initial commit for gpg version checking

better attempt at gpg version checking adding in key length warning
puppetlabs · Mar 10, 2015 · 00e51eb · 00e51eb
1 parent b473af1
commit 00e51eb
Show file tree

Hide file tree

Showing 4 changed files with 62 additions and 0 deletions.
diff --git a/lib/facter/apt_gpg.rb b/lib/facter/apt_gpg.rb
@@ -0,0 +1,10 @@
+require 'facter'
+
+Facter.add("apt_gpgversion") do
+  confine :osfamily => 'Debian'
+  setcode do
+    if File.executable? "/usr/bin/gpg"
+      Facter::Util::Resolution.exec("/usr/bin/gpg --version | head -n 1  | awk '{print $NF}'")
+    end
+  end
+end
diff --git a/lib/puppet/type/apt_key.rb b/lib/puppet/type/apt_key.rb
@@ -23,6 +23,9 @@
     if self[:content] and self[:source]
       fail('The properties content and source are mutually exclusive.')
     end
+    if self[:id].length < 40 
+      warning('The key should be at least a full fingerprint.')
+    end 
   end
 
   newparam(:id, :namevar => true) do

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -71,6 +71,10 @@
     fail('This module only works on Debian or derivatives like Ubuntu')
   }
 
+  if $::apt_gpgversion and versioncmp ('2.0.26', $::apt_gpgversion) > 0 {
+    warning("You are running an old version of gpg. version=$::apt_gpgversion, please upgrade to at least 2.0.26")
+  }
+
   $frequency_options = ['always','daily','weekly','reluctantly']
   validate_re($apt_update_frequency, $frequency_options)
   include apt::params

diff --git a/spec/unit/facter/apt_gpg_spec.rb b/spec/unit/facter/apt_gpg_spec.rb
@@ -0,0 +1,45 @@
+require 'spec_helper'
+
+describe 'apt_gpg fact' do
+  subject { Facter.fact(:apt_gpgversion).value }
+  after(:each) { Facter.clear }
+
+  describe 'on non-Debian distro' do
+    before {
+      Facter.fact(:osfamily).expects(:value).at_least(1).returns 'RedHat'
+    }
+    it { should be_nil }
+  end
+
+  describe 'on Debian based distro, missing gpg' do
+    before {
+      Facter.fact(:osfamily).expects(:value).at_least(1).returns 'Debian'
+      File.stubs(:executable?) # Stub all other calls
+      File.expects(:executable?).with('/usr/bin/gpg').returns false
+    }
+    it { should be_nil }
+  end
+
+  describe 'on Debian based distro with an old gpg' do
+    before {
+      Facter.fact(:osfamily).expects(:value).at_least(1).returns 'Debian'
+      File.stubs(:executable?) # Stub all other calls
+      Facter::Util::Resolution.stubs(:exec) # Catch all other calls
+      File.expects(:executable?).with('/usr/bin/gpg').returns true
+      Facter::Util::Resolution.expects(:exec).with("/usr/bin/gpg --version | head -n 1  | awk '{print $NF}'").returns "1.0.0"
+    }
+    it { should eq "1.0.0" }
+  end
+
+  describe 'on Debian based distro with a new gpg' do
+    before {
+      Facter.fact(:osfamily).expects(:value).at_least(1).returns 'Debian'
+      File.stubs(:executable?) # Stub all other calls
+      Facter::Util::Resolution.stubs(:exec) # Catch all other calls
+      File.expects(:executable?).with('/usr/bin/gpg').returns true
+      Facter::Util::Resolution.expects(:exec).with("/usr/bin/gpg --version | head -n 1  | awk '{print $NF}'").returns "4.0.0"
+    }
+    it { should eq "4.0.0" }
+  end
+end
+