diff --git a/bootstrapvz/base/bootstrapinfo.py b/bootstrapvz/base/bootstrapinfo.py index fda2eae..fbb7f24 100644 --- a/bootstrapvz/base/bootstrapinfo.py +++ b/bootstrapvz/base/bootstrapinfo.py @@ -31,8 +31,12 @@ class BootstrapInformation(object): # The default apt mirror self.apt_mirror = self.manifest.packages.get('mirror', 'http://deb.debian.org/debian/') + # The default apt security mirror + self.apt_security = self.manifest.packages.get('security', 'http://security.debian.org/') + # Create the manifest_vars dictionary - self.manifest_vars = self.__create_manifest_vars(self.manifest, {'apt_mirror': self.apt_mirror}) + self.manifest_vars = self.__create_manifest_vars(self.manifest, {'apt_security': self.apt_security, + 'apt_mirror': self.apt_mirror}) # Keep a list of apt sources, # so that tasks may add to that list without having to fiddle with apt source list files. diff --git a/bootstrapvz/base/manifest-schema.yml b/bootstrapvz/base/manifest-schema.yml index f676093..1046b4e 100644 --- a/bootstrapvz/base/manifest-schema.yml +++ b/bootstrapvz/base/manifest-schema.yml @@ -84,6 +84,9 @@ properties: mirror: type: string format: uri + security: + type: string + format: uri preferences: type: object patternProperties: diff --git a/bootstrapvz/common/tasks/apt.py b/bootstrapvz/common/tasks/apt.py index 7375018..6367e81 100644 --- a/bootstrapvz/common/tasks/apt.py +++ b/bootstrapvz/common/tasks/apt.py @@ -64,9 +64,9 @@ class AddDefaultSources(Task): if include_src: info.source_lists.add('main', 'deb-src {apt_mirror} {system.release} ' + components) if info.manifest.release != sid and info.manifest.release >= wheezy: - info.source_lists.add('main', 'deb http://security.debian.org/ {system.release}/updates ' + components) + info.source_lists.add('main', 'deb {apt_security} {system.release}/updates ' + components) if include_src: - info.source_lists.add('main', 'deb-src http://security.debian.org/ {system.release}/updates ' + components) + info.source_lists.add('main', 'deb-src {apt_security} {system.release}/updates ' + components) info.source_lists.add('main', 'deb {apt_mirror} {system.release}-updates ' + components) if include_src: info.source_lists.add('main', 'deb-src {apt_mirror} {system.release}-updates ' + components) diff --git a/manifests/README.rst b/manifests/README.rst index 50b5ad9..3970508 100644 --- a/manifests/README.rst +++ b/manifests/README.rst @@ -200,6 +200,9 @@ variety of sources. - ``mirror``: The default aptitude mirror. ``optional`` Default: ``http://deb.debian.org/debian/`` +- ``security``: The default security mirror. + ``optional`` + Default: ``http://security.debian.org/`` - ``sources``: A map of additional sources that should be added to the aptitude sources list. The key becomes the filename in ``/etc/apt/sources.list.d/`` (with ``.list`` appended to it), except @@ -243,6 +246,7 @@ Example: - puppet install_standard: true mirror: http://cloudfront.debian.net/debian + security: http://security.debian.org/ sources: puppet: - deb http://apt.puppetlabs.com wheezy main dependencies diff --git a/manifests/examples/kvm/jessie-lvm.yml b/manifests/examples/kvm/jessie-lvm.yml index 1acfc35..d42c533 100644 --- a/manifests/examples/kvm/jessie-lvm.yml +++ b/manifests/examples/kvm/jessie-lvm.yml @@ -20,7 +20,8 @@ volume: root: filesystem: ext4 size: 1GB -packages: {} +packages: + security: http://security.debian.org/ plugins: root_password: password: test