Mercurial > repos > other > Puppet
changeset 386:3fce34f642f1
Add a PHP module to handle platform differences
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/.github/workflows/auto_release.yml Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,90 @@ +name: "Auto release" + +on: + workflow_dispatch: + +env: + HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 + HONEYCOMB_DATASET: litmus tests + CHANGELOG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + +jobs: + auto_release: + name: "Automatic release prep" + runs-on: ubuntu-20.04 + + steps: + - name: "Honeycomb: Start recording" + uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + + - name: "Honeycomb: start first step" + run: | + echo STEP_ID="auto-release" >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: "Checkout Source" + if: ${{ github.repository_owner == 'puppetlabs' }} + uses: actions/checkout@v2 + with: + fetch-depth: 0 + persist-credentials: false + + - name: "PDK Release prep" + uses: docker://puppet/iac_release:ci + with: + args: 'release prep --force' + env: + CHANGELOG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: "Get Version" + if: ${{ github.repository_owner == 'puppetlabs' }} + id: gv + run: | + echo "::set-output name=ver::$(jq --raw-output .version metadata.json)" + + - name: "Check if a release is necessary" + if: ${{ github.repository_owner == 'puppetlabs' }} + id: check + run: | + git diff --quiet CHANGELOG.md && echo "::set-output name=release::false" || echo "::set-output name=release::true" + + - name: "Commit changes" + if: ${{ github.repository_owner == 'puppetlabs' && steps.check.outputs.release == 'true' }} + run: | + git config --local user.email "${{ github.repository_owner }}@users.noreply.github.com" + git config --local user.name "GitHub Action" + git add . + git commit -m "Release prep v${{ steps.gv.outputs.ver }}" + + - name: Create Pull Request + id: cpr + uses: puppetlabs/peter-evans-create-pull-request@v3 + if: ${{ github.repository_owner == 'puppetlabs' && steps.check.outputs.release == 'true' }} + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: "Release prep v${{ steps.gv.outputs.ver }}" + branch: "release-prep" + delete-branch: true + title: "Release prep v${{ steps.gv.outputs.ver }}" + body: | + Automated release-prep through [pdk-templates](https://github.com/puppetlabs/pdk-templates/blob/main/moduleroot/.github/workflows/auto_release.yml.erb) from commit ${{ github.sha }}. + Please verify before merging: + - [ ] last [nightly](https://github.com/${{ github.repository }}/actions/workflows/nightly.yml) run is green + - [ ] [Changelog](https://github.com/${{ github.repository }}/blob/release-prep/CHANGELOG.md) is readable and has no unlabeled pull requests + - [ ] Ensure the [changelog](https://github.com/${{ github.repository }}/blob/release-prep/CHANGELOG.md) version and [metadata](https://github.com/${{ github.repository }}/blob/release-prep/metadata.json) version match + labels: "maintenance" + + - name: PR outputs + if: ${{ github.repository_owner == 'puppetlabs' && steps.check.outputs.release == 'true' }} + run: | + echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" + echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" + + - name: "Honeycomb: Record finish step" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Finished auto release workflow'
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/.github/workflows/nightly.yml Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,204 @@ +name: "nightly" + +on: + schedule: + - cron: '0 0 * * *' + +env: + HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 + HONEYCOMB_DATASET: litmus tests + +jobs: + setup_matrix: + name: "Setup Test Matrix" + runs-on: ubuntu-20.04 + outputs: + matrix: ${{ steps.get-matrix.outputs.matrix }} + + steps: + - name: "Honeycomb: Start recording" + uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + + - name: "Honeycomb: Start first step" + run: | + echo STEP_ID=setup-environment >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Checkout Source + uses: actions/checkout@v2 + if: ${{ github.repository_owner == 'puppetlabs' }} + + - name: Activate Ruby 2.7 + uses: ruby/setup-ruby@v1 + if: ${{ github.repository_owner == 'puppetlabs' }} + with: + ruby-version: "2.7" + bundler-cache: true + + - name: Print bundle environment + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + echo ::group::bundler environment + buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env + echo ::endgroup:: + + - name: "Honeycomb: Record Setup Environment time" + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' + echo STEP_ID=Setup-Acceptance-Test-Matrix >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Setup Acceptance Test Matrix + id: get-matrix + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + if [ '${{ github.repository_owner }}' == 'puppetlabs' ]; then + buildevents cmd $TRACE_ID $STEP_ID matrix_from_metadata -- bundle exec matrix_from_metadata_v2 + else + echo "::set-output name=matrix::{}" + fi + + - name: "Honeycomb: Record Setup Test Matrix time" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Test Matrix' + + Acceptance: + name: "${{matrix.platforms.label}}, ${{matrix.collection}}" + needs: + - setup_matrix + + runs-on: ubuntu-20.04 + strategy: + fail-fast: false + matrix: ${{fromJson(needs.setup_matrix.outputs.matrix)}} + + env: + BUILDEVENT_FILE: '../buildevents.txt' + + steps: + - run: | + echo 'platform=${{ matrix.platforms.image }}' >> $BUILDEVENT_FILE + echo 'collection=${{ matrix.collection }}' >> $BUILDEVENT_FILE + echo 'label=${{ matrix.platforms.label }}' >> $BUILDEVENT_FILE + + + - name: "Honeycomb: Start recording" + uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + matrix-key: ${{ matrix.platforms.label }}-${{ matrix.collection }} + + - name: "Honeycomb: start first step" + run: | + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-1 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Checkout Source + uses: actions/checkout@v2 + + - name: Activate Ruby 2.7 + uses: ruby/setup-ruby@v1 + with: + ruby-version: "2.7" + bundler-cache: true + + - name: Print bundle environment + run: | + echo ::group::bundler environment + buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env + echo ::endgroup:: + + - name: "Honeycomb: Record Setup Environment time" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-2 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Provision test environment + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:provision ${{ matrix.platforms.image }}' -- bundle exec rake 'litmus:provision[${{matrix.platforms.provider}},${{ matrix.platforms.image }}]' + echo ::group::=== REQUEST === + cat request.json || true + echo + echo ::endgroup:: + echo ::group::=== INVENTORY === + if [ -f 'spec/fixtures/litmus_inventory.yaml' ]; + then + FILE='spec/fixtures/litmus_inventory.yaml' + elif [ -f 'inventory.yaml' ]; + then + FILE='inventory.yaml' + fi + sed -e 's/password: .*/password: "[redacted]"/' < $FILE || true + echo ::endgroup:: + + - name: Install agent + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_agent ${{ matrix.collection }}' -- bundle exec rake 'litmus:install_agent[${{ matrix.collection }}]' + + - name: Install module + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_module' -- bundle exec rake 'litmus:install_module' + + - name: "Honeycomb: Record deployment times" + if: ${{ always() }} + run: | + echo ::group::honeycomb step + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Deploy test system' + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-3 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + echo ::endgroup:: + + - name: Run acceptance tests + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:acceptance:parallel' -- bundle exec rake 'litmus:acceptance:parallel' + + - name: "Honeycomb: Record acceptance testing times" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Run acceptance tests' + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-4 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Remove test environment + if: ${{ always() }} + continue-on-error: true + run: | + if [[ -f inventory.yaml || -f spec/fixtures/litmus_inventory.yaml ]]; then + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:tear_down' -- bundle exec rake 'litmus:tear_down' + echo ::group::=== REQUEST === + cat request.json || true + echo + echo ::endgroup:: + fi + + - name: "Honeycomb: Record removal times" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Remove test environment' + + slack-workflow-status: + if: always() + name: Post Workflow Status To Slack + needs: + - Acceptance + runs-on: ubuntu-20.04 + steps: + - name: Slack Workflow Notification + uses: puppetlabs/Gamesight-slack-workflow-status@pdk-templates-v1 + with: + # Required Input + repo_token: ${{ secrets.GITHUB_TOKEN }} + slack_webhook_url: ${{ secrets.SLACK_WEBHOOK }} + # Optional Input + channel: '#team-ia-bots' + name: 'GABot'
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/.github/workflows/pr_test.yml Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,189 @@ +name: "PR Testing" + +on: [pull_request] + +env: + HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 + HONEYCOMB_DATASET: litmus tests + +jobs: + setup_matrix: + name: "Setup Test Matrix" + runs-on: ubuntu-20.04 + outputs: + matrix: ${{ steps.get-matrix.outputs.matrix }} + + steps: + - name: "Honeycomb: Start recording" + uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + + - name: "Honeycomb: Start first step" + run: | + echo STEP_ID=setup-environment >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Checkout Source + uses: actions/checkout@v2 + if: ${{ github.repository_owner == 'puppetlabs' }} + + - name: Activate Ruby 2.7 + uses: ruby/setup-ruby@v1 + if: ${{ github.repository_owner == 'puppetlabs' }} + with: + ruby-version: "2.7" + bundler-cache: true + + - name: Print bundle environment + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + echo ::group::bundler environment + buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env + echo ::endgroup:: + + - name: "Honeycomb: Record Setup Environment time" + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' + echo STEP_ID=Setup-Acceptance-Test-Matrix >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Run validation steps + run: | + bundle exec rake validate + if: ${{ github.repository_owner == 'puppetlabs' }} + + - name: Setup Acceptance Test Matrix + id: get-matrix + run: | + if [ '${{ github.repository_owner }}' == 'puppetlabs' ]; then + buildevents cmd $TRACE_ID $STEP_ID matrix_from_metadata -- bundle exec matrix_from_metadata_v2 + else + echo "::set-output name=matrix::{}" + fi + + - name: "Honeycomb: Record Setup Test Matrix time" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Test Matrix' + + Acceptance: + name: "${{matrix.platforms.label}}, ${{matrix.collection}}" + needs: + - setup_matrix + if: ${{ needs.setup_matrix.outputs.matrix != '{}' }} + + runs-on: ubuntu-20.04 + strategy: + fail-fast: false + matrix: ${{fromJson(needs.setup_matrix.outputs.matrix)}} + + env: + BUILDEVENT_FILE: '../buildevents.txt' + + steps: + - run: | + echo 'platform=${{ matrix.platforms.image }}' >> $BUILDEVENT_FILE + echo 'collection=${{ matrix.collection }}' >> $BUILDEVENT_FILE + echo 'label=${{ matrix.platforms.label }}' >> $BUILDEVENT_FILE + + - name: "Honeycomb: Start recording" + uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + matrix-key: ${{ matrix.platforms.label }}-${{ matrix.collection }} + + - name: "Honeycomb: start first step" + run: | + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-1 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Checkout Source + uses: actions/checkout@v2 + + - name: Activate Ruby 2.7 + uses: ruby/setup-ruby@v1 + with: + ruby-version: "2.7" + bundler-cache: true + + - name: Print bundle environment + run: | + echo ::group::bundler environment + buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env + echo ::endgroup:: + + - name: "Honeycomb: Record Setup Environment time" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-2 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Provision test environment + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:provision ${{ matrix.platforms.image }}' -- bundle exec rake 'litmus:provision[${{matrix.platforms.provider}},${{ matrix.platforms.image }}]' + echo ::group::=== REQUEST === + cat request.json || true + echo + echo ::endgroup:: + echo ::group::=== INVENTORY === + if [ -f 'spec/fixtures/litmus_inventory.yaml' ]; + then + FILE='spec/fixtures/litmus_inventory.yaml' + elif [ -f 'inventory.yaml' ]; + then + FILE='inventory.yaml' + fi + sed -e 's/password: .*/password: "[redacted]"/' < $FILE || true + echo ::endgroup:: + + - name: Install agent + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_agent ${{ matrix.collection }}' -- bundle exec rake 'litmus:install_agent[${{ matrix.collection }}]' + + - name: Install module + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_module' -- bundle exec rake 'litmus:install_module' + + - name: "Honeycomb: Record deployment times" + if: ${{ always() }} + run: | + echo ::group::honeycomb step + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Deploy test system' + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-3 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + echo ::endgroup:: + + - name: Run acceptance tests + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:acceptance:parallel' -- bundle exec rake 'litmus:acceptance:parallel' + + - name: "Honeycomb: Record acceptance testing times" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Run acceptance tests' + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-4 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Remove test environment + if: ${{ always() }} + continue-on-error: true + run: | + if [[ -f inventory.yaml || -f spec/fixtures/litmus_inventory.yaml ]]; then + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:tear_down' -- bundle exec rake 'litmus:tear_down' + echo ::group::=== REQUEST === + cat request.json || true + echo + echo ::endgroup:: + fi + + - name: "Honeycomb: Record removal times" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Remove test environment'
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/.github/workflows/release.yml Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,47 @@ +name: "Publish module" + +on: + workflow_dispatch: + +jobs: + create-github-release: + name: Deploy GitHub Release + runs-on: ubuntu-20.04 + steps: + - name: Checkout code + uses: actions/checkout@v2 + with: + ref: ${{ github.ref }} + clean: true + fetch-depth: 0 + - name: Get Version + id: gv + run: | + echo "::set-output name=ver::$(jq --raw-output .version metadata.json)" + - name: Create Release + uses: actions/create-release@v1 + id: create_release + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: "v${{ steps.gv.outputs.ver }}" + draft: false + prerelease: false + + deploy-forge: + name: Deploy to Forge + runs-on: ubuntu-20.04 + steps: + - name: Checkout code + uses: actions/checkout@v2 + with: + ref: ${{ github.ref }} + clean: true + - name: "PDK Build" + uses: docker://puppet/pdk:nightly + with: + args: 'build' + - name: "Push to Forge" + uses: docker://puppet/pdk:nightly + with: + args: 'release publish --forge-token ${{ secrets.FORGE_API_KEY }} --force'
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/.github/workflows/spec.yml Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,130 @@ +name: "Spec Tests" + +on: + schedule: + - cron: '0 0 * * *' + workflow_dispatch: + pull_request: + +env: + HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 + HONEYCOMB_DATASET: litmus tests + +jobs: + setup_matrix: + name: "Setup Test Matrix" + runs-on: ubuntu-20.04 + outputs: + spec_matrix: ${{ steps.get-matrix.outputs.spec_matrix }} + + steps: + - name: "Honeycomb: Start recording" + uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + + - name: "Honeycomb: Start first step" + run: | + echo STEP_ID=setup-environment >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Checkout Source + uses: actions/checkout@v2 + if: ${{ github.repository_owner == 'puppetlabs' }} + + - name: Activate Ruby 2.7 + uses: ruby/setup-ruby@v1 + if: ${{ github.repository_owner == 'puppetlabs' }} + with: + ruby-version: "2.7" + bundler-cache: true + + - name: Print bundle environment + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + echo ::group::bundler environment + buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env + echo ::endgroup:: + + - name: "Honeycomb: Record Setup Environment time" + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' + echo STEP_ID=Setup-Acceptance-Test-Matrix >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Run Static & Syntax Tests + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + buildevents cmd $TRACE_ID $STEP_ID 'static_syntax_checks' -- bundle exec rake syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop + + - name: Setup Spec Test Matrix + id: get-matrix + run: | + if [ '${{ github.repository_owner }}' == 'puppetlabs' ]; then + buildevents cmd $TRACE_ID $STEP_ID matrix_from_metadata -- bundle exec matrix_from_metadata_v2 + else + echo "::set-output name=spec_matrix::{}" + fi + + - name: "Honeycomb: Record Setup Test Matrix time" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Test Matrix' + + Spec: + name: "Spec Tests (Puppet: ${{matrix.puppet_version}}, Ruby Ver: ${{matrix.ruby_version}})" + needs: + - setup_matrix + if: ${{ needs.setup_matrix.outputs.spec_matrix != '{}' }} + + runs-on: ubuntu-20.04 + strategy: + fail-fast: false + matrix: ${{fromJson(needs.setup_matrix.outputs.spec_matrix)}} + + env: + BUILDEVENT_FILE: '../buildevents.txt' + PUPPET_GEM_VERSION: ${{ matrix.puppet_version }} + FACTER_GEM_VERSION: 'https://github.com/puppetlabs/facter#main' + + steps: + - run: | + echo "SANITIZED_PUPPET_VERSION=$(echo '${{ matrix.puppet_version }}' | sed 's/~> //g')" >> $GITHUB_ENV + + - run: | + echo 'puppet_version=${{ env.SANITIZED_PUPPET_VERSION }}' >> $BUILDEVENT_FILE + + - name: "Honeycomb: Start first step" + run: | + echo "STEP_ID=${{ env.SANITIZED_PUPPET_VERSION }}-spec" >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: "Honeycomb: Start recording" + uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + matrix-key: ${{ env.SANITIZED_PUPPET_VERSION }} + + - name: Checkout Source + uses: actions/checkout@v2 + + - name: "Activate Ruby ${{ matrix.ruby_version }}" + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{matrix.ruby_version}} + bundler-cache: true + + - name: Print bundle environment + run: | + echo ::group::bundler environment + buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env + echo ::endgroup:: + + - name: Run parallel_spec tests + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake parallel_spec Puppet ${{ matrix.puppet_version }}, Ruby ${{ matrix.ruby_version }}' -- bundle exec rake parallel_spec
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/.gitpod.Dockerfile Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,18 @@ +FROM gitpod/workspace-full +RUN sudo wget https://apt.puppet.com/puppet-tools-release-bionic.deb && \ + wget https://apt.puppetlabs.com/puppet6-release-bionic.deb && \ + sudo dpkg -i puppet6-release-bionic.deb && \ + sudo dpkg -i puppet-tools-release-bionic.deb && \ + sudo apt-get update && \ + sudo apt-get install -y pdk zsh puppet-agent && \ + sudo apt-get clean && \ + sudo rm -rf /var/lib/apt/lists/* +RUN sudo usermod -s $(which zsh) gitpod && \ + sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" && \ + echo "plugins=(git gitignore github gem pip bundler python ruby docker docker-compose)" >> /home/gitpod/.zshrc && \ + echo 'PATH="$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/opt/puppetlabs/bin:/opt/puppetlabs/puppet/bin"' >> /home/gitpod/.zshrc && \ + sudo /opt/puppetlabs/puppet/bin/gem install puppet-debugger hub -N && \ + mkdir -p /home/gitpod/.config/puppet && \ + /opt/puppetlabs/puppet/bin/ruby -r yaml -e "puts ({'disabled' => true}).to_yaml" > /home/gitpod/.config/puppet/analytics.yml +RUN rm -f puppet6-release-bionic.deb puppet-tools-release-bionic.deb +ENTRYPOINT /usr/bin/zsh
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/.gitpod.yml Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,9 @@ +image: + file: .gitpod.Dockerfile + +tasks: + - init: pdk bundle install + +vscode: + extensions: + - puppet.puppet-vscode@1.2.0:f5iEPbmOj6FoFTOV6q8LTg==
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/.rubocop_todo.yml Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,2 @@ +GetText/DecorateString: + Enabled: false \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/CHANGELOG.md Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,963 @@ +# Change log + +All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). + +## [v8.3.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v8.3.0) (2021-10-04) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v8.2.0...v8.3.0) + +### Added + +- \(MODULES-11173\) Add per-host overrides for apt::proxy [\#1007](https://github.com/puppetlabs/puppetlabs-apt/pull/1007) ([maturnbull](https://github.com/maturnbull)) + +### Fixed + +- pdksync - \(IAC-1598\) - Remove Support for Debian 8 [\#1008](https://github.com/puppetlabs/puppetlabs-apt/pull/1008) ([david22swan](https://github.com/david22swan)) + +## [v8.2.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v8.2.0) (2021-08-25) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v8.1.0...v8.2.0) + +### Added + +- \(maint\) Add support for Debian 11 [\#1001](https://github.com/puppetlabs/puppetlabs-apt/pull/1001) ([smortex](https://github.com/smortex)) + +### Fixed + +- \(main\) Allow stdlib 8.0.0 [\#1000](https://github.com/puppetlabs/puppetlabs-apt/pull/1000) ([smortex](https://github.com/smortex)) + +## [v8.1.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v8.1.0) (2021-07-26) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v8.0.2...v8.1.0) + +### Added + +- \[MODULES-9695\] - Add support for signed-by in source entries [\#991](https://github.com/puppetlabs/puppetlabs-apt/pull/991) ([johanfleury](https://github.com/johanfleury)) + +### Fixed + +- apt::source: pass the weak\_ssl param to apt::key [\#993](https://github.com/puppetlabs/puppetlabs-apt/pull/993) ([kenyon](https://github.com/kenyon)) +- \(IAC-1597\) Increasing MAX\_RETRY\_COUNT [\#987](https://github.com/puppetlabs/puppetlabs-apt/pull/987) ([pmcmaw](https://github.com/pmcmaw)) + +## [v8.0.2](https://github.com/puppetlabs/puppetlabs-apt/tree/v8.0.2) (2021-03-29) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v8.0.1...v8.0.2) + +### Fixed + +- \(MODULES-10971\) - Ensure `apt::keyserver` is considered when creating a default apt:source [\#981](https://github.com/puppetlabs/puppetlabs-apt/pull/981) ([david22swan](https://github.com/david22swan)) +- \(IAC-1497\) - Removal of unsupported `translate` dependency [\#979](https://github.com/puppetlabs/puppetlabs-apt/pull/979) ([david22swan](https://github.com/david22swan)) + +## [v8.0.1](https://github.com/puppetlabs/puppetlabs-apt/tree/v8.0.1) (2021-03-15) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v8.0.0...v8.0.1) + +### Fixed + +- MODULES-10956 remove redundant code in provider apt\_key [\#973](https://github.com/puppetlabs/puppetlabs-apt/pull/973) ([moritz-makandra](https://github.com/moritz-makandra)) + +## [v8.0.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v8.0.0) (2021-03-01) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v7.7.1...v8.0.0) + +### Changed + +- pdksync - Remove Puppet 5 from testing and bump minimal version to 6.0.0 [\#969](https://github.com/puppetlabs/puppetlabs-apt/pull/969) ([carabasdaniel](https://github.com/carabasdaniel)) + +## [v7.7.1](https://github.com/puppetlabs/puppetlabs-apt/tree/v7.7.1) (2021-02-15) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v7.7.0...v7.7.1) + +### Fixed + +- Use modern os facts [\#964](https://github.com/puppetlabs/puppetlabs-apt/pull/964) ([kenyon](https://github.com/kenyon)) + +## [v7.7.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v7.7.0) (2020-12-08) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v7.6.0...v7.7.0) + +### Added + +- pdksync - \(feat\) - Add support for Puppet 7 [\#958](https://github.com/puppetlabs/puppetlabs-apt/pull/958) ([daianamezdrea](https://github.com/daianamezdrea)) +- Make auth.conf contents Sensitive [\#953](https://github.com/puppetlabs/puppetlabs-apt/pull/953) ([suchpuppet](https://github.com/suchpuppet)) + +## [v7.6.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v7.6.0) (2020-09-15) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v7.5.0...v7.6.0) + +### Added + +- \(MODULES-10804\) option to force purge source.lists file [\#948](https://github.com/puppetlabs/puppetlabs-apt/pull/948) ([sheenaajay](https://github.com/sheenaajay)) + +### Fixed + +- \(IAC-978\) - Removal of inappropriate terminology [\#947](https://github.com/puppetlabs/puppetlabs-apt/pull/947) ([david22swan](https://github.com/david22swan)) + +## [v7.5.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v7.5.0) (2020-08-12) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v7.4.2...v7.5.0) + +### Added + +- pdksync - \(IAC-973\) - Update travis/appveyor to run on new default branch main [\#940](https://github.com/puppetlabs/puppetlabs-apt/pull/940) ([david22swan](https://github.com/david22swan)) +- patch-acng-ssl-support [\#938](https://github.com/puppetlabs/puppetlabs-apt/pull/938) ([mdklapwijk](https://github.com/mdklapwijk)) +- \(IAC-746\) - Add ubuntu 20.04 support [\#936](https://github.com/puppetlabs/puppetlabs-apt/pull/936) ([david22swan](https://github.com/david22swan)) + +### Fixed + +- \(MODULES-10763\) loglevel won't affect reports [\#942](https://github.com/puppetlabs/puppetlabs-apt/pull/942) ([gguillotte](https://github.com/gguillotte)) + +## [v7.4.2](https://github.com/puppetlabs/puppetlabs-apt/tree/v7.4.2) (2020-05-14) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v7.4.1...v7.4.2) + +### Fixed + +- fix apt-mark syntax [\#927](https://github.com/puppetlabs/puppetlabs-apt/pull/927) ([tryfunc](https://github.com/tryfunc)) +- Do not specify file modes unless relevant [\#923](https://github.com/puppetlabs/puppetlabs-apt/pull/923) ([anarcat](https://github.com/anarcat)) + +## [v7.4.1](https://github.com/puppetlabs/puppetlabs-apt/tree/v7.4.1) (2020-03-10) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v7.4.0...v7.4.1) + +### Fixed + +- \(MODULES-10583\) Revert "MODULES-10548: make files readonly" [\#920](https://github.com/puppetlabs/puppetlabs-apt/pull/920) ([carabasdaniel](https://github.com/carabasdaniel)) + +## [v7.4.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v7.4.0) (2020-03-03) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v7.3.0...v7.4.0) + +### Added + +- Add 'include' param to apt::backports [\#910](https://github.com/puppetlabs/puppetlabs-apt/pull/910) ([paladox](https://github.com/paladox)) +- pdksync - \(FM-8581\) - Debian 10 added to travis and provision file refactored [\#902](https://github.com/puppetlabs/puppetlabs-apt/pull/902) ([david22swan](https://github.com/david22swan)) + +### Fixed + +- MODULES-10548: make files readonly [\#906](https://github.com/puppetlabs/puppetlabs-apt/pull/906) ([anarcat](https://github.com/anarcat)) +- MODULES-10543: only consider lsbdistcodename for apt-transport-https [\#905](https://github.com/puppetlabs/puppetlabs-apt/pull/905) ([anarcat](https://github.com/anarcat)) +- MODULES-10543: remove sources.list file on purging [\#904](https://github.com/puppetlabs/puppetlabs-apt/pull/904) ([anarcat](https://github.com/anarcat)) +- Include apt in apt::backports [\#891](https://github.com/puppetlabs/puppetlabs-apt/pull/891) ([zivis](https://github.com/zivis)) + +## [v7.3.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v7.3.0) (2019-12-11) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v7.2.0...v7.3.0) + +### Added + +- Adding a new parameter for dist [\#890](https://github.com/puppetlabs/puppetlabs-apt/pull/890) ([luckyraul](https://github.com/luckyraul)) + +### Fixed + +- MODULES-10063, extend apt::key to support deeplinks, this time with f… [\#894](https://github.com/puppetlabs/puppetlabs-apt/pull/894) ([atarax](https://github.com/atarax)) +- MODULES-10063, extend apt::key to support deeplinks [\#892](https://github.com/puppetlabs/puppetlabs-apt/pull/892) ([atarax](https://github.com/atarax)) + +## [v7.2.