try to get chroot to instal correctly

manifests/chroot.pp

@@ -60,15 +60,18 @@ define su_debuild::chroot(
     # There is a chicken-and-egg problem in getting the stanford
     # repository's public key installed.  We work around this as follows:
     #
-    #  0. Install the chroot WITHOUT the stanford-keyring.
-    #  1. Copy the correct distribution's sources.list file to /etc/apt.
-    #  2. Do an "apt-get update". This will generate some complaints
-    #     due to the stanford repository not having a public key.
-    #  3. Install stanford-keyring which contains the stanford repository
-    #     public key. This has to be installed in "untrusted" mode since
-    #     it contains the key needed for trust.
+    #  1. Install the chroot WITHOUT the stanford-keyring.
+    #  2. Copy the Stanford Debian keyring to the new chroot.
+    #  3. Copy the correct distribution's sources.list file to the just-created
+    #     /root directory in the chroot directory.
+    #  4. Copy the correct distribution's sources.list file from the
+    #     /root directory to the chroot's apt directgory, apt-get update, and
+    #     install stanford-keyring package.
+    #
+    #  We break things up into #3 and #4 so that we can be sure that deleting
+    #  the chroot directory will ensure it comes back again correctly.
 
-    # 0. Create the chroot WITHOUT the stanford-keyring.
+    # 1. Create the chroot WITHOUT the stanford-keyring.
     exec { "cowbuilder --create ${name}":
       path    => '/usr/sbin:/usr/bin:/bin',
       command => "cowbuilder --create --basepath ${path} ${options}",
@@ -78,43 +81,33 @@ define su_debuild::chroot(
         File["/etc/pbuilder/${name}-no-stanford-keyring"] ],
     }
 
-    # 1. Copy the stanford keyring file from the host computer.
+    # 2. Copy the stanford keyring file from the host computer.
     file { "${path}/etc/apt/trusted.gpg.d/stanford-keyring.gpg":
         ensure  => present,
         source  => '/usr/share/keyrings/stanford-keyring.gpg',
         require => Exec["cowbuilder --create ${name}"];
     }
 
-    # 2. Install the correct sources.list to /etc/pbuild so we can use
-    # it later. We only need it once.
-    file { "/etc/pbuilder/sources.list.${name}":
+    # 3. Install the correct sources.list to ${path}/root/ so we can use
+    # it later.
+    file { "$path/root/sources.list.${name}":
       source  => "puppet:///modules/su_debuild/etc/apt/sources.list.${name}",
-      require => File['/etc/pbuilder'],
-      notify  => Exec["copy-correct-sources-list-{$name}"],
-    }
-    exec { "copy-correct-sources-list-{$name}":
-      path        => '/usr/sbin:/usr/bin:/bin:/sbin',
-      refreshonly => true,
-      command     => "cp /etc/pbuilder/sources.list.${name} $path/etc/apt/sources.list",
+      require => Exec["cowbuilder --create ${name}"],
+      notify  => Exec["install stanford-keyring in $path chroot"],
     }
 
-    # 3. Install stanford-keyring. Be sure to run "apt-get update" first.
+    # 4. Install stanford-keyring. Be sure to run "apt-get update" first.
     # Only run if /usr/share/keyrings/stanford-keyring.gpg (in chroot)
-    # does _not_ already exist.
+    # does _not_ already exist and only on notification by #3.
     exec { "install stanford-keyring in $path chroot":
-      path    => '/usr/sbin:/usr/bin:/bin:/sbin',
-      command => "chroot $path apt-get update; chroot $path apt-get install stanford-keyring",
-      creates => "$path/usr/share/keyrings/stanford-keyring.gpg",
-      require => [
-        Exec["copy-correct-sources-list-{$name}"],
-        File["${path}/etc/apt/trusted.gpg.d/stanford-keyring.gpg"],
-      ]
+      path        => '/usr/sbin:/usr/bin:/bin:/sbin',
+      refreshonly => true,
+      command     => "cp ${path}/root/sources.list.${name} ${path}/etc/apt/sources.list; chroot $path apt-get update; chroot $path apt-get install stanford-keyring",
+      require => File["${path}/etc/apt/trusted.gpg.d/stanford-keyring.gpg"],
     }
-
   } else {
     # ABSENT
     notify { "absent not done yet": }
   }
 
 }
-