undef

repos

Data type: String

Specifies a component of the Apt repository.

Default value: 'main'

include

Data type: Variant[Hash]

Configures include options. Valid options: a hash of available keys.

Options:

• :deb Boolean: Specifies whether to request the distribution's compiled binaries. Default true.
• :src Boolean: Specifies whether to request the distribution's uncompiled source code. Default false.

Default value: {}

key

Data type: Optional[Variant[String, Hash]]

Creates an apt::keyring in /etc/apt/keyrings (or anywhere on disk given filename) Valid options:

• a hash of parameter => value pairs to be passed to file: name (title), content, source, filename

The following inputs are valid for the (deprecated) apt::key defined type. Valid options:

• a string to be passed to the id parameter of the apt::key defined type
• a hash of parameter => value pairs to be passed to apt::key: id, server, content, source, weak_ssl, options

Default value: undef

keyring

Data type: Optional[Stdlib::AbsolutePath]

Absolute path to a file containing the PGP keyring used to sign this repository. Value is used to set signed-by on the source entry. This is not necessary if the key is installed with key param above. See https://wiki.debian.org/DebianRepository/UseThirdParty for details.

Default value: undef

pin

Data type: Optional[Variant[Hash, Numeric, String]]

Creates a declaration of the apt::pin defined type. Valid options: a number or string to be passed to the id parameter of the apt::pin defined type, or a hash of parameter => value pairs to be passed to apt::pin's corresponding parameters.

Default value: undef

architecture

Data type: Optional[String]

Tells Apt to only download information for specified architectures. Valid options: a string containing one or more architecture names, separated by commas (e.g., 'i386' or 'i386,alpha,powerpc'). (if unspecified, Apt downloads information for all architectures defined in the Apt::Architectures option)

Default value: undef

allow_unsigned

Data type: Boolean

Specifies whether to authenticate packages from this release, even if the Release file is not signed or the signature can't be checked.

Default value: false

allow_insecure

Data type: Boolean

Specifies whether to allow downloads from insecure repositories.

Default value: false

notify_update

Data type: Boolean

Specifies whether to trigger an apt-get update run.

Default value: true

check_valid_until

Data type: Boolean

Specifies whether to check if the package release date is valid. Defaults to True.

Default value: true

Data types

Apt::Auth_conf_entry

Login configuration settings that are recorded in the file /etc/apt/auth.conf.

• See also
  • https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html
  • for more information

Alias of

Struct[{
    machine => String[1],
    login => String,
    password => String
  }]

Parameters

The following parameters are available in the Apt::Auth_conf_entry data type:

• machine
• login
• password

machine

Hostname of machine to connect to.

login

Specifies the username to connect with.

password

Specifies the password to connect with.

Apt::Proxy

Configures Apt to connect to a proxy server.

Alias of

Struct[{
    ensure     => Optional[Enum['file', 'present', 'absent']],
    host       => Optional[String],
    port       => Optional[Integer[0, 65535]],
    https      => Optional[Boolean],
    https_acng => Optional[Boolean],
    direct     => Optional[Boolean],
    perhost    => Optional[Array[Apt::Proxy_Per_Host]],
  }]

Parameters

The following parameters are available in the Apt::Proxy data type:

• ensure
• host
• port
• https
• direct

ensure

Specifies whether the proxy should exist. Valid options: 'file', 'present', and 'absent'. Prefer 'file' over 'present'.

host

Specifies a proxy host to be stored in /etc/apt/apt.conf.d/01proxy. Valid options: a string containing a hostname.

port

Specifies a proxy port to be stored in /etc/apt/apt.conf.d/01proxy. Valid options: an integer containing a port number.

https

Specifies whether to enable https proxies.

direct

Specifies whether or not to use a DIRECT https proxy if http proxy is used but https is not.

Apt::Proxy_Per_Host

Adds per-host overrides to the system default APT proxy configuration

Alias of

Struct[{
    scope      => String,
    host       => Optional[String],
    port       => Optional[Integer[1, 65535]],
    https      => Optional[Boolean],
    direct     => Optional[Boolean],
  }]

Parameters

The following parameters are available in the Apt::Proxy_Per_Host data type:

• scope
• host
• port
• https
• direct

scope

Specifies the scope of the override. Valid options: a string containing a hostname.

host

Specifies a proxy host to be stored in /etc/apt/apt.conf.d/01proxy. Valid options: a string containing a hostname.

port

Specifies a proxy port to be stored in /etc/apt/apt.conf.d/01proxy. Valid options: an integer containing a port number.

https

Specifies whether to enable https for this override.

direct

Specifies whether or not to use a DIRECT target to bypass the system default proxy.