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v7.2.0) (2019-10-29) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v7.1.0...v7.2.0) + +### Added + +- Add apt::mark defined type [\#879](https://github.com/puppetlabs/puppetlabs-apt/pull/879) ([tuxmea](https://github.com/tuxmea)) +- \(FM-8394\) add debian 10 testing [\#876](https://github.com/puppetlabs/puppetlabs-apt/pull/876) ([ThoughtCrhyme](https://github.com/ThoughtCrhyme)) +- Add apt::key\_options for default apt::key options [\#873](https://github.com/puppetlabs/puppetlabs-apt/pull/873) ([raphink](https://github.com/raphink)) +- implement apt.conf.d purging [\#869](https://github.com/puppetlabs/puppetlabs-apt/pull/869) ([lelutin](https://github.com/lelutin)) + +### Fixed + +- Install gnupg instead of dirmngr [\#866](https://github.com/puppetlabs/puppetlabs-apt/pull/866) ([martijndegouw](https://github.com/martijndegouw)) + +## [v7.1.0](https://github.com/puppetlabs/puppetlabs-apt/tree/v7.1.0) (2019-07-30) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/v7.0.1...v7.1.0) + +### Added + +- \(FM-8215\) Convert to using litmus [\#864](https://github.com/puppetlabs/puppetlabs-apt/pull/864) ([florindragos](https://github.com/florindragos)) + +## [v7.0.1](https://github.com/puppetlabs/puppetlabs-apt/tree/v7.0.1) (2019-05-13) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/7.0.0...v7.0.1) + +## [7.0.0](https://github.com/puppetlabs/puppetlabs-apt/tree/7.0.0) (2019-04-24) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/6.3.0...7.0.0) + +### Changed + +- pdksync - \(MODULES-8444\) - Raise lower Puppet bound [\#853](https://github.com/puppetlabs/puppetlabs-apt/pull/853) ([david22swan](https://github.com/david22swan)) + +### Added + +- Allow weak SSL verification for apt\_key [\#849](https://github.com/puppetlabs/puppetlabs-apt/pull/849) ([tuxmea](https://github.com/tuxmea)) + +## [6.3.0](https://github.com/puppetlabs/puppetlabs-apt/tree/6.3.0) (2019-01-21) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/6.2.1...6.3.0) + +### Added + +- Add support for dist-upgrade & autoremove action [\#832](https://github.com/puppetlabs/puppetlabs-apt/pull/832) ([aboks](https://github.com/aboks)) +- \(MODULES-8321\) - Add manage\_auth\_conf parameter [\#831](https://github.com/puppetlabs/puppetlabs-apt/pull/831) ([eimlav](https://github.com/eimlav)) + +### Fixed + +- \(MODULES-8418\) Fix /etc/apt/auth.conf owner changing endlessly [\#836](https://github.com/puppetlabs/puppetlabs-apt/pull/836) ([antaflos](https://github.com/antaflos)) +- pdksync - \(FM-7655\) Fix rubygems-update for ruby \< 2.3 [\#835](https://github.com/puppetlabs/puppetlabs-apt/pull/835) ([tphoney](https://github.com/tphoney)) +- \(MODULES-8326\) - apt-transport-https not ensured properly [\#830](https://github.com/puppetlabs/puppetlabs-apt/pull/830) ([eimlav](https://github.com/eimlav)) + +## [6.2.1](https://github.com/puppetlabs/puppetlabs-apt/tree/6.2.1) (2018-11-20) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/6.2.0...6.2.1) + +### Fixed + +- \(MODULES-8272\) - Revert "Autorequire dirmngr in apt\_key types" [\#825](https://github.com/puppetlabs/puppetlabs-apt/pull/825) ([eimlav](https://github.com/eimlav)) + +## [6.2.0](https://github.com/puppetlabs/puppetlabs-apt/tree/6.2.0) (2018-11-19) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/6.1.1...6.2.0) + +### Added + +- \(MODULES-8081\): add support for hkps:// protocol in apt::key [\#815](https://github.com/puppetlabs/puppetlabs-apt/pull/815) ([simondeziel](https://github.com/simondeziel)) + +### Fixed + +- Apt-key fixes to properly work on Debian 9 [\#822](https://github.com/puppetlabs/puppetlabs-apt/pull/822) ([ekohl](https://github.com/ekohl)) +- \(maint\) - Update Link to REFERENCE.md [\#811](https://github.com/puppetlabs/puppetlabs-apt/pull/811) ([pmcmaw](https://github.com/pmcmaw)) + +## [6.1.1](https://github.com/puppetlabs/puppetlabs-apt/tree/6.1.1) (2018-10-01) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/6.1.0...6.1.1) + +### Fixed + +- Revert "\(MODULES-6408\) - Fix dirmngr install failing" [\#808](https://github.com/puppetlabs/puppetlabs-apt/pull/808) ([eimlav](https://github.com/eimlav)) + +## [6.1.0](https://github.com/puppetlabs/puppetlabs-apt/tree/6.1.0) (2018-09-28) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/6.0.0...6.1.0) + +### Added + +- pdksync - \(FM-7392\) - Puppet 6 Testing Changes [\#800](https://github.com/puppetlabs/puppetlabs-apt/pull/800) ([pmcmaw](https://github.com/pmcmaw)) +- pdksync - \(MODULES-6805\) metadata.json shows support for puppet 6 [\#798](https://github.com/puppetlabs/puppetlabs-apt/pull/798) ([tphoney](https://github.com/tphoney)) +- \(MODULES-3307\) - Auto update expired keys [\#795](https://github.com/puppetlabs/puppetlabs-apt/pull/795) ([eimlav](https://github.com/eimlav)) +- \(FM-7316\) - Implementation of the i18n process [\#789](https://github.com/puppetlabs/puppetlabs-apt/pull/789) ([david22swan](https://github.com/david22swan)) +- Introduce an Apt::Proxy type to validate the hash [\#773](https://github.com/puppetlabs/puppetlabs-apt/pull/773) ([ekohl](https://github.com/ekohl)) + +### Fixed + +- \(MODULES-6408\) - Fix dirmngr install failing [\#801](https://github.com/puppetlabs/puppetlabs-apt/pull/801) ([eimlav](https://github.com/eimlav)) +- \(MODULES-1630\) - Expanding source list fix to cover all needed versions [\#788](https://github.com/puppetlabs/puppetlabs-apt/pull/788) ([david22swan](https://github.com/david22swan)) + +## [6.0.0](https://github.com/puppetlabs/puppetlabs-apt/tree/6.0.0) (2018-08-24) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/5.0.1...6.0.0) + +### Changed + +- \(MODULES-7668\) Remove support for Puppet 4.7 [\#780](https://github.com/puppetlabs/puppetlabs-apt/pull/780) ([jarretlavallee](https://github.com/jarretlavallee)) + +### Added + +- Check existence of gpg key in apt:ppa [\#774](https://github.com/puppetlabs/puppetlabs-apt/pull/774) ([wenzhengjiang](https://github.com/wenzhengjiang)) +- Make sure PPA source file is absent when apt-add-repository fails [\#768](https://github.com/puppetlabs/puppetlabs-apt/pull/768) ([wenzhengjiang](https://github.com/wenzhengjiang)) + +## 5.0.1 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/5.0.0...5.0.1) + +### Fixed + +- \(MODULES-7540\) - add apt-transport-https with https [\#775](https://github.com/puppetlabs/puppetlabs-apt/pull/775) ([tphoney](https://github.com/tphoney)) + +## [5.0.0](https://github.com/puppetlabs/puppetlabs-apt/tree/5.0.0) (2018-07-18) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/4.5.1...5.0.0) + +### Changed + +- \[FM-6956\] Removal of unsupported Debian 7 from apt [\#760](https://github.com/puppetlabs/puppetlabs-apt/pull/760) ([david22swan](https://github.com/david22swan)) + +### Added + +- \(MODULES-7467\) Update apt to support Ubuntu 18.04 [\#769](https://github.com/puppetlabs/puppetlabs-apt/pull/769) ([david22swan](https://github.com/david22swan)) +- Support managing login configurations in /etc/apt/auth.conf [\#752](https://github.com/puppetlabs/puppetlabs-apt/pull/752) ([antaflos](https://github.com/antaflos)) + +### Fixed + +- \(MODULES-7327\) - Update README with supported OS [\#767](https://github.com/puppetlabs/puppetlabs-apt/pull/767) ([pmcmaw](https://github.com/pmcmaw)) +- \(bugfix\) Dont run ftp tests in travis [\#766](https://github.com/puppetlabs/puppetlabs-apt/pull/766) ([tphoney](https://github.com/tphoney)) +- \(maint\) make apt testing more stable, cleanup [\#764](https://github.com/puppetlabs/puppetlabs-apt/pull/764) ([tphoney](https://github.com/tphoney)) +- Remove .length from variable $pin\_release in app [\#754](https://github.com/puppetlabs/puppetlabs-apt/pull/754) ([paladox](https://github.com/paladox)) +- Replace UTF-8 whitespace in comment [\#748](https://github.com/puppetlabs/puppetlabs-apt/pull/748) ([bernhardschmidt](https://github.com/bernhardschmidt)) +- Fix "E: Unable to locate package -y" [\#747](https://github.com/puppetlabs/puppetlabs-apt/pull/747) ([aboks](https://github.com/aboks)) +- Fix automatic coercion warning [\#743](https://github.com/puppetlabs/puppetlabs-apt/pull/743) ([smortex](https://github.com/smortex)) + +## Supported Release [4.5.1] +### Summary +This release fixes CVE-2018-6508 which is a potential arbitrary code execution via tasks. + +### Fixed +- Fix init task for arbitrary remote code + +## Supported Release [4.5.0] +### Summary +This release uses the PDK convert functionality which in return makes the module PDK compliant. It also includes a roll up of maintenance changes. + +### Added +- PDK convert apt ([MODULES-6452](https://tickets.puppet.com/browse/MODULES-6452)). +- Testing on Travis using rvm 2.4.1. +- Modulesync updates. + +### Fixed +- Changes to address additional Rubocop failures. +- (maint) Addressing puppet-lint doc warnings. + +### Removed +- `gem update bundler` command in .travis.yml due to ([MODULES-6339](https://tickets.puppet.com/browse/MODULES-6339)). + +## Supported Release [4.4.1] +### Summary +This release is to update the formatting of the module, Rubocop having been run for all ruby files and been set to run automatically on all future commits. + +### Changed +- Rubocop has been implemented. + +## Supported Release [4.4.0] +### Summary + +This release is a rollup of new features and fixes. + +#### Added +- Install `apt-transport-https` if using Debian 7, 8, 9 or Ubuntu 14.04, 16.04. +- Adds a boolean option `direct` to proxy settings to bypass `https_proxy` if not set. +- Adds facter facts for `dist-upgrade` apt updates. + +#### Changed +- Update class is now private. +- Some tidyup of ruby code from Rubocop. +- Fixed circular dependency for package dirmngr. +- Debian updates are no longer treated as security updates. +- Legacy functions have been removed. +- Updates to tests. + +#### Fixed +- [(MODULES-4265)](https://tickets.puppetlabs.com/browse/MODULES-4265) Detect security updates from multiple sources. + +## Supported Release [4.3.0] +### Summary + +This release is adding Tasks to the apt module. + +#### Added +- Add a task that allows apt-get update and upgrade + +## Supported Release [4.2.0] +### Summary + +This release is primarily to fix an error around GPG keys in Debian 9, but includes some other small features and fixes as well. + +#### Added +- `apt_package_security_updates` fact +- The ability to modify the loglevel of `Exec['apt_update'}` +- Puppet 5 support + +#### Changed +- Ubuntu 16.04 now uses `software-priorities-common` + +#### Removed +- Debian 6, Ubuntu 10.04 and 12.04 support. Existing compatibility remains intact but bugs will not be prioritized for these OSes. + +#### Fixed +- **[(MODULES-4686)](https://tickets.puppetlabs.com/browse/MODULES-4686) an error that was causing GPG keyserver imports to fail on Debian 9** + +## Supported Release 4.1.0 +### Summary + +This release removes Data in Modules due to current compatibility issues and reinstates the params.pp file. Also includes a couple of bug fixes. + +#### Features +- (MODULES-4973) Data in Modules which was introduced in the last release has now been reverted due to compatibility issues. + +#### Bugfixes +- Now apt_key only sends the auth basic header when userinfo can be parsed from the URL. +- Reverted the removal of Evolving Web's attribution in NOTICE file. +- Test added to ensure empty string allowed for $release in apt::source. + + +## Supported Release 3.0.0 and 4.0.0 +### Summary + +This release adds new Puppet 4 features: data in modules, EPP templates, the $facts hash, and data types. This release is fully backwards compatible to existing Puppet 4 configurations and provides you with deprecation warnings for every argument that will not work as expected with the final 4.0.0 release. See the stdlib docs here for an in-depth discussion of this: https://github.com/puppetlabs/puppetlabs-stdlib#validate_legacy + +If you want to learn more about the new features used or you wish to upgrade a module yourself, have a look at the NTP: A Puppet 4 language update blog post. + +If you're still running Puppet 3, remain on the latest puppetlabs-apt 2.x release for now, and see the documentation to upgrade to Puppet 4. + +#### Changes + +Data in modules: Moves all distribution and OS-dependent defaults into YAML files in data/, alleviating the need for a params class. Note that while this feature is currently still classed as experimental, the final implementation will support the changes here. +EPP templating: Uses the Puppet language as a base for templates to create simpler and safer templates. No need for Ruby anymore! +The $facts hash: Makes facts visibly distinct from other variables for more readable and maintainable code. This helps eliminate confusion if you use a local variable whose name happens to match that of a common fact. +Data types for validation: Helps you find and replace deprecated code in existing validate functions with stricter, more readable data type notation. First upgrade to the 3.0.0 release of this module, and address all deprecation warnings before upgrading to the final 4.0.0 release. Please see the stdlib docs for an in-depth discussion of this process. + +#### Bugfixes +- Fix apt::source epp template regression introduced in 3.0.0 for the architecture parameter + +## Supported Release 2.4.0 +### Summary +A release that includes only a couple of additional features, but includes several cleanups and bugfixes around existing issues. + +#### Features +- Tests updated to check for idempotency. +- (MODULES-4224) Implementation of beaker-module_install_helper. +- Deprecation warnings are now handled by the deprecation function in stdlib. + +#### Bugfixes +- Now http and https sources fixed for apt_key and can take a userinfo. +- GPG key update. +- Notify_update param now defaults to true to avoid validation errors. +- Implement retry on tests which pull key from a key server which sometimes times out (transient error). +- String comparison error now comphensated for in update.pp. +- (MODULES-4104) Removal of the port number from repository location in order to get the host name of the repository. +- Puppet lint warnings addressed. +- A few small readme issues addressed. + +## Supported Release 2.3.0 +### Summary +A release containing many bugfixes with additional features. + +#### Features +- Apt_updates facts now use /usr/bin/apt-get. +- Addition of notify update to apt::source. +- Update to newest modulesync_configs. +- Installs software-properties-common for Xenial. +- Modulesync updates. +- Add ability to specify a hash of apt::conf defines. + +#### Bugfixes +- A clean up of spec/defines/key_compat_specs, also now runs under STRICT_VARIABLES. +- Apt::setting expects priority to be an integer, set defaults accordingly. +- Fixed version check for Ubuntu on 16.04. +- Now uses hkps.pool.sks-keyservers.net instead of pgp.mit.edu. +- Updates and fixes to tests. General cleanup. +- Fixed regexp for $ensure params. +- Apt/params: Remove unused LSB facts. +- Replaced `-s` with `-f` in ppa rspec tests - After the repository is added, the "${::apt::sources_list_d}/${sources_list_d_filename}" file is created as an empty file. The unless condition of Exec["add-apt-repository-${name}"] calls test -s, which returns 1 if the file is empty. Because the file is empty, the unless condition is never true and the repository is added on every execution. This change replaces the -s test condition with -f, which is true if the file exists or false otherwise. +- Limit non-strict parsing to pre-3.5.0 only - Puppet 3.5.0 introduced strict variables and the module handles strict variables by using the defined() function. This does not work on prior versions of puppet so we now gate based on that version. Puppet 4 series has a new setting `strict` that may be set to enforce strict variables while `strict_variables` remains unset (see PUP-6358) which causes the conditional in manifests/params.pp to erroniously use non-strict 3.5-era parsing and fail. This new conditional corrects the cases such that strict variable behavior happens on versions 3.5.0 and later. + +## Supported Release 2.2.2 +### Summary + +Several bug fixes and the addition of support updates to Debian 8 and Ubuntu Wily. + +#### Bugfixes +- Small fixes to descriptions within the readme and the addition of some examples. +- Updates to run on Ubuntu Wily. +- Fixed apt_key tempfile race condition. +- Run stages limitation added to the documentation. +- Remove unneeded whitespace in source.list template. +- Handle PPA names that contain a plus character. +- Update to current msync configs. +- Avoid duplicate package resources when package_manage => true. +- Avoid multiple package resource declarations. +- Ensure PPAs in tests have valid form. +- Look for correct sources.list.d file for apt::ppa. +- Debian 8 support addiiton to metadata. + +## Supported Release 2.2.1 +### Summary + +Small release for support of newer PE versions. This increments the version of PE in the metadata.json file. + +## 2015-09-29 - Supported Release 2.2.0 +### Summary + +This release includes a few bugfixes. + +#### Features +- Adds an `ensure` parameter for user control of proxy presence. +- Adds ability to set `notify_update` to `apt::conf` (MODULES-2269). +- Apt pins no longer trigger an `apt-get update` run. +- Adds support for creating pins from main class. + +#### Bugfixes +- Updates to use the official Debian mirrors. +- Fixes path to `preferences` and `preferences.d` +- Fixes pinning for backports (MODULES-2446). +- Fixes the name/extension of the preferences files. + +## 2015-07-28 - Supported Release 2.1.1 +### Summary + +This release includes a few bugfixes. + +#### Bugfixes +- Fix incorrect use of anchoring (MODULES-2190) +- Use correct comment type for apt.conf files +- Test fixes +- Documentation fixes + +## 2015-06-16 - Supported Release 2.1.0 +### Summary + +This release largely makes `apt::key` and `apt::source` API-compatible with the 1.8.x versions for ease in upgrading, and also addresses some compatibility issues with older versions of Puppet. + +#### Features +- Add API compatibility to `apt::key` and `apt::source` +- Added `apt_reboot_required` fact + +#### Bugfixes +- Fix compatibility with Puppet versions 3.0-3.4 +- Work around future parser bug PUP-4133 + +## 2015-04-28 - Supported Release 2.0.1 +### Summary + +This bug fixes a few compatibility issues that came up with the 2.0.0 release, and includes test and documentation updates. + +#### Bugfixes +- Fix incompatibility with keyrings containing multiple keys +- Fix bugs preventing the module from working with Puppet < 3.5.0 + +## 2015-04-07 - Supported Release 2.0.0 +### Summary + +This is a major rewrite of the apt module. Many classes and defines were removed, but all existing functionality should still work. Please carefully review documentation before upgrading. + +#### Backwards-incompatible changes + +As this is a major rewrite of the module there are a great number of backwards incompatible changes. Please review this and the updated README carefully before upgrading. + +##### `apt_key` +- `keyserver_options` parameter renamed to `options` + +##### `apt::backports` +- This no longer works out of the box on Linux Mint. If using this on mint, you must specify the `location`, `release`, `repos`, and `key` parameters. [Example](examples/backports.pp) + +##### `apt::builddep` +- This define was removed. Functionality can be matched passing 'build-dep' to `install_options` in the package resource. [Example](examples/builddep.pp) + +##### `apt::debian::testing` +- This class was removed. Manually add an `apt::source` instead. [Example](examples/debian_testing.pp) + +##### `apt::debian::unstable` +- This class was removed. Manually add an `apt::source` instead. [Example](examples/debian_unstable.pp) + +##### `apt::force` +- This define was removed. Functionallity can be matched by setting `install_options` in the package resource. See [here](examples/force.pp) for how to set the options. + +##### `apt::hold` +- This define was removed. Simply use an `apt::pin` with `priority => 1001` for the same functionality. + +##### `apt` +- `always_apt_update` - This parameter was removed. Use `update => { 'frequency' => 'always' }` instead. +- `apt_update_frequency` - This parameter was removed. Use `update => { 'frequency' => <frequency> }` instead. +- `disable_keys` - This parameter was removed. See this [example](examples/disable_keys.pp) if you need this functionality. +- `proxy_host` - This parameter was removed. Use `proxy => { 'host' => <host> }` instead. +- `proxy_port` - This parameter was removed. Use `proxy => { 'port' => <port> }` instead. +- `purge_sources_list` - This parameter was removed. Use `purge => { 'sources.list' => <bool> }` instead. +- `purge_sources_list_d` - This parameter was removed. Use `purge => { 'sources.list.d' => <bool> }` instead. +- `purge_preferences` - This parameter was removed. Use `purge => { 'preferences' => <bool> }` instead. +- `purge_preferences_d` - This parameter was removed. Use `purge => { 'preferences.d' => <bool> }` instead. +- `update_timeout` - This parameter was removed. Use `update => { 'timeout' => <timeout> }` instead. +- `update_tries` - This parameter was removed. Use `update => { 'tries' => <tries> }` instead. + +##### `apt::key` +- `key` - This parameter was renamed to `id`. +- `key_content` - This parameter was renamed to `content`. +- `key_source` - This parameter was renamed to `source`. +- `key_server` - This parameter was renamed to `server`. +- `key_options` - This parameter was renamed to `options`. + +##### `apt::release` +- This class was removed. See this [example](examples/release.pp) for how to achieve this functionality. + +##### `apt::source` +- `include_src` - This parameter was removed. Use `include => { 'src' => <bool> }` instead. ***NOTE*** This now defaults to false. +- `include_deb` - This parameter was removed. Use `include => { 'deb' => <bool> }` instead. +- `required_packages` - This parameter was removed. Use package resources for these packages if needed. +- `key` - This can either be a key id or a hash including key options. If using a hash, `key => { 'id' => <id> }` must be specified. +- `key_server` - This parameter was removed. Use `key => { 'server' => <server> }` instead. +- `key_content` - This parameter was removed. Use `key => { 'content' => <content> }` instead. +- `key_source` - This parameter was removed. Use `key => { 'source' => <source> }` instead. +- `trusted_source` - This parameter was renamed to `allow_unsigned`. + +##### `apt::unattended_upgrades` +- This class was removed and is being republished under the puppet-community namespace. The git repository is available [here](https://github.com/puppet-community/puppet-unattended_upgrades) and it will be published to the forge [here](https://forge.puppetlabs.com/puppet/unattended_upgrades). + +#### Changes to default behavior +- By default purge unmanaged files in 'sources.list', 'sources.list.d', 'preferences', and 'preferences.d'. +- Changed default for `package_manage` in `apt::ppa` to `false`. Set to `true` in a single PPA if you need the package to be managed. +- `apt::source` will no longer include the `src` entries by default. +- `pin` in `apt::source` now defaults to `undef` instead of `false` + +#### Features +- Added the ability to pass hashes of `apt::key`s, `apt::ppa`s, and `apt::setting`s to `apt`. +- Added 'https' key to `proxy` hash to allow disabling `https_proxy` for the `apt::ppa` environment. +- Added `apt::setting` define to abstract away configuration. +- Added the ability to pass hashes to `pin` and `key` in `apt::backports` and `apt::source`. + +#### Bugfixes +- Fixes for strict variables. + +## 2015-03-17 - Supported Release 1.8.0 +### Summary + +This is the last planned feature release of the 1.x series of this module. All new features will be evaluated for puppetlabs-apt 2.x. + +This release includes many important features, including support for full fingerprints, and fixes issues where `apt_key` was not supporting user/password and `apt_has_updates` was not properly parsing the `apt-check` output. + +#### Changes to default behavior +- The apt module will now throw warnings if you don't use full fingerprints for `apt_key`s + +#### Features +- Use gpg to check keys to work around https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1409117 (MODULES-1675) +- Add 'oldstable' to the default update origins for wheezy +- Add utopic, vivid, and cumulus compatibility +- Add support for full fingerprints +- New parameter for `apt::source` + - `trusted_source` +- New parameters for `apt::ppa` + - `package_name` + - `package_manage` +- New parameter for `apt::unattended_upgrades` + - `legacy_origin` +- Separate `apt::pin` from `apt::backports` to allow pin by release instead of origin + +#### Bugfixes +- Cleanup lint and future parser issues +- Fix to support username and passwords again for `apt_key` (MODULES-1119) +- Fix issue where `apt::force` `$install_check` didn't work with non-English locales (MODULES-1231) +- Allow 5 digit ports in `apt_key` +- Fix for `ensure => absent` in `apt_key` (MODULES-1661) +- Fix `apt_has_updates` not parsing `apt-check` output correctly +- Fix inconsistent headers across files (MODULES-1200) +- Clean up formatting for 50unattended-upgrades.erb + +## 2014-10-28 - Supported Release 1.7.0 +### Summary + +This release includes several new features, documentation and test improvements, and a few bug fixes. + +#### Features +- Updated unit and acceptance tests +- Update module to work with Linux Mint +- Documentation updates +- Future parser / strict variables support +- Improved support for long GPG keys +- New parameters! + - Added `apt_update_frequency` to apt + - Added `cfg_files` and `cfg_missing` parameters to apt::force + - Added `randomsleep` to apt::unattended_upgrades +- Added `apt_update_last_success` fact +- Refactored facts for performance improvements + +#### Bugfixes +- Update apt::builddep to require Exec['apt_update'] instead of notifying it +- Clean up lint errors + +## 2014-08-20 - Supported Release 1.6.0 +### Summary + +#### Features +- Allow URL or domain name for key_server parameter +- Allow custom comment for sources list +- Enable auto-update for Debian squeeze LTS +- Add facts showing available updates +- Test refactoring + +#### Bugfixes +- Allow dashes in URL or domain for key_server parameter + +## 2014-08-13 - Supported Release 1.5.3 +### Summary + +This is a bugfix releases. It addresses a bad regex, failures with unicode +characters, and issues with the $proxy_host handling in apt::ppa. + +#### Features +- Synced files from Modulesync + +#### Bugfixes +- Fix regex to follow APT requirements in apt::pin +- Fix for unicode characters +- Fix inconsistent $proxy_host handling in apt and apt::ppa +- Fix typo in README +- Fix broken acceptance tests + +## 2014-07-15 - Supported Release 1.5.2 +### Summary + +This release merely updates metadata.json so the module can be uninstalled and +upgraded via the puppet module command. + +## 2014-07-10 - Supported Release 1.5.1 +### Summary + +This release has added tests to ensure graceful failure on OSX. + +## 2014-06-04 - Release 1.5.0 +### Summary + +This release adds support for Ubuntu 14.04. It also includes many new features +and important bugfixes. One huge change is that apt::key was replaced with +apt_key, which allows you to use puppet resource apt_key to inventory keys on +your system. + +Special thanks to daenney, our intrepid unofficial apt maintainer! + +#### Features +- Add support for Ubuntu Trusty! +- Add apt::hold define +- Generate valid *.pref files in apt::pin +- Made pin_priority configurable for apt::backports +- Add apt_key type and provider +- Rename "${apt_conf_d}/proxy" to "${apt_conf_d}/01proxy" +- apt::key rewritten to use apt_key type +- Add support for update_tries to apt::update + +#### Bugfixes +- Typo fixes +- Fix unattended upgrades +- Removed bogus line when using purge_preferences +- Fix apt::force to upgrade allow packages to be upgraded to the pacakge from the specified release + +## 2014-03-04 - Supported Release 1.4.2 +### Summary + +This is a supported release. This release tidies up 1.4.1 and re-enables +support for Ubuntu 10.04 + +#### Features + +#### Bugfixes +- Fix apt:ppa to include the -y Ubuntu 10.04 requires. +- Documentation changes. +- Test fixups. + +#### Known Bugs + +* No known issues. + + + +## 2014-02-13 1.4.1 +### Summary +This is a bugfix release. + +#### Bugfixes +- Fix apt::force unable to upgrade packages from releases other than its original +- Removed a few refeneces to aptitude instead of apt-get for portability +- Removed call to getparam() due to stdlib dependency +- Correct apt::source template when architecture is provided +- Retry package installs if apt is locked +- Use root to exec in apt::ppa +- Updated tests and converted acceptance tests to beaker + +## 2013-10-08 - Release 1.4.0 + +### Summary + +Minor bugfix and allow the timeout to be adjusted. + +#### Features +- Add an `updates_timeout` to apt::params + +#### Bugfixes +- Ensure apt::ppa can read a ppa removed by hand. + + +## 2013-10-08 - Release 1.3.0 +### Summary + +This major feature in this release is the new apt::unattended_upgrades class, +allowing you to handle Ubuntu's unattended feature. This allows you to select +specific packages to automatically upgrade without any further user +involvement. + +In addition we extend our Wheezy support, add proxy support to apt:ppa and do +various cleanups and tweaks. + +#### Features +- Add apt::unattended_upgrades support for Ubuntu. +- Add wheezy backports support. +- Use the geoDNS http.debian.net instead of the main debian ftp server. +- Add `options` parameter to apt::ppa in order to pass options to apt-add-repository command. +- Add proxy support for apt::ppa (uses proxy_host and proxy_port from apt). + +#### Bugfixes +- Fix regsubst() calls to quote single letters (for future parser). +- Fix lint warnings and other misc cleanup. + + +## 2013-07-03 - Release 1.2.0 + +#### Features +- Add geppetto `.project` natures +- Add GH auto-release +- Add `apt::key::key_options` parameter +- Add complex pin support using distribution properties for `apt::pin` via new properties: + - `apt::pin::codename` + - `apt::pin::release_version` + - `apt::pin::component` + - `apt::pin::originator` + - `apt::pin::label` +- Add source architecture support to `apt::source::architecture` + +#### Bugfixes +- Use apt-get instead of aptitude in apt::force +- Update default backports location +- Add dependency for required packages before apt-get update + + +## 2013-06-02 - Release 1.1.1 +### Summary + +This is a bug fix release that resolves a number of issues: + +* By changing template variable usage, we remove the deprecation warnings + for Puppet 3.2.x +* Fixed proxy file removal, when proxy absent + +Some documentation, style and whitespaces changes were also merged. This +release also introduced proper rspec-puppet unit testing on Travis-CI to help +reduce regression. + +Thanks to all the community contributors below that made this patch possible. + +#### Detail Changes + +* fix minor comment type (Chris Rutter) +* whitespace fixes (Michael Moll) +* Update travis config file (William Van Hevelingen) +* Build all branches on travis (William Van Hevelingen) +* Standardize travis.yml on pattern introduced in stdlib (William Van Hevelingen) +* Updated content to conform to README best practices template (Lauren Rother) +* Fix apt::release example in readme (Brian Galey) +* add @ to variables in template (Peter Hoeg) +* Remove deprecation warnings for pin.pref.erb as well (Ken Barber) +* Update travis.yml to latest versions of puppet (Ken Barber) +* Fix proxy file removal (Scott Barber) +* Add spec test for removing proxy configuration (Dean Reilly) +* Fix apt::key listing longer than 8 chars (Benjamin Knofe) + + + + +## Release 1.1.0 +### Summary + +This release includes Ubuntu 12.10 (Quantal) support for PPAs. + +--- + +## 2012-05-25 - Puppet Labs <info@puppetlabs.com> - Release 0.0.4 +### Summary + + * Fix ppa list filename when there is a period in the PPA name + * Add .pref extension to apt preferences files + * Allow preferences to be purged + * Extend pin support + + +## 2012-05-04 - Puppet Labs <info@puppetlabs.com> - Release 0.0.3 +### Summary + + * only invoke apt-get update once + * only install python-software-properties if a ppa is added + * support 'ensure => absent' for all defined types + * add apt::conf + * add apt::backports + * fixed Modulefile for module tool dependency resolution + * configure proxy before doing apt-get update + * use apt-get update instead of aptitude for apt::ppa + * add support to pin release + + +## 2012-03-26 - Puppet Labs <info@puppetlabs.com> - Release 0.0.2 +### Summary + +* 41cedbb (#13261) Add real examples to smoke tests. +* d159a78 (#13261) Add key.pp smoke test +* 7116c7a (#13261) Replace foo source with puppetlabs source +* 1ead0bf Ignore pkg directory. +* 9c13872 (#13289) Fix some more style violations +* 0ea4ffa (#13289) Change test scaffolding to use a module & manifest dir fixture path +* a758247 (#13289) Clean up style violations and fix corresponding tests +* 99c3fd3 (#13289) Add puppet lint tests to Rakefile +* 5148cbf (#13125) Apt keys should be case insensitive +* b9607a4 Convert apt::key to use anchors + + +## 2012-03-07 - Puppet Labs <info@puppetlabs.com> - Release 0.0.1 +### Summary + +* d4fec56 Modify apt::source release parameter test +* 1132a07 (#12917) Add contributors to README +* 8cdaf85 (#12823) Add apt::key defined type and modify apt::source to use it +* 7c0d10b (#12809) $release should use $lsbdistcodename and fall back to manual input +* be2cc3e (#12522) Adjust spec test for splitting purge +* 7dc60ae (#12522) Split purge option to spare sources.list +* 9059c4e Fix source specs to test all key permutations +* 8acb202 Add test for python-software-properties package +* a4af11f Check if python-software-properties is defined before attempting to define it. +* 1dcbf3d Add tests for required_packages change +* f3735d2 Allow duplicate $required_packages +* 74c8371 (#12430) Add tests for changes to apt module +* 97ebb2d Test two sources with the same key +* 1160bcd (#12526) Add ability to reverse apt { disable_keys => true } +* 2842d73 Add Modulefile to puppet-apt +* c657742 Allow the use of the same key in multiple sources +* 8c27963 (#12522) Adding purge option to apt class +* 997c9fd (#12529) Add unit test for apt proxy settings +* 50f3cca (#12529) Add parameter to support setting a proxy for apt +* d522877 (#12094) Replace chained .with_* with a hash +* 8cf1bd0 (#12094) Remove deprecated spec.opts file +* 2d688f4 (#12094) Add rspec-puppet tests for apt +* 0fb5f78 (#12094) Replace name with path in file resources +* f759bc0 (#11953) Apt::force passes $version to aptitude +* f71db53 (#11413) Add spec test for apt::force to verify changes to unless +* 2f5d317 (#11413) Update dpkg query used by apt::force +* cf6caa1 (#10451) Add test coverage to apt::ppa +* 0dd697d include_src parameter in example; Whitespace cleanup +* b662eb8 fix typos in "repositories" +* 1be7457 Fix (#10451) - apt::ppa fails to "apt-get update" when new PPA source is added +* 864302a Set the pin priority before adding the source (Fix #10449) +* 1de4e0a Refactored as per mlitteken +* 1af9a13 Added some crazy bash madness to check if the ppa is installed already. Otherwise the manifest tries to add it on every run! +* 52ca73e (#8720) Replace Apt::Ppa with Apt::Builddep +* 5c05fa0 added builddep command. +* a11af50 added the ability to specify the content of a key +* c42db0f Fixes ppa test. +* 77d2b0d reformatted whitespace to match recommended style of 2 space indentation. +* 27ebdfc ignore swap files. +* 377d58a added smoke tests for module. +* 18f614b reformatted apt::ppa according to recommended style. +* d8a1e4e Created a params class to hold global data. +* 636ae85 Added two params for apt class +* 148fc73 Update LICENSE. +* ed2d19e Support ability to add more than one PPA +* 420d537 Add call to apt-update after add-apt-repository in apt::ppa +* 945be77 Add package definition for python-software-properties +* 71fc425 Abs paths for all commands +* 9d51cd1 Adding LICENSE +* 71796e3 Heading fix in README +* 87777d8 Typo in README +* f848bac First commit + +[5.0.1]:https://github.com/puppetlabs/puppetlabs-apt/compare/5.0.0...5.0.1 +[5.0.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.5.1...5.0.0 +[4.5.1]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.5.0...4.5.1 +[4.5.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.4.1...4.5.0 +[4.4.1]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.4.0...4.4.1 +[4.4.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.3.0...4.4.0 +[4.3.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.2.0...4.3.0 +[4.2.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.1.0...4.2.0 + + +\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/CODEOWNERS Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,2 @@ +# Setting ownership to the modules team +* @puppetlabs/modules
