.github/SECURITY.md

@@ -0,0 +1,3 @@
+# Vox Pupuli Security Policy
+
+Our vulnerabilities reporting process is at https://voxpupuli.org/security/

.msync.yml

@@ -1 +1 @@
-modulesync_config_version: '2.12.0'
+modulesync_config_version: '3.0.0'

.rubocop.yml

@@ -528,6 +528,9 @@ RSpec/RepeatedDescription:
 RSpec/NestedGroups:
   Enabled: False
 
+RSpec/MultipleExpectations:
+  Enabled: false
+
 # this is broken on ruby1.9
 Layout/IndentHeredoc:
   Enabled: False

.travis.yml

@@ -1,4 +1,5 @@
 ---
+os: linux
 dist: bionic
 language: ruby
 cache: bundler
@@ -7,7 +8,7 @@ before_install:
   - bundle --version
 script:
   - 'bundle exec rake $CHECK'
-matrix:
+jobs:
   fast_finish: true
   include:
   - rvm: 2.4.4
@@ -36,7 +37,7 @@ notifications:
       - "chat.freenode.org#voxpupuli-notifications"
 deploy:
   provider: puppetforge
-  user: puppet
+  username: puppet
   password:
     secure: "PzzvPB326Yx0hheLbusZGYCGW4i1jOOMjwJMC/7QpbN4+gvMdmHpmQP3XeQ5tm+YYXqLPMyr1he1viTln8GPqLk1qpzF55H5mTakPxMjWZfRYvM+Q7lmtOEsBEXXSJk0ZYwMHXGVd8ouDrhaRzS2JqnhCAhLat0HeLcERWZx6Ok="
   on:

CHANGELOG.md

@@ -4,6 +4,26 @@ All notable changes to this project will be documented in this file.
 Each new release typically also includes the latest modulesync defaults.
 These should not affect the functionality of the module.
 
+## [v5.1.0](https://github.com/voxpupuli/puppet-unattended_upgrades/tree/v5.1.0) (2020-08-21)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-unattended_upgrades/compare/v5.0.0...v5.1.0)
+
+**Implemented enhancements:**
+
+- Add support for Debian 10  [\#150](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/150)
+- Support Remove-New-Unused-Dependencies [\#106](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/106)
+- Add new options remove\_new\_unused\_deps and remove\_unused\_kernel [\#177](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/177) ([gfa](https://github.com/gfa))
+
+**Closed issues:**
+
+- No version of 'puppet-unattended\_upgrades' can satisfy all dependencies [\#167](https://github.com/voxpupuli/puppet-unattended_upgrades/issues/167)
+
+**Merged pull requests:**
+
+- unattended-upgrades.erb: update signal comment [\#178](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/178) ([kenyon](https://github.com/kenyon))
+- Revert "Add Puppet management headers in the config files" [\#173](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/173) ([smortex](https://github.com/smortex))
+- Add Debian 10 support [\#172](https://github.com/voxpupuli/puppet-unattended_upgrades/pull/172) ([ekohl](https://github.com/ekohl))
+
 ## [v5.0.0](https://github.com/voxpupuli/puppet-unattended_upgrades/tree/v5.0.0) (2020-05-22)
 
 [Full Changelog](https://github.com/voxpupuli/puppet-unattended_upgrades/compare/v4.0.0...v5.0.0)

Gemfile

@@ -11,9 +11,9 @@ def location_for(place, fake_version = nil)
 end
 
 group :test do
-  gem 'voxpupuli-test', '>= 1.0.0',  :require => false
-  gem 'coveralls',                   :require => false
-  gem 'simplecov-console',           :require => false
+  gem 'voxpupuli-test', '~> 2.0',  :require => false
+  gem 'coveralls',                 :require => false
+  gem 'simplecov-console',         :require => false
 end
 
 group :development do

README.md

@@ -162,6 +162,8 @@ altering some of the default settings.
   * `force_confold` (`true`): Always use the old config files, don't prompt
   * `force_confnew` (`false`): Always use the new config files, don't prompt
   * `force_confmiss` (`false`): Always install missing config files
+* `remove_new_unused_deps` (`undef`): Automatic removal of newly unused dependencies after the upgrade.
+* `remove_unused_kernel` (`undef`): Remove unused automatically installed kernel-related packages.
 