Tasks

init

Allows you to perform apt-get functions

Supports noop? false

Parameters

action

Data type: Enum[update, upgrade, dist-upgrade, autoremove]

Action to perform with apt-get

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

v9.4.0 - 2024-02-15

Full Changelog

Added

• Backports: add keyring support #1162 (kenyon)
• Support "hourly" and Integer as value for update frequency (fixes #1157) #1159 (webcompas)

Fixed

• replace deprecated merge() with native puppet code #1154 (bastelfreak)

Other

• release_prep: Use puppetlabs_spec_helper 7.x #1164 (bastelfreak)

v9.2.0 - 2023-12-04

Full Changelog

Added

• Allow passing all keyring params in apt::source #1147 (kenyon)
• Cleanup Debian 9 and Ubuntu pre-18.04 specialcases #1142 (evgeni)
• Add support for modern keyrings #1128 (praj1001)

Fixed

• (CAT-1483) - Enhancement of handling of apt::source's repos and release parameters #1138 (Ramesh7)
• backports: don't hardcode an old gpg key for Ubuntu #1129 (kenyon)

v9.1.0 - 2023-06-08

Full Changelog

Changed

• (CONT-773) Add Support for Puppet 8 / Remove Support for Puppet 6 #1101 (david22swan)

Added

• Require stdlib 9.0.0 or newer #1114 (smortex)
• (CONT-1028) puppetlabs/stdlib: Allow 9.x #1113 (bastelfreak)
• (CONT-581) Adding deferred function support for password field #1110 (Ramesh7)

Fixed

• (MODULES-10831) key is expired if all subkeys are expired #1104 (kenyon)

v9.0.2 - 2023-03-14

Full Changelog

Fixed

• Adopt new parameter defaults in template #1090 (tuxmea)
• (CONT-493) PPA validation adjustment #1085 (LukasAud)
• fix typo in source.pp #1082 (bastelfreak)
• fix: remove apt:: prefix from fact variables #1081 (johanfleury)
• Updated mark as title can contain dot (fixes #1074) #1075 (xepa)

v9.0.1 - 2022-12-21

Full Changelog

Fixed

• (bugfix) - Declare minimum Puppet version 6.24.0 #1079 (pmcmaw)
• Do not remove PPA sources.list.d files if purge is enabled #1069 (Programie)
• (CONT-173) - Updating deprecated facter instances #1068 (jordanbreen28)
• pdksync - (CONT-130) Dropping Support for Debian 9 #1065 (jordanbreen28)
• (GH-1057) Regex fix to allow dotted resources #1058 (LukasAud)
• (GH-1055) Fix hardcoded cache path #1056 (chelnak)
• (GH-cat-9) Update module to match current syntax standard #1053 (david22swan)

v9.0.0 - 2022-08-18

Full Changelog

Changed

• Harden PPA defined type #1052 (chelnak)

Added

• Deal with net-ftp being unavailable #1050 (ekohl)
• pdksync - (GH-cat-11) Certify Support for Ubuntu 22.04 #1046 (david22swan)

Fixed

• Harden apt-mark defined type #1051 (chelnak)

v8.5.0 - 2022-08-03

Full Changelog

Added

• (GH-1038) add support for check-valid-until configuration #1042 (david22swan)

v8.4.1 - 2022-06-20

Full Changelog

Fixed

• (ISSUE-1036) Conditional gnupg include added to init.pp #1039 (david22swan)

v8.4.0 - 2022-06-06

Full Changelog

Changed

• (GH-iac-334) Remove code specific to unsupported OSs #1024 (david22swan)

Added

• enable allow-insecure for apt::source defined types, includes new tes… #1014 (hesco)

