diff --git a/manifests/chroot.pp b/manifests/chroot.pp
index 3dae4a0e75f534b371bac861fb1ffad281bd6b8e..0215e8d2811b6d66992160e765822203ff9687e6 100644
--- a/manifests/chroot.pp
+++ b/manifests/chroot.pp
@@ -60,15 +60,18 @@ define su_debuild::chroot(
# There is a chicken-and-egg problem in getting the stanford
# repository's public key installed. We work around this as follows:
#
- # 0. Install the chroot WITHOUT the stanford-keyring.
- # 1. Copy the correct distribution's sources.list file to /etc/apt.
- # 2. Do an "apt-get update". This will generate some complaints
- # due to the stanford repository not having a public key.
- # 3. Install stanford-keyring which contains the stanford repository
- # public key. This has to be installed in "untrusted" mode since
- # it contains the key needed for trust.
+ # 1. Install the chroot WITHOUT the stanford-keyring.
+ # 2. Copy the Stanford Debian keyring to the new chroot.
+ # 3. Copy the correct distribution's sources.list file to the just-created
+ # /root directory in the chroot directory.
+ # 4. Copy the correct distribution's sources.list file from the
+ # /root directory to the chroot's apt directgory, apt-get update, and
+ # install stanford-keyring package.
+ #
+ # We break things up into #3 and #4 so that we can be sure that deleting
+ # the chroot directory will ensure it comes back again correctly.
- # 0. Create the chroot WITHOUT the stanford-keyring.
+ # 1. Create the chroot WITHOUT the stanford-keyring.
exec { "cowbuilder --create ${name}":
path => '/usr/sbin:/usr/bin:/bin',
command => "cowbuilder --create --basepath ${path} ${options}",
@@ -78,43 +81,33 @@ define su_debuild::chroot(
File["/etc/pbuilder/${name}-no-stanford-keyring"] ],
}
- # 1. Copy the stanford keyring file from the host computer.
+ # 2. Copy the stanford keyring file from the host computer.
file { "${path}/etc/apt/trusted.gpg.d/stanford-keyring.gpg":
ensure => present,
source => '/usr/share/keyrings/stanford-keyring.gpg',
require => Exec["cowbuilder --create ${name}"];
}
- # 2. Install the correct sources.list to /etc/pbuild so we can use
- # it later. We only need it once.
- file { "/etc/pbuilder/sources.list.${name}":
+ # 3. Install the correct sources.list to ${path}/root/ so we can use
+ # it later.
+ file { "$path/root/sources.list.${name}":
source => "puppet:///modules/su_debuild/etc/apt/sources.list.${name}",
- require => File['/etc/pbuilder'],
- notify => Exec["copy-correct-sources-list-{$name}"],
- }
- exec { "copy-correct-sources-list-{$name}":
- path => '/usr/sbin:/usr/bin:/bin:/sbin',
- refreshonly => true,
- command => "cp /etc/pbuilder/sources.list.${name} $path/etc/apt/sources.list",
+ require => Exec["cowbuilder --create ${name}"],
+ notify => Exec["install stanford-keyring in $path chroot"],
}
- # 3. Install stanford-keyring. Be sure to run "apt-get update" first.
+ # 4. Install stanford-keyring. Be sure to run "apt-get update" first.
# Only run if /usr/share/keyrings/stanford-keyring.gpg (in chroot)
- # does _not_ already exist.
+ # does _not_ already exist and only on notification by #3.
exec { "install stanford-keyring in $path chroot":
- path => '/usr/sbin:/usr/bin:/bin:/sbin',
- command => "chroot $path apt-get update; chroot $path apt-get install stanford-keyring",
- creates => "$path/usr/share/keyrings/stanford-keyring.gpg",
- require => [
- Exec["copy-correct-sources-list-{$name}"],
- File["${path}/etc/apt/trusted.gpg.d/stanford-keyring.gpg"],
- ]
+ path => '/usr/sbin:/usr/bin:/bin:/sbin',
+ refreshonly => true,
+ command => "cp ${path}/root/sources.list.${name} ${path}/etc/apt/sources.list; chroot $path apt-get update; chroot $path apt-get install stanford-keyring",
+ require => File["${path}/etc/apt/trusted.gpg.d/stanford-keyring.gpg"],
}
-
} else {
# ABSENT
notify { "absent not done yet": }
}
}
-