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/CONTRIBUTING.md Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,3 @@ +# Contributing to Puppet modules + +Check out our [Contributing to Supported Modules Blog Post](https://puppetlabs.github.io/iac/docs/contributing_to_a_module.html) to find all the information that you will need.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/HISTORY.md Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,692 @@ +## 5.0.1 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/5.0.0...5.0.1) + +### Fixed + +- \(MODULES-7540\) - add apt-transport-https with https [\#775](https://github.com/puppetlabs/puppetlabs-apt/pull/775) ([tphoney](https://github.com/tphoney)) + +## [5.0.0](https://github.com/puppetlabs/puppetlabs-apt/tree/5.0.0) (2018-07-18) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apt/compare/4.5.1...5.0.0) + +### Changed + +- \[FM-6956\] Removal of unsupported Debian 7 from apt [\#760](https://github.com/puppetlabs/puppetlabs-apt/pull/760) ([david22swan](https://github.com/david22swan)) + +### Added + +- \(MODULES-7467\) Update apt to support Ubuntu 18.04 [\#769](https://github.com/puppetlabs/puppetlabs-apt/pull/769) ([david22swan](https://github.com/david22swan)) +- Support managing login configurations in /etc/apt/auth.conf [\#752](https://github.com/puppetlabs/puppetlabs-apt/pull/752) ([antaflos](https://github.com/antaflos)) + +### Fixed + +- \(MODULES-7327\) - Update README with supported OS [\#767](https://github.com/puppetlabs/puppetlabs-apt/pull/767) ([pmcmaw](https://github.com/pmcmaw)) +- \(bugfix\) Dont run ftp tests in travis [\#766](https://github.com/puppetlabs/puppetlabs-apt/pull/766) ([tphoney](https://github.com/tphoney)) +- \(maint\) make apt testing more stable, cleanup [\#764](https://github.com/puppetlabs/puppetlabs-apt/pull/764) ([tphoney](https://github.com/tphoney)) +- Remove .length from variable $pin\_release in app [\#754](https://github.com/puppetlabs/puppetlabs-apt/pull/754) ([paladox](https://github.com/paladox)) +- Replace UTF-8 whitespace in comment [\#748](https://github.com/puppetlabs/puppetlabs-apt/pull/748) ([bernhardschmidt](https://github.com/bernhardschmidt)) +- Fix "E: Unable to locate package -y" [\#747](https://github.com/puppetlabs/puppetlabs-apt/pull/747) ([aboks](https://github.com/aboks)) +- Fix automatic coercion warning [\#743](https://github.com/puppetlabs/puppetlabs-apt/pull/743) ([smortex](https://github.com/smortex)) + +## Supported Release [4.5.1] +### Summary +This release fixes CVE-2018-6508 which is a potential arbitrary code execution via tasks. + +### Fixed +- Fix init task for arbitrary remote code + +## Supported Release [4.5.0] +### Summary +This release uses the PDK convert functionality which in return makes the module PDK compliant. It also includes a roll up of maintenance changes. + +### Added +- PDK convert apt ([MODULES-6452](https://tickets.puppet.com/browse/MODULES-6452)). +- Testing on Travis using rvm 2.4.1. +- Modulesync updates. + +### Fixed +- Changes to address additional Rubocop failures. +- (maint) Addressing puppet-lint doc warnings. + +### Removed +- `gem update bundler` command in .travis.yml due to ([MODULES-6339](https://tickets.puppet.com/browse/MODULES-6339)). + +## Supported Release [4.4.1] +### Summary +This release is to update the formatting of the module, Rubocop having been run for all ruby files and been set to run automatically on all future commits. + +### Changed +- Rubocop has been implemented. + +## Supported Release [4.4.0] +### Summary + +This release is a rollup of new features and fixes. + +#### Added +- Install `apt-transport-https` if using Debian 7, 8, 9 or Ubuntu 14.04, 16.04. +- Adds a boolean option `direct` to proxy settings to bypass `https_proxy` if not set. +- Adds facter facts for `dist-upgrade` apt updates. + +#### Changed +- Update class is now private. +- Some tidyup of ruby code from Rubocop. +- Fixed circular dependency for package dirmngr. +- Debian updates are no longer treated as security updates. +- Legacy functions have been removed. +- Updates to tests. + +#### Fixed +- [(MODULES-4265)](https://tickets.puppetlabs.com/browse/MODULES-4265) Detect security updates from multiple sources. + +## Supported Release [4.3.0] +### Summary + +This release is adding Tasks to the apt module. + +#### Added +- Add a task that allows apt-get update and upgrade + +## Supported Release [4.2.0] +### Summary + +This release is primarily to fix an error around GPG keys in Debian 9, but includes some other small features and fixes as well. + +#### Added +- `apt_package_security_updates` fact +- The ability to modify the loglevel of `Exec['apt_update'}` +- Puppet 5 support + +#### Changed +- Ubuntu 16.04 now uses `software-priorities-common` + +#### Removed +- Debian 6, Ubuntu 10.04 and 12.04 support. Existing compatibility remains intact but bugs will not be prioritized for these OSes. + +#### Fixed +- **[(MODULES-4686)](https://tickets.puppetlabs.com/browse/MODULES-4686) an error that was causing GPG keyserver imports to fail on Debian 9** + +## Supported Release 4.1.0 +### Summary + +This release removes Data in Modules due to current compatibility issues and reinstates the params.pp file. Also includes a couple of bug fixes. + +#### Features +- (MODULES-4973) Data in Modules which was introduced in the last release has now been reverted due to compatibility issues. + +#### Bugfixes +- Now apt_key only sends the auth basic header when userinfo can be parsed from the URL. +- Reverted the removal of Evolving Web's attribution in NOTICE file. +- Test added to ensure empty string allowed for $release in apt::source. + + +## Supported Release 3.0.0 and 4.0.0 +### Summary + +This release adds new Puppet 4 features: data in modules, EPP templates, the $facts hash, and data types. This release is fully backwards compatible to existing Puppet 4 configurations and provides you with deprecation warnings for every argument that will not work as expected with the final 4.0.0 release. See the stdlib docs here for an in-depth discussion of this: https://github.com/puppetlabs/puppetlabs-stdlib#validate_legacy + +If you want to learn more about the new features used or you wish to upgrade a module yourself, have a look at the NTP: A Puppet 4 language update blog post. + +If you're still running Puppet 3, remain on the latest puppetlabs-apt 2.x release for now, and see the documentation to upgrade to Puppet 4. + +#### Changes + +Data in modules: Moves all distribution and OS-dependent defaults into YAML files in data/, alleviating the need for a params class. Note that while this feature is currently still classed as experimental, the final implementation will support the changes here. +EPP templating: Uses the Puppet language as a base for templates to create simpler and safer templates. No need for Ruby anymore! +The $facts hash: Makes facts visibly distinct from other variables for more readable and maintainable code. This helps eliminate confusion if you use a local variable whose name happens to match that of a common fact. +Data types for validation: Helps you find and replace deprecated code in existing validate functions with stricter, more readable data type notation. First upgrade to the 3.0.0 release of this module, and address all deprecation warnings before upgrading to the final 4.0.0 release. Please see the stdlib docs for an in-depth discussion of this process. + +#### Bugfixes +- Fix apt::source epp template regression introduced in 3.0.0 for the architecture parameter + +## Supported Release 2.4.0 +### Summary +A release that includes only a couple of additional features, but includes several cleanups and bugfixes around existing issues. + +#### Features +- Tests updated to check for idempotency. +- (MODULES-4224) Implementation of beaker-module_install_helper. +- Deprecation warnings are now handled by the deprecation function in stdlib. + +#### Bugfixes +- Now http and https sources fixed for apt_key and can take a userinfo. +- GPG key update. +- Notify_update param now defaults to true to avoid validation errors. +- Implement retry on tests which pull key from a key server which sometimes times out (transient error). +- String comparison error now comphensated for in update.pp. +- (MODULES-4104) Removal of the port number from repository location in order to get the host name of the repository. +- Puppet lint warnings addressed. +- A few small readme issues addressed. + +## Supported Release 2.3.0 +### Summary +A release containing many bugfixes with additional features. + +#### Features +- Apt_updates facts now use /usr/bin/apt-get. +- Addition of notify update to apt::source. +- Update to newest modulesync_configs. +- Installs software-properties-common for Xenial. +- Modulesync updates. +- Add ability to specify a hash of apt::conf defines. + +#### Bugfixes +- A clean up of spec/defines/key_compat_specs, also now runs under STRICT_VARIABLES. +- Apt::setting expects priority to be an integer, set defaults accordingly. +- Fixed version check for Ubuntu on 16.04. +- Now uses hkps.pool.sks-keyservers.net instead of pgp.mit.edu. +- Updates and fixes to tests. General cleanup. +- Fixed regexp for $ensure params. +- Apt/params: Remove unused LSB facts. +- Replaced `-s` with `-f` in ppa rspec tests - After the repository is added, the "${::apt::sources_list_d}/${sources_list_d_filename}" file is created as an empty file. The unless condition of Exec["add-apt-repository-${name}"] calls test -s, which returns 1 if the file is empty. Because the file is empty, the unless condition is never true and the repository is added on every execution. This change replaces the -s test condition with -f, which is true if the file exists or false otherwise. +- Limit non-strict parsing to pre-3.5.0 only - Puppet 3.5.0 introduced strict variables and the module handles strict variables by using the defined() function. This does not work on prior versions of puppet so we now gate based on that version. Puppet 4 series has a new setting `strict` that may be set to enforce strict variables while `strict_variables` remains unset (see PUP-6358) which causes the conditional in manifests/params.pp to erroniously use non-strict 3.5-era parsing and fail. This new conditional corrects the cases such that strict variable behavior happens on versions 3.5.0 and later. + +## Supported Release 2.2.2 +### Summary + +Several bug fixes and the addition of support updates to Debian 8 and Ubuntu Wily. + +#### Bugfixes +- Small fixes to descriptions within the readme and the addition of some examples. +- Updates to run on Ubuntu Wily. +- Fixed apt_key tempfile race condition. +- Run stages limitation added to the documentation. +- Remove unneeded whitespace in source.list template. +- Handle PPA names that contain a plus character. +- Update to current msync configs. +- Avoid duplicate package resources when package_manage => true. +- Avoid multiple package resource declarations. +- Ensure PPAs in tests have valid form. +- Look for correct sources.list.d file for apt::ppa. +- Debian 8 support addiiton to metadata. + +## Supported Release 2.2.1 +### Summary + +Small release for support of newer PE versions. This increments the version of PE in the metadata.json file. + +## 2015-09-29 - Supported Release 2.2.0 +### Summary + +This release includes a few bugfixes. + +#### Features +- Adds an `ensure` parameter for user control of proxy presence. +- Adds ability to set `notify_update` to `apt::conf` (MODULES-2269). +- Apt pins no longer trigger an `apt-get update` run. +- Adds support for creating pins from main class. + +#### Bugfixes +- Updates to use the official Debian mirrors. +- Fixes path to `preferences` and `preferences.d` +- Fixes pinning for backports (MODULES-2446). +- Fixes the name/extension of the preferences files. + +## 2015-07-28 - Supported Release 2.1.1 +### Summary + +This release includes a few bugfixes. + +#### Bugfixes +- Fix incorrect use of anchoring (MODULES-2190) +- Use correct comment type for apt.conf files +- Test fixes +- Documentation fixes + +## 2015-06-16 - Supported Release 2.1.0 +### Summary + +This release largely makes `apt::key` and `apt::source` API-compatible with the 1.8.x versions for ease in upgrading, and also addresses some compatibility issues with older versions of Puppet. + +#### Features +- Add API compatibility to `apt::key` and `apt::source` +- Added `apt_reboot_required` fact + +#### Bugfixes +- Fix compatibility with Puppet versions 3.0-3.4 +- Work around future parser bug PUP-4133 + +## 2015-04-28 - Supported Release 2.0.1 +### Summary + +This bug fixes a few compatibility issues that came up with the 2.0.0 release, and includes test and documentation updates. + +#### Bugfixes +- Fix incompatibility with keyrings containing multiple keys +- Fix bugs preventing the module from working with Puppet < 3.5.0 + +## 2015-04-07 - Supported Release 2.0.0 +### Summary + +This is a major rewrite of the apt module. Many classes and defines were removed, but all existing functionality should still work. Please carefully review documentation before upgrading. + +#### Backwards-incompatible changes + +As this is a major rewrite of the module there are a great number of backwards incompatible changes. Please review this and the updated README carefully before upgrading. + +##### `apt_key` +- `keyserver_options` parameter renamed to `options` + +##### `apt::backports` +- This no longer works out of the box on Linux Mint. If using this on mint, you must specify the `location`, `release`, `repos`, and `key` parameters. [Example](examples/backports.pp) + +##### `apt::builddep` +- This define was removed. Functionality can be matched passing 'build-dep' to `install_options` in the package resource. [Example](examples/builddep.pp) + +##### `apt::debian::testing` +- This class was removed. Manually add an `apt::source` instead. [Example](examples/debian_testing.pp) + +##### `apt::debian::unstable` +- This class was removed. Manually add an `apt::source` instead. [Example](examples/debian_unstable.pp) + +##### `apt::force` +- This define was removed. Functionallity can be matched by setting `install_options` in the package resource. See [here](examples/force.pp) for how to set the options. + +##### `apt::hold` +- This define was removed. Simply use an `apt::pin` with `priority => 1001` for the same functionality. + +##### `apt` +- `always_apt_update` - This parameter was removed. Use `update => { 'frequency' => 'always' }` instead. +- `apt_update_frequency` - This parameter was removed. Use `update => { 'frequency' => <frequency> }` instead. +- `disable_keys` - This parameter was removed. See this [example](examples/disable_keys.pp) if you need this functionality. +- `proxy_host` - This parameter was removed. Use `proxy => { 'host' => <host> }` instead. +- `proxy_port` - This parameter was removed. Use `proxy => { 'port' => <port> }` instead. +- `purge_sources_list` - This parameter was removed. Use `purge => { 'sources.list' => <bool> }` instead. +- `purge_sources_list_d` - This parameter was removed. Use `purge => { 'sources.list.d' => <bool> }` instead. +- `purge_preferences` - This parameter was removed. Use `purge => { 'preferences' => <bool> }` instead. +- `purge_preferences_d` - This parameter was removed. Use `purge => { 'preferences.d' => <bool> }` instead. +- `update_timeout` - This parameter was removed. Use `update => { 'timeout' => <timeout> }` instead. +- `update_tries` - This parameter was removed. Use `update => { 'tries' => <tries> }` instead. + +##### `apt::key` +- `key` - This parameter was renamed to `id`. +- `key_content` - This parameter was renamed to `content`. +- `key_source` - This parameter was renamed to `source`. +- `key_server` - This parameter was renamed to `server`. +- `key_options` - This parameter was renamed to `options`. + +##### `apt::release` +- This class was removed. See this [example](examples/release.pp) for how to achieve this functionality. + +##### `apt::source` +- `include_src` - This parameter was removed. Use `include => { 'src' => <bool> }` instead. ***NOTE*** This now defaults to false. +- `include_deb` - This parameter was removed. Use `include => { 'deb' => <bool> }` instead. +- `required_packages` - This parameter was removed. Use package resources for these packages if needed. +- `key` - This can either be a key id or a hash including key options. If using a hash, `key => { 'id' => <id> }` must be specified. +- `key_server` - This parameter was removed. Use `key => { 'server' => <server> }` instead. +- `key_content` - This parameter was removed. Use `key => { 'content' => <content> }` instead. +- `key_source` - This parameter was removed. Use `key => { 'source' => <source> }` instead. +- `trusted_source` - This parameter was renamed to `allow_unsigned`. + +##### `apt::unattended_upgrades` +- This class was removed and is being republished under the puppet-community namespace. The git repository is available [here](https://github.com/puppet-community/puppet-unattended_upgrades) and it will be published to the forge [here](https://forge.puppetlabs.com/puppet/unattended_upgrades). + +#### Changes to default behavior +- By default purge unmanaged files in 'sources.list', 'sources.list.d', 'preferences', and 'preferences.d'. +- Changed default for `package_manage` in `apt::ppa` to `false`. Set to `true` in a single PPA if you need the package to be managed. +- `apt::source` will no longer include the `src` entries by default. +- `pin` in `apt::source` now defaults to `undef` instead of `false` + +#### Features +- Added the ability to pass hashes of `apt::key`s, `apt::ppa`s, and `apt::setting`s to `apt`. +- Added 'https' key to `proxy` hash to allow disabling `https_proxy` for the `apt::ppa` environment. +- Added `apt::setting` define to abstract away configuration. +- Added the ability to pass hashes to `pin` and `key` in `apt::backports` and `apt::source`. + +#### Bugfixes +- Fixes for strict variables. + +## 2015-03-17 - Supported Release 1.8.0 +### Summary + +This is the last planned feature release of the 1.x series of this module. All new features will be evaluated for puppetlabs-apt 2.x. + +This release includes many important features, including support for full fingerprints, and fixes issues where `apt_key` was not supporting user/password and `apt_has_updates` was not properly parsing the `apt-check` output. + +#### Changes to default behavior +- The apt module will now throw warnings if you don't use full fingerprints for `apt_key`s + +#### Features +- Use gpg to check keys to work around https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1409117 (MODULES-1675) +- Add 'oldstable' to the default update origins for wheezy +- Add utopic, vivid, and cumulus compatibility +- Add support for full fingerprints +- New parameter for `apt::source` + - `trusted_source` +- New parameters for `apt::ppa` + - `package_name` + - `package_manage` +- New parameter for `apt::unattended_upgrades` + - `legacy_origin` +- Separate `apt::pin` from `apt::backports` to allow pin by release instead of origin + +#### Bugfixes +- Cleanup lint and future parser issues +- Fix to support username and passwords again for `apt_key` (MODULES-1119) +- Fix issue where `apt::force` `$install_check` didn't work with non-English locales (MODULES-1231) +- Allow 5 digit ports in `apt_key` +- Fix for `ensure => absent` in `apt_key` (MODULES-1661) +- Fix `apt_has_updates` not parsing `apt-check` output correctly +- Fix inconsistent headers across files (MODULES-1200) +- Clean up formatting for 50unattended-upgrades.erb + +## 2014-10-28 - Supported Release 1.7.0 +### Summary + +This release includes several new features, documentation and test improvements, and a few bug fixes. + +#### Features +- Updated unit and acceptance tests +- Update module to work with Linux Mint +- Documentation updates +- Future parser / strict variables support +- Improved support for long GPG keys +- New parameters! + - Added `apt_update_frequency` to apt + - Added `cfg_files` and `cfg_missing` parameters to apt::force + - Added `randomsleep` to apt::unattended_upgrades +- Added `apt_update_last_success` fact +- Refactored facts for performance improvements + +#### Bugfixes +- Update apt::builddep to require Exec['apt_update'] instead of notifying it +- Clean up lint errors + +## 2014-08-20 - Supported Release 1.6.0 +### Summary + +#### Features +- Allow URL or domain name for key_server parameter +- Allow custom comment for sources list +- Enable auto-update for Debian squeeze LTS +- Add facts showing available updates +- Test refactoring + +#### Bugfixes +- Allow dashes in URL or domain for key_server parameter + +## 2014-08-13 - Supported Release 1.5.3 +### Summary + +This is a bugfix releases. It addresses a bad regex, failures with unicode +characters, and issues with the $proxy_host handling in apt::ppa. + +#### Features +- Synced files from Modulesync + +#### Bugfixes +- Fix regex to follow APT requirements in apt::pin +- Fix for unicode characters +- Fix inconsistent $proxy_host handling in apt and apt::ppa +- Fix typo in README +- Fix broken acceptance tests + +## 2014-07-15 - Supported Release 1.5.2 +### Summary + +This release merely updates metadata.json so the module can be uninstalled and +upgraded via the puppet module command. + +## 2014-07-10 - Supported Release 1.5.1 +### Summary + +This release has added tests to ensure graceful failure on OSX. + +## 2014-06-04 - Release 1.5.0 +### Summary + +This release adds support for Ubuntu 14.04. It also includes many new features +and important bugfixes. One huge change is that apt::key was replaced with +apt_key, which allows you to use puppet resource apt_key to inventory keys on +your system. + +Special thanks to daenney, our intrepid unofficial apt maintainer! + +#### Features +- Add support for Ubuntu Trusty! +- Add apt::hold define +- Generate valid *.pref files in apt::pin +- Made pin_priority configurable for apt::backports +- Add apt_key type and provider +- Rename "${apt_conf_d}/proxy" to "${apt_conf_d}/01proxy" +- apt::key rewritten to use apt_key type +- Add support for update_tries to apt::update + +#### Bugfixes +- Typo fixes +- Fix unattended upgrades +- Removed bogus line when using purge_preferences +- Fix apt::force to upgrade allow packages to be upgraded to the pacakge from the specified release + +## 2014-03-04 - Supported Release 1.4.2 +### Summary + +This is a supported release. This release tidies up 1.4.1 and re-enables +support for Ubuntu 10.04 + +#### Features + +#### Bugfixes +- Fix apt:ppa to include the -y Ubuntu 10.04 requires. +- Documentation changes. +- Test fixups. + +#### Known Bugs + +* No known issues. + + + +## 2014-02-13 1.4.1 +### Summary +This is a bugfix release. + +#### Bugfixes +- Fix apt::force unable to upgrade packages from releases other than its original +- Removed a few refeneces to aptitude instead of apt-get for portability +- Removed call to getparam() due to stdlib dependency +- Correct apt::source template when architecture is provided +- Retry package installs if apt is locked +- Use root to exec in apt::ppa +- Updated tests and converted acceptance tests to beaker + +## 2013-10-08 - Release 1.4.0 + +### Summary + +Minor bugfix and allow the timeout to be adjusted. + +#### Features +- Add an `updates_timeout` to apt::params + +#### Bugfixes +- Ensure apt::ppa can read a ppa removed by hand. + + +## 2013-10-08 - Release 1.3.0 +### Summary + +This major feature in this release is the new apt::unattended_upgrades class, +allowing you to handle Ubuntu's unattended feature. This allows you to select +specific packages to automatically upgrade without any further user +involvement. + +In addition we extend our Wheezy support, add proxy support to apt:ppa and do +various cleanups and tweaks. + +#### Features +- Add apt::unattended_upgrades support for Ubuntu. +- Add wheezy backports support. +- Use the geoDNS http.debian.net instead of the main debian ftp server. +- Add `options` parameter to apt::ppa in order to pass options to apt-add-repository command. +- Add proxy support for apt::ppa (uses proxy_host and proxy_port from apt). + +#### Bugfixes +- Fix regsubst() calls to quote single letters (for future parser). +- Fix lint warnings and other misc cleanup. + + +## 2013-07-03 - Release 1.2.0 + +#### Features +- Add geppetto `.project` natures +- Add GH auto-release +- Add `apt::key::key_options` parameter +- Add complex pin support using distribution properties for `apt::pin` via new properties: + - `apt::pin::codename` + - `apt::pin::release_version` + - `apt::pin::component` + - `apt::pin::originator` + - `apt::pin::label` +- Add source architecture support to `apt::source::architecture` + +#### Bugfixes +- Use apt-get instead of aptitude in apt::force +- Update default backports location +- Add dependency for required packages before apt-get update + + +## 2013-06-02 - Release 1.1.1 +### Summary + +This is a bug fix release that resolves a number of issues: + +* By changing template variable usage, we remove the deprecation warnings + for Puppet 3.2.x +* Fixed proxy file removal, when proxy absent + +Some documentation, style and whitespaces changes were also merged. This +release also introduced proper rspec-puppet unit testing on Travis-CI to help +reduce regression. + +Thanks to all the community contributors below that made this patch possible. + +#### Detail Changes + +* fix minor comment type (Chris Rutter) +* whitespace fixes (Michael Moll) +* Update travis config file (William Van Hevelingen) +* Build all branches on travis (William Van Hevelingen) +* Standardize travis.yml on pattern introduced in stdlib (William Van Hevelingen) +* Updated content to conform to README best practices template (Lauren Rother) +* Fix apt::release example in readme (Brian Galey) +* add @ to variables in template (Peter Hoeg) +* Remove deprecation warnings for pin.pref.erb as well (Ken Barber) +* Update travis.yml to latest versions of puppet (Ken Barber) +* Fix proxy file removal (Scott Barber) +* Add spec test for removing proxy configuration (Dean Reilly) +* Fix apt::key listing longer than 8 chars (Benjamin Knofe) + + + + +## Release 1.1.0 +### Summary + +This release includes Ubuntu 12.10 (Quantal) support for PPAs. + +--- + +## 2012-05-25 - Puppet Labs <info@puppetlabs.com> - Release 0.0.4 +### Summary + + * Fix ppa list filename when there is a period in the PPA name + * Add .pref extension to apt preferences files + * Allow preferences to be purged + * Extend pin support + + +## 2012-05-04 - Puppet Labs <info@puppetlabs.com> - Release 0.0.3 +### Summary + + * only invoke apt-get update once + * only install python-software-properties if a ppa is added + * support 'ensure => absent' for all defined types + * add apt::conf + * add apt::backports + * fixed Modulefile for module tool dependency resolution + * configure proxy before doing apt-get update + * use apt-get update instead of aptitude for apt::ppa + * add support to pin release + + +## 2012-03-26 - Puppet Labs <info@puppetlabs.com> - Release 0.0.2 +### Summary + +* 41cedbb (#13261) Add real examples to smoke tests. +* d159a78 (#13261) Add key.pp smoke test +* 7116c7a (#13261) Replace foo source with puppetlabs source +* 1ead0bf Ignore pkg directory. +* 9c13872 (#13289) Fix some more style violations +* 0ea4ffa (#13289) Change test scaffolding to use a module & manifest dir fixture path +* a758247 (#13289) Clean up style violations and fix corresponding tests +* 99c3fd3 (#13289) Add puppet lint tests to Rakefile +* 5148cbf (#13125) Apt keys should be case insensitive +* b9607a4 Convert apt::key to use anchors + + +## 2012-03-07 - Puppet Labs <info@puppetlabs.com> - Release 0.0.1 +### Summary + +* d4fec56 Modify apt::source release parameter test +* 1132a07 (#12917) Add contributors to README +* 8cdaf85 (#12823) Add apt::key defined type and modify apt::source to use it +* 7c0d10b (#12809) $release should use $lsbdistcodename and fall back to manual input +* be2cc3e (#12522) Adjust spec test for splitting purge +* 7dc60ae (#12522) Split purge option to spare sources.list +* 9059c4e Fix source specs to test all key permutations +* 8acb202 Add test for python-software-properties package +* a4af11f Check if python-software-properties is defined before attempting to define it. +* 1dcbf3d Add tests for required_packages change +* f3735d2 Allow duplicate $required_packages +* 74c8371 (#12430) Add tests for changes to apt module +* 97ebb2d Test two sources with the same key +* 1160bcd (#12526) Add ability to reverse apt { disable_keys => true } +* 2842d73 Add Modulefile to puppet-apt +* c657742 Allow the use of the same key in multiple sources +* 8c27963 (#12522) Adding purge option to apt class +* 997c9fd (#12529) Add unit test for apt proxy settings +* 50f3cca (#12529) Add parameter to support setting a proxy for apt +* d522877 (#12094) Replace chained .with_* with a hash +* 8cf1bd0 (#12094) Remove deprecated spec.opts file +* 2d688f4 (#12094) Add rspec-puppet tests for apt +* 0fb5f78 (#12094) Replace name with path in file resources +* f759bc0 (#11953) Apt::force passes $version to aptitude +* f71db53 (#11413) Add spec test for apt::force to verify changes to unless +* 2f5d317 (#11413) Update dpkg query used by apt::force +* cf6caa1 (#10451) Add test coverage to apt::ppa +* 0dd697d include_src parameter in example; Whitespace cleanup +* b662eb8 fix typos in "repositories" +* 1be7457 Fix (#10451) - apt::ppa fails to "apt-get update" when new PPA source is added +* 864302a Set the pin priority before adding the source (Fix #10449) +* 1de4e0a Refactored as per mlitteken +* 1af9a13 Added some crazy bash madness to check if the ppa is installed already. Otherwise the manifest tries to add it on every run! +* 52ca73e (#8720) Replace Apt::Ppa with Apt::Builddep +* 5c05fa0 added builddep command. +* a11af50 added the ability to specify the content of a key +* c42db0f Fixes ppa test. +* 77d2b0d reformatted whitespace to match recommended style of 2 space indentation. +* 27ebdfc ignore swap files. +* 377d58a added smoke tests for module. +* 18f614b reformatted apt::ppa according to recommended style. +* d8a1e4e Created a params class to hold global data. +* 636ae85 Added two params for apt class +* 148fc73 Update LICENSE. +* ed2d19e Support ability to add more than one PPA +* 420d537 Add call to apt-update after add-apt-repository in apt::ppa +* 945be77 Add package definition for python-software-properties +* 71fc425 Abs paths for all commands +* 9d51cd1 Adding LICENSE +* 71796e3 Heading fix in README +* 87777d8 Typo in README +* f848bac First commit + +[5.0.1]:https://github.com/puppetlabs/puppetlabs-apt/compare/5.0.0...5.0.1 +[5.0.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.5.1...5.0.0 +[4.5.1]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.5.0...4.5.1 +[4.5.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.4.1...4.5.0 +[4.4.1]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.4.0...4.4.1 +[4.4.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.3.0...4.4.0 +[4.3.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.2.0...4.3.0 +[4.2.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/4.1.0...4.2.0