Fixed

• pdksync - (GH-iac-334) Remove Support for Ubuntu 14.04 #1023 (david22swan)
• pdksync - (GH-iac-334) Remove Support for Ubuntu 16.04 #1022 (david22swan)
• (MODULES-11301) Don't install gnupg if not needed #1020 (simondeziel)
• Use fact() function for all os.distro.* facts #1017 (root-expert)
• (maint) Fix resource ordering when apt-transport-https is needed #1015 (smortex)
• Omit empty options in source.list template to fix MODULES-11174 #1013 (mpdude)
• Replace arm64 for aarch64 in ::apt::source #1012 (mpdude)
• Fixed gpg file for Ubuntu versions 21.04 and later. #1011 (Conzar)
• (MODULES-10763) Remove frequency collector #1010 (LTangaF)

v8.3.0 - 2021-10-04

Full Changelog

Added

• (MODULES-11173) Add per-host overrides for apt::proxy #1007 (maturnbull)

Fixed

• pdksync - (IAC-1598) - Remove Support for Debian 8 #1008 (david22swan)

v8.2.0 - 2021-08-25

Full Changelog

Added

• (maint) Add support for Debian 11 #1001 (smortex)

Fixed

• (main) Allow stdlib 8.0.0 #1000 (smortex)

v8.1.0 - 2021-07-26

Full Changelog

Added

• [MODULES-9695] - Add support for signed-by in source entries #991 (johanfleury)

Fixed

• apt::source: pass the weak_ssl param to apt::key #993 (kenyon)
• (IAC-1597) Increasing MAX_RETRY_COUNT #987 (pmcmaw)

v8.0.2 - 2021-03-29

Full Changelog

Fixed

• (MODULES-10971) - Ensure apt::keyserver is considered when creating a default apt:source #981 (david22swan)
• (IAC-1497) - Removal of unsupported translate dependency #979 (david22swan)

v8.0.1 - 2021-03-15

Full Changelog

Fixed

• MODULES-10956 remove redundant code in provider apt_key #973 (moritz-makandra)

v8.0.0 - 2021-03-01

Full Changelog

Changed

• pdksync - Remove Puppet 5 from testing and bump minimal version to 6.0.0 #969 (carabasdaniel)

v7.7.1 - 2021-02-16

Full Changelog

Fixed

• Use modern os facts #964 (kenyon)

v7.7.0 - 2020-12-08

Full Changelog

Added

• pdksync - (feat) - Add support for Puppet 7 #958 (daianamezdrea)
• Make auth.conf contents Sensitive #953 (suchpuppet)

v7.6.0 - 2020-09-15

Full Changelog

Added

• (MODULES-10804) option to force purge source.lists file #948 (sheenaajay)

Fixed

• (IAC-978) - Removal of inappropriate terminology #947 (david22swan)

v7.5.0 - 2020-08-13

Full Changelog

Added

• pdksync - (IAC-973) - Update travis/appveyor to run on new default branch main #940 (david22swan)
• patch-acng-ssl-support #938 (mdklapwijk)
• (IAC-746) - Add ubuntu 20.04 support #936 (david22swan)

Fixed

• (MODULES-10763) loglevel won't affect reports #942 (gguillotte)

v7.4.2 - 2020-05-14

Full Changelog

Fixed

• fix apt-mark syntax #927 (tryfunc)

v7.4.1 - 2020-03-23

Full Changelog

Fixed

• Do not specify file modes unless relevant #923 (anarcat)
• (MODULES-10583) Revert "MODULES-10548: make files readonly" #920 (carabasdaniel)

v7.4.0 - 2020-03-03

Full Changelog

Added

• Add 'include' param to apt::backports #910 (paladox)
• pdksync - (FM-8581) - Debian 10 added to travis and provision file refactored #902 (david22swan)

Fixed

• MODULES-10548: make files readonly #906 (anarcat)
• MODULES-10543: only consider lsbdistcodename for apt-transport-https #905 (anarcat)
• MODULES-10543: remove sources.list file on purging #904 (anarcat)
• Include apt in apt::backports #891 (zivis)

v7.3.0 - 2019-12-16

Full Changelog

Added

• Adding a new parameter for dist #890 (luckyraul)

Fixed

• MODULES-10063, extend apt::key to support deeplinks, this time with f… #894 (atarax)
• MODULES-10063, extend apt::key to support deeplinks #892 (atarax)

v7.2.0 - 2019-10-29

Full Changelog

Added

• Add apt::mark defined type #879 (tuxmea)
• (FM-8394) add debian 10 testing #876 (ThoughtCrhyme)
• Add apt::key_options for default apt::key options #873 (raphink)
• implement apt.conf.d purging #869 (lelutin)