 ## Limitations
 

manifests/init.pp

@@ -1,29 +1,30 @@
 class unattended_upgrades (
-  Unattended_upgrades::Age                  $age                  = {},
-  Unattended_upgrades::Auto                 $auto                 = {},
-  Unattended_upgrades::Backup               $backup               = {},
-  Array[String[1]]                          $blacklist            = [],
-  Optional[Integer[0]]                      $dl_limit             = undef,
-  Integer[0, 1]                             $enable               = 1,
-  Boolean                                   $install_on_shutdown  = false,
-  Boolean                                   $legacy_origin        = $unattended_upgrades::params::legacy_origin,
-  Unattended_upgrades::Mail                 $mail                 = {},
-  Boolean                                   $minimal_steps        = true,
-  Array[String[1]]                          $origins              = $unattended_upgrades::params::origins,
-  String[1]                                 $package_ensure       = installed,
-  Array[String[1]]                          $extra_origins        = [],
-  Optional[Integer[0]]                      $random_sleep         = undef,
-  Optional[String]                          $sender               = undef,
-  Integer[0]                                $size                 = 0,
-  Integer[0]                                $update               = 1,
-  Integer[0]                                $upgrade              = 1,
-  Unattended_upgrades::Upgradeable_packages $upgradeable_packages = {},
-  Integer[0]                                $verbose              = 0,
-  Boolean                                   $notify_update        = false,
-  Unattended_upgrades::Options              $options              = {},
-  Array[String[1]]                          $days                 = [],
+  Unattended_upgrades::Age                  $age                    = {},
+  Unattended_upgrades::Auto                 $auto                   = {},
+  Unattended_upgrades::Backup               $backup                 = {},
+  Array[String[1]]                          $blacklist              = [],
+  Optional[Integer[0]]                      $dl_limit               = undef,
+  Integer[0, 1]                             $enable                 = 1,
+  Boolean                                   $install_on_shutdown    = false,
+  Boolean                                   $legacy_origin          = $unattended_upgrades::params::legacy_origin,
+  Unattended_upgrades::Mail                 $mail                   = {},
+  Boolean                                   $minimal_steps          = true,
+  Array[String[1]]                          $origins                = $unattended_upgrades::params::origins,
+  String[1]                                 $package_ensure         = installed,
+  Array[String[1]]                          $extra_origins          = [],
+  Optional[Integer[0]]                      $random_sleep           = undef,
+  Optional[String]                          $sender                 = undef,
+  Integer[0]                                $size                   = 0,
+  Integer[0]                                $update                 = 1,
+  Integer[0]                                $upgrade                = 1,
+  Unattended_upgrades::Upgradeable_packages $upgradeable_packages   = {},
+  Integer[0]                                $verbose                = 0,
+  Boolean                                   $notify_update          = false,
+  Unattended_upgrades::Options              $options                = {},
+  Array[String[1]]                          $days                   = [],
+  Optional[Boolean]                         $remove_unused_kernel   = undef,
+  Optional[Boolean]                         $remove_new_unused_deps = undef,
 ) inherits ::unattended_upgrades::params {
-
   # apt::conf settings require the apt class to work
   include apt
 