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/LICENSE Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/MAINTAINERS.md Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,6 @@ +## Maintenance + +Maintainers: + - Puppet Forge Modules Team `forge-modules |at| puppet |dot| com` + +Tickets: https://tickets.puppet.com/browse/MODULES. Make sure to set component to `apt`.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/NOTICE Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,37 @@ +Puppet Module - puppetlabs-apt + +Copyright 2017 Puppet, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + + + +Copyright (c) 2011 Evolving Web Inc. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/README.md Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,337 @@ +# apt + +#### Table of Contents + +1. [Module Description - What the module does and why it is useful](#module-description) +1. [Setup - The basics of getting started with apt](#setup) + * [What apt affects](#what-apt-affects) + * [Beginning with apt](#beginning-with-apt) +1. [Usage - Configuration options and additional functionality](#usage) + * [Add GPG keys](#add-gpg-keys) + * [Prioritize backports](#prioritize-backports) + * [Update the list of packages](#update-the-list-of-packages) + * [Pin a specific release](#pin-a-specific-release) + * [Add a Personal Package Archive repository](#add-a-personal-package-archive-repository) + * [Configure Apt from Hiera](#configure-apt-from-hiera) + * [Replace the default sources.list file](#replace-the-default-sourceslist-file) +1. [Reference - An under-the-hood peek at what the module is doing and how](#reference) +1. [Limitations - OS compatibility, etc.](#limitations) +1. [Development - Guide for contributing to the module](#development) + +<a id="module-description"></a> + +## Module Description + +The apt module lets you use Puppet to manage APT (Advanced Package Tool) sources, keys, and other configuration options. + +APT is a package manager available on Debian, Ubuntu, and several other operating systems. The apt module provides a series of classes, defines, types, and facts to help you automate APT package management. + +**Note**: Prior to Puppet 7, for this module to correctly autodetect which version of +Debian/Ubuntu (or derivative) you're running, you need to make sure the `lsb-release` package is +installed. With Puppet 7 the `lsb-release` package is not needed. + +<a id="setup"></a> + +## Setup + +<a id="what-apt-affects"></a> + +### What apt affects + +* Your system's `preferences` file and `preferences.d` directory +* Your system's `sources.list` file and `sources.list.d` directory +* Your system's `apt.conf.d` directory +* System repositories +* Authentication keys + +**Note:** This module offers `purge` parameters which, if set to `true`, **destroy** any configuration on the node's `sources.list(.d)`, `preferences(.d)` and `apt.conf.d` that you haven't declared through Puppet. The default for these parameters is `false`. + +<a id="beginning-with-apt"></a> + +### Beginning with apt + +To use the apt module with default parameters, declare the `apt` class. + +```puppet +include apt +``` + +**Note:** The main `apt` class is required by all other classes, types, and defined types in this module. You must declare it whenever you use the module. + +<a id="usage"></a> + +## Usage + +<a id="add-gpg-keys"></a> + +### Add GPG keys + +**Warning:** Using short key IDs presents a serious security issue, potentially leaving you open to collision attacks. We recommend you always use full fingerprints to identify your GPG keys. This module allows short keys, but issues a security warning if you use them. + +Declare the `apt::key` defined type: + +```puppet +apt::key { 'puppetlabs': + id => '6F6B15509CF8E59E6E469F327F438280EF8D349F', + server => 'pgp.mit.edu', + options => 'http-proxy="http://proxyuser:proxypass@example.org:3128"', +} +``` + +<a id="prioritize-backports"></a> + +### Prioritize backports + +```puppet +class { 'apt::backports': + pin => 500, +} +``` + +By default, the `apt::backports` class drops a pin file for backports, pinning it to a priority of 200. This is lower than the normal default of 500, so packages with `ensure => latest` don't get upgraded from backports without your explicit permission. + +If you raise the priority through the `pin` parameter to 500, normal policy goes into effect and Apt installs or upgrades to the newest version. This means that if a package is available from backports, it and its dependencies are pulled in from backports unless you explicitly set the `ensure` attribute of the `package` resource to `installed`/`present` or a specific version. + +<a id="update-the-list-of-packages"></a> + +### Update the list of packages + +By default, Puppet runs `apt-get update` on the first Puppet run after you include the `apt` class, and anytime `notify => Exec['apt_update']` occurs; i.e., whenever config files get updated or other relevant changes occur. If you set `update['frequency']` to 'always', the update runs on every Puppet run. You can also set `update['frequency']` to 'daily' or 'weekly': + +```puppet +class { 'apt': + update => { + frequency => 'daily', + }, +} +``` + +When `Exec['apt_update']` is triggered, it generates a `notice`-level message. Because the default [logging level for agents](https://puppet.com/docs/puppet/latest/configuration.html#loglevel) is `notice`, this causes the repository update to appear in agent logs. To silence these updates from the default log output, set the [loglevel](https://puppet.com/docs/puppet/latest/metaparameter.html#loglevel) metaparameter for `Exec['apt_update']` above the agent logging level: + +```puppet +class { 'apt': + update => { + frequency => 'daily', + loglevel => 'debug', + }, +} +``` + +> **NOTE:** Every `Exec['apt_update']` run will generate a corrective change, even if the apt caches are not updated. For example, setting an update frequency of `always` can result in every Puppet run resulting in a corrective change. This is a known issue. For details, see [MODULES-10763](https://tickets.puppetlabs.com/browse/MODULES-10763). + +<a id="pin-a-specific-release"></a> + +### Pin a specific release + +```puppet +apt::pin { 'karmic': priority => 700 } +apt::pin { 'karmic-updates': priority => 700 } +apt::pin { 'karmic-security': priority => 700 } +``` + +You can also specify more complex pins using distribution properties: + +```puppet +apt::pin { 'stable': + priority => -10, + originator => 'Debian', + release_version => '3.0', + component => 'main', + label => 'Debian' +} +``` + +To pin multiple packages, pass them to the `packages` parameter as an array or a space-delimited string. + +<a id="add-a-personal-package-archive-repository"></a> + +### Add a Personal Package Archive (PPA) repository + +```puppet +apt::ppa { 'ppa:drizzle-developers/ppa': } +``` + +### Add an Apt source to `/etc/apt/sources.list.d/` + +```puppet +apt::source { 'debian_unstable': + comment => 'This is the iWeb Debian unstable mirror', + location => 'http://debian.mirror.iweb.ca/debian/', + release => 'unstable', + repos => 'main contrib non-free', + pin => '-10', + key => { + 'id' => 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553', + 'server' => 'subkeys.pgp.net', + }, + include => { + 'src' => true, + 'deb' => true, + }, +} +``` + +To use the Puppet Apt repository as a source: + +```puppet +apt::source { 'puppetlabs': + location => 'http://apt.puppetlabs.com', + repos => 'main', + key => { + 'id' => '6F6B15509CF8E59E6E469F327F438280EF8D349F', + 'server' => 'pgp.mit.edu', + }, +} +``` + +<a id="configure-apt-from-hiera"></a> + +### Configure Apt from Hiera + +Instead of specifying your sources directly as resources, you can instead just include the `apt` class, which will pick up the values automatically from hiera. + +```yaml +apt::sources: + 'debian_unstable': + comment: 'This is the iWeb Debian unstable mirror' + location: 'http://debian.mirror.iweb.ca/debian/' + release: 'unstable' + repos: 'main contrib non-free' + pin: '-10' + key: + id: 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553' + server: 'subkeys.pgp.net' + include: + src: true + deb: true + + 'puppetlabs': + location: 'http://apt.puppetlabs.com' + repos: 'main' + key: + id: '6F6B15509CF8E59E6E469F327F438280EF8D349F' + server: 'pgp.mit.edu' +``` + +<a id="replace-the-default-sourceslist-file"></a> + +### Replace the default `sources.list` file + +The following example replaces the default `/etc/apt/sources.list`. Along with this code, be sure to use the `purge` parameter, or you might get duplicate source warnings when running Apt. + +```puppet +apt::source { "archive.ubuntu.com-${facts['os']['distro']['codename']}": + location => 'http://archive.ubuntu.com/ubuntu', + key => '630239CC130E1A7FD81A27B140976EAF437D05B5', + repos => 'main universe multiverse restricted', +} + +apt::source { "archive.ubuntu.com-${facts['os']['distro']['codename']}-security": + location => 'http://archive.ubuntu.com/ubuntu', + key => '630239CC130E1A7FD81A27B140976EAF437D05B5', + repos => 'main universe multiverse restricted', + release => "${facts['os']['distro']['codename']}-security" +} + +apt::source { "archive.ubuntu.com-${facts['os']['distro']['codename']}-updates": + location => 'http://archive.ubuntu.com/ubuntu', + key => '630239CC130E1A7FD81A27B140976EAF437D05B5', + repos => 'main universe multiverse restricted', + release => "${facts['os']['distro']['codename']}-updates" +} + +apt::source { "archive.ubuntu.com-${facts['os']['distro']['codename']}-backports": + location => 'http://archive.ubuntu.com/ubuntu', + key => '630239CC130E1A7FD81A27B140976EAF437D05B5', + repos => 'main universe multiverse restricted', + release => "${facts['os']['distro']['codename']}-backports" +} +``` + +### Manage login configuration settings for an APT source or proxy in `/etc/apt/auth.conf` + +Starting with APT version 1.5, you can define login configuration settings, such as +username and password, for APT sources or proxies that require authentication +in the `/etc/apt/auth.conf` file. This is preferable to embedding login +information directly in `source.list` entries, which are usually world-readable. + +The `/etc/apt/auth.conf` file follows the format of netrc (used by ftp or +curl) and has restrictive file permissions. See [here](https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html) for details. + +Use the optional `apt::auth_conf_entries` parameter to specify an array of hashes containing login configuration settings. These hashes may only contain the `machine`, `login` and `password` keys. + +```puppet +class { 'apt': + auth_conf_entries => [ + { + 'machine' => 'apt-proxy.example.net', + 'login' => 'proxylogin', + 'password' => 'proxypassword', + }, + { + 'machine' => 'apt.example.com/ubuntu', + 'login' => 'reader', + 'password' => 'supersecret', + }, + ], +} +``` + +<a id="reference"></a> + +## Reference + +### Facts + +* `apt_updates`: The number of installed packages with available updates from `upgrade`. + +* `apt_dist_updates`: The number of installed packages with available updates from `dist-upgrade`. + +* `apt_security_updates`: The number of installed packages with available security updates from `upgrade`. + +* `apt_security_dist_updates`: The number of installed packages with available security updates from `dist-upgrade`. + +* `apt_package_updates`: The names of all installed packages with available updates from `upgrade`. In Facter 2.0 and later this data is formatted as an array; in earlier versions it is a comma-delimited string. + +* `apt_package_dist_updates`: The names of all installed packages with available updates from `dist-upgrade`. In Facter 2.0 and later this data is formatted as an array; in earlier versions it is a comma-delimited string. + +* `apt_update_last_success`: The date, in epochtime, of the most recent successful `apt-get update` run (based on the mtime of /var/lib/apt/periodic/update-success-stamp). + +* `apt_reboot_required`: Determines if a reboot is necessary after updates have been installed. + +### More Information + +See [REFERENCE.md](https://github.com/puppetlabs/puppetlabs-apt/blob/main/REFERENCE.md) for all other reference documentation. + +<a id="limitations"></a> + +## Limitations + +This module is not designed to be split across [run stages](https://docs.puppetlabs.com/puppet/latest/reference/lang_run_stages.html). + +For an extensive list of supported operating systems, see [metadata.json](https://github.com/puppetlabs/puppetlabs-apt/blob/main/metadata.json) + +### Adding new sources or PPAs + +If you are adding a new source or PPA and trying to install packages from the new source or PPA on the same Puppet run, your `package` resource should depend on `Class['apt::update']`, as well as depending on the `Apt::Source` or the `Apt::Ppa`. You can also add [collectors](https://docs.puppetlabs.com/puppet/latest/reference/lang_collectors.html) to ensure that all packages happen after `apt::update`, but this can lead to dependency cycles and has implications for [virtual resources](https://docs.puppetlabs.com/puppet/latest/reference/lang_collectors.html#behavior). Before running the command below, ensure that all packages have the provider set to apt. + +```puppet +Class['apt::update'] -> Package <| provider == 'apt' |> +``` + +## Development + +Acceptance tests for this module leverage [puppet_litmus](https://github.com/puppetlabs/puppet_litmus). +To run the acceptance tests follow the instructions [here](https://puppetlabs.github.io/litmus/Running-acceptance-tests.html). +You can also find a tutorial and walkthrough of using Litmus and the PDK on [YouTube](https://www.youtube.com/watch?v=FYfR7ZEGHoE). + +If you run into an issue with this module, or if you would like to request a feature, please [file a ticket](https://tickets.puppetlabs.com/browse/MODULES/). +Every Monday the Puppet IA Content Team has [office hours](https://puppet.com/community/office-hours) in the [Puppet Community Slack](http://slack.puppet.com/), alternating between an EMEA friendly time (1300 UTC) and an Americas friendly time (0900 Pacific, 1700 UTC). + +If you have problems getting this module up and running, please [contact Support](http://puppetlabs.com/services/customer-support). + +If you submit a change to this module, be sure to regenerate the reference documentation as follows: + +```bash +puppet strings generate --format markdown --out REFERENCE.md +```
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/REFERENCE.md Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,1198 @@ +# Reference + +<!-- DO NOT EDIT: This document was generated by Puppet Strings --> + +## Table of Contents + +### Classes + +#### Public Classes + +* [`apt`](#apt): Main class, includes all other classes. +* [`apt::backports`](#aptbackports): Manages backports. + +#### Private Classes + +* `apt::params`: Provides defaults for the Apt module parameters. +* `apt::update`: Updates the list of available packages using apt-get update. + +### Defined types + +* [`apt::conf`](#aptconf): Specifies a custom Apt configuration file. +* [`apt::key`](#aptkey): Manages the GPG keys that Apt uses to authenticate packages. +* [`apt::mark`](#aptmark): Manages apt-mark settings +* [`apt::pin`](#aptpin): Manages Apt pins. Does not trigger an apt-get update run. +* [`apt::ppa`](#aptppa): Manages PPA repositories using `add-apt-repository`. Not supported on Debian. +* [`apt::setting`](#aptsetting): Manages Apt configuration files. +* [`apt::source`](#aptsource): Manages the Apt sources in /etc/apt/sources.list.d/. + +### Resource types + +#### Public Resource types + + +#### Private Resource types + +* `apt_key`: This type provides Puppet with the capabilities to manage GPG keys needed +by apt to perform package validation. Apt has it's own GPG keyring that can +be manipulated through the `apt-key` command. + +### Data types + +* [`Apt::Auth_conf_entry`](#aptauth_conf_entry): Login configuration settings that are recorded in the file `/etc/apt/auth.conf`. +* [`Apt::Proxy`](#aptproxy): Configures Apt to connect to a proxy server. +* [`Apt::Proxy_Per_Host`](#aptproxy_per_host): Adds per-host overrides to the system default APT proxy configuration + +### Tasks + +* [`init`](#init): Allows you to perform apt functions + +## Classes + +### <a name="apt"></a>`apt` + +Main class, includes all other classes. + +* **See also** + * https://docs.puppetlabs.com/references/latest/function.html#createresources + * for the create resource function + +#### Parameters + +The following parameters are available in the `apt` class: + +* [`provider`](#provider) +* [`keyserver`](#keyserver) +* [`key_options`](#key_options) +* [`ppa_options`](#ppa_options) +* [`ppa_package`](#ppa_package) +* [`backports`](#backports) +* [`confs`](#confs) +* [`update`](#update) +* [`purge`](#purge) +* [`proxy`](#proxy) +* [`sources`](#sources) +* [`keys`](#keys) +* [`ppas`](#ppas) +* [`pins`](#pins) +* [`settings`](#settings) +* [`manage_auth_conf`](#manage_auth_conf) +* [`auth_conf_entries`](#auth_conf_entries) +* [`auth_conf_owner`](#auth_conf_owner) +* [`root`](#root) +* [`sources_list`](#sources_list) +* [`sources_list_d`](#sources_list_d) +* [`conf_d`](#conf_d) +* [`preferences`](#preferences) +* [`preferences_d`](#preferences_d) +* [`config_files`](#config_files) +* [`sources_list_force`](#sources_list_force) +* [`update_defaults`](#update_defaults) +* [`purge_defaults`](#purge_defaults) +* [`proxy_defaults`](#proxy_defaults) +* [`include_defaults`](#include_defaults) +* [`apt_conf_d`](#apt_conf_d) +* [`source_key_defaults`](#source_key_defaults) + +##### <a name="provider"></a>`provider` + +Data type: `String` + +Specifies the provider that should be used by apt::update. + +Default value: `$apt::params::provider` + +##### <a name="keyserver"></a>`keyserver` + +Data type: `String` + +Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://, or +hkp://). + +Default value: `$apt::params::keyserver` + +##### <a name="key_options"></a>`key_options` + +Data type: `Optional[String]` + +Specifies the default options for apt::key resources. + +Default value: `$apt::params::key_options` + +##### <a name="ppa_options"></a>`ppa_options` + +Data type: `Optional[String]` + +Supplies options to be passed to the `add-apt-repository` command. + +Default value: `$apt::params::ppa_options` + +##### <a name="ppa_package"></a>`ppa_package` + +Data type: `Optional[String]` + +Names the package that provides the `apt-add-repository` command. + +Default value: `$apt::params::ppa_package` + +##### <a name="backports"></a>`backports` + +Data type: `Optional[Hash]` + +Specifies some of the default parameters used by apt::backports. Valid options: a hash made up from the following keys: + +Options: + +* **:location** `String`: See apt::backports for documentation. +* **:repos** `String`: See apt::backports for documentation. +* **:key** `String`: See apt::backports for documentation. + +Default value: `$apt::params::backports` + +##### <a name="confs"></a>`confs` + +Data type: `Hash` + +Creates new `apt::conf` resources. Valid options: a hash to be passed to the create_resources function linked above. + +Default value: `$apt::params::confs` + +##### <a name="update"></a>`update` + +Data type: `Hash` + +Configures various update settings. Valid options: a hash made up from the following keys: + +Options: + +* **:frequency** `String`: Specifies how often to run `apt-get update`. If the exec resource `apt_update` is notified, `apt-get update` runs regardless of this value. +Valid options: 'always' (at every Puppet run); 'daily' (if the value of `apt_update_last_success` is less than current epoch time minus 86400); +'weekly' (if the value of `apt_update_last_success` is less than current epoch time minus 604800); and 'reluctantly' (only if the exec resource +`apt_update` is notified). Default: 'reluctantly'. +* **:loglevel** `Integer`: Specifies the log level of logs outputted to the console. Default: undef. +* **:timeout** `Integer`: Specifies how long to wait for the update to complete before canceling it. Valid options: an integer, in seconds. Default: undef. +* **:tries** `Integer`: Specifies how many times to retry the update after receiving a DNS or HTTP error. Default: undef. + +Default value: `$apt::params::update` + +##### <a name="purge"></a>`purge` + +Data type: `Hash` + +Specifies whether to purge any existing settings that aren't managed by Puppet. Valid options: a hash made up from the following keys: + +Options: + +* **:sources.list** `Boolean`: Specifies whether to purge any unmanaged entries from sources.list. Default false. +* **:sources.list.d** `Boolean`: Specifies whether to purge any unmanaged entries from sources.list.d. Default false. +* **:preferences** `Boolean`: Specifies whether to purge any unmanaged entries from preferences. Default false. +* **:preferences.d.** `Boolean`: Specifies whether to purge any unmanaged entries from preferences.d. Default false. + +Default value: `$apt::params::purge` + +##### <a name="proxy"></a>`proxy` + +Data type: `Apt::Proxy` + +Configures Apt to connect to a proxy server. Valid options: a hash matching the locally defined type apt::proxy. + +Default value: `$apt::params::proxy` + +##### <a name="sources"></a>`sources` + +Data type: `Hash` + +Creates new `apt::source` resources. Valid options: a hash to be passed to the create_resources function linked above. + +Default value: `$apt::params::sources` + +##### <a name="keys"></a>`keys` + +Data type: `Hash` + +Creates new `apt::key` resources. Valid options: a hash to be passed to the create_resources function linked above. + +Default value: `$apt::params::keys` + +##### <a name="ppas"></a>`ppas` + +Data type: `Hash` + +Creates new `apt::ppa` resources. Valid options: a hash to be passed to the create_resources function linked above. + +Default value: `$apt::params::ppas` + +##### <a name="pins"></a>`pins` + +Data type: `Hash` + +Creates new `apt::pin` resources. Valid options: a hash to be passed to the create_resources function linked above. + +Default value: `$apt::params::pins` + +##### <a name="settings"></a>`settings` + +Data type: `Hash` + +Creates new `apt::setting` resources. Valid options: a hash to be passed to the create_resources function linked above. + +Default value: `$apt::params::settings` + +##### <a name="manage_auth_conf"></a>`manage_auth_conf` + +Data type: `Boolean` + +Specifies whether to manage the /etc/apt/auth.conf file. When true, the file will be overwritten with the entries specified in +the auth_conf_entries parameter. When false, the file will be ignored (note that this does not set the file to absent. + +Default value: `$apt::params::manage_auth_conf` + +##### <a name="auth_conf_entries"></a>`auth_conf_entries` + +Data type: `Array[Apt::Auth_conf_entry]` + +An optional array of login configuration settings (hashes) that are recorded in the file /etc/apt/auth.conf. This file has a netrc-like +format (similar to what curl uses) and contains the login configuration for APT sources and proxies that require authentication. See +https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html for details. If specified each hash must contain the keys machine, login and +password and no others. Specifying manage_auth_conf and not specifying this parameter will set /etc/apt/auth.conf to absent. + +Default value: `$apt::params::auth_conf_entries` + +##### <a name="auth_conf_owner"></a>`auth_conf_owner` + +Data type: `String` + +The owner of the file /etc/apt/auth.conf. Default: '_apt' or 'root' on old releases. + +Default value: `$apt::params::auth_conf_owner` + +##### <a name="root"></a>`root` + +Data type: `String` + +Specifies root directory of Apt executable. + +Default value: `$apt::params::root` + +##### <a name="sources_list"></a>`sources_list` + +Data type: `String` + +Specifies the path of the sources_list file to use. + +Default value: `$apt::params::sources_list` + +##### <a name="sources_list_d"></a>`sources_list_d` + +Data type: `String` + +Specifies the path of the sources_list.d file to use. + +Default value: `$apt::params::sources_list_d` + +##### <a name="conf_d"></a>`conf_d` + +Data type: `String` + +Specifies the path of the conf.d file to use. + +Default value: `$apt::params::conf_d` + +##### <a name="preferences"></a>`preferences` + +Data type: `String` + +Specifies the path of the preferences file to use. + +Default value: `$apt::params::preferences` + +##### <a name="preferences_d"></a>`preferences_d` + +Data type: `String` + +Specifies the path of the preferences.d file to use. + +Default value: `$apt::params::preferences_d` + +##### <a name="config_files"></a>`config_files` + +Data type: `Hash` + +A hash made up of the various configuration files used by Apt. + +Default value: `$apt::params::config_files` + +##### <a name="sources_list_force"></a>`sources_list_force` + +Data type: `Boolean` + +Specifies whether to perform force purge or delete. Default false. + +Default value: `$apt::params::sources_list_force` + +##### <a name="update_defaults"></a>`update_defaults` + +Data type: `Hash` + + + +Default value: `$apt::params::update_defaults` + +##### <a name="purge_defaults"></a>`purge_defaults` + +Data type: `Hash` + + + +Default value: `$apt::params::purge_defaults` + +##### <a name="proxy_defaults"></a>`proxy_defaults` + +Data type: `Hash` + + + +Default value: `$apt::params::proxy_defaults` + +##### <a name="include_defaults"></a>`include_defaults` + +Data type: `Hash` + + + +Default value: `$apt::params::include_defaults` + +##### <a name="apt_conf_d"></a>`apt_conf_d` + +Data type: `String` + + + +Default value: `$apt::params::apt_conf_d` + +##### <a name="source_key_defaults"></a>`source_key_defaults` + +Data type: `Hash` + + + +Default value: `{ + 'server' => $keyserver, + 'options' => undef, + 'content' => undef, + 'source' => undef, + }` + +### <a name="aptbackports"></a>`apt::backports` + +Manages backports. + +#### Examples + +##### Set up a backport source for Linux Mint qiana + +```puppet +class { 'apt::backports': + location => 'http://us.archive.ubuntu.com/ubuntu', + release => 'trusty-backports', + repos => 'main universe multiverse restricted', + key => { + id => '630239CC130E1A7FD81A27B140976EAF437D05B5', + server => 'keyserver.ubuntu.com', + }, +} +``` + +#### Parameters + +The following parameters are available in the `apt::backports` class: + +* [`location`](#location) +* [`release`](#release) +* [`repos`](#repos) +* [`key`](#key) +* [`pin`](#pin) +* [`include`](#include) + +##### <a name="location"></a>`location` + +Data type: `Optional[String]` + +Specifies an Apt repository containing the backports to manage. Valid options: a string containing a URL. Default value for Debian and +Ubuntu varies: + +- Debian: 'http://deb.debian.org/debian' + +- Ubuntu: 'http://archive.ubuntu.com/ubuntu' + +Default value: ``undef`` + +##### <a name="release"></a>`release` + +Data type: `Optional[String]` + +Specifies a distribution of the Apt repository containing the backports to manage. Used in populating the `source.list` configuration file. +Default: on Debian and Ubuntu, `${facts['os']['distro']['codename']}-backports`. We recommend keeping this default, except on other operating +systems. + +Default value: ``undef`` + +##### <a name="repos"></a>`repos` + +Data type: `Optional[String]` + +Specifies a component of the Apt repository containing the backports to manage. Used in populating the `source.list` configuration file. +Default value for Debian and Ubuntu varies: + +- Debian: 'main contrib non-free' + +- Ubuntu: 'main universe multiverse restricted' + +Default value: ``undef`` + +##### <a name="key"></a>`key` + +Data type: `Optional[Variant[String, Hash]]` + +Specifies a key to authenticate the backports. Valid options: a string to be passed to the id parameter of the apt::key defined type, or a +hash of parameter => value pairs to be passed to apt::key's id, server, content, source, and/or options parameters. Default value +for Debian and Ubuntu varies: + +- Debian: 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553' + +- Ubuntu: '630239CC130E1A7FD81A27B140976EAF437D05B5' + +Default value: ``undef`` + +##### <a name="pin"></a>`pin` + +Data type: `Optional[Variant[Integer, String, Hash]]` + +Specifies a pin priority for the backports. Valid options: a number or string to be passed to the `id` parameter of the `apt::pin` defined +type, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corresponding parameters. + +Default value: `200` + +##### <a name="include"></a>`include` + +Data type: `Optional[Variant[Hash]]` + +Specifies whether to include 'deb' or 'src', or both. + +Default value: `{}` + +## Defined types + +### <a name="aptconf"></a>`apt::conf` + +Specifies a custom Apt configuration file. + +#### Parameters + +The following parameters are available in the `apt::conf` defined type: + +* [`content`](#content) +* [`ensure`](#ensure) +* [`priority`](#priority) +* [`notify_update`](#notify_update) + +##### <a name="content"></a>`content` + +Data type: `Optional[String]` + +Required unless `ensure` is set to 'absent'. Directly supplies content for the configuration file. + +Default value: ``undef`` + +##### <a name="ensure"></a>`ensure` + +Data type: `Enum['present', 'absent']` + +Specifies whether the configuration file should exist. Valid options: 'present' and 'absent'. + +Default value: `present` + +##### <a name="priority"></a>`priority` + +Data type: `Variant[String, Integer]` + +Determines the order in which Apt processes the configuration file. Files with lower priority numbers are loaded first. +Valid options: a string containing an integer or an integer. + +Default value: `50` + +##### <a name="notify_update"></a>`notify_update` + +Data type: `Optional[Boolean]` + +Specifies whether to trigger an `apt-get update` run. + +Default value: ``undef`` + +### <a name="aptkey"></a>`apt::key` + +Manages the GPG keys that Apt uses to authenticate packages. + +* **Note** The apt::key defined type makes use of the apt_key type, but includes extra functionality to help prevent duplicate keys. + +#### Examples + +##### Declare Apt key for apt.puppetlabs.com source + +```puppet +apt::key { 'puppetlabs': + id => '6F6B15509CF8E59E6E469F327F438280EF8D349F', + server => 'keyserver.ubuntu.com', + options => 'http-proxy="http://proxyuser:proxypass@example.org:3128"', +} +``` + +#### Parameters + +The following parameters are available in the `apt::key` defined type: + +* [`id`](#id) +* [`ensure`](#ensure) +* [`content`](#content) +* [`source`](#source) +* [`server`](#server) +* [`weak_ssl`](#weak_ssl) +* [`options`](#options) + +##### <a name="id"></a>`id` + +Data type: `Pattern[/\A(0x)?