Fixed

• Install gnupg instead of dirmngr #866 (martijndegouw)

v7.1.0 - 2019-07-30

Full Changelog

Added

• (FM-8215) Convert to using litmus #864 (florindragos)

v7.0.1 - 2019-05-14

Full Changelog

7.0.0 - 2019-04-24

Full Changelog

Changed

• pdksync - (MODULES-8444) - Raise lower Puppet bound #853 (david22swan)

Added

• Allow weak SSL verification for apt_key #849 (tuxmea)

6.3.0 - 2019-01-22

Full Changelog

Added

• Add support for dist-upgrade & autoremove action #832 (aboks)
• (MODULES-8321) - Add manage_auth_conf parameter #831 (eimlav)

Fixed

• (MODULES-8418) Fix /etc/apt/auth.conf owner changing endlessly #836 (antaflos)
• pdksync - (FM-7655) Fix rubygems-update for ruby < 2.3 #835 (tphoney)
• (MODULES-8326) - apt-transport-https not ensured properly #830 (eimlav)

6.2.1 - 2018-11-21

Full Changelog

Fixed

• (MODULES-8272) - Revert "Autorequire dirmngr in apt_key types" #825 (eimlav)

6.2.0 - 2018-11-19

Full Changelog

Added

• (MODULES-8081): add support for hkps:// protocol in apt::key #815 (simondeziel)

Fixed

• Apt-key fixes to properly work on Debian 9 #822 (ekohl)
• (maint) - Update Link to REFERENCE.md #811 (pmcmaw)

6.1.1 - 2018-10-02

Full Changelog

Fixed

• Revert "(MODULES-6408) - Fix dirmngr install failing" #808 (eimlav)

6.1.0 - 2018-10-01

Full Changelog

Added

• pdksync - (FM-7392) - Puppet 6 Testing Changes #800 (pmcmaw)
• pdksync - (MODULES-6805) metadata.json shows support for puppet 6 #798 (tphoney)
• (MODULES-3307) - Auto update expired keys #795 (eimlav)
• (FM-7316) - Implementation of the i18n process #789 (david22swan)
• Introduce an Apt::Proxy type to validate the hash #773 (ekohl)

Fixed

• (MODULES-6408) - Fix dirmngr install failing #801 (eimlav)
• (MODULES-1630) - Expanding source list fix to cover all needed versions #788 (david22swan)

6.0.0 - 2018-08-24

Full Changelog

Changed

• (MODULES-7668) Remove support for Puppet 4.7 #780 (jarretlavallee)

Added

• Check existence of gpg key in apt:ppa #774 (wenzhengjiang)
• Make sure PPA source file is absent when apt-add-repository fails #768 (wenzhengjiang)

5.0.1 - 2018-07-30

Full Changelog

Fixed

• (MODULES-7540) add apt-transport-https with https #775 (tphoney)

5.0.0 - 2018-07-19

Full Changelog

Changed

• [FM-6956] Removal of unsupported Debian 7 from apt #760 (david22swan)

Added

• (MODULES-7468) Update apt to support Ubuntu 18.04 #769 (david22swan)
• Support managing login configurations in /etc/apt/auth.conf #752 (antaflos)

Fixed

• (MODULES-7327) - Update README with supported OS #767 (pmcmaw)
• (bugfix) Dont run ftp tests in travis #766 (tphoney)
• (maint) make apt testing more stable, cleanup #764 (tphoney)
• Remove .length from variable $pin_release in app #754 (paladox)
• Replace UTF-8 whitespace in comment #748 (bernhardschmidt)
• Fix "E: Unable to locate package -y" #747 (aboks)
• Fix automatic coercion warning #743 (smortex)

4.5.1 - 2018-02-01

Full Changelog

4.5.0 - 2018-01-22

Full Changelog

Fixed

• MODULES-6235 - Addressing Rubocop Errors #735 (pmcmaw)

4.4.1 - 2017-11-20

Full Changelog

Added

• Rubocopification #731 (willmeek)

4.4.0 - 2017-11-15

Full Changelog

Added

• Add a check for Puppet version to task helper #722 (willmeek)
• Add a facter fact for dist-upgrade #719 (willmeek)
• Http proxy bypass #718 (willmeek)

