search

puppetlabs / puppetlabs-apt

Puppet module to help manage Apt
https://forge.puppetlabs.com/puppetlabs/apt
Apache License 2.0
215 stars 463 forks source link

add support for `check-valid-until` configuration #1038

Closed fitzy101 closed 2 years ago

fitzy101 commented 2 years ago

Use Case

I would like to manage configuration for the Debian snapshot repositories using apt::source, however there is currently no way to add the check-valid-until option at a per-repository granularity. This is required when using the Debian security snapshots, because the Release files specify a Valid-Until date only a short time in the future. For more information about snapshot repositories, see https://snapshot.debian.org/.

From the snapshot documentation (link above):

To access snapshots of suites using Valid-Until that are older than a dozen days, it is necessary to ignore the Valid-Until header within Release files, in order to prevent apt from disregarding snapshot entries ("Release file expired"). Use aptitude -o Acquire::Check-Valid-Until=false update or apt-get -o Acquire::Check-Valid-Until=false update for this purpose.

If you use at least apt version 1.1.exp9 (stretch and later), you can use this instead:

deb     [check-valid-until=no] https://snapshot.debian.org/archive/debian/20091004T111800Z/ lenny main
deb-src [check-valid-until=no] https://snapshot.debian.org/archive/debian/20091004T111800Z/ lenny main
deb     [check-valid-until=no] https://snapshot.debian.org/archive/debian-security/20091004T121501Z/ lenny/updates main
deb-src [check-valid-until=no] https://snapshot.debian.org/archive/debian-security/20091004T121501Z/ lenny/updates main

Whilst I can add a global-level configuration for apt to ignore all Check-Valid-Until dates, I'd prefer to do this at the repository level.

Describe the Solution You Would Like

An additional configuration option for the apt::source module, check_valid_until: Boolean, e.g.

'debian-snapshot':
  location          => 'https://snapshot.debian.org/archive/debian/20220412T025122Z/',
  release           => 'bullseye',
  repos             => 'main',
  check_valid_until => false,
  include  => {
    'deb' => true,
    'src' => false,
  };

Which resolves in an on-disk representation including the [check-valid-until=no] option in the apt.lists.d file.

Describe Alternatives You've Considered

As above, it is possible to set this globally for apt to ignore all Valid-Until dates.

david22swan commented 2 years ago

@fitzy101 A potential solve for this issue has been pushed up. If you have time could you review it and check whether it works as you wished? https://github.com/puppetlabs/puppetlabs-apt/pull/1042

david22swan commented 2 years ago

Closing this issue as a feature PR has been merged. Release will follow