[0-9a-fA-F]{8}\Z/, /\A(0x)?[0-9a-fA-F]{16}\Z/, /\A(0x)?[0-9a-fA-F]{40}\Z/]` + +Specifies a GPG key to authenticate Apt package signatures. Valid options: a string containing a key ID (8 or 16 hexadecimal +characters, optionally prefixed with "0x") or a full key fingerprint (40 hexadecimal characters). + +Default value: `$title` + +##### <a name="ensure"></a>`ensure` + +Data type: `Enum['present', 'absent', 'refreshed']` + +Specifies whether the key should exist. Valid options: 'present', 'absent' or 'refreshed'. Using 'refreshed' will make keys auto +update when they have expired (assuming a new key exists on the key server). + +Default value: `present` + +##### <a name="content"></a>`content` + +Data type: `Optional[String]` + +Supplies the entire GPG key. Useful in case the key can't be fetched from a remote location and using a file resource is inconvenient. + +Default value: ``undef`` + +##### <a name="source"></a>`source` + +Data type: `Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]]` + +Specifies the location of an existing GPG key file to copy. Valid options: a string containing a URL (ftp://, http://, or https://) or +an absolute path. + +Default value: ``undef`` + +##### <a name="server"></a>`server` + +Data type: `Pattern[/\A((hkp|hkps|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?(\/[a-zA-Z\d\-_.]+)*\/?$/]` + +Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://, +hkp:// or hkps://). The hkps:// protocol is currently only supported on Ubuntu 18.04. + +Default value: `$::apt::keyserver` + +##### <a name="weak_ssl"></a>`weak_ssl` + +Data type: `Boolean` + +Specifies whether strict SSL verification on a https URL should be disabled. Valid options: true or false. + +Default value: ``false`` + +##### <a name="options"></a>`options` + +Data type: `Optional[String]` + +Passes additional options to `apt-key adv --keyserver-options`. + +Default value: `$::apt::key_options` + +### <a name="aptmark"></a>`apt::mark` + +Manages apt-mark settings + +#### Parameters + +The following parameters are available in the `apt::mark` defined type: + +* [`setting`](#setting) + +##### <a name="setting"></a>`setting` + +Data type: `Enum['auto','manual','hold','unhold']` + +auto, manual, hold, unhold +specifies the behavior of apt in case of no more dependencies installed +https://manpages.debian.org/stable/apt/apt-mark.8.en.html + +### <a name="aptpin"></a>`apt::pin` + +Manages Apt pins. Does not trigger an apt-get update run. + +* **See also** + * http://linux.die.net/man/5/apt_preferences + * for context on these parameters + +#### Parameters + +The following parameters are available in the `apt::pin` defined type: + +* [`ensure`](#ensure) +* [`explanation`](#explanation) +* [`order`](#order) +* [`packages`](#packages) +* [`priority`](#priority) +* [`release`](#release) +* [`release_version`](#release_version) +* [`component`](#component) +* [`originator`](#originator) +* [`label`](#label) +* [`origin`](#origin) +* [`version`](#version) +* [`codename`](#codename) + +##### <a name="ensure"></a>`ensure` + +Data type: `Optional[Enum['file', 'present', 'absent']]` + +Specifies whether the pin should exist. Valid options: 'file', 'present', and 'absent'. + +Default value: `present` + +##### <a name="explanation"></a>`explanation` + +Data type: `Optional[String]` + +Supplies a comment to explain the pin. Default: "${caller_module_name}: ${name}". + +Default value: ``undef`` + +##### <a name="order"></a>`order` + +Data type: `Variant[Integer]` + +Determines the order in which Apt processes the pin file. Files with lower order numbers are loaded first. + +Default value: `50` + +##### <a name="packages"></a>`packages` + +Data type: `Variant[String, Array]` + +Specifies which package(s) to pin. + +Default value: `'*'` + +##### <a name="priority"></a>`priority` + +Data type: `Variant[Numeric, String]` + +Sets the priority of the package. If multiple versions of a given package are available, `apt-get` installs the one with the highest +priority number (subject to dependency constraints). Valid options: an integer. + +Default value: `0` + +##### <a name="release"></a>`release` + +Data type: `Optional[String]` + +Tells APT to prefer packages that support the specified release. Typical values include 'stable', 'testing', and 'unstable'. + +Default value: `''` + +##### <a name="release_version"></a>`release_version` + +Data type: `Optional[String]` + +Tells APT to prefer packages that support the specified operating system release version (such as Debian release version 7). + +Default value: `''` + +##### <a name="component"></a>`component` + +Data type: `Optional[String]` + +Names the licensing component associated with the packages in the directory tree of the Release file. + +Default value: `''` + +##### <a name="originator"></a>`originator` + +Data type: `Optional[String]` + +Names the originator of the packages in the directory tree of the Release file. + +Default value: `''` + +##### <a name="label"></a>`label` + +Data type: `Optional[String]` + +Names the label of the packages in the directory tree of the Release file. + +Default value: `''` + +##### <a name="origin"></a>`origin` + +Data type: `Optional[String]` + + + +Default value: `''` + +##### <a name="version"></a>`version` + +Data type: `Optional[String]` + + + +Default value: `''` + +##### <a name="codename"></a>`codename` + +Data type: `Optional[String]` + + + +Default value: `''` + +### <a name="aptppa"></a>`apt::ppa` + +Manages PPA repositories using `add-apt-repository`. Not supported on Debian. + +#### Examples + +##### Example declaration of an Apt PPA + +```puppet +apt::ppa{ 'ppa:openstack-ppa/bleeding-edge': } +``` + +#### Parameters + +The following parameters are available in the `apt::ppa` defined type: + +* [`ensure`](#ensure) +* [`options`](#options) +* [`release`](#release) +* [`dist`](#dist) +* [`package_name`](#package_name) +* [`package_manage`](#package_manage) + +##### <a name="ensure"></a>`ensure` + +Data type: `String` + +Specifies whether the PPA should exist. Valid options: 'present' and 'absent'. + +Default value: `'present'` + +##### <a name="options"></a>`options` + +Data type: `Optional[String]` + +Supplies options to be passed to the `add-apt-repository` command. Default: '-y'. + +Default value: `$::apt::ppa_options` + +##### <a name="release"></a>`release` + +Data type: `Optional[String]` + +Specifies the operating system of your node. Valid options: a string containing a valid LSB distribution codename. +Optional if `puppet facts show os.distro.codename` returns your correct distribution release codename. + +Default value: `$facts['os']['distro']['codename']` + +##### <a name="dist"></a>`dist` + +Data type: `Optional[String]` + +Specifies the distribution of your node. Valid options: a string containing a valid distribution codename. +Optional if `puppet facts show os.name` returns your correct distribution name. + +Default value: `$facts['os']['name']` + +##### <a name="package_name"></a>`package_name` + +Data type: `Optional[String]` + +Names the package that provides the `apt-add-repository` command. Default: 'software-properties-common'. + +Default value: `$::apt::ppa_package` + +##### <a name="package_manage"></a>`package_manage` + +Data type: `Boolean` + +Specifies whether Puppet should manage the package that provides `apt-add-repository`. + +Default value: ``false`` + +### <a name="aptsetting"></a>`apt::setting` + +Manages Apt configuration files. + +* **See also** + * https://docs.puppetlabs.com/references/latest/type.html#file-attributes + * for more information on source and content parameters + +#### Parameters + +The following parameters are available in the `apt::setting` defined type: + +* [`priority`](#priority) +* [`ensure`](#ensure) +* [`source`](#source) +* [`content`](#content) +* [`notify_update`](#notify_update) + +##### <a name="priority"></a>`priority` + +Data type: `Variant[String, Integer, Array]` + +Determines the order in which Apt processes the configuration file. Files with higher priority numbers are loaded first. + +Default value: `50` + +##### <a name="ensure"></a>`ensure` + +Data type: `Optional[Enum['file', 'present', 'absent']]` + +Specifies whether the file should exist. Valid options: 'present', 'absent', and 'file'. + +Default value: `file` + +##### <a name="source"></a>`source` + +Data type: `Optional[String]` + +Required, unless `content` is set. Specifies a source file to supply the content of the configuration file. Cannot be used in combination +with `content`. Valid options: see link above for Puppet's native file type source attribute. + +Default value: ``undef`` + +##### <a name="content"></a>`content` + +Data type: `Optional[String]` + +Required, unless `source` is set. Directly supplies content for the configuration file. Cannot be used in combination with `source`. Valid +options: see link above for Puppet's native file type content attribute. + +Default value: ``undef`` + +##### <a name="notify_update"></a>`notify_update` + +Data type: `Boolean` + +Specifies whether to trigger an `apt-get update` run. + +Default value: ``true`` + +### <a name="aptsource"></a>`apt::source` + +Manages the Apt sources in /etc/apt/sources.list.d/. + +#### Examples + +##### Install the puppetlabs apt source + +```puppet +apt::source { 'puppetlabs': + location => 'http://apt.puppetlabs.com', + repos => 'main', + key => { + id => '6F6B15509CF8E59E6E469F327F438280EF8D349F', + server => 'keyserver.ubuntu.com', + }, +} +``` + +#### Parameters + +The following parameters are available in the `apt::source` defined type: + +* [`location`](#location) +* [`comment`](#comment) +* [`ensure`](#ensure) +* [`release`](#release) +* [`repos`](#repos) +* [`include`](#include) +* [`key`](#key) +* [`keyring`](#keyring) +* [`pin`](#pin) +* [`architecture`](#architecture) +* [`allow_unsigned`](#allow_unsigned) +* [`notify_update`](#notify_update) + +##### <a name="location"></a>`location` + +Data type: `Optional[String]` + +Required, unless ensure is set to 'absent'. Specifies an Apt repository. Valid options: a string containing a repository URL. + +Default value: ``undef`` + +##### <a name="comment"></a>`comment` + +Data type: `String` + +Supplies a comment for adding to the Apt source file. + +Default value: `$name` + +##### <a name="ensure"></a>`ensure` + +Data type: `String` + +Specifies whether the Apt source file should exist. Valid options: 'present' and 'absent'. + +Default value: `present` + +##### <a name="release"></a>`release` + +Data type: `Optional[String]` + +Specifies a distribution of the Apt repository. + +Default value: ``undef`` + +##### <a name="repos"></a>`repos` + +Data type: `String` + +Specifies a component of the Apt repository. + +Default value: `'main'` + +##### <a name="include"></a>`include` + +Data type: `Optional[Variant[Hash]]` + +Configures include options. Valid options: a hash of available keys. + +Options: + +* **:deb** `Boolean`: Specifies whether to request the distribution's compiled binaries. Default true. +* **:src** `Boolean`: Specifies whether to request the distribution's uncompiled source code. Default false. + +Default value: `{}` + +##### <a name="key"></a>`key` + +Data type: `Optional[Variant[String, Hash]]` + +Creates a declaration of the apt::key defined type. Valid options: a string to be passed to the `id` parameter of the `apt::key` +defined type, or a hash of `parameter => value` pairs to be passed to `apt::key`'s `id`, `server`, `content`, `source`, `weak_ssl`, +and/or `options` parameters. + +Default value: ``undef`` + +##### <a name="keyring"></a>`keyring` + +Data type: `Optional[Stdlib::AbsolutePath]` + +Absolute path to a file containing the PGP keyring used to sign this repository. Value is used to set signed-by on the source entry. +See https://wiki.debian.org/DebianRepository/UseThirdParty for details. + +Default value: ``undef`` + +##### <a name="pin"></a>`pin` + +Data type: `Optional[Variant[Hash, Numeric, String]]` + +Creates a declaration of the apt::pin defined type. Valid options: a number or string to be passed to the `id` parameter of the +`apt::pin` defined type, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corresponding parameters. + +Default value: ``undef`` + +##### <a name="architecture"></a>`architecture` + +Data type: `Optional[String]` + +Tells Apt to only download information for specified architectures. Valid options: a string containing one or more architecture names, +separated by commas (e.g., 'i386' or 'i386,alpha,powerpc'). Default: undef (if unspecified, Apt downloads information for all architectures +defined in the Apt::Architectures option). + +Default value: ``undef`` + +##### <a name="allow_unsigned"></a>`allow_unsigned` + +Data type: `Boolean` + +Specifies whether to authenticate packages from this release, even if the Release file is not signed or the signature can't be checked. + +Default value: ``false`` + +##### <a name="notify_update"></a>`notify_update` + +Data type: `Boolean` + +Specifies whether to trigger an `apt-get update` run. + +Default value: ``true`` + +## Resource types + +## Data types + +### <a name="aptauth_conf_entry"></a>`Apt::Auth_conf_entry` + +Login configuration settings that are recorded in the file `/etc/apt/auth.conf`. + +* **See also** + * https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html + * for more information + +Alias of + +```puppet +Struct[{ + machine => String[1], + login => String, + password => String + }] +``` + +#### Parameters + +The following parameters are available in the `Apt::Auth_conf_entry` data type: + +* [`machine`](#machine) +* [`login`](#login) +* [`password`](#password) + +##### <a name="machine"></a>`machine` + +Hostname of machine to connect to. + +##### <a name="login"></a>`login` + +Specifies the username to connect with. + +##### <a name="password"></a>`password` + +Specifies the password to connect with. + +### <a name="aptproxy"></a>`Apt::Proxy` + +Configures Apt to connect to a proxy server. + +Alias of + +```puppet +Struct[{ + ensure => Optional[Enum['file', 'present', 'absent']], + host => Optional[String], + port => Optional[Integer[0, 65535]], + https => Optional[Boolean], + https_acng => Optional[Boolean], + direct => Optional[Boolean], + perhost => Optional[Array[Apt::Proxy_Per_Host]], + }] +``` + +#### Parameters + +The following parameters are available in the `Apt::Proxy` data type: + +* [`ensure`](#ensure) +* [`host`](#host) +* [`port`](#port) +* [`https`](#https) +* [`direct`](#direct) + +##### <a name="ensure"></a>`ensure` + +Specifies whether the proxy should exist. Valid options: 'file', 'present', and 'absent'. Prefer 'file' over 'present'. + +##### <a name="host"></a>`host` + +Specifies a proxy host to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: a string containing a hostname. + +##### <a name="port"></a>`port` + +Specifies a proxy port to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: an integer containing a port number. + +##### <a name="https"></a>`https` + +Specifies whether to enable https proxies. + +##### <a name="direct"></a>`direct` + +Specifies whether or not to use a `DIRECT` https proxy if http proxy is used but https is not. + +### <a name="aptproxy_per_host"></a>`Apt::Proxy_Per_Host` + +Adds per-host overrides to the system default APT proxy configuration + +Alias of + +```puppet +Struct[{ + scope => String, + host => Optional[String], + port => Optional[Integer[1, 65535]], + https => Optional[Boolean], + direct => Optional[Boolean], + }] +``` + +#### Parameters + +The following parameters are available in the `Apt::Proxy_Per_Host` data type: + +* [`scope`](#scope) +* [`host`](#host) +* [`port`](#port) +* [`https`](#https) +* [`direct`](#direct) + +##### <a name="scope"></a>`scope` + +Specifies the scope of the override. Valid options: a string containing a hostname. + +##### <a name="host"></a>`host` + +Specifies a proxy host to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: a string containing a hostname. + +##### <a name="port"></a>`port` + +Specifies a proxy port to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: an integer containing a port number. + +##### <a name="https"></a>`https` + +Specifies whether to enable https for this override. + +##### <a name="direct"></a>`direct` + +Specifies whether or not to use a `DIRECT` target to bypass the system default proxy. + +## Tasks + +### <a name="init"></a>`init` + +Allows you to perform apt functions + +**Supports noop?** false + +#### Parameters + +##### `action` + +Data type: `Enum[update, upgrade, dist-upgrade, autoremove]` + +Action to perform +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/data/common.yaml Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,1 @@ +--- {}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/examples/backports.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,11 @@ +# Set up a backport for Linux Mint qiana +class { 'apt': } +class { 'apt::backports': + location => 'http://us.archive.ubuntu.com/ubuntu', + release => 'trusty-backports', + repos => 'main universe multiverse restricted', + key => { + id => '630239CC130E1A7FD81A27B140976EAF437D05B5', + server => 'keyserver.ubuntu.com', + }, +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/examples/builddep.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,3 @@ +package{ 'glusterfs-server': + install_options => 'build-dep', +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/examples/debian_testing.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,18 @@ +package { 'debian-keyring': + ensure => present +} + +package { 'debian-archive-keyring': + ensure => present +} + +apt::source { 'debian_testing': + location => 'http://debian.mirror.iweb.ca/debian/', + release => 'testing', + repos => 'main contrib non-free', + pin => '-10', + key => { + id => 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553', + server => 'subkeys.pgp.net', + }, +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/examples/debian_unstable.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,18 @@ +package { 'debian-keyring': + ensure => present +} + +package { 'debian-archive-keyring': + ensure => present +} + +apt::source { 'debian_unstable': + location => 'http://debian.mirror.iweb.ca/debian/', + release => 'unstable', + repos => 'main contrib non-free', + pin => '-10', + key => { + id => 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553', + server => 'subkeys.pgp.net', + }, +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/examples/disable_keys.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,5 @@ +#Note: This is generally a bad idea. You should not disable verifying repository signatures. +apt::conf { 'unauth': + priority => 99, + content => 'APT::Get::AllowUnauthenticated 1;' +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/examples/fancy_progress.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,4 @@ +apt::conf { 'progressbar': + priority => 99, + content => 'Dpkg::Progress-Fancy "1";', +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/examples/force.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,28 @@ +#if you need to specify a release +$rel_string = '-t <release>' +#else +$rel_string = '' + +#if you need to specify a version +$ensure = '<version>' +#else +$ensure = installed + +#if overwrite existing cfg files +$config_files = '-o Dpkg::Options::="--force-confnew"' +#elsif force use of old files +$config_files = '-o Dpkg::Options::="--force-confold"' +#elsif update only unchanged files +$config_files = '-o Dpkg::Options::="--force-confdef"' +#else +$config_files = '' + +#if install missing configuration files for the package +$config_missing = '-o Dpkg::Options::="--force-confmiss"' +#else +$config_missing = '' + +package { '<package>': + ensure => $ensure, + install_options => "${config_files} ${config_missing} ${rel_string}", +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/examples/hold.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,5 @@ +apt::pin { 'hold-vim': + packages => 'vim', + version => '2:7.4.488-5', + priority => 1001, +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/examples/key.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,6 @@ +# Declare Apt key for apt.puppetlabs.com source +apt::key { 'puppetlabs': + id => 'D6811ED3ADEEB8441AF5AA8F4528B6CD9E61EF26', + server => 'keyserver.ubuntu.com', + options => 'http-proxy="http://proxyuser:proxypass@example.org:3128"', +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/examples/pin.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,5 @@ +# pin a release in apt, useful for unstable repositories +apt::pin { 'foo': + packages => '*', + priority => 0, +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/examples/ppa.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,4 @@ +class { 'apt': } + +# Example declaration of an Apt PPA +apt::ppa{ 'ppa:openstack-ppa/bleeding-edge': }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/examples/release.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,4 @@ +apt::conf { 'release': + content => 'APT::Default-Release "karmic";', + priority => '01', +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/examples/source.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,35 @@ +# Declare the apt class to manage /etc/apt/sources.list and /etc/sources.list.d +class { 'apt': } + +# Install the puppetlabs apt source +# Release is automatically obtained from facts. +apt::source { 'puppetlabs': + location => 'http://apt.puppetlabs.com', + repos => 'main', + key => { + id => '6F6B15509CF8E59E6E469F327F438280EF8D349F', + server => 'keyserver.ubuntu.com', + }, +} + +# test two sources with the same key +apt::source { 'debian_testing': + location => 'http://debian.mirror.iweb.ca/debian/', + release => 'testing', + repos => 'main contrib non-free', + key => { + id => 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553', + server => 'keyserver.ubuntu.com', + }, + pin => '-10', +} +apt::source { 'debian_unstable': + location => 'http://debian.mirror.iweb.ca/debian/', + release => 'unstable', + repos => 'main contrib non-free', + key => { + id => 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553', + server => 'keyserver.ubuntu.com', + }, + pin => '-10', +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/examples/unattended_upgrades.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,1 @@ +# TODO
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/hiera.yaml Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,21 @@ +--- +version: 5 + +defaults: # Used for any hierarchy level that omits these keys. + datadir: data # This path is relative to hiera.yaml's directory. + data_hash: yaml_data # Use the built-in YAML backend. + +hierarchy: + - name: "osfamily/major release" + paths: + # Used to distinguish between Debian and Ubuntu + - "os/%{facts.os.name}/%{facts.os.release.major}.yaml" + - "os/%{facts.os.family}/%{facts.os.release.major}.yaml" + # Used for Solaris + - "os/%{facts.os.family}/%{facts.kernelrelease}.yaml" + - name: "osfamily" + paths: + - "os/%{facts.os.name}.yaml" + - "os/%{facts.os.family}.yaml" + - name: 'common' + path: 'common.yaml'
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/lib/facter/apt_reboot_required.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +# apt_reboot_required.rb +Facter.add(:apt_reboot_required) do + confine osfamily: 'Debian' + setcode do + File.file?('/var/run/reboot-required') + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/lib/facter/apt_update_last_success.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,18 @@ +# frozen_string_literal: true + +require 'facter' + +# This is derived from the file /var/lib/apt/periodic/update-success-stamp +# This is generated upon a successful apt-get update run natively in ubuntu. +# the Puppetlabs-apt module deploys this same functionality for other debian-ish OSes +Facter.add('apt_update_last_success') do + confine osfamily: 'Debian' + setcode do + if File.exist?('/var/lib/apt/periodic/update-success-stamp') + # get epoch time + File.mtime('/var/lib/apt/periodic/update-success-stamp').to_i + else + -1 + end + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/lib/facter/apt_updates.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,108 @@ +# frozen_string_literal: true + +apt_package_updates = nil +apt_dist_updates = nil + +# Executes the upgrading of packages +# @param +# upgrade_option Type of upgrade passed into apt-get command arguments i.e. 'upgrade' or 'dist-upgrade' +def get_updates(upgrade_option) + apt_updates = nil + if File.executable?('/usr/bin/apt-get') + apt_get_result = Facter::Util::Resolution.exec("/usr/bin/apt-get -s -o Debug::NoLocking=true #{upgrade_option} 2>&1") + unless apt_get_result.nil? + apt_updates = [[], []] + apt_get_result.each_line do |line| + next unless %r{^Inst\s}.match?(line) + package = line.gsub(%r{^Inst\s([^\s]+)\s.*}, '\1').strip + apt_updates[0].push(package) + security_matches = [ + %r{ Debian-Security:}, + %r{ Ubuntu[^\s]+-security[, ]}, + %r{ gNewSense[^\s]+-security[, ]}, + ] + re = Regexp.union(security_matches) + if line.match(re) + apt_updates[1].push(package) + end + end + end + end + apt_updates +end + +Facter.add('apt_has_updates') do + confine osfamily: 'Debian' + setcode do + apt_package_updates = get_updates('upgrade') + if !apt_package_updates.nil? && apt_package_updates.length == 2 + apt_package_updates != [[], []] + end + end +end + +Facter.add('apt_has_dist_updates') do + confine osfamily: 'Debian' + setcode do + apt_dist_updates = get_updates('dist-upgrade') + if !apt_dist_updates.nil? && apt_dist_updates.length == 2 + apt_dist_updates != [[], []] + end + end +end + +Facter.add('apt_package_updates') do + confine apt_has_updates: true + setcode do + apt_package_updates[0] + end +end + +Facter.add('apt_package_dist_updates') do + confine apt_has_dist_updates: true + setcode do + apt_dist_updates[0] + end +end + +Facter.add('apt_package_security_updates') do + confine apt_has_updates: true + setcode do + apt_package_updates[1] + end +end + +Facter.add('apt_package_security_dist_updates') do + confine apt_has_dist_updates: true + setcode do + apt_dist_updates[1] + end +end + +Facter.add('apt_updates') do + confine apt_has_updates: true + setcode do + Integer(apt_package_updates[0].length) + end +end + +Facter.add('apt_dist_updates') do + confine apt_has_dist_updates: true + setcode do + Integer(apt_dist_updates[0].length) + end +end + +Facter.add('apt_security_updates') do + confine apt_has_updates: true + setcode do + Integer(apt_package_updates[1].length) + end +end + +Facter.add('apt_security_dist_updates') do + confine apt_has_dist_updates: true + setcode do + Integer(apt_dist_updates[1].length) + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/lib/puppet/provider/apt_key/apt_key.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,231 @@ +# frozen_string_literal: true + +require 'open-uri' +require 'net/ftp' +require 'tempfile' + +Puppet::Type.type(:apt_key).provide(:apt_key) do + desc 'apt-key provider for apt_key resource' + + confine osfamily: :debian + defaultfor osfamily: :debian + commands apt_key: 'apt-key' + commands gpg: '/usr/bin/gpg' + + def self.instances + cli_args = ['adv', '--no-tty', '--list-keys', '--with-colons', '--fingerprint', '--fixed-list-mode'] + + key_output = apt_key(cli_args).encode('UTF-8', 'binary', invalid: :replace, undef: :replace, replace: '') + + pub_line, sub_line, fpr_line = nil + + key_array = key_output.split("\n").map do |line| + if line.start_with?('pub') + pub_line = line + # reset fpr_line, to skip any previous subkeys which were collected + fpr_line = nil + sub_line = nil + elsif line.start_with?('sub') + sub_line = line + elsif line.start_with?('fpr') + fpr_line = line + end + + if sub_line && fpr_line + sub_line, fpr_line = nil + next + end + + next unless pub_line && fpr_line + + line_hash = key_line_hash(pub_line, fpr_line) + + # reset everything + pub_line, fpr_line = nil + + expired = false + + if line_hash[:key_expiry] + expired = Time.now >= line_hash[:key_expiry] + end + + new( + name: line_hash[:key_fingerprint], + id: line_hash[:key_long], + fingerprint: line_hash[:key_fingerprint], + short: line_hash[:key_short], + long: line_hash[:key_long], + ensure: :present, + expired: expired, + expiry: line_hash[:key_expiry].nil? ? nil : line_hash[:key_expiry].strftime('%Y-%m-%d'), + size: line_hash[:key_size], + type: line_hash[:key_type], + created: line_hash[:key_created].strftime('%Y-%m-%d'), + ) + end + key_array.compact! + end + + def self.prefetch(resources) + apt_keys = instances + resources.each_key do |name| + if name.length == 40 + provider = apt_keys.find { |key| key.fingerprint == name } + resources[name].provider = provider if provider + elsif name.length == 16 + provider = apt_keys.find { |key| key.long == name } + resources[name].provider = provider if provider + elsif name.length == 8 + provider = apt_keys.find { |key| key.short == name } + resources[name].provider = provider if provider + end + end + end + + def self.key_line_hash(pub_line, fpr_line) + pub_split = pub_line.split(':') + fpr_split = fpr_line.split(':') + + fingerprint = fpr_split.last + return_hash = { + key_fingerprint: fingerprint, + key_long: fingerprint[-16..-1], # last 16 characters of fingerprint + key_short: fingerprint[-8..-1], # last 8 characters of fingerprint + key_size: pub_split[2], + key_type: nil, + key_created: Time.at(pub_split[5].to_i), + key_expiry: pub_split[6].empty? ? nil : Time.at(pub_split[6].to_i), + } + + # set key type based on types defined in /usr/share/doc/gnupg/DETAILS.gz + case pub_split[3] + when '1' + return_hash[:key_type] = :rsa + when '17' + return_hash[:key_type] = :dsa + when '18' + return_hash[:key_type] = :ecc + when '19' + return_hash[:key_type] = :ecdsa + end + + return_hash + end + + def source_to_file(value) + parsed_value = URI.parse(value) + if parsed_value.scheme.nil? + raise(_('The file %{_value} does not exist') % { _value: value }) unless File.exist?