Fixed

• Install apt-transport-https if needed #720 (btravouillon)
• Remove tasks acceptance test for non-Debian builds #717 (willmeek)
• Do not treat debian stable-updates as security updates #716 (kbarmen)
• Install apt-transport-https in Debian 8 if needed #714 (btravouillon)
• remove legacy functions #711 (b4ldr)
• Fixed circular dependency for package dirmngr #710 (hp197)

4.3.0 - 2017-10-11

Full Changelog

4.2.0 - 2017-09-26

Full Changelog

Added

• apt_package_security_updates fact and test #703 (tphoney)
• Allow user to modify loglevel of apt-get update Exec resource #690 (tpdownes)

Fixed

• Switch to deb.debian.org and remove Debian 6.0 #702 (tphoney)
• MODULES-4686: gpg keyserver import fails in Debian 9 (Stretch) #698 (deric)
• Fixed typo in "Configuring Apt from hiera example" #693 (morremeyer)
• Ignore subkeys in apt-key's output #665 (tiger-jmw)
• (MODULES-4118) Set dpkg option NoLocking in apt_updates fact #640 (jocado)

4.1.0 - 2017-06-05

Full Changelog

Added

• Ensure release allows empty strings #681 (HelenCampbell)
• (MODULES-4973) rip out data in modules #680 (eputnam)

Fixed

• Revert removal of Evolving Web's attribution in NOTICE file #678 (DavidS)

4.0.0 - 2017-04-27

Full Changelog

Fixed

• Rebase of #668 #673 (hunner)
• Fix architecture fact overriding unset architecture source option #672 (domcleal)

3.0.0 - 2017-04-19

Full Changelog

Added

• (PUP-6856) Always define facts #670 (hunner)

2.4.0 - 2017-04-06

Full Changelog

Changed

• Use stdlib deprecation #641 (DavidS)

Added

• [MODULES-4224] Implement beaker-module_install_helper #652 (wilson208)
• [MODULES-3562] Implement retry for tests which require modules to pull key from keyserver #631 (wilson208)

Fixed

• [MODULES-4528] Replace Puppet.version.to_f with Puppet::Util::Package.versioncmp #658 (wilson208)
• apt::key is a defined type, not a class #656 (WhatsARanjit)
• Avoid string comparison error #635 (lkoranda)
• Undef default for $notify_update in source.pp results in problem with Puppet 3.7.2 #628 (cpavanrun)

2.3.0 - 2016-09-20

Full Changelog

Added

• Add ability to specify a hash of apt::conf defines #616 (ghoneycutt)
• Expose notify_update to apt::source #596 (danielhoherd)

Fixed

• Fix syntax error #619 (DavidS)
• Fixed "unless" test condition for ppa repository #613 (nicobn)
• apt/params: Remove unused LSB facts #610 (daenney)
• Fix regexp for $ensure params #609 (hfm)
• Use hkps.pool.sks-keyservers.net instead of pgp.mit.edu #606 (DavidS)
• Install software-properties-common for xenial #605 (imphil)
• Fix version check on 16.04. #604 (tdb)
• apt::setting expects priority to be an integer, set defaults accordingly #602 (madddi)
• Fix STRICT_VARIABLE testing #599 (DavidS)
• Typo: missing colon #595 (danielhoherd)
• Make apt_updates facts use /usr/bin/apt-get. #581 (robinelfrink)

2.2.2 - 2016-02-29

Full Changelog

Added

• Add ubuntu 15.10 support #578 (pherjung)

Fixed

• MODULES-2873 - Avoid multiple package resource declarations #588 (werekraken)
• Handle PPA names that contain a plus character. #583 (tdb)
• Look for correct sources.list.d file for apt::ppa #582 (imphil)
• fix whitespace in source.list #577 (amauf)
• Fix apt_key tempfile race condition #572 (claytono)

2.2.1 - 2015-12-04

Full Changelog

2.2.0 - 2015-09-29

Full Changelog

Added

• Add support for creating pins from main class #564 (rfdrake)
• Proxy ensure parameter. #556 (mike-callahan)
• Expose notify_update to apt::conf #551 (bdellegrazie)

Fixed

• Corrected regression with preference files name #562 (Vincent--)
• MODULES-2446 - Fix pinning for backports #560 (underscorgan)
• Fix path to 'preferences' and 'preferences.d'. #557 (fbarbeira)

2.1.1 - 2015-07-27

Full Changelog

Added

• Added additional header template for apt.conf style comments #540 (szynaka)