@@ -75,5 +76,4 @@
     require       => Package['unattended-upgrades'],
     notify_update => $notify_update,
   }
-
 }

manifests/params.pp

@@ -1,6 +1,5 @@
 #
 class unattended_upgrades::params {
-
   if $facts['os']['family'] != 'Debian' {
     fail('This module only works on Debian or derivatives like Ubuntu')
   }
@@ -10,10 +9,12 @@
   $default_backup               = { 'archive_interval'     => 0, 'level'     => 3, }
   $default_age                  = { 'min'                  => 2, 'max'       => 0, }
   $default_upgradeable_packages = { 'download_only'        => 0, 'debdelta'  => 1, }
-  $default_options              = { 'force_confdef'        => true,
-                                    'force_confold'        => true,
-                                    'force_confnew'        => false,
-                                    'force_confmiss'       => false, }
+  $default_options              = {
+    'force_confdef'        => true,
+    'force_confold'        => true,
+    'force_confnew'        => false,
+    'force_confmiss'       => false,
+  }
 
   case fact('lsbdistid') {
     'debian', 'raspbian': {

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "puppet-unattended_upgrades",
-  "version": "5.0.0",
+  "version": "5.1.0",
   "author": "Vox Pupuli",
   "summary": "Provides an interface for managing Apt unattended_upgrades with Puppet",
   "license": "Apache-2.0",
@@ -20,7 +20,8 @@
       "operatingsystem": "Debian",
       "operatingsystemrelease": [
         "8",
-        "9"
+        "9",
+        "10"
       ]
     },
     {

spec/classes/unattended_upgrades_spec.rb

@@ -82,7 +82,8 @@
             'force_confold' =>  false,
             'force_confnew' =>  true,
             'force_confmiss' => true
-          }
+          },
+          remove_new_unused_deps: false
         }
       end
 
@@ -139,6 +140,10 @@
           /Unattended-Upgrade::MailOnlyOnError "true";/
         ).with_content(
           /Acquire::http::Dl-Limit "70";/
+        ).with_content(
+          /Unattended-Upgrade::Remove-New-Unused-Dependencies "false";/
+        ).without_content(
+          /Unattended-Upgrade::Remove-Unused-Kernel-Packages/
         )
       end
 

templates/periodic.erb

@@ -1,5 +1,3 @@
-# This file managed by Puppet
-#
 APT::Periodic::Enable "<%= @enable %>";
 #  - Enable the update/upgrade script (0=disable)
 #

templates/unattended-upgrades.erb

@@ -1,5 +1,3 @@
-// This file managed by Puppet
-
 // Automatically upgrade packages from these (origin:archive) pairs
 //
 // Note that in Ubuntu security updates may pull in new dependencies
@@ -42,7 +40,7 @@ Unattended-Upgrade::Update-Days {
 Unattended-Upgrade::AutoFixInterruptedDpkg "<%= @_auto['fix_interrupted_dpkg'].to_s %>";
 
 // Split the upgrade into the smallest possible chunks so that
-// they can be interrupted with SIGUSR1. This makes the upgrade
+// they can be interrupted with SIGTERM. This makes the upgrade
 // a bit slower but it has the benefit that shutdown while a upgrade
 // is running is possible (with a small delay)
 Unattended-Upgrade::MinimalSteps "<%= @minimal_steps.to_s %>";
@@ -73,6 +71,17 @@ Unattended-Upgrade::MailOnlyOnError "<%= @_mail['only_on_error'].to_s %>";
 Unattended-Upgrade::Sender "<%= @sender %>";
 
 <%- end -%>
+<%- unless @remove_unused_kernel.nil? -%>
+// Remove unused automatically installed kernel-related packages
+// (kernel images, kernel headers and kernel version locked tools).
+Unattended-Upgrade::Remove-Unused-Kernel-Packages "<%= @remove_unused_kernel %>";
+<%- end -%>
+
+<%- unless @remove_new_unused_deps.nil? -%>
+// Do automatic removal of newly unused dependencies after the upgrade
+Unattended-Upgrade::Remove-New-Unused-Dependencies "<%= @remove_new_unused_deps %>";
+<%- end -%>
+
 // Do automatic removal of new unused dependencies after the upgrade
 // (equivalent to apt-get autoremove)
 Unattended-Upgrade::Remove-Unused-Dependencies "<%= @_auto['remove'].to_s %>";