(value) + # Because the tempfile method has to return a live object to prevent GC + # of the underlying file from occuring too early, we also have to return + # a file object here. The caller can still call the #path method on the + # closed file handle to get the path. + f = File.open(value, 'r') + f.close + f + else + begin + # Only send basic auth if URL contains userinfo + # Some webservers (e.g. Amazon S3) return code 400 if empty basic auth is sent + if parsed_value.userinfo.nil? + key = if parsed_value.scheme == 'https' && resource[:weak_ssl] == true + open(parsed_value, ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE).read + else + parsed_value.read + end + else + user_pass = parsed_value.userinfo.split(':') + parsed_value.userinfo = '' + key = open(parsed_value, http_basic_authentication: user_pass).read + end + rescue OpenURI::HTTPError, Net::FTPPermError => e + raise(_('%{_e} for %{_resource}') % { _e: e.message, _resource: resource[:source] }) + rescue SocketError + raise(_('could not resolve %{_resource}') % { _resource: resource[:source] }) + else + tempfile(key) + end + end + end + + # The tempfile method needs to return the tempfile object to the caller, so + # that it doesn't get deleted by the GC immediately after it returns. We + # want the caller to control when it goes out of scope. + def tempfile(content) + file = Tempfile.new('apt_key') + file.write content + file.close + # confirm that the fingerprint from the file, matches the long key that is in the manifest + if name.size == 40 + if File.executable? command(:gpg) + extracted_key = execute(["#{command(:gpg)} --no-tty --with-fingerprint --with-colons #{file.path} | awk -F: '/^fpr:/ { print $10 }'"], failonfail: false) + extracted_key = extracted_key.chomp + + found_match = false + extracted_key.each_line do |line| + if line.chomp == name + found_match = true + end + end + unless found_match + raise(_('The id in your manifest %{_resource} and the fingerprint from content/source don\'t match. Check for an error in the id and content/source is legitimate.') % { _resource: resource[:name] }) # rubocop:disable Layout/LineLength + end + else + warning('/usr/bin/gpg cannot be found for verification of the id.') + end + end + file + end + + def exists? + # report expired keys as non-existing when refresh => true + @property_hash[:ensure] == :present && !(resource[:refresh] && @property_hash[:expired]) + end + + def create + command = [] + if resource[:source].nil? && resource[:content].nil? + # Breaking up the command like this is needed because it blows up + # if --recv-keys isn't the last argument. + command.push('adv', '--no-tty', '--keyserver', resource[:server]) + unless resource[:options].nil? + command.push('--keyserver-options', resource[:options]) + end + command.push('--recv-keys', resource[:id]) + elsif resource[:content] + key_file = tempfile(resource[:content]) + command.push('add', key_file.path) + elsif resource[:source] + key_file = source_to_file(resource[:source]) + command.push('add', key_file.path) + # In case we really screwed up, better safe than sorry. + else + raise(_('an unexpected condition occurred while trying to add the key: %{_resource}') % { _resource: resource[:id] }) + end + apt_key(command) + @property_hash[:ensure] = :present + end + + def destroy + loop do + apt_key('del', resource.provider.short) + r = execute(["#{command(:apt_key)} list | grep '/#{resource.provider.short}\s'"], failonfail: false) + break unless r.exitstatus.zero? + end + @property_hash.clear + end + + def read_only(_value) + raise(_('This is a read-only property.')) + end + + mk_resource_methods + + # Alias the setters of read-only properties + # to the read_only function. + alias_method :created=, :read_only + alias_method :expired=, :read_only + alias_method :expiry=, :read_only + alias_method :size=, :read_only + alias_method :type=, :read_only +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/lib/puppet/type/apt_key.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,153 @@ +# frozen_string_literal: true + +require 'pathname' +require 'puppet/parameter/boolean' + +Puppet::Type.newtype(:apt_key) do + @doc = <<-MANIFEST + @summary This type provides Puppet with the capabilities to manage GPG keys needed + by apt to perform package validation. Apt has it's own GPG keyring that can + be manipulated through the `apt-key` command. + + @example Basic usage + apt_key { '6F6B15509CF8E59E6E469F327F438280EF8D349F': + source => 'http://apt.puppetlabs.com/pubkey.gpg' + } + + **Autorequires** + + If Puppet is given the location of a key file which looks like an absolute + path this type will autorequire that file. + + @api private + MANIFEST + + ensurable + + validate do + if self[:refresh] == true && self[:ensure] == :absent + raise(_('ensure => absent and refresh => true are mutually exclusive')) + end + if self[:content] && self[:source] + raise(_('The properties content and source are mutually exclusive.')) + end + if self[:id].length < 40 + warning(_('The id should be a full fingerprint (40 characters), see README.')) + end + end + + newparam(:id, namevar: true) do + desc 'The ID of the key you want to manage.' + # GPG key ID's should be either 32-bit (short) or 64-bit (long) key ID's + # and may start with the optional 0x, or they can be 40-digit key fingerprints + newvalues(%r{\A(0x)?[0-9a-fA-F]{8}\Z}, %r{\A(0x)?[0-9a-fA-F]{16}\Z}, %r{\A(0x)?[0-9a-fA-F]{40}\Z}) + munge do |value| + id = if value.start_with?('0x') + value.partition('0x').last.upcase + else + value.upcase + end + id + end + end + + newparam(:content) do + desc 'The content of, or string representing, a GPG key.' + end + + newparam(:source) do + desc 'Location of a GPG key file, /path/to/file, ftp://, http:// or https://' + newvalues(%r{\Ahttps?://}, %r{\Aftp://}, %r{\A/\w+}) + end + + autorequire(:file) do + if self[:source] && Pathname.new(self[:source]).absolute? + self[:source] + end + end + + newparam(:server) do + desc 'The key server to fetch the key from based on the ID. It can either be a domain name or url.' + defaultto :'keyserver.ubuntu.com' + + newvalues(%r{\A((hkp|hkps|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?(\/[a-zA-Z\d\-_.]+)*\/?$}) + end + + newparam(:options) do + desc 'Additional options to pass to apt-key\'s --keyserver-options.' + end + + newparam(:refresh, boolean: true, parent: Puppet::Parameter::Boolean) do + desc 'When true, recreate an existing expired key' + defaultto false + end + + newparam(:weak_ssl, boolean: true, parent: Puppet::Parameter::Boolean) do + desc 'When true and source uses https, accepts download of keys without SSL verification' + defaultto false + end + + newproperty(:fingerprint) do + desc <<-MANIFEST + The 40-digit hexadecimal fingerprint of the specified GPG key. + + This property is read-only. + MANIFEST + end + + newproperty(:long) do + desc <<-MANIFEST + The 16-digit hexadecimal id of the specified GPG key. + + This property is read-only. + MANIFEST + end + + newproperty(:short) do + desc <<-MANIFEST + The 8-digit hexadecimal id of the specified GPG key. + + This property is read-only. + MANIFEST + end + + newproperty(:expired) do + desc <<-MANIFEST + Indicates if the key has expired. + + This property is read-only. + MANIFEST + end + + newproperty(:expiry) do + desc <<-MANIFEST + The date the key will expire, or nil if it has no expiry date. + + This property is read-only. + MANIFEST + end + + newproperty(:size) do + desc <<-MANIFEST + The key size, usually a multiple of 1024. + + This property is read-only. + MANIFEST + end + + newproperty(:type) do + desc <<-MANIFEST + The key type, one of: rsa, dsa, ecc, ecdsa + + This property is read-only. + MANIFEST + end + + newproperty(:created) do + desc <<-MANIFEST + Date the key was created. + + This property is read-only. + MANIFEST + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/manifests/backports.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,112 @@ +# @summary Manages backports. +# +# @example Set up a backport source for Linux Mint qiana +# class { 'apt::backports': +# location => 'http://us.archive.ubuntu.com/ubuntu', +# release => 'trusty-backports', +# repos => 'main universe multiverse restricted', +# key => { +# id => '630239CC130E1A7FD81A27B140976EAF437D05B5', +# server => 'keyserver.ubuntu.com', +# }, +# } +# +# @param location +# Specifies an Apt repository containing the backports to manage. Valid options: a string containing a URL. Default value for Debian and +# Ubuntu varies: +# +# - Debian: 'http://deb.debian.org/debian' +# +# - Ubuntu: 'http://archive.ubuntu.com/ubuntu' +# +# @param release +# Specifies a distribution of the Apt repository containing the backports to manage. Used in populating the `source.list` configuration file. +# Default: on Debian and Ubuntu, `${facts['os']['distro']['codename']}-backports`. We recommend keeping this default, except on other operating +# systems. +# +# @param repos +# Specifies a component of the Apt repository containing the backports to manage. Used in populating the `source.list` configuration file. +# Default value for Debian and Ubuntu varies: +# +# - Debian: 'main contrib non-free' +# +# - Ubuntu: 'main universe multiverse restricted' +# +# @param key +# Specifies a key to authenticate the backports. Valid options: a string to be passed to the id parameter of the apt::key defined type, or a +# hash of parameter => value pairs to be passed to apt::key's id, server, content, source, and/or options parameters. Default value +# for Debian and Ubuntu varies: +# +# - Debian: 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553' +# +# - Ubuntu: '630239CC130E1A7FD81A27B140976EAF437D05B5' +# +# @param pin +# Specifies a pin priority for the backports. Valid options: a number or string to be passed to the `id` parameter of the `apt::pin` defined +# type, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corresponding parameters. +# +# @param include +# Specifies whether to include 'deb' or 'src', or both. +# +class apt::backports ( + Optional[String] $location = undef, + Optional[String] $release = undef, + Optional[String] $repos = undef, + Optional[Variant[String, Hash]] $key = undef, + Optional[Variant[Integer, String, Hash]] $pin = 200, + Optional[Variant[Hash]] $include = {}, +) { + include apt + + if $location { + $_location = $location + } + if $release { + $_release = $release + } + if $repos { + $_repos = $repos + } + if $key { + $_key = $key + } + if (!($facts['os']['name'] == 'Debian' or $facts['os']['name'] == 'Ubuntu')) { + unless $location and $release and $repos and $key { + fail('If not on Debian or Ubuntu, you must explicitly pass location, release, repos, and key') + } + } + unless $location { + $_location = $::apt::backports['location'] + } + unless $release { + $_release = "${facts['os']['distro']['codename']}-backports" + } + unless $repos { + $_repos = $::apt::backports['repos'] + } + unless $key { + $_key = $::apt::backports['key'] + } + + if $pin =~ Hash { + $_pin = $pin + } elsif $pin =~ Numeric or $pin =~ String { + # apt::source defaults to pinning to origin, but we should pin to release + # for backports + $_pin = { + 'priority' => $pin, + 'release' => $_release, + } + } else { + fail('pin must be either a string, number or hash') + } + + apt::source { 'backports': + location => $_location, + release => $_release, + repos => $_repos, + include => $include, + key => $_key, + pin => $_pin, + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/manifests/conf.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,36 @@ +# @summary Specifies a custom Apt configuration file. +# +# @param content +# Required unless `ensure` is set to 'absent'. Directly supplies content for the configuration file. +# +# @param ensure +# Specifies whether the configuration file should exist. Valid options: 'present' and 'absent'. +# +# @param priority +# Determines the order in which Apt processes the configuration file. Files with lower priority numbers are loaded first. +# Valid options: a string containing an integer or an integer. +# +# @param notify_update +# Specifies whether to trigger an `apt-get update` run. +# +define apt::conf ( + Optional[String] $content = undef, + Enum['present', 'absent'] $ensure = present, + Variant[String, Integer] $priority = 50, + Optional[Boolean] $notify_update = undef, +) { + + unless $ensure == 'absent' { + unless $content { + fail('Need to pass in content parameter') + } + } + + $confheadertmp = epp('apt/_conf_header.epp') + apt::setting { "conf-${name}": + ensure => $ensure, + priority => $priority, + content => "${confheadertmp}${content}", + notify_update => $notify_update, + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/manifests/init.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,373 @@ +# @summary Main class, includes all other classes. +# +# @see https://docs.puppetlabs.com/references/latest/function.html#createresources for the create resource function +# +# @param provider +# Specifies the provider that should be used by apt::update. +# +# @param keyserver +# Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://, or +# hkp://). +# +# @param key_options +# Specifies the default options for apt::key resources. +# +# @param ppa_options +# Supplies options to be passed to the `add-apt-repository` command. +# +# @param ppa_package +# Names the package that provides the `apt-add-repository` command. +# +# @param backports +# Specifies some of the default parameters used by apt::backports. Valid options: a hash made up from the following keys: +# +# @option backports [String] :location +# See apt::backports for documentation. +# +# @option backports [String] :repos +# See apt::backports for documentation. +# +# @option backports [String] :key +# See apt::backports for documentation. +# +# @param confs +# Creates new `apt::conf` resources. Valid options: a hash to be passed to the create_resources function linked above. +# +# @param update +# Configures various update settings. Valid options: a hash made up from the following keys: +# +# @option update [String] :frequency +# Specifies how often to run `apt-get update`. If the exec resource `apt_update` is notified, `apt-get update` runs regardless of this value. +# Valid options: 'always' (at every Puppet run); 'daily' (if the value of `apt_update_last_success` is less than current epoch time minus 86400); +# 'weekly' (if the value of `apt_update_last_success` is less than current epoch time minus 604800); and 'reluctantly' (only if the exec resource +# `apt_update` is notified). Default: 'reluctantly'. +# +# @option update [Integer] :loglevel +# Specifies the log level of logs outputted to the console. Default: undef. +# +# @option update [Integer] :timeout +# Specifies how long to wait for the update to complete before canceling it. Valid options: an integer, in seconds. Default: undef. +# +# @option update [Integer] :tries +# Specifies how many times to retry the update after receiving a DNS or HTTP error. Default: undef. +# +# @param purge +# Specifies whether to purge any existing settings that aren't managed by Puppet. Valid options: a hash made up from the following keys: +# +# @option purge [Boolean] :sources.list +# Specifies whether to purge any unmanaged entries from sources.list. Default false. +# +# @option purge [Boolean] :sources.list.d +# Specifies whether to purge any unmanaged entries from sources.list.d. Default false. +# +# @option purge [Boolean] :preferences +# Specifies whether to purge any unmanaged entries from preferences. Default false. +# +# @option purge [Boolean] :preferences.d. +# Specifies whether to purge any unmanaged entries from preferences.d. Default false. +# +# @param proxy +# Configures Apt to connect to a proxy server. Valid options: a hash matching the locally defined type apt::proxy. +# +# @param sources +# Creates new `apt::source` resources. Valid options: a hash to be passed to the create_resources function linked above. +# +# @param keys +# Creates new `apt::key` resources. Valid options: a hash to be passed to the create_resources function linked above. +# +# @param ppas +# Creates new `apt::ppa` resources. Valid options: a hash to be passed to the create_resources function linked above. +# +# @param pins +# Creates new `apt::pin` resources. Valid options: a hash to be passed to the create_resources function linked above. +# +# @param settings +# Creates new `apt::setting` resources. Valid options: a hash to be passed to the create_resources function linked above. +# +# @param manage_auth_conf +# Specifies whether to manage the /etc/apt/auth.conf file. When true, the file will be overwritten with the entries specified in +# the auth_conf_entries parameter. When false, the file will be ignored (note that this does not set the file to absent. +# +# @param auth_conf_entries +# An optional array of login configuration settings (hashes) that are recorded in the file /etc/apt/auth.conf. This file has a netrc-like +# format (similar to what curl uses) and contains the login configuration for APT sources and proxies that require authentication. See +# https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html for details. If specified each hash must contain the keys machine, login and +# password and no others. Specifying manage_auth_conf and not specifying this parameter will set /etc/apt/auth.conf to absent. +# +# @param auth_conf_owner +# The owner of the file /etc/apt/auth.conf. Default: '_apt' or 'root' on old releases. +# +# @param root +# Specifies root directory of Apt executable. +# +# @param sources_list +# Specifies the path of the sources_list file to use. +# +# @param sources_list_d +# Specifies the path of the sources_list.d file to use. +# +# @param conf_d +# Specifies the path of the conf.d file to use. +# +# @param preferences +# Specifies the path of the preferences file to use. +# +# @param preferences_d +# Specifies the path of the preferences.d file to use. +# +# @param config_files +# A hash made up of the various configuration files used by Apt. +# +# @param sources_list_force +# Specifies whether to perform force purge or delete. Default false. +# +class apt ( + Hash $update_defaults = $apt::params::update_defaults, + Hash $purge_defaults = $apt::params::purge_defaults, + Hash $proxy_defaults = $apt::params::proxy_defaults, + Hash $include_defaults = $apt::params::include_defaults, + String $provider = $apt::params::provider, + String $keyserver = $apt::params::keyserver, + Optional[String] $key_options = $apt::params::key_options, + Optional[String] $ppa_options = $apt::params::ppa_options, + Optional[String] $ppa_package = $apt::params::ppa_package, + Optional[Hash] $backports = $apt::params::backports, + Hash $confs = $apt::params::confs, + Hash $update = $apt::params::update, + Hash $purge = $apt::params::purge, + Apt::Proxy $proxy = $apt::params::proxy, + Hash $sources = $apt::params::sources, + Hash $keys = $apt::params::keys, + Hash $ppas = $apt::params::ppas, + Hash $pins = $apt::params::pins, + Hash $settings = $apt::params::settings, + Boolean $manage_auth_conf = $apt::params::manage_auth_conf, + Array[Apt::Auth_conf_entry] + $auth_conf_entries = $apt::params::auth_conf_entries, + String $auth_conf_owner = $apt::params::auth_conf_owner, + String $root = $apt::params::root, + String $sources_list = $apt::params::sources_list, + String $sources_list_d = $apt::params::sources_list_d, + String $conf_d = $apt::params::conf_d, + String $preferences = $apt::params::preferences, + String $preferences_d = $apt::params::preferences_d, + String $apt_conf_d = $apt::params::apt_conf_d, + Hash $config_files = $apt::params::config_files, + Boolean $sources_list_force = $apt::params::sources_list_force, + + Hash $source_key_defaults = { + 'server' => $keyserver, + 'options' => undef, + 'content' => undef, + 'source' => undef, + } + +) inherits apt::params { + + if $facts['os']['family'] != 'Debian' { + fail('This module only works on Debian or derivatives like Ubuntu') + } + + if $update['frequency'] { + assert_type( + Enum['always','daily','weekly','reluctantly'], + $update['frequency'], + ) + } + if $update['timeout'] { + assert_type(Integer, $update['timeout']) + } + if $update['tries'] { + assert_type(Integer, $update['tries']) + } + + $_update = merge($::apt::update_defaults, $update) + include ::apt::update + + if $purge['sources.list'] { + assert_type(Boolean, $purge['sources.list']) + } + if $purge['sources.list.d'] { + assert_type(Boolean, $purge['sources.list.d']) + } + if $purge['preferences'] { + assert_type(Boolean, $purge['preferences']) + } + if $purge['preferences.d'] { + assert_type(Boolean, $purge['preferences.d']) + } + if $sources_list_force { + assert_type(Boolean, $sources_list_force) + } + if $purge['apt.conf.d'] { + assert_type(Boolean, $purge['apt.conf.d']) + } + + $_purge = merge($::apt::purge_defaults, $purge) + + if $proxy['perhost'] { + $_perhost = $proxy['perhost'].map |$item| { + $_item = merge($apt::proxy_defaults, $item) + $_scheme = $_item['https'] ? { + true => 'https', + default => 'http' } + $_port = $_item['port'] ? { + Integer => ":${_item['port']}", + default => '' + } + $_target = $_item['direct'] ? { + true => 'DIRECT', + default => "${_scheme}://${_item['host']}${_port}/" } + merge($item, { + 'scheme' => $_scheme, + 'target' => $_target }) + } + } else { + $_perhost = {} + } + + $_proxy = merge($apt::proxy_defaults, $proxy, { 'perhost' => $_perhost } ) + + $confheadertmp = epp('apt/_conf_header.epp') + $proxytmp = epp('apt/proxy.epp', {'proxies' => $_proxy}) + $updatestamptmp = epp('apt/15update-stamp.epp') + + if $_proxy['ensure'] == 'absent' or $_proxy['host'] { + apt::setting { 'conf-proxy': + ensure => $_proxy['ensure'], + priority => '01', + content => "${confheadertmp}${proxytmp}", + } + } + + if $sources_list_force { + $sources_list_ensure = $_purge['sources.list'] ? { + true => absent, + default => file, + } + $sources_list_content = $_purge['sources.list'] ? { + true => nil, + default => undef, + } + } + else + { + $sources_list_ensure = $_purge['sources.list'] ? { + true => file, + default => file, + } + $sources_list_content = $_purge['sources.list'] ? { + true => "# Repos managed by puppet.\n", + default => undef, + } + } + + $preferences_ensure = $_purge['preferences'] ? { + true => absent, + default => file, + } + + if $_update['frequency'] == 'always' { + Exec <| title=='apt_update' |> { + refreshonly => false, + } + } + + apt::setting { 'conf-update-stamp': + priority => 15, + content => "${confheadertmp}${updatestamptmp}", + } + + file { 'sources.list': + ensure => $sources_list_ensure, + path => $::apt::sources_list, + owner => root, + group => root, + content => $sources_list_content, + notify => Class['apt::update'], + } + + file { 'sources.list.d': + ensure => directory, + path => $::apt::sources_list_d, + owner => root, + group => root, + purge => $_purge['sources.list.d'], + recurse => $_purge['sources.list.d'], + notify => Class['apt::update'], + } + + file { 'preferences': + ensure => $preferences_ensure, + path => $::apt::preferences, + owner => root, + group => root, + notify => Class['apt::update'], + } + + file { 'preferences.d': + ensure => directory, + path => $::apt::preferences_d, + owner => root, + group => root, + purge => $_purge['preferences.d'], + recurse => $_purge['preferences.d'], + notify => Class['apt::update'], + } + + file { 'apt.conf.d': + ensure => directory, + path => $::apt::apt_conf_d, + owner => root, + group => root, + purge => $_purge['apt.conf.d'], + recurse => $_purge['apt.conf.d'], + notify => Class['apt::update'], + } + + if $confs { + create_resources('apt::conf', $confs) + } + # manage sources if present + if $sources { + create_resources('apt::source', $sources) + } + # manage keys if present + if $keys { + create_resources('apt::key', $keys) + } + # manage ppas if present + if $ppas { + create_resources('apt::ppa', $ppas) + } + # manage settings if present + if $settings { + create_resources('apt::setting', $settings) + } + + if $manage_auth_conf { + $auth_conf_ensure = $auth_conf_entries ? { + [] => 'absent', + default => 'present', + } + + $auth_conf_tmp = epp('apt/auth_conf.epp') + + file { '/etc/apt/auth.conf': + ensure => $auth_conf_ensure, + owner => $auth_conf_owner, + group => 'root', + mode => '0600', + content => Sensitive("${confheadertmp}${auth_conf_tmp}"), + notify => Class['apt::update'], + } + } + + # manage pins if present + if $pins { + create_resources('apt::pin', $pins) + } + + # required for adding GPG keys on Debian 9 (and derivatives) + ensure_packages(['gnupg']) +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/manifests/key.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,106 @@ +# @summary Manages the GPG keys that Apt uses to authenticate packages. +# +# @note +# The apt::key defined type makes use of the apt_key type, but includes extra functionality to help prevent duplicate keys. +# +# @example Declare Apt key for apt.puppetlabs.com source +# apt::key { 'puppetlabs': +# id => '6F6B15509CF8E59E6E469F327F438280EF8D349F', +# server => 'keyserver.ubuntu.com', +# options => 'http-proxy="http://proxyuser:proxypass@example.org:3128"', +# } +# +# @param id +# Specifies a GPG key to authenticate Apt package signatures. Valid options: a string containing a key ID (8 or 16 hexadecimal +# characters, optionally prefixed with "0x") or a full key fingerprint (40 hexadecimal characters). +# +# @param ensure +# Specifies whether the key should exist. Valid options: 'present', 'absent' or 'refreshed'. Using 'refreshed' will make keys auto +# update when they have expired (assuming a new key exists on the key server). +# +# @param content +# Supplies the entire GPG key. Useful in case the key can't be fetched from a remote location and using a file resource is inconvenient. +# +# @param source +# Specifies the location of an existing GPG key file to copy. Valid options: a string containing a URL (ftp://, http://, or https://) or +# an absolute path. +# +# @param server +# Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://, +# hkp:// or hkps://). The hkps:// protocol is currently only supported on Ubuntu 18.04. +# +# @param weak_ssl +# Specifies whether strict SSL verification on a https URL should be disabled. Valid options: true or false. +# +# @param options +# Passes additional options to `apt-key adv --keyserver-options`. +# +define apt::key ( + Pattern[/\A(0x)?[0-9a-fA-F]{8}\Z/, /\A(0x)?[0-9a-fA-F]{16}\Z/, /\A(0x)?[0-9a-fA-F]{40}\Z/] $id = $title, + Enum['present', 'absent', 'refreshed'] $ensure = present, + Optional[String] $content = undef, + Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]] $source = undef, + Pattern[/\A((hkp|hkps|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?(\/[a-zA-Z\d\-_.]+)*\/?$/] $server = $::apt::keyserver, + Boolean $weak_ssl = false, + Optional[String] $options = $::apt::key_options, + ) { + + case $ensure { + /^(refreshed|present)$/: { + if defined(Anchor["apt_key ${id} absent"]){ + fail("key with id ${id} already ensured as absent") + } + + if !defined(Anchor["apt_key ${id} present"]) { + apt_key { $title: + ensure => present, + refresh => $ensure == 'refreshed', + id => $id, + source => $source, + content => $content, + server => $server, + weak_ssl => $weak_ssl, + options => $options, + } -> anchor { "apt_key ${id} present": } + + case $facts['os']['name'] { + 'Debian': { + if versioncmp($facts['os']['release']['major'], '9') >= 0 { + ensure_packages(['gnupg']) + Apt::Key<| title == $title |> + } + } + 'Ubuntu': { + if versioncmp($facts['os']['release']['full'], '17.04') >= 0 { + ensure_packages(['gnupg']) + Apt::Key<| title == $title |> + } + } + default: { } + } + } + } + + absent: { + if defined(Anchor["apt_key ${id} present"]){ + fail("key with id ${id} already ensured as present") + } + + if !defined(Anchor["apt_key ${id} absent"]){ + apt_key { $title: + ensure => $ensure, + id => $id, + source => $source, + content => $content, + server => $server, + weak_ssl => $weak_ssl, + options => $options, + } -> anchor { "apt_key ${id} absent": } + } + } + + default: { + fail("Invalid \'ensure\' value \'${ensure}\' for apt::key") + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/manifests/mark.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,24 @@ +# @summary Manages apt-mark settings +# +# @param setting +# auto, manual, hold, unhold +# specifies the behavior of apt in case of no more dependencies installed +# https://manpages.debian.org/stable/apt/apt-mark.8.en.html +# +define apt::mark ( + Enum['auto','manual','hold','unhold'] $setting, +) { + case $setting { + 'unhold': { + $unless_cmd = undef + } + default: { + $unless_cmd = "/usr/bin/apt-mark show${setting} ${title} | /bin/fgrep -qs ${title}" + } + } + exec { "/usr/bin/apt-mark ${setting} ${title}": + onlyif => "/usr/bin/dpkg -l ${title}", + unless => $unless_cmd, + } +} +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/manifests/params.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,117 @@ +# @summary Provides defaults for the Apt module parameters. +# +# @api private +# +class apt::params { + + if $facts['os']['family'] != 'Debian' { + fail('This module only works on Debian or derivatives like Ubuntu') + } + + $root = '/etc/apt' + $provider = '/usr/bin/apt-get' + $sources_list = "${root}/sources.list" + $sources_list_force = false + $sources_list_d = "${root}/sources.list.d" + $trusted_gpg_d = "${root}/trusted.gpg.d" + $conf_d = "${root}/apt.conf.d" + $preferences = "${root}/preferences" + $preferences_d = "${root}/preferences.d" + $apt_conf_d = "${root}/apt.conf.d" + $keyserver = 'keyserver.ubuntu.com' + $key_options = undef + $confs = {} + $update = {} + $purge = {} + $proxy = {} + $sources = {} + $keys = {} + $ppas = {} + $pins = {} + $settings = {} + $manage_auth_conf = true + $auth_conf_entries = [] + + $config_files = { + 'conf' => { + 'path' => $conf_d, + 'ext' => '', + }, + 'pref' => { + 'path' => $preferences_d, + 'ext' => '.pref', + }, + 'list' => { + 'path' => $sources_list_d, + 'ext' => '.list', + } + } + + $update_defaults = { + 'frequency' => 'reluctantly', + 'loglevel' => undef, + 'timeout' => undef, + 'tries' => undef, + } + + $proxy_defaults = { + 'ensure' => undef, + 'host' => undef, + 'port' => 8080, + 'https' => false, + 'https_acng' => false, + 'direct' => false, + } + + $purge_defaults = { + 'sources.list' => false, + 'sources.list.d' => false, + 'preferences' => false, + 'preferences.d' => false, + 'apt.conf.d' => false, + } + + $include_defaults = { + 'deb' => true, + 'src' => false, + } + + case $facts['os']['name']{ + 'Debian': { + $backports = { + 'location' => 'http://deb.debian.org/debian', + 'repos' => 'main contrib non-free', + } + $ppa_options = undef + $ppa_package = undef + if versioncmp($facts['os']['release']['major'], '9') >= 0 { + $auth_conf_owner = '_apt' + } else { + $auth_conf_owner = 'root' + } + } + 'Ubuntu': { + $backports = { + 'location' => 'http://archive.ubuntu.com/ubuntu', + 'key' => '630239CC130E1A7FD81A27B140976EAF437D05B5', + 'repos' => 'main universe multiverse restricted', + } + $ppa_options = '-y' + $ppa_package = 'software-properties-common' + if versioncmp($facts['os']['release']['full'], '16.04') >= 0 { + $auth_conf_owner = '_apt' + } else { + $auth_conf_owner = 'root' + } + } + undef: { + fail('Unable to determine value for fact os[\"name\"]') + } + default: { + $ppa_options = undef + $ppa_package = undef + $backports = undef + $auth_conf_owner = 'root' + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/manifests/pin.