Fixed

• Fix anchor issues #547 (underscorgan)
• Iterate through multiple keys #546 (igalic)
• Use Debian's new official mirrors redirector #545 (raoulbhatia)
• Revert "Fix use of $::apt::params::backports and $::apt::params::xfac… #543 (underscorgan)
• Fix use of $::apt::params::backports and $::apt::params::xfacts. #542 (Farzy)
• hashes are not supported in selectors #539 (underscorgan)
• typo #538 (underscorgan)
• Don't add puppetlabs sources for lucid #537 (underscorgan)

2.1.0 - 2015-06-16

Full Changelog

Changed

• API compatibility between 1.8.x and 2.x for apt::source #529 (underscorgan)

Added

• Added new apt_reboot_required fact, updated readme, and added unit tests #516 (dlactin)

Fixed

• Make apt::key compatible with 1.8.x #527 (underscorgan)
• Backwards compatibility with older versions of puppet #525 (ianmacl)
• Only use the strict variables workaround if using strict variables #524 (underscorgan)
• Don't stub puppetversion #521 (hunner)

2.0.1 - 2015-04-28

Full Changelog

Added

• MODULES-1934: Iterate through multiple keys #501 (underscorgan)

Fixed

• Restore Puppet 3.4 and earlier compatibility #511 (underscorgan)
• Update tests to work with rspec-puppet 2.x #504 (underscorgan)

2.0.0 - 2015-04-14

Full Changelog

Added

• Add missing examples for 'removed' functionality #483 (underscorgan)

Fixed

• Don't purge by default. That seems unnecessarily destructive. #497 (underscorgan)
• apt::conf: Don't require content ensure=>absent. #496 (daenney)
• Remove default support for Linux Mint and Cumulus Networks #493 (underscorgan)
• (MODULES-1156, MODULES-769) Update anchors #479 (underscorgan)
• Remove update['always'] = true support #473 (underscorgan)
• Acceptance test fixes #472 (underscorgan)

1.8.0 - 2015-03-17

Full Changelog

Changed

• Various major behavioural changes #447 (daenney)
• V2.0.0 Prep work: Removing old code / Adding placeholders #424 (underscorgan)

Added

• Allow changing legacy_origin #463 (underscorgan)
• initial commit for apt_key checking #459 (tphoney)
• apt::source: Merge include_* options into hash. #451 (daenney)
• apt::params: Complete $xfacts. #450 (daenney)
• apt: Add proxy support on the class. #446 (daenney)
• proxy_* params were removed from class apt #443 (underscorgan)
• Add base_name parameter to apt::setting #442 (underscorgan)
• apt::params: Make the class private. #438 (daenney)
• apt: Add apt::setting defined type. #428 (daenney)
• Add support for parameter trusted MODULES-1658 #407 (mkrakowitzer)
• Allow full length GPG key fingerprints. #404 (WolverineFan)
• Allow ports that consist of 5 decimals #400 (voidus)
• Add Ubuntu vivid (15.04) release #395 (udienz)

Fixed

• Update all the unit tests to look for full fingerprints #469 (underscorgan)
• Fix gpg key checking warings after f588f26 #466 (paroga)
• apt_key: fix parsing invalid dates when using GnuPG 2.x #465 (bootc)
• Inheritance of apt::params means it can't be private #461 (underscorgan)
• Cleaning 50unattended-upgrades.erb #456 (johanfleury)
• MODULES-1827 adding Cumulus Linux detection #454 (LeslieCarr)
• apt::source: Make location required. #453 (daenney)
• apt::source: Rename trusted_source. #452 (daenney)
• apt: Fix all strict variable cases. #449 (daenney)
• apt::setting: Remove file_perms. #448 (daenney)
• Make apt::setting notify Exec['apt_update'] by default #445 (underscorgan)
• apt::setting: Parse type and name from title. #444 (daenney)
• Convert to use apt::setting instead of file resource #441 (underscorgan)
• Type is a reserved word in puppet 4 #435 (underscorgan)
• Stop redeclaring variables from params #431 (underscorgan)
• Remove 'include apt::update' #429 (underscorgan)
• RFC - Remove required packages #427 (underscorgan)
• apt::params: Add two missing entries, use them. #426 (daenney)
• Trusted will be a reserved word in Puppet 4 #411 (underscorgan)
• MODULES-1661 Fix to do delete with short key not long #409 (cyberious)
• MODULES-1661 Fix issue with apt_key destroy, also added mutliple deletes #408 (cyberious)
• Fix apt_has_updates fact not parsing apt-check output correctly #403 (WolverineFan)
• Separate apt::pin for apt::backports to allow pin by release instead of ... #398 (riconnon)
• (MODULES-1231) Fix apt::force locale issues #394 (juniorsysadmin)
• (MODULES-1200) Fix inconsistent header across files #389 (stdietrich)
• MODULES-1119 Fixed to now have username and passwords passed in again #384 (cyberious)
• Unattended upgrades oldstable for wheezy #376 (raoulbhatia)

