summaryrefslogtreecommitdiffstats
path: root/manifests/builder.pp
blob: baf0ea482618dfb612494990f94f282102ac0163 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
class tails::builder (
  $http_proxy = undef,
) {

  ### Sanity checks

  if $http_proxy {
    validate_string($http_proxy)
  }

  if $::lsbdistcodename != 'wheezy' {
    fail('The tails::builder module only supports Debian Wheezy.')
  }

  ### Resources

  apt::sources_list { 'sid.list':
    ensure  => absent, # clean up obsolete APT source
    content => "deb http://ftp.us.debian.org/debian/ unstable main\n",
  }

  apt::sources_list { 'tails-builder-wheezy.list':
    content => "deb http://deb.tails.boum.org/ builder-wheezy main\n",
    require => Exec['custom_keys'],
  }

  apt::preferences_snippet { 'gettext':
    pin      => 'release o=Debian Backports,a=wheezy-backports',
    priority => 991,
  }

  apt::preferences_snippet { 'ikiwiki':
    pin      => 'release o=Debian Backports,a=wheezy-backports',
    priority => 991,
  }

  apt::preferences_snippet { 'live-build':
    pin      => 'origin deb.tails.boum.org',
    priority => 991,
  }

  $builder_packages = [
    'dpkg-dev',
    'eatmydata',
    'ikiwiki',
    'libyaml-perl',
    'libyaml-libyaml-perl',
    'libyaml-syck-perl',
    'live-build',
    'perlmagick',
    'po4a',
    'syslinux',
    'time',
    'whois',
    'intltool',
  ]

  package { $builder_packages:
    ensure  => present,
    require => [
      Apt::Sources_list['tails-builder-wheezy.list'],
      Apt::Preferences_snippet['ikiwiki', 'live-build'],
    ],
  }

  if ! defined(Package['sudo']) {
    package { 'sudo': ensure => present }
  }

  file { '/etc/live':
    ensure => directory,
    owner  => root,
    group  => root,
    mode   => '0755',
  }

  file { '/etc/live/build.conf':
    owner => root,
    group => root,
    mode  => '0644',
  }

  file { '/etc/sudoers.d/tails-builder-defaults':
    owner   => root,
    group   => root,
    mode    => '0440',
    content => "Defaults secure_path=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"\n",
  }

  line { 'sudo-includedir-sudoers.d':
    ensure => present,
    file   => '/etc/sudoers',
    line   => '#includedir /etc/sudoers.d',
  }

  if $http_proxy {
    augeas { 'tails_builder_live-build.conf_http_proxy':
      lens    => 'Shellvars.lns',
      incl    => '/etc/live/build.conf',
      changes => "set LB_APT_HTTP_PROXY ${http_proxy}",
      require => File['/etc/live/build.conf'],
    }
  }

}