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,128 @@ +# @summary Manages Apt pins. Does not trigger an apt-get update run. +# +# @see http://linux.die.net/man/5/apt_preferences for context on these parameters +# +# @param ensure +# Specifies whether the pin should exist. Valid options: 'file', 'present', and 'absent'. +# +# @param explanation +# Supplies a comment to explain the pin. Default: "${caller_module_name}: ${name}". +# +# @param order +# Determines the order in which Apt processes the pin file. Files with lower order numbers are loaded first. +# +# @param packages +# Specifies which package(s) to pin. +# +# @param priority +# Sets the priority of the package. If multiple versions of a given package are available, `apt-get` installs the one with the highest +# priority number (subject to dependency constraints). Valid options: an integer. +# +# @param release +# Tells APT to prefer packages that support the specified release. Typical values include 'stable', 'testing', and 'unstable'. +# +# @param release_version +# Tells APT to prefer packages that support the specified operating system release version (such as Debian release version 7). +# +# @param component +# Names the licensing component associated with the packages in the directory tree of the Release file. +# +# @param originator +# Names the originator of the packages in the directory tree of the Release file. +# +# @param label +# Names the label of the packages in the directory tree of the Release file. +# +define apt::pin( + Optional[Enum['file', 'present', 'absent']] $ensure = present, + Optional[String] $explanation = undef, + Variant[Integer] $order = 50, + Variant[String, Array] $packages = '*', + Variant[Numeric, String] $priority = 0, + Optional[String] $release = '', # a= + Optional[String] $origin = '', + Optional[String] $version = '', + Optional[String] $codename = '', # n= + Optional[String] $release_version = '', # v= + Optional[String] $component = '', # c= + Optional[String] $originator = '', # o= + Optional[String] $label = '', # l= +) { + + if $explanation { + $_explanation = $explanation + } else { + if defined('$caller_module_name') { # strict vars check + $_explanation = "${caller_module_name}: ${name}" + } else { + $_explanation = ": ${name}" + } + } + + $pin_release_array = [ + $release, + $codename, + $release_version, + $component, + $originator, + $label, + ] + $pin_release = join($pin_release_array, '') + + # Read the manpage 'apt_preferences(5)', especially the chapter + # 'The Effect of APT Preferences' to understand the following logic + # and the difference between specific and general form + if $packages =~ Array { + $packages_string = join($packages, ' ') + } else { + $packages_string = $packages + } + + if $packages_string != '*' { # specific form + if ( $pin_release != '' and ( $origin != '' or $version != '' )) or + ( $version != '' and ( $pin_release != '' or $origin != '' )) { + fail('parameters release, origin, and version are mutually exclusive') + } + } else { # general form + if $version != '' { + fail('parameter version cannot be used in general form') + } + if ( $pin_release != '' and $origin != '' ) { + fail('parameters release and origin are mutually exclusive') + } + } + + # According to man 5 apt_preferences: + # The files have either no or "pref" as filename extension + # and only contain alphanumeric, hyphen (-), underscore (_) and period + # (.) characters. Otherwise APT will print a notice that it has ignored a + # file, unless that file matches a pattern in the + # Dir::Ignore-Files-Silently configuration list - in which case it will + # be silently ignored. + $file_name = regsubst($title, '[^0-9a-z\-_\.]', '_', 'IG') + + $headertmp = epp('apt/_header.epp') + + $pinpreftmp = epp('apt/pin.pref.epp', { + 'name' => $name, + 'pin_release' => $pin_release, + 'release' => $release, + 'codename' => $codename, + 'release_version' => $release_version, + 'component' => $component, + 'originator' => $originator, + 'label' => $label, + 'version' => $version, + 'origin' => $origin, + 'explanation' => $_explanation, + 'packages_string' => $packages_string, + 'priority' => $priority, + }) + + apt::setting { "pref-${file_name}": + ensure => $ensure, + priority => $order, + content => "${headertmp}${pinpreftmp}", + notify_update => false, + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/manifests/ppa.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,104 @@ +# @summary Manages PPA repositories using `add-apt-repository`. Not supported on Debian. +# +# @example Example declaration of an Apt PPA +# apt::ppa{ 'ppa:openstack-ppa/bleeding-edge': } +# +# @param ensure +# Specifies whether the PPA should exist. Valid options: 'present' and 'absent'. +# +# @param options +# Supplies options to be passed to the `add-apt-repository` command. Default: '-y'. +# +# @param release +# Specifies the operating system of your node. Valid options: a string containing a valid LSB distribution codename. +# Optional if `puppet facts show os.distro.codename` returns your correct distribution release codename. +# +# @param dist +# Specifies the distribution of your node. Valid options: a string containing a valid distribution codename. +# Optional if `puppet facts show os.name` returns your correct distribution name. +# +# @param package_name +# Names the package that provides the `apt-add-repository` command. Default: 'software-properties-common'. +# +# @param package_manage +# Specifies whether Puppet should manage the package that provides `apt-add-repository`. +# +define apt::ppa( + String $ensure = 'present', + Optional[String] $options = $::apt::ppa_options, + Optional[String] $release = $facts['os']['distro']['codename'], + Optional[String] $dist = $facts['os']['name'], + Optional[String] $package_name = $::apt::ppa_package, + Boolean $package_manage = false, +) { + unless $release { + fail('os.distro.codename fact not available: release parameter required') + } + + if $dist == 'Debian' { + fail('apt::ppa is not currently supported on Debian.') + } + + if versioncmp($facts['os']['release']['full'], '14.10') >= 0 { + $distid = downcase($dist) + $dash_filename = regsubst($name, '^ppa:([^/]+)/(.+)$', "\\1-${distid}-\\2") + $underscore_filename = regsubst($name, '^ppa:([^/]+)/(.+)$', "\\1_${distid}_\\2") + } else { + $dash_filename = regsubst($name, '^ppa:([^/]+)/(.+)$', "\\1-\\2") + $underscore_filename = regsubst($name, '^ppa:([^/]+)/(.+)$', "\\1_\\2") + } + + $dash_filename_no_slashes = regsubst($dash_filename, '/', '-', 'G') + $dash_filename_no_specialchars = regsubst($dash_filename_no_slashes, '[\.\+]', '_', 'G') + $underscore_filename_no_slashes = regsubst($underscore_filename, '/', '-', 'G') + $underscore_filename_no_specialchars = regsubst($underscore_filename_no_slashes, '[\.\+]', '_', 'G') + + $sources_list_d_filename = "${dash_filename_no_specialchars}-${release}.list" + + if versioncmp($facts['os']['release']['full'], '15.10') >= 0 { + $trusted_gpg_d_filename = "${underscore_filename_no_specialchars}.gpg" + } else { + $trusted_gpg_d_filename = "${dash_filename_no_specialchars}.gpg" + } + + if $ensure == 'present' { + if $package_manage { + ensure_packages($package_name) + $_require = [File['sources.list.d'], Package[$package_name]] + } else { + $_require = File['sources.list.d'] + } + + $_proxy = $::apt::_proxy + if $_proxy['host'] { + if $_proxy['https'] { + $_proxy_env = ["http_proxy=http://${$_proxy['host']}:${$_proxy['port']}", "https_proxy=https://${$_proxy['host']}:${$_proxy['port']}"] + } else { + $_proxy_env = ["http_proxy=http://${$_proxy['host']}:${$_proxy['port']}"] + } + } else { + $_proxy_env = [] + } + + exec { "add-apt-repository-${name}": + environment => $_proxy_env, + command => "/usr/bin/add-apt-repository ${options} ${name} || (rm ${::apt::sources_list_d}/${sources_list_d_filename} && false)", + unless => "/usr/bin/test -f ${::apt::sources_list_d}/${sources_list_d_filename} && /usr/bin/test -f ${::apt::trusted_gpg_d}/${trusted_gpg_d_filename}", + user => 'root', + logoutput => 'on_failure', + notify => Class['apt::update'], + require => $_require, + } + + file { "${::apt::sources_list_d}/${sources_list_d_filename}": + ensure => file, + require => Exec["add-apt-repository-${name}"], + } + } + else { + file { "${::apt::sources_list_d}/${sources_list_d_filename}": + ensure => 'absent', + notify => Class['apt::update'], + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/manifests/setting.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,76 @@ +# @summary Manages Apt configuration files. +# +# @see https://docs.puppetlabs.com/references/latest/type.html#file-attributes for more information on source and content parameters +# +# @param priority +# Determines the order in which Apt processes the configuration file. Files with higher priority numbers are loaded first. +# +# @param ensure +# Specifies whether the file should exist. Valid options: 'present', 'absent', and 'file'. +# +# @param source +# Required, unless `content` is set. Specifies a source file to supply the content of the configuration file. Cannot be used in combination +# with `content`. Valid options: see link above for Puppet's native file type source attribute. +# +# @param content +# Required, unless `source` is set. Directly supplies content for the configuration file. Cannot be used in combination with `source`. Valid +# options: see link above for Puppet's native file type content attribute. +# +# @param notify_update +# Specifies whether to trigger an `apt-get update` run. +# +define apt::setting ( + Variant[String, Integer, Array] $priority = 50, + Optional[Enum['file', 'present', 'absent']] $ensure = file, + Optional[String] $source = undef, + Optional[String] $content = undef, + Boolean $notify_update = true, +) { + + if $content and $source { + fail('apt::setting cannot have both content and source') + } + + if !$content and !$source { + fail('apt::setting needs either of content or source') + } + + $title_array = split($title, '-') + $setting_type = $title_array[0] + $base_name = join(delete_at($title_array, 0), '-') + + assert_type(Pattern[/\Aconf\z/, /\Apref\z/, /\Alist\z/], $setting_type) |$a, $b| { + fail("apt::setting resource name/title must start with either 'conf-', 'pref-' or 'list-'") + } + + if $priority !~ Integer { + # need this to allow zero-padded priority. + assert_type(Pattern[/^\d+$/], $priority) |$a, $b| { + fail('apt::setting priority must be an integer or a zero-padded integer') + } + } + + if ($setting_type == 'list') or ($setting_type == 'pref') { + $_priority = '' + } else { + $_priority = $priority + } + + $_path = $::apt::config_files[$setting_type]['path'] + $_ext = $::apt::config_files[$setting_type]['ext'] + + if $notify_update { + $_notify = Class['apt::update'] + } else { + $_notify = undef + } + + file { "${_path}/${_priority}${base_name}${_ext}": + ensure => $ensure, + owner => 'root', + group => 'root', + content => $content, + source => $source, + notify => $_notify, + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/manifests/source.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,186 @@ +# @summary Manages the Apt sources in /etc/apt/sources.list.d/. +# +# @example Install the puppetlabs apt source +# apt::source { 'puppetlabs': +# location => 'http://apt.puppetlabs.com', +# repos => 'main', +# key => { +# id => '6F6B15509CF8E59E6E469F327F438280EF8D349F', +# server => 'keyserver.ubuntu.com', +# }, +# } +# +# @param location +# Required, unless ensure is set to 'absent'. Specifies an Apt repository. Valid options: a string containing a repository URL. +# +# @param comment +# Supplies a comment for adding to the Apt source file. +# +# @param ensure +# Specifies whether the Apt source file should exist. Valid options: 'present' and 'absent'. +# +# @param release +# Specifies a distribution of the Apt repository. +# +# @param repos +# Specifies a component of the Apt repository. +# +# @param include +# Configures include options. Valid options: a hash of available keys. +# +# @option include [Boolean] :deb +# Specifies whether to request the distribution's compiled binaries. Default true. +# +# @option include [Boolean] :src +# Specifies whether to request the distribution's uncompiled source code. Default false. +# +# @param key +# Creates a declaration of the apt::key defined type. Valid options: a string to be passed to the `id` parameter of the `apt::key` +# defined type, or a hash of `parameter => value` pairs to be passed to `apt::key`'s `id`, `server`, `content`, `source`, `weak_ssl`, +# and/or `options` parameters. +# +# @param keyring +# Absolute path to a file containing the PGP keyring used to sign this repository. Value is used to set signed-by on the source entry. +# See https://wiki.debian.org/DebianRepository/UseThirdParty for details. +# +# @param pin +# Creates a declaration of the apt::pin defined type. Valid options: a number or string to be passed to the `id` parameter of the +# `apt::pin` defined type, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corresponding parameters. +# +# @param architecture +# Tells Apt to only download information for specified architectures. Valid options: a string containing one or more architecture names, +# separated by commas (e.g., 'i386' or 'i386,alpha,powerpc'). Default: undef (if unspecified, Apt downloads information for all architectures +# defined in the Apt::Architectures option). +# +# @param allow_unsigned +# Specifies whether to authenticate packages from this release, even if the Release file is not signed or the signature can't be checked. +# +# @param notify_update +# Specifies whether to trigger an `apt-get update` run. +# +define apt::source( + Optional[String] $location = undef, + String $comment = $name, + String $ensure = present, + Optional[String] $release = undef, + String $repos = 'main', + Optional[Variant[Hash]] $include = {}, + Optional[Variant[String, Hash]] $key = undef, + Optional[Stdlib::AbsolutePath] $keyring = undef, + Optional[Variant[Hash, Numeric, String]] $pin = undef, + Optional[String] $architecture = undef, + Boolean $allow_unsigned = false, + Boolean $notify_update = true, +) { + + include ::apt + + $_before = Apt::Setting["list-${title}"] + + if !$release { + if $facts['os']['distro']['codename'] { + $_release = $facts['os']['distro']['codename'] + } else { + fail('os.distro.codename fact not available: release parameter required') + } + } else { + $_release = $release + } + + if $ensure == 'present' { + if ! $location { + fail('cannot create a source entry without specifying a location') + } + elsif ($::apt::proxy['https_acng']) and ($location =~ /(?i:^https:\/\/)/) { + $_location = regsubst($location, 'https://','http://HTTPS///') + } + else { + $_location = $location + } + # Newer oses, do not need the package for HTTPS transport. + $_transport_https_releases = [ 'wheezy', 'jessie', 'stretch', 'trusty', 'xenial' ] + if ($facts['os']['distro']['codename'] in $_transport_https_releases) and $_location =~ /(?i:^https:\/\/)/ { + ensure_packages('apt-transport-https') + } + } else { + $_location = undef + } + + $includes = merge($::apt::include_defaults, $include) + + if $key and $keyring { + fail("parameters key and keyring are mutualy exclusive") + } + + if $key { + if $key =~ Hash { + unless $key['id'] { + fail('key hash must contain at least an id entry') + } + $_key = merge($::apt::source_key_defaults, $key) + } else { + $_key = { 'id' => assert_type(String[1], $key) } + } + } + + $header = epp('apt/_header.epp') + + $sourcelist = epp('apt/source.list.epp', { + 'comment' => $comment, + 'includes' => $includes, + 'options' => delete_undef_values({ + 'arch' => $architecture, + 'trusted' => $allow_unsigned ? {true => "yes", false => undef}, + 'signed-by' => $keyring, + }), + 'location' => $_location, + 'release' => $_release, + 'repos' => $repos, + }) + + apt::setting { "list-${name}": + ensure => $ensure, + content => "${header}${sourcelist}", + notify_update => $notify_update, + } + + if $pin { + if $pin =~ Hash { + $_pin = merge($pin, { 'ensure' => $ensure, 'before' => $_before }) + } elsif ($pin =~ Numeric or $pin =~ String) { + $url_split = split($location, '[:\/]+') + $host = $url_split[1] + $_pin = { + 'ensure' => $ensure, + 'priority' => $pin, + 'before' => $_before, + 'origin' => $host, + } + } else { + fail('Received invalid value for pin parameter') + } + create_resources('apt::pin', { "${name}" => $_pin }) + } + + # We do not want to remove keys when the source is absent. + if $key and ($ensure == 'present') { + if $_key =~ Hash { + if $_key['ensure'] != undef { + $_ensure = $_key['ensure'] + } else { + $_ensure = $ensure + } + + apt::key { "Add key: ${$_key['id']} from Apt::Source ${title}": + ensure => $_ensure, + id => $_key['id'], + server => $_key['server'], + content => $_key['content'], + source => $_key['source'], + options => $_key['options'], + weak_ssl => $_key['weak_ssl'], + before => $_before, + } + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/manifests/update.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,68 @@ +# @summary Updates the list of available packages using apt-get update. +# +# @api private +# +class apt::update { + assert_private() + + #TODO: to catch if $::apt_update_last_success has the value of -1 here. If we + #opt to do this, a info/warn would likely be all you'd need likely to happen + #on the first run, but if it's not run in awhile something is likely borked + #with apt and we'd want to know about it. + + case $::apt::_update['frequency'] { + 'always': { + $_kick_apt = true + } + 'daily': { + #compare current date with the apt_update_last_success fact to determine + #if we should kick apt_update. + $daily_threshold = (Integer(Timestamp().strftime('%s')) - 86400) + if $::apt_update_last_success { + if $::apt_update_last_success + 0 < $daily_threshold { + $_kick_apt = true + } else { + $_kick_apt = false + } + } else { + #if apt-get update has not successfully run, we should kick apt_update + $_kick_apt = true + } + } + 'weekly':{ + #compare current date with the apt_update_last_success fact to determine + #if we should kick apt_update. + $weekly_threshold = (Integer(Timestamp().strftime('%s')) - 604800) + if $::apt_update_last_success { + if ( $::apt_update_last_success + 0 < $weekly_threshold ) { + $_kick_apt = true + } else { + $_kick_apt = false + } + } else { + #if apt-get update has not successfully run, we should kick apt_update + $_kick_apt = true + } + } + default: { + #catches 'reluctantly', and any other value (which should not occur). + #do nothing. + $_kick_apt = false + } + } + + if $_kick_apt { + $_refresh = false + } else { + $_refresh = true + } + exec { 'apt_update': + command => "${::apt::provider} update", + loglevel => $::apt::_update['loglevel'], + logoutput => 'on_failure', + refreshonly => $_refresh, + timeout => $::apt::_update['timeout'], + tries => $::apt::_update['tries'], + try_sleep => 1 + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/metadata.json Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,44 @@ +{ + "name": "puppetlabs-apt", + "version": "8.3.0", + "author": "puppetlabs", + "summary": "Provides an interface for managing Apt source, key, and definitions with Puppet", + "license": "Apache-2.0", + "source": "https://github.com/puppetlabs/puppetlabs-apt", + "project_page": "https://github.com/puppetlabs/puppetlabs-apt", + "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", + "dependencies": [ + { + "name": "puppetlabs/stdlib", + "version_requirement": ">= 4.16.0 < 9.0.0" + } + ], + "operatingsystem_support": [ + { + "operatingsystem": "Debian", + "operatingsystemrelease": [ + "9", + "10", + "11" + ] + }, + { + "operatingsystem": "Ubuntu", + "operatingsystemrelease": [ + "14.04", + "16.04", + "18.04", + "20.04" + ] + } + ], + "requirements": [ + { + "name": "puppet", + "version_requirement": ">= 6.0.0 < 8.0.0" + } + ], + "template-url": "https://github.com/puppetlabs/pdk-templates.git#main", + "template-ref": "heads/main-0-g51828b4", + "pdk-version": "2.2.0" +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/pdk.yaml Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,2 @@ +--- +ignore: []
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/provision.yaml Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,41 @@ +--- +default: + provisioner: docker + images: + - litmusimage/debian:8 +vagrant: + provisioner: vagrant + images: + - centos/7 + - generic/ubuntu1804 +travis_deb: + provisioner: docker + images: + - litmusimage/debian:9 + - litmusimage/debian:10 +travis_ub_6: + provisioner: docker + images: + - litmusimage/ubuntu:16.04 + - litmusimage/ubuntu:18.04 + - litmusimage/ubuntu:20.04 +travis_el7: + provisioner: docker + images: [] +release_checks_6: + provisioner: abs + images: + - debian-8-x86_64 + - debian-9-x86_64 + - debian-10-x86_64 + - ubuntu-1404-x86_64 + - ubuntu-1604-x86_64 + - ubuntu-1804-x86_64 + - ubuntu-2004-x86_64 +release_checks_7: + provisioner: abs + images: + - debian-9-x86_64 + - debian-10-x86_64 + - ubuntu-1804-x86_64 + - ubuntu-2004-x86_64
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/readmes/README_ja_JP.md Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,292 @@ +# apt + +#### 目次 + +1. [説明 - モジュールの機能とその有益性](#module-description) +1. [セットアップ - apt導入の基本](#setup) + * [aptが影響を与えるもの](#what-apt-affects) + * [aptの使用を開始する](#beginning-with-apt) +1. [使用 - 設定オプションと追加機能](#usage) + * [GPGキーの追加](#add-gpg-keys) + * [バックポートの優先度を上げる](#prioritize-backports) + * [パッケージリストの更新](#update-the-list-of-packages) + * [特定のリリースのピン止め](#pin-a-specific-release) + * [PPA (Personal Package Archive)レポジトリの追加](#add-a-personal-package-archive-repository) + * [HieraからのAptの構成](#configure-apt-from-hiera) + * [デフォルトのsources.listファイルの置き換え](#replace-the-default-sourceslist-file) +1. [参考 - モジュールの機能と動作について](#reference) +1. [制約 - OS互換性など](#limitations) +1. [開発 - モジュール貢献についてのガイド](#development) + +## モジュールの概要 + +aptモジュールを導入すると、Puppetを使用してAPT (Advanced Package Tool)のソース、キー、その他の構成オプションを管理できます。 + +APTとは、Debian、Ubuntu、およびその他いくつかのオペレーティングシステムで利用可能なパッケージマネージャです。aptモジュールは、APTのパッケージ管理を自動化するのに役立つ一連のクラス、定義型、およびfactsを提供します。 + +**注**:Puppet 7 より前は、このモジュールがどのバージョンのを正しく自動検出するか +実行している Debian / Ubuntu(または派生物)、 `lsb-release`パッケージが +インストールされています。 Puppet 7 では、 `lsb-release`パッケージは必要ありません。 + +## セットアップ + +### aptが影響を与えるもの + +* システムの`preferences`ファイルと`preferences.d`ディレクトリ +* システムの `sources.list`ファイルと`sources.list.d`ディレクトリ +* システムレポジトリ +* 認証キー + +**注意:** このモジュールには`purge`パラメータがあります。このパラメータを`true`に設定すると、 ノードの `sources.list(.d)`および`preferences(.d)`の構成のうち、Puppetを通して宣言されていないものがすべて**破棄**されます。このパラメータのデフォルトは`false`です。 + +### aptの使用を開始する + +デフォルトのパラメータでaptモジュールを使用するには、`apt`クラスを宣言します。 + +```puppet +include apt +``` + +**注意:** メインの`apt`クラスは、このモジュールに含まれるその他すべてのクラス、型、定義型によって要求されます。このモジュールを使用する際は、このクラスを必ず宣言する必要があります。 + +## 使用 + +### GPGキーの追加 + +**警告:** 短いキーIDを使用すると、衝突攻撃が有効になる可能性があり、セキュリティに深刻な問題が生じます。常に、完全なフィンガープリントを使用してGPGキーを識別することを推奨します。このモジュールでは短いキーの使用が許可されていますが、それを使用した場合、セキュリティ警告が発行されます。 + +`apt::key`の定義型を宣言するには、次のように記述します。 + +```puppet +apt::key { 'puppetlabs': + id => '6F6B15509CF8E59E6E469F327F438280EF8D349F', + server => 'pgp.mit.edu', + options => 'http-proxy="http://proxyuser:proxypass@example.org:3128"', +} +``` + +### バックポートの優先度を上げる + +```puppet +class { 'apt::backports': + pin => 500, +} +``` + +デフォルトでは、`apt::backports`クラスはバックポート用のピンファイルをドロップし、優先度200にピン止めします。これは、通常のデフォルト値である500よりも低いため、`ensure => latest`に設定されているパッケージは、明示的な許可がない限り、バックポートからアップグレードされることはありません。 + +`pin`パラメータを使用して優先度を500に上げると、通常のポリシーが有効になり、Aptは最新のバージョンをインストールするか、最新のバージョンにアップグレードします。これはつまり、`package`リソースの`ensure`属性を明示的に`installed`/`present`もしくは特定のバージョンに設定していない限り、あるパッケージがバックポートから利用できる場合は、そのパッケージと依存関係がバックポートから取得されるということです。 + +### パッケージリストの更新 + +デフォルトでは、`apt`クラスをインクルードした後の最初のPuppet実行時と、`notify => Exec['apt_update']`が発生するたびに(別の言い方をすれば、構成ファイルが更新されるか、関連するその他の変更が行われるたびに)、Puppetは`apt-get update`を実行します。`update['frequency']`を'always'に設定すると、Puppet実行時に毎回更新が行われます。`update['frequency']`は'daily'や'weekly'に設定することも可能です。 + +```puppet +class { 'apt': + update => { + frequency => 'daily', + }, +} +``` +`Exec['apt_update']`がトリガされると、`Notice`メッセージが生成されます。デフォルトの[agentロギングレベル](https://docs.puppet.com/puppet/latest/configuration.html#loglevel)は`notice`であるため、このレポジトリの更新は、ログおよびagentレポートに記録されます。[Foreman](https://www.theforeman.org)など、一部のツールでは、このような更新通知が重要な変更としてレポートされます。これらの更新がレポートに記録されないようにするには、`Exec['apt_update']`の[loglevel](https://docs.puppet.com/puppet/latest/metaparameter.html#loglevel)メタパラメータをagentロギングレベルよりも高い値に設定します。 + +```puppet +class { 'apt': + update => { + frequency => 'daily', + loglevel => 'debug', + }, +} +``` + +### 特定のリリースのピン止め + +```puppet +apt::pin { 'karmic': priority => 700 } +apt::pin { 'karmic-updates': priority => 700 } +apt::pin { 'karmic-security': priority => 700 } +``` + +ディストリビューションのプロパティを使用して、より複雑なピンを指定することもできます。 + +```puppet +apt::pin { 'stable': + priority => -10, + originator => 'Debian', + release_version => '3.0', + component => 'main', + label => 'Debian' +} +``` + +複数のパッケージをピン止めするには、配列またはスペース区切りの文字列としてその情報を`packages`パラメータに渡します。 + +### PPA (Personal Package Archive)レポジトリの追加 + +```puppet +apt::ppa { 'ppa:drizzle-developers/ppa': } +``` + +### `/etc/apt/sources.list.d/`へのAptソースの追加 + +```puppet +apt::source { 'debian_unstable': + comment => 'This is the iWeb Debian unstable mirror', + location => 'http://debian.mirror.iweb.ca/debian/', + release => 'unstable', + repos => 'main contrib non-free', + pin => '-10', + key => { + 'id' => 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553', + 'server' => 'subkeys.pgp.net', + }, + include => { + 'src' => true, + 'deb' => true, + }, +} +``` + +Puppet Aptレポジトリをソースとして使用するには、次のように記述します。 + +```puppet +apt::source { 'puppetlabs': + location => 'http://apt.puppetlabs.com', + repos => 'main', + key => { + 'id' => '6F6B15509CF8E59E6E469F327F438280EF8D349F', + 'server' => 'pgp.mit.edu', + }, +} +``` + +### HieraからのAptの構成 + +ソースをリソースとして直接指定するかわりに、単純に`apt`クラスをインクルードして、値をHieraから自動的に取得するように構成できます。 + +```yaml +apt::sources: + 'debian_unstable': + comment: 'This is the iWeb Debian unstable mirror' + location: 'http://debian.mirror.iweb.ca/debian/' + release: 'unstable' + repos: 'main contrib non-free' + pin: '-10' + key: + id: 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553' + server: 'subkeys.pgp.net' + include: + src: true + deb: true + + 'puppetlabs': + location: 'http://apt.puppetlabs.com' + repos: 'main' + key: + id: '6F6B15509CF8E59E6E469F327F438280EF8D349F' + server: 'pgp.mit.edu' +``` + +### デフォルトの`sources.list`ファイルの置き換え + +デフォルトの`/etc/apt/sources.list`を置き換える例を以下に示します。以下のコードと合わせて、`purge`パラメータを必ず使用してください。使用しない場合、Apt実行時にソース重複の警告が出ます。 + +```puppet +apt::source { "archive.ubuntu.com-${facts['os']['distro']['codename']}": + location => 'http://archive.ubuntu.com/ubuntu', + key => '630239CC130E1A7FD81A27B140976EAF437D05B5', + repos => 'main universe multiverse restricted', +} + +apt::source { "archive.ubuntu.com-${facts['os']['distro']['codename']}-security": + location => 'http://archive.ubuntu.com/ubuntu', + key => '630239CC130E1A7FD81A27B140976EAF437D05B5', + repos => 'main universe multiverse restricted', + release => "${facts['os']['distro']['codename']}-security" +} + +apt::source { "archive.ubuntu.com-${facts['os']['distro']['codename']}-updates": + location => 'http://archive.ubuntu.com/ubuntu', + key => '630239CC130E1A7FD81A27B140976EAF437D05B5', + repos => 'main universe multiverse restricted', + release => "${facts['os']['distro']['codename']}-updates" +} + +apt::source { "archive.ubuntu.com-${facts['os']['distro']['codename']}-backports": + location => 'http://archive.ubuntu.com/ubuntu', + key => '630239CC130E1A7FD81A27B140976EAF437D05B5', + repos => 'main universe multiverse restricted', + release => "${facts['os']['distro']['codename']}-backports" +} +``` + +### APTソースやプロキシのログイン設定を`/etc/apt/auth.conf`で管理する + +APTバージョン1.5以降、認証が必要なAPTソースやプロキシについて、ユーザ名やパスワードなどのログイン設定を`/etc/apt/auth.conf`ファイルに定義できるようになりました。この方法は、`source.list`内にログイン情報を直接記述するよりも推奨されます。直接記述した場合、通常、あらゆるユーザから読み取り可能になるためです。 + +`/etc/apt/auth.confファイルのフォーマットは、(ftpやcurlによって使用される) netrcに従い、ファイルパーミッションが制限されています。詳しくは、[こちら](https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html)を参照してください。 + +オプションの`apt::auth_conf_entries`パラメータを使用して、ログイン設定を含むハッシュの配列を指定します。このハッシュに含めることができるのは、`machine`、`login`、および`password`キーのみです。 + +```puppet +class { 'apt': + auth_conf_entries => [ + { + 'machine' => 'apt-proxy.example.net', + 'login' => 'proxylogin', + 'password' => 'proxypassword', + }, + { + 'machine' => 'apt.example.com/ubuntu', + 'login' => 'reader', + 'password' => 'supersecret', + }, + ], +} +``` + +## リファレンス + +### Facts + +* `apt_updates`: `upgrade`で入手可能な更新がある、インストール済みパッケージの数。 + +* `apt_dist_updates`: `dist-upgrade`で入手可能な更新がある、インストール済みパッケージの数。 + +* `apt_security_updates`: `upgrade`で入手可能なセキュリティ更新がある、インストール済みパッケージの数。 + +* `apt_security_dist_updates`: `dist-upgrade`で入手可能なセキュリティ更新がある、インストール済みパッケージの数。 + +* `apt_package_updates`: `upgrade`で入手可能な更新がある、すべてのインストール済みパッケージの名前。Facter 2.0以降では、このデータのフォーマットは配列で、それ以前のバージョンでは、コンマ区切りの文字列です。 + +* `apt_package_dist_updates`: `dist-upgrade`で入手可能な更新がある、すべてのインストール済みパッケージの名前。Facter 2.0以降では、このデータのフォーマットは配列で、それ以前のバージョンでは、コンマ区切りの文字列です。 + +* `apt_update_last_success`: 直近で成功した`apt-get update`実行のエポックタイムによる日付(/var/lib/apt/periodic/update-success-stampのmtimeに基づく)。 + +* `apt_reboot_required`: 更新がインストールされた後に再起動が必要かどうかを決定します。 + +### 詳細情報 + +その他すべてのリファレンスマニュアルについては、[REFERENCE.md](https://github.com/puppetlabs/puppetlabs-apt/blob/main/REFERENCE.md)を参照してください。 + +## 制約 + +このモジュールは、[実行ステージ](https://docs.puppetlabs.com/puppet/latest/reference/lang_run_stages.html)に分割するようには設計されていません。 + +サポート対象のオペレーティングシステムの全リストについては、[metadata.json](https://github.com/puppetlabs/puppetlabs-apt/blob/main/metadata.json)を参照してください。 + +### 新しいソースまたはPPAの追加 + +新しいソースまたはPPAを追加し、同一のPuppet実行において、その新しいソースまたはPPAからパッケージをインストールするには、`package`リソースが`Apt::Source`または`Apt::Ppa`に従属し、かつ`Class['apt::update']に従属する必要があります。[コレクタ](https://docs.puppetlabs.com/puppet/latest/reference/lang_collectors.html)を追加することによって、すべてのパッケージが`apt::update`の後に来るように制御することもできますが、その場合、循環依存が発生したり、[仮想リソース](https://docs.puppetlabs.com/puppet/latest/reference/lang_collectors.html#behavior)と関係したりすることがあります。以下のコマンドを実行する前に、すべてのパッケージのプロバイダがaptに設定されていることを確認してください。 + +```puppet +Class['apt::update'] -> Package <| provider == 'apt' |> +``` + +## 開発 + +Puppet ForgeのPuppet Labsモジュールはオープンプロジェクトで、良い状態に保つためには、コミュニティの貢献が必要不可欠です。Puppetが役に立つはずでありながら、私たちがアクセスできないプラットフォームやハードウェア、ソフトウェア、デプロイ構成は無数にあります。私たちの目標は、できる限り簡単に変更に貢献し、みなさまの環境で私たちのモジュールが機能できるようにすることにあります。最高の状態を維持できるようにするために、コントリビュータが従う必要のあるいくつかのガイドラインが存在します。 + +詳細については、[モジュール貢献ガイド](https://docs.puppetlabs.com/forge/contributing.html)を参照してください。 + +すでにご協力いただいている方のリストについては、[コントリビュータのリスト](https://github.com/puppetlabs/puppetlabs-apt/graphs/contributors)をご覧ください。
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/tasks/init.json Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,10 @@ +{ + "description": "Allows you to perform apt functions", + "input_method": "stdin", + "parameters": { + "action": { + "description": "Action to perform ", + "type": "Enum[update, upgrade, dist-upgrade, autoremove]" + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/tasks/init.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,33 @@ +#!/opt/puppetlabs/puppet/bin/ruby +# frozen_string_literal: true + +require 'json' +require 'open3' +require 'puppet' + +def apt_get(action) + cmd = ['apt-get', action] + cmd << '-y' if ['upgrade', 'dist-upgrade', 'autoremove'].include?(action) + if ['upgrade', 'dist-upgrade'].include?(action) + ENV['DEBIAN_FRONTEND'] = 'noninteractive' + cmd << '-o' + cmd << 'Dpkg::Options="--force-confdef"' + cmd << '-o' + cmd << 'Dpkg::Options="--force-confold"' + end + stdout, stderr, status = Open3.capture3(*cmd) + raise Puppet::Error, stderr if status != 0 + { status: stdout.strip } +end + +params = JSON.parse(STDIN.read) +action = params['action'] + +begin + result = apt_get(action) + puts result.to_json + exit 0 +rescue Puppet::Error => e + puts({ status: 'failure', error: e.message }.to_json) + exit 1 +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/templates/15update-stamp.epp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,1 @@ +APT::Update::Post-Invoke-Success {"touch /var/lib/apt/periodic/update-success-stamp 2>/dev/null || true";};