1.7.0 - 2014-10-28

Full Changelog

Added

• Add support for RandomSleep to 10periodic #374 (bschlief)
• apt::force: Added 2 parameters for automatic configuration file handling... #363 (martinseener)
• Apt update tooling #349 (wolfspyre)

Fixed

• Refactor facts to improve performance: #375 (raphink)
• add --force-yes so deb7 doesn't hang #371 (underscorgan)
• Missed one case for _kick_apt needed for strict variables #369 (underscorgan)
• Fix for future parser support #368 (underscorgan)
• We aren't truncating in the type #366 (underscorgan)
• Don't truncate to short keys in the type #365 (underscorgan)
• Fix issue with puppet_module_install, removed and using updated method f... #358 (cyberious)
• Remove stderr from stdout #348 (hunner)
• Builddep notifies apt-get update instead of requiring it #326 (dvcrn)

1.6.0 - 2014-08-13

Full Changelog

Fixed

• Test fixes #343 (underscorgan)
• 1.5.3 backports #340 (underscorgan)
• Fix broken acceptance tests. #335 (underscorgan)
• Fix for debian/ubuntu hold and a way to add debian src only #333 (wilman0)
• Fix inconsistent $proxy_host handling in apt and apt::ppa. #330 (dantman)
• Adds check to params.pp if lab-release is not installed #329 (spuder)

1.5.2 - 2014-07-21

Full Changelog

1.5.1 - 2014-07-10

Full Changelog

Added

• Enable auto-update for Debian squeeze-lts #321 (raoulbhatia)
• add facts showing available updates #319 (damoxc)
• Allow for custom comment in sources.list file #311 (juniorsysadmin)

Fixed

• MODULES-780 Don't blow up on unicode characters. #327 (adik)
• MODULES-780 Don't blow up on unicode characters. #318 (daenney)

1.5.0 - 2014-06-05

Full Changelog

Added

• adding notice on top of sourceslist files #297 (frconil)
• backports: Allow setting a custom priority. #275 (daenney)
• apt::hold: Add a mechanism to hold a package. #259 (daenney)
• Add Ubuntu Trusty #258 (sodabrew)
• Add ability to specify hash of apt sources in hiera #249 (ghoneycutt)
• Rework apt::key to use apt_key. #230 (daenney)

Fixed

• Fixed regex to follow APT requirements #298 (frconil)
• unattended_upgrades: Fix matching security archive #286 (apenney)
• Change proxy's configuration file to be consistent with other config files in apt.conf.d #283 (johanfleury)
• unattended-upgrades: Fix origins for Squeeze. #281 (daenney)
• Small patch to fix the spacing that makes lint fail. #279 (apenney)
• unattended_upgrades: Fix matching security archive #278 (daenney)
• Fix typo in ppa.pp #274 (fdrouet)
• Use File.expand_path with require. #268 (daenney)
• Fix fail message #248 (electrical)
• Make apt.conf.d/proxy world readable and add a newline #209 (pabl0)
• Added retry to update operation #193 (ianunruh)

1.4.2 - 2014-03-03

Full Changelog

Added

• Add lsbdistid facts where appropriate. #244 (apenney)
• apt: Allow managing of preferences file. #240 (daenney)
• apt_key: Support fetching keys over FTP. #229 (daenney)
• apt::pin: Allow for packages to be an array. #223 (daenney)
• apt_key type/provider #212 (daenney)

Fixed

• Add back in missing fields to work around Puppet bug. #257 (apenney)
• Port 8080 is a bad choice and bumps into puppetdb #237 (hunner)
• Don't pass options to ppa on lucid #231 (hunner)
• Force owner and mode on ppa files #227 (daniellawrence)
• Update out of date Debian signing key for backports #226 (mark0n)
• changed proxy_host default value from true to undef. fixes #211 #215 (lotherk)

