GitHub puppet-zypprepo
8
8
5
Puppet description of a zypper repository

Metadata Valid
No translation
Correct Puppet Version Range
Supported Puppet version range is %{PUPPET_VERSION_RANGE}
With Puppet Version Range
Puppet version range is present in requirements in metadata.json
With Operatingsystem Support
No translation
In Modulesync Repo
No translation
In Plumbing
Is in plumbing
Has Secrets
Has a .sync.yml file
Synced
Has a .msync.yml file
Latest Modulesync
No translation
Has Modulesync
Is present in voxpupuli/modulesync_config/managed_modules.yml
Released
Is in modulesync_config and in forge releases.
Reference Dot Md
The repository has a REFERENCE.md. It needs to be generated / puppet-strings documentation is missing.

Open Pull Requests

Add repo_gpgcheck and pkg_gpgcheck options
enhancement
needs-tests
needs-work
enhancement
needs-tests
needs-work

<!--
Thank you for contributing to this project!

-->

Pull Request (PR) description

<!--
Replace this comment with a description of your pull request.
-->

Add support for repo_gpgcheck and pkg_gpgcheck options, documented here.

The gpgcheck option has two individual GPG checks that can be separately configured:

```
If 'gpgcheck' is 'on' (the default) we will check the signature of repo metadata
(packages are secured via checksum inside the metadata). Using unsigned repos
needs to be confirmed.
Packages from signed repos are accepted if their checksum matches the checksum
stated in the repo metadata.
Packages from unsigned repos need a valid gpg signature, using unsigned packages
needs to be confirmed.

The above default behavior can be tuned by explicitly setting 'repogpgcheck'
and/or 'pkg
gpgcheck':

'repo_gpgcheck = on' same as the default.

'repo_gpgcheck = off' will silently accept unsigned repos. It will NOT turn off
signature checking on the whole, nevertheless it's not a secure setting.

'pkg_gpgcheck = on' will enforce the package signature checking and the need
to confirm unsigned packages for all repos (signed and unsigned).

'pkg_gpgcheck = off' will silently accept unsigned packages. It will NOT turn off
signature checking on the whole, nevertheless it's not a secure setting.
```

This PR adds support for enabling these features separately for a specific repository:

puppet
zypprepo { 'openSUSE_12.1':
baseurl => 'http://download.opensuse.org/distribution/12.1/repo/oss/suse/',
enabled => 1,
autorefresh => 1,
name => 'openSUSE_12.1',
gpgcheck => 1,
repo_gpgcheck => 0, # Disable repo check
priority => 98,
keeppackages => 1,
type => 'rpm-md',
}

This Pull Request (PR) fixes the following issues

n/a