1.4.1 - 2014-02-14

Full Changelog

Changed

• Handling of release parameter and apt provider in force manifest #140 (hunner)

Added

• Update ppa.pp #191 (mnencia)

Fixed

• Ensure apt::ppa fails on non-Ubuntu. #208 (apenney)
• fixed include, contained dash instead of underline. #205 (braddeicide)
• Apt::ppa should exec with root #202 (tsuharesu)
• Use include instead of parameterized class when no params are given. #187 (ghoneycutt)
• add an 'ensure' parameter to apt::ppa #184 (rsrchboy)
• apt::source templates/sources.list.erb generates invalid source line when architecture is provided. #182 (stefanvanwouw)
• getparam() isn't available in all stdlib versions. #178 (apenney)

1.4.0 - 2013-10-15

Full Changelog

Fixed

• This work flips from onlyif to unless (mistakenly looked at the #172 (apenney)
• add an updates_timeout option to apt::params (PR fix) #167 (madeddie)

1.3.0 - 2013-09-17

Full Changelog

Added

• Class for managing unattended-upgrades #153 (philipcohoe)
• Add wheezy backports support #149 (bionix)

Fixed

• pass flags as string of single letter #148 (nagas)
• Fix: parametrize apt::ppa class for beign able to pass options to apt-add-repository command #146 (oleiade)
• ppa: fix empty environment definition in exec ressource when no proxy #145 (PierreGambarotto)

1.2.0 - 2013-07-05

Full Changelog

Added

• Add a $key_options parameter to apt::key. #122 (strangeman)
• Add optional architecture qualifier to apt-sources #118 (jopecko)

Fixed

• replace aptitude with apt in apt::force #134 (spali)

1.1.1 - 2013-07-01

Full Changelog

Changed

• Restrict the versions and add 3.1 #112 (richardc)

Added

• Support APT pinning by codename #135 (vholer)

Fixed

• Revert "Merge pull request #135 from CERIT-SC/master" #137 (hunner)
• trim keys to 8 chars for matching with apt-key list (fix for #100) #133 (benben)

1.1.0 - 2012-12-02

Full Changelog

Fixed

• Modified the PPA code for changes in Quantal #96 (jnicolson)
• Librarian bug #94 (ryanycoleman)

1.0.1 - 2012-10-29

Full Changelog

1.0.0 - 2012-10-29

Full Changelog

Changed

• Without puppetlabs/stdlib, you will get "err: Could not retrieve catalog... #75 (ytjohn)

Added

• (#16070) Allow optional order parameter to apt::pin #83 (dalen)
• Add a way to specify a timeout for the apt::force define. #79 (sathlan)

Fixed

• remove check, if $release is empty #78 (saz)
• «main» repository is missing from ubuntu backports. #77 (jonhattan)
• fix scoping of $lsbdistcodename in source.pp #74 (antonlindstrom)
• Add logoutput on_failure for all exec resources. #73 (nanliu)
• Fix Modulefile for puppet-apt to puppetlabs-apt rename #72 (branan)

0.0.4 - 2012-06-05

Full Changelog

Fixed

• Fix Modulefile for puppet-apt to puppetlabs-apt rename #72 (branan)
• (#14657) Fix filename when there is a period in the PPA #60 (branan)
• Fix style related issues in module. #57 (nanliu)
• (#11966) apt module containment for apt_update. #55 (nanliu)

0.0.3 - 2012-05-04

Full Changelog

Added

• (#14321) apt::pin resource support release. #53 (nanliu)
• (#14308) Add ensure=>absent for define resource. #52 (nanliu)
• Sync with pl ops #42 (ody)
• Make sure we configure the proxy before doing apt-get update. #41 (tbroyer)

Fixed

• Move Package['python-software-properties'] to apt:ppa #54 (branan)
• (#11966) Only invoke apt-get update once. #49 (nanliu)
• (#14138) Fix spec test for aptitude changes. #47 (nanliu)
• (#14138) Modify apt::ppa's update-apt exec to use the ${apt::params::provider} parameter. #44 (relud)

0.0.2 - 2012-03-26

Full Changelog

Added

• (#13125) Apt keys should be case insensitive #34 (blkperl)

Fixed

• Convert apt::key to use anchors #32 (reidmv)

0.0.1 - 2012-03-07

Full Changelog