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/templates/_conf_header.epp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,1 @@ +// This file is managed by Puppet. DO NOT EDIT.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/templates/_header.epp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,1 @@ +# This file is managed by Puppet. DO NOT EDIT.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/templates/auth_conf.epp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,5 @@ +<% if $apt::auth_conf_entries != [] { -%> +<% $apt::auth_conf_entries.each | $auth_conf_entry | { -%> +machine <%= $auth_conf_entry['machine'] %> login <%= $auth_conf_entry['login'] %> password <%= $auth_conf_entry['password'] %> +<% } -%> +<% } -%>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/templates/pin.pref.epp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,26 @@ +<%- | $name, $pin_release, $release, $codename, $release_version, $component, $originator, $label, $version, $origin, $explanation, $packages_string, $priority | -%> +<%- +$pin = +if $pin_release != '' { + $options = [ + if $release != '' { "a=${release}" }, + if $codename != '' { "n=${codename}" }, + if $release_version != '' { "v=${release_version}"}, + if $component != '' { "c=${component}" }, + if $originator != '' { "o=${originator}" }, + if $label != '' { "l=${label}" }, + ].filter |$x| { $x != undef } + "release ${options.join(', ')}" } + +elsif $version and "${version}".length > 0 { + "version ${version}" } +elsif $origin and $origin.length > 0 { + "origin ${origin}" } +else { + "release a=${name}" #Default value +} +-%> +Explanation: <%= $explanation %> +Package: <%= $packages_string %> +Pin: <%= $pin %> +Pin-Priority: <%= $priority %>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/templates/proxy.epp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,10 @@ +<%- | Hash $proxies | -%> +<% $proxies['perhost'].each |$proxy| { -%> +Acquire::<%= $proxy['scheme'] %>::proxy::<%= $proxy['scope'] %> "<%= $proxy['target'] %>"; +<% } -%> +Acquire::http::proxy "http://<%= $proxies['host'] %>:<%= $proxies['port'] %>/"; +<%- if $proxies['https'] { %> +Acquire::https::proxy "https://<%= $proxies['host'] %>:<%= $proxies['port'] %>/"; +<%- } elsif $proxies['direct'] { -%> +Acquire::https::proxy "DIRECT"; +<%- } -%>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/templates/source.list.epp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,8 @@ +<%- | String $comment, Hash $includes, Hash $options, $location, $release, String $repos | -%> +# <%= $comment %> +<%- if $includes['deb'] { -%> +deb <% if !$options.empty() { -%>[<%= $options.map |$key, $value| { "${key}=${value}" }.join(" ") %>] <% } -%> <%= $location %> <%= $release %> <%= $repos %> +<%- } -%> +<%- if $includes['src'] { -%> +deb-src <% if !$options.empty() { -%>[<%= $options.map |$key, $value| { "${key}=${value}" }.join(" ") %>] <% } -%> <%= $location %> <%= $release %> <%= $repos %> +<%- } -%>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/types/auth_conf_entry.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,20 @@ +# @summary Login configuration settings that are recorded in the file `/etc/apt/auth.conf`. +# +# @see https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html for more information +# +# @param machine +# Hostname of machine to connect to. +# +# @param login +# Specifies the username to connect with. +# +# @param password +# Specifies the password to connect with. +# +type Apt::Auth_conf_entry = Struct[ + { + machine => String[1], + login => String, + password => String + } +]
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/types/proxy.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,28 @@ +# @summary Configures Apt to connect to a proxy server. +# +# @param ensure +# Specifies whether the proxy should exist. Valid options: 'file', 'present', and 'absent'. Prefer 'file' over 'present'. +# +# @param host +# Specifies a proxy host to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: a string containing a hostname. +# +# @param port +# Specifies a proxy port to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: an integer containing a port number. +# +# @param https +# Specifies whether to enable https proxies. +# +# @param direct +# Specifies whether or not to use a `DIRECT` https proxy if http proxy is used but https is not. +# +type Apt::Proxy = Struct[ + { + ensure => Optional[Enum['file', 'present', 'absent']], + host => Optional[String], + port => Optional[Integer[0, 65535]], + https => Optional[Boolean], + https_acng => Optional[Boolean], + direct => Optional[Boolean], + perhost => Optional[Array[Apt::Proxy_Per_Host]], + } +]
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apt/types/proxy_per_host.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,26 @@ +# @summary Adds per-host overrides to the system default APT proxy configuration +# +# @param scope +# Specifies the scope of the override. Valid options: a string containing a hostname. +# +# @param host +# Specifies a proxy host to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: a string containing a hostname. +# +# @param port +# Specifies a proxy port to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: an integer containing a port number. +# +# @param https +# Specifies whether to enable https for this override. +# +# @param direct +# Specifies whether or not to use a `DIRECT` target to bypass the system default proxy. +# +type Apt::Proxy_Per_Host = Struct[ + { + scope => String, + host => Optional[String], + port => Optional[Integer[1, 65535]], + https => Optional[Boolean], + direct => Optional[Boolean], + } +]
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/CHANGELOG.md Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,529 @@ +# Changelog + +All notable changes to this project will be documented in this file. +Each new release typically also includes the latest modulesync defaults. +These should not affect the functionality of the module. + +## [v6.0.2](https://github.com/voxpupuli/puppet-archive/tree/v6.0.2) (2021-11-23) + +[Full Changelog](https://github.com/voxpupuli/puppet-archive/compare/v6.0.1...v6.0.2) + +**Merged pull requests:** + +- puppet-lint: fix top\_scope\_facts warnings [\#462](https://github.com/voxpupuli/puppet-archive/pull/462) ([bastelfreak](https://github.com/bastelfreak)) + +## [v6.0.1](https://github.com/voxpupuli/puppet-archive/tree/v6.0.1) (2021-08-26) + +[Full Changelog](https://github.com/voxpupuli/puppet-archive/compare/v6.0.0...v6.0.1) + +**Fixed bugs:** + +- Fix `archive::download::digest_type` data type \(reverts 6.0.0 breaking change\) [\#460](https://github.com/voxpupuli/puppet-archive/pull/460) ([alexjfisher](https://github.com/alexjfisher)) + +## [v6.0.0](https://github.com/voxpupuli/puppet-archive/tree/v6.0.0) (2021-08-25) + +[Full Changelog](https://github.com/voxpupuli/puppet-archive/compare/v5.0.0...v6.0.0) + +**Breaking changes:** + +- Drop Virtuozzo 6 [\#455](https://github.com/voxpupuli/puppet-archive/pull/455) ([genebean](https://github.com/genebean)) +- Drop EoL AIX versions [\#454](https://github.com/voxpupuli/puppet-archive/pull/454) ([genebean](https://github.com/genebean)) +- Drop EoL Windows versions [\#453](https://github.com/voxpupuli/puppet-archive/pull/453) ([genebean](https://github.com/genebean)) +- Drop Debian 9 [\#452](https://github.com/voxpupuli/puppet-archive/pull/452) ([genebean](https://github.com/genebean)) +- Drop Ubuntu 16.04 [\#451](https://github.com/voxpupuli/puppet-archive/pull/451) ([genebean](https://github.com/genebean)) +- Set optional param to undef to fix failing test \(REVERTED IN 6.0.1\) [\#449](https://github.com/voxpupuli/puppet-archive/pull/449) ([yachub](https://github.com/yachub)) + +**Implemented enhancements:** + +- Add support for Debian 11 [\#458](https://github.com/voxpupuli/puppet-archive/pull/458) ([smortex](https://github.com/smortex)) +- Add ubuntu 20.04 [\#456](https://github.com/voxpupuli/puppet-archive/pull/456) ([genebean](https://github.com/genebean)) +- Update CA certificate bundle to 2021-05-25 [\#444](https://github.com/voxpupuli/puppet-archive/pull/444) ([l-avila](https://github.com/l-avila)) + +**Fixed bugs:** + +- Fix Could not set 'present' on ensure: wrong number of arguments \(given 1, expected 0\) [\#443](https://github.com/voxpupuli/puppet-archive/pull/443) ([jeffmccune](https://github.com/jeffmccune)) +- Write downloaded files as binary [\#442](https://github.com/voxpupuli/puppet-archive/pull/442) ([benohara](https://github.com/benohara)) + +**Merged pull requests:** + +- Allow stdlib 8.0.0 [\#457](https://github.com/voxpupuli/puppet-archive/pull/457) ([smortex](https://github.com/smortex)) + +## [v5.0.0](https://github.com/voxpupuli/puppet-archive/tree/v5.0.0) (2021-04-16) + +[Full Changelog](https://github.com/voxpupuli/puppet-archive/compare/v4.6.0...v5.0.0) + +**Breaking changes:** + +- metadata.json: drop Puppet 5, add Puppet 7 support [\#436](https://github.com/voxpupuli/puppet-archive/pull/436) ([kenyon](https://github.com/kenyon)) +- Drop support for CentOS/RHEL 6 and variants [\#431](https://github.com/voxpupuli/puppet-archive/pull/431) ([alexjfisher](https://github.com/alexjfisher)) + +**Implemented enhancements:** + +- Enable Debian 9/10 support [\#439](https://github.com/voxpupuli/puppet-archive/pull/439) ([bastelfreak](https://github.com/bastelfreak)) +- Support stdlib 7.x [\#437](https://github.com/voxpupuli/puppet-archive/pull/437) ([treydock](https://github.com/treydock)) +- Add `archives` parameter to make use with an ENC or hiera easier [\#423](https://github.com/voxpupuli/puppet-archive/pull/423) ([jcpunk](https://github.com/jcpunk)) +- Add initial support for gsutil and pulling from Google Storage buckets [\#421](https://github.com/voxpupuli/puppet-archive/pull/421) ([j0sh3rs](https://github.com/j0sh3rs)) + +**Fixed bugs:** + +- Fix downloading when passwords contain spaces [\#430](https://github.com/voxpupuli/puppet-archive/pull/430) ([alexjfisher](https://github.com/alexjfisher)) +- Windows: find 7zip binary [\#428](https://github.com/voxpupuli/puppet-archive/pull/428) ([joerg16](https://github.com/joerg16)) + +**Merged pull requests:** + +- Produce a better error for the puppet downloader when file not found [\#434](https://github.com/voxpupuli/puppet-archive/pull/434) ([hajee](https://github.com/hajee)) +- Pass over credentials in archive::artifactory [\#433](https://github.com/voxpupuli/puppet-archive/pull/433) ([jramosf](https://github.com/jramosf)) +- Clean up temporary files when checksums don't match [\#412](https://github.com/voxpupuli/puppet-archive/pull/412) ([benridley](https://github.com/benridley)) + +## [v4.6.0](https://github.com/voxpupuli/puppet-archive/tree/v4.6.0) (2020-08-21) + +[Full Changelog](https://github.com/voxpupuli/puppet-archive/compare/v4.5.0...v4.6.0) + +**Implemented enhancements:** + +- Add `temp_dir` parameter to `archive::nexus` [\#415](https://github.com/voxpupuli/puppet-archive/pull/415) ([alexcit](https://github.com/alexcit)) +- Use curl netrc file instead of `--user` [\#399](https://github.com/voxpupuli/puppet-archive/pull/399) ([alexjfisher](https://github.com/alexjfisher)) + +**Closed issues:** + +- Feature request: make password sensitive and hide on fail [\#397](https://github.com/voxpupuli/puppet-archive/issues/397) + +**Merged pull requests:** + +- README.md: correct spelling typo [\#414](https://github.com/voxpupuli/puppet-archive/pull/414) ([kenyon](https://github.com/kenyon)) +- Fix several markdown lint issues [\#408](https://github.com/voxpupuli/puppet-archive/pull/408) ([dhoppe](https://github.com/dhoppe)) + +## [v4.5.0](https://github.com/voxpupuli/puppet-archive/tree/v4.5.0) (2020-04-02) + +[Full Changelog](https://github.com/voxpupuli/puppet-archive/compare/v4.4.0...v4.5.0) + +**Implemented enhancements:** + +- Add VZ 6/7 to metadata.json [\#402](https://github.com/voxpupuli/puppet-archive/pull/402) ([bastelfreak](https://github.com/bastelfreak)) + +**Closed issues:** + +- Could not autoload puppet/parser/functions/artifactory\_sha1: no such file to load -- puppet\_x/bodeco/util [\#320](https://github.com/voxpupuli/puppet-archive/issues/320) + +**Merged pull requests:** + +- Convert `archive` class docs to puppet-strings and small README improvements [\#394](https://github.com/voxpupuli/puppet-archive/pull/394) ([alexjfisher](https://github.com/alexjfisher)) +- Convert `go_md5` function to modern API [\#392](https://github.com/voxpupuli/puppet-archive/pull/392) ([alexjfisher](https://github.com/alexjfisher)) +- Use `relative_require` in artifactory functions [\#391](https://github.com/voxpupuli/puppet-archive/pull/391) ([alexjfisher](https://github.com/alexjfisher)) +- Convert `assemble_nexus_url` to modern API [\#390](https://github.com/voxpupuli/puppet-archive/pull/390) ([alexjfisher](https://github.com/alexjfisher)) +- Remove duplicate CONTRIBUTING.md file [\#389](https://github.com/voxpupuli/puppet-archive/pull/389) ([dhoppe](https://github.com/dhoppe)) +- Add Darwin \(mac os x\) compatibility [\#387](https://github.com/voxpupuli/puppet-archive/pull/387) ([bjoernhaeuser](https://github.com/bjoernhaeuser)) + +## [v4.4.0](https://github.com/voxpupuli/puppet-archive/tree/v4.4.0) (2019-11-04) + +[Full Changelog](https://github.com/voxpupuli/puppet-archive/compare/v4.3.0...v4.4.0) + +**Implemented enhancements:** + +- Extract .zip using PowerShell \(native\) as alternative to 7-zip [\#380](https://github.com/voxpupuli/puppet-archive/issues/380) +- Add support for .tar.Z files and uncompress [\#385](https://github.com/voxpupuli/puppet-archive/pull/385) ([hajee](https://github.com/hajee)) + +**Merged pull requests:** + +- Put the cookie option at the end when using curl [\#349](https://github.com/voxpupuli/puppet-archive/pull/349) ([kapouik](https://github.com/kapouik)) + +## [v4.3.0](https://github.com/voxpupuli/puppet-archive/tree/v4.3.0) (2019-10-16) + +[Full Changelog](https://github.com/voxpupuli/puppet-archive/compare/v4.2.0...v4.3.0) + +**Implemented enhancements:** + +- Add Archlinux compatibility [\#383](https://github.com/voxpupuli/puppet-archive/pull/383) ([bastelfreak](https://github.com/bastelfreak)) +- Add CentOS/RHEL 8 compatibility [\#382](https://github.com/voxpupuli/puppet-archive/pull/382) ([bastelfreak](https://github.com/bastelfreak)) + +## [v4.2.0](https://github.com/voxpupuli/puppet-archive/tree/v4.2.0) (2019-08-14) + +[Full Changelog](https://github.com/voxpupuli/puppet-archive/compare/v4.1.0...v4.2.0) + +**Implemented enhancements:** + +- add bunzip2 filetype support [\#378](https://github.com/voxpupuli/puppet-archive/pull/378) ([Dan33l](https://github.com/Dan33l)) + +## [v4.1.0](https://github.com/voxpupuli/puppet-archive/tree/v4.1.0) (2019-07-04) + +[Full Changelog](https://github.com/voxpupuli/puppet-archive/compare/v4.0.0...v4.1.0) + +**Closed issues:** + +- 4 Certificates expired, 3 expiring soon in cacert.pem [\#372](https://github.com/voxpupuli/puppet-archive/issues/372) + +**Merged pull requests:** + +- Update cacert.pem [\#373](https://github.com/voxpupuli/puppet-archive/pull/373) ([alexjfisher](https://github.com/alexjfisher)) +- drop Ubuntu 14.04 support [\#371](https://github.com/voxpupuli/puppet-archive/pull/371) ([bastelfreak](https://github.com/bastelfreak)) + +## [v4.0.0](https://github.com/voxpupuli/puppet-archive/tree/v4.0.0) (2019-05-29) + +[Full Changelog](https://github.com/voxpupuli/puppet-archive/compare/v3.2.1...v4.0.0) + +**Breaking changes:** + +- modulesync 2.7.0 and drop puppet 4 [\#368](https://github.com/voxpupuli/puppet-archive/pull/368) ([bastelfreak](https://github.com/bastelfreak)) + +**Implemented enhancements:** + +- Allow `puppetlabs/stdlib` 6.x [\#369](https://github.com/voxpupuli/puppet-archive/pull/369) ([alexjfisher](https://github.com/alexjfisher)) + +**Merged pull requests:** + +- explain how to download as simple as possible [\#366](https://github.com/voxpupuli/puppet-archive/pull/366) ([Dan33l](https://github.com/Dan33l)) + +## [v3.2.1](https://github.com/voxpupuli/puppet-archive/tree/v3.2.1) (2018-10-19) + +[Full Changelog](https://github.com/voxpupuli/puppet-archive/compare/v3.2.0...v3.2.1) + +**Merged pull requests:** + +- modulesync 2.1.0 and allow puppet 6.x [\#355](https://github.com/voxpupuli/puppet-archive/pull/355) ([bastelfreak](https://github.com/bastelfreak)) + +## [v3.2.0](https://github.com/voxpupuli/puppet-archive/tree/v3.2.0) (2018-08-26) + +[Full Changelog](https://github.com/voxpupuli/puppet-archive/compare/v3.1.1...v3.2.0) + +**Implemented enhancements:** + +- Bump stdlib dependency to \<6.0.0 [\#352](https://github.com/voxpupuli/puppet-archive/pull/352) ([HelenCampbell](https://github.com/HelenCampbell)) +- Fallback to PowerShell for zip files on Windows [\#351](https://github.com/voxpupuli/puppet-archive/pull/351) ([GeoffWilliams](https://github.com/GeoffWilliams)) + +## [v3.1.1](https://github.com/voxpupuli/puppet-archive/tree/v3.1.1) (2018-08-02) + +[Full Changelog](https://github.com/voxpupuli/puppet-archive/compare/v3.1.0...v3.1.1) + +**Fixed bugs:** + +- do not escape path on windows for unzip command [\#344](https://github.com/voxpupuli/puppet-archive/pull/344) ([qs5779](https://github.com/qs5779)) + +**Closed issues:** + +- need a good example for extracting a tgz [\#335](https://github.com/voxpupuli/puppet-archive/issues/335) + +**Merged pull requests:** + +- fix documentation - refactor example when extracting tar.gz [\#342](https://github.com/voxpupuli/puppet-archive/pull/342) ([azbarcea](https://github.com/azbarcea)) +- purge EOL ubuntu 10.04/12.04 from metadata.json [\#341](https://github.com/voxpupuli/puppet-archive/pull/341) ([bastelfreak](https://github.com/bastelfreak)) +- README.md: how to handle a .tar.gz file [\#338](https://github.com/voxpupuli/puppet-archive/pull/338) ([bastelfreak](https://github.com/bastelfreak)) + +## [v3.1.0](https://github.com/voxpupuli/puppet-archive/tree/v3.1.0) (2018-06-14) + +[Full Changelog](https://github.com/voxpupuli/puppet-archive/compare/v3.0.0...v3.1.0) + +**Closed issues:** + +- HTTPS download broken again on windows [\#289](https://github.com/voxpupuli/puppet-archive/issues/289) + +**Merged pull requests:** + +- Allow Ubuntu 18.04 [\#336](https://github.com/voxpupuli/puppet-archive/pull/336) ([mpdude](https://github.com/mpdude)) +- Remove docker nodesets [\#334](https://github.com/voxpupuli/puppet-archive/pull/334) ([bastelfreak](https://github.com/bastelfreak)) +- drop EOL OSs; fix puppet version range [\#332](https://github.com/voxpupuli/puppet-archive/pull/332) ([bastelfreak](https://github.com/bastelfreak)) + +## [v3.0.0](https://github.com/voxpupuli/puppet-archive/tree/v3.0.0) (2018-03-31) + +[Full Changelog](https://github.com/voxpupuli/puppet-archive/compare/v2.3.0...v3.0.0) + +**Breaking changes:** + +- Rewrite artifactory\_sha1 function with puppet v4 api [\#323](https://github.com/voxpupuli/puppet-archive/pull/323) ([alexjfisher](https://github.com/alexjfisher)) +- Remove deprecated archive::artifactory parameters [\#322](https://github.com/voxpupuli/puppet-archive/pull/322) ([alexjfisher](https://github.com/alexjfisher)) + +**Implemented enhancements:** + +- Adding windows server 2016 to metadata.json [\#325](https://github.com/voxpupuli/puppet-archive/pull/325) ([TraGicCode](https://github.com/TraGicCode)) + +**Merged pull requests:** + +- bump puppet to latest supported version 4.10.0 [\#326](https://github.com/voxpupuli/puppet-archive/pull/326) ([bastelfreak](https://github.com/bastelfreak)) +- Don't glob archive URL with curl [\#318](https://github.com/voxpupuli/puppet-archive/pull/318) ([derekhiggins](https://github.com/derekhiggins)) + +## [v2.3.0](https://github.com/voxpupuli/puppet-archive/tree/v2.3.0) (2018-02-21) + +[Full Changelog](https://github.com/voxpupuli/puppet-archive/compare/v2.2.0...v2.3.0) + +**Implemented enhancements:** + +- Support fetching latest SNAPSHOT artifacts [\#284](https://github.com/voxpupuli/puppet-archive/pull/284) ([alexjfisher](https://github.com/alexjfisher)) + +**Fixed bugs:** + +- Fix typo in digest\_type: sh256 -\> sha256 [\#315](https://github.com/voxpupuli/puppet-archive/pull/315) ([mark0n](https://github.com/mark0n)) + +**Merged pull requests:** + +- Fix checksum\_type sh256 -\> sha256 typo [\#309](https://github.com/voxpupuli/puppet-archive/pull/309) ([tylerjl](https://github.com/tylerjl)) +- Fix typo "voxpupoli" [\#308](https://github.com/voxpupuli/puppet-archive/pull/308) ([nmesstorff](https://github.com/nmesstorff)) + +## [v2.2.0](https://github.com/voxpupuli/puppet-archive/tree/v2.2.0) (2017-11-21) + +[Full Changelog](https://github.com/voxpupuli/puppet-archive/compare/v2.1.0...v2.2.0) + +**Closed issues:** + +- Setting an invalid proxy\_server parameter should return a more helpful error message. [\#220](https://github.com/voxpupuli/puppet-archive/issues/220) + +**Merged pull requests:** + +- Log actual and expected checksums on mismatch [\#305](https://github.com/voxpupuli/puppet-archive/pull/305) ([jeffmccune](https://github.com/jeffmccune)) + +## [v2.1.0](https://github.com/voxpupuli/puppet-archive/tree/v2.1.0) (2017-10-10) + +[Full Changelog](https://github.com/voxpupuli/puppet-archive/compare/v2.0.0...v2.1.0) + +**Closed issues:** + +- unzip not installed and results in errors [\#291](https://github.com/voxpupuli/puppet-archive/issues/291) +- Support puppet:/// urls or edit readme? [\#283](https://github.com/voxpupuli/puppet-archive/issues/283) +- Using proxy\_server and/or proxy\_port has no effect on Windows [\#277](https://github.com/voxpupuli/puppet-archive/issues/277) +- puppet source [\#151](https://github.com/voxpupuli/puppet-archive/issues/151) + +**Merged pull requests:** + +- Fix typos in puppet:/// URL example [\#298](https://github.com/voxpupuli/puppet-archive/pull/298) ([gabe-sky](https://github.com/gabe-sky)) +- Update cacert.pem [\#290](https://github.com/voxpupuli/puppet-archive/pull/290) ([nanliu](https://github.com/nanliu)) +- Support Nexus 3 urls for artifact downloads [\#285](https://github.com/voxpupuli/puppet-archive/pull/285) ([rvdh](https://github.com/rvdh)) + +## [v2.0.0](https://github.com/voxpupuli/puppet-archive/tree/v2.0.0) (2017-08-25) + +[Full Changelog](https://github.com/voxpupuli/puppet-archive/compare/v1.3.0...v2.0.0) + +**Breaking changes:** + +- BREAKING: Drop puppet 3 support. Replace validate\_\* functions with Puppet 4 data type validations [\#264](https://github.com/voxpupuli/puppet-archive/pull/264) ([jkroepke](https://github.com/jkroepke)) + +**Implemented enhancements:** + +- Enable allow\_insecure in archive::download [\#295](https://github.com/voxpupuli/puppet-archive/pull/295) ([alexjfisher](https://github.com/alexjfisher)) +- Add custom download options [\#279](https://github.com/voxpupuli/puppet-archive/pull/279) ([nanliu](https://github.com/nanliu)) +- Add support for downloading puppet URL’s [\#270](https://github.com/voxpupuli/puppet-archive/pull/270) ([hajee](https://github.com/hajee)) + +**Fixed bugs:** + +- wget proxy implementation incorrect [\#256](https://github.com/voxpupuli/puppet-archive/issues/256) + +**Closed issues:** + +- allow\_insecure is not working [\#294](https://github.com/voxpupuli/puppet-archive/issues/294) +- Can't download latest SNAPSHOT artifactory artifacts [\#282](https://github.com/voxpupuli/puppet-archive/issues/282) +- Need option to set curl SSL protocol [\#273](https://github.com/voxpupuli/puppet-archive/issues/273) +- Add guide for migrating from puppet-staging [\#266](https://github.com/voxpupuli/puppet-archive/issues/266) +- Rubocop: fix RSpec/MessageSpies [\#260](https://github.com/voxpupuli/puppet-archive/issues/260) +- -z for curl option [\#241](https://github.com/voxpupuli/puppet-archive/issues/241) +- RSpec/MessageExpectation violations [\#208](https://github.com/voxpupuli/puppet-archive/issues/208) + +**Merged pull requests:** + +- Change how ruby proxy is invoked. [\#280](https://github.com/voxpupuli/puppet-archive/pull/280) ([nanliu](https://github.com/nanliu)) +- Pass proxy values using the wget -e option [\#272](https://github.com/voxpupuli/puppet-archive/pull/272) ([nanliu](https://github.com/nanliu)) +- GH-260 Fix rubocop RSpec/MessageSpies [\#271](https://github.com/voxpupuli/puppet-archive/pull/271) ([nanliu](https://github.com/nanliu)) +- Fix README typo on credentials file and add the config too [\#269](https://github.com/voxpupuli/puppet-archive/pull/269) ([aerostitch](https://github.com/aerostitch)) +- Add puppet-staging migration examples [\#268](https://github.com/voxpupuli/puppet-archive/pull/268) ([alexjfisher](https://github.com/alexjfisher)) + +## [v1.3.0](https://github.com/voxpupuli/puppet-archive/tree/v1.3.0) (2017-02-10) + +[Full Changelog](https://github.com/voxpupuli/puppet-archive/compare/v1.2.0...v1.3.0) + +## v1.2.0 (2016-12-25) + +* Modulesync with latest Vox Pupuli defaults +* Fix wrong license in repo +* Fix several rubocop issues +* Fix several markdown issues in README.md +* Add temp_dir option to override OS temp dir location + +## v1.1.2 (2016-08-31) + + * [GH-213](https://github.com/voxpupuli/puppet-archive/issues/213) Fix *allow_insecure* for ruby provider + * [GH-205](https://github.com/voxpupuli/puppet-archive/issues/205) Raise exception on bad source parameters + * [GH-204](https://github.com/voxpupuli/puppet-archive/issues/204) Resolve camptocamp archive regression + * Expose *allow_insecure* in nexus defined type + * Make *archive_windir* fact confinement work on ruby 1.8 systems. Note this does **not** mean the *type* will work on unsupported ruby 1.8 systems. + + +## v1.1.1 (2016-08-18) + + * Modulesync with latest Vox Pupuli defaults + * Fix cacert path + * Fix AIX extraction + * Feature: make allow_insecure parameter universal + + +## v1.0.0 (2016-07-13) + + * GH-176 Add Compatiblity layer for camptocamp/archive + * GH-174 Add allow_insecure parameter + * Numerous Rubocop and other modulesync changes + * Drop support for ruby 1.8 + + +## v0.5.1 (2016-03-18) + + * GH-146 Set aws_cli_install default to false + * GH-142 Fix wget cookie options + * GH-114 Document extract customization options + * Open file in binary mode when writing files for windows download + + +## v0.5.0 (2016-03-10) + +Release 0.5.x contains significant changes: + + * faraday, faraday_middleware no longer required. + * ruby provider is the default for windows (using net::http). + * archive gem_provider attribute deprecated. + * archive::artifactory server, port, url_path attributes deprecated. + * S3 bucket support (experimental). + + * GH-55 use net::http to stream files + * Add additional documentation + * Simplify duplicate code in download/content methods + * Pin rake to avoid rubocop/rake 11 incompatibility + * Surface "checksum_verify" parameter in archive::nexus + * GH-48 S3 bucket support + + +## v0.4.8 (2016-03-02) + + * VoxPupuli Release + * modulesync to fix forge release issues. + * Cosmetic changes due to rubocop update. + + +## v0.4.7 (2016-03-1) + + * VoxPupuli Release + * Raise exception when error occurs during extraction. + +## v0.4.6 (2016-02-26) + + * VoxPupuli Release + + +## v0.4.5 (2016-02-26) + + * Puppet-community release + * Update travis/forge badge location + * Fix aio-agent detection + * Support .gz .xz format + * Fix local files for non faraday providers + * Fix GH-77 allows local files to be specified without using file:/// + * Fix GH-78 allow local file:///c:/... on windows + * Fix phantom v0.4.4 release. + + +## v0.4.4 (2015-12-2) + + * Puppet-community release + * Ignore files properly for functional release + * Add authentication to archive::nexus + * Create directory before transfering file + * Refactor file download code + * Create and use fact for archive_windir + * Cleanup old testing code + + +## v0.4.3 (2015-11-25) + + * Puppet-community release + + +## v0.4.1 (2015-11-25) + + * Automate release :) + + +## v0.4.0 (2015-11-25) + + * Migrate Module to Puppet-Community + * Make everything Rubocop Clean + * Make everything lint clean + * Various fixes concerning Jar handling + * Support for wget + * Spec Tests for curl + * Support for bzip + * More robust handling of sha512 checksums + + +## 0.3.0 (2015-04-23) + +Release 0.3.x contains breaking changes + + * The parameter 7zip have been changed to seven_zip to conform to Puppet 4.x variable name requirements. + * The namevar name have been changed to path to allow files with the same filename to exists in different filepath. + * This project have been migrated to [voxpupuli](https://github.com/voxpupuli/puppet-archive), please adjust your repo git source. + + * Fix Puppet 4 compatability issues + * Fix archive namevar to use path + + +## 0.2.2 (2015-03-05) + + * Add FTP and File support + + +## 0.2.1 (2015-02-26) + + * Fix ruby 1.8.7 syntax error + + +## 0.2.0 (2015-02-23) + + * Fix custom flags options + * Add msi installation option for 7zip + * Add support for configuring extract command user/group + * Use temporary filepath for download + + +## 0.1.8 (2014-12-08) + + * Update documentation + * puppet-lint, metadata.json cleanup + + +## 0.1.7 (2014-11-13) + + * Fix Puppet Enterprise detection + * Fix checksum length restriction + * Add puppetlabs stdlib/pe_gem dependency + * Add spec testing + + +## 0.1.6 (2014-11-05) + + * Fix Windows SSL authentication issues + + +## 0.1.5 (2014-11-04) + + * Add cookie support + + +## 0.1.4 (2014-10-03) + + * Fix file overwrite and re-extract + + +## 0.1.3 (2014-10-03) + + * Fix windows x86 path bug + + +## 0.1.2 (2014-10-02) + + * Fix autorequire and installation of dependencies + + +## 0.1.1 (2014-10-01) + + * Add windows extraction support via 7zip + + +## 0.1.0 (2014-09-26) + + * Initial Release + + +\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/HISTORY.md Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,198 @@ +## v1.2.0 (2016-12-25) + +* Modulesync with latest Vox Pupuli defaults +* Fix wrong license in repo +* Fix several rubocop issues +* Fix several markdown issues in README.md +* Add temp_dir option to override OS temp dir location + +## v1.1.2 (2016-08-31) + + * [GH-213](https://github.com/voxpupuli/puppet-archive/issues/213) Fix *allow_insecure* for ruby provider + * [GH-205](https://github.com/voxpupuli/puppet-archive/issues/205) Raise exception on bad source parameters + * [GH-204](https://github.com/voxpupuli/puppet-archive/issues/204) Resolve camptocamp archive regression + * Expose *allow_insecure* in nexus defined type + * Make *archive_windir* fact confinement work on ruby 1.8 systems. Note this does **not** mean the *type* will work on unsupported ruby 1.8 systems. + + +## v1.1.1 (2016-08-18) + + * Modulesync with latest Vox Pupuli defaults + * Fix cacert path + * Fix AIX extraction + * Feature: make allow_insecure parameter universal + + +## v1.0.0 (2016-07-13) + + * GH-176 Add Compatiblity layer for camptocamp/archive + * GH-174 Add allow_insecure parameter + * Numerous Rubocop and other modulesync changes + * Drop support for ruby 1.8 + + +## v0.5.1 (2016-03-18) + + * GH-146 Set aws_cli_install default to false + * GH-142 Fix wget cookie options + * GH-114 Document extract customization options + * Open file in binary mode when writing files for windows download + + +## v0.5.0 (2016-03-10) + +Release 0.5.x contains significant changes: + + * faraday, faraday_middleware no longer required. + * ruby provider is the default for windows (using net::http). + * archive gem_provider attribute deprecated. + * archive::artifactory server, port, url_path attributes deprecated. + * S3 bucket support (experimental). + + * GH-55 use net::http to stream files + * Add additional documentation + * Simplify duplicate code in download/content methods + * Pin rake to avoid rubocop/rake 11 incompatibility + * Surface "checksum_verify" parameter in archive::nexus + * GH-48 S3 bucket support + + +## v0.4.8 (2016-03-02) + + * VoxPupuli Release + * modulesync to fix forge release issues. + * Cosmetic changes due to rubocop update. + + +## v0.4.7 (2016-03-1) + + * VoxPupuli Release + * Raise exception when error occurs during extraction. + +## v0.4.6 (2016-02-26) + + * VoxPupuli Release + + +## v0.4.5 (2016-02-26) + + * Puppet-community release + * Update travis/forge badge location + * Fix aio-agent detection + * Support .gz .xz format + * Fix local files for non faraday providers + * Fix GH-77 allows local files to be specified without using file:/// + * Fix GH-78 allow local file:///c:/... on windows + * Fix phantom v0.4.4 release. + + +## v0.4.4 (2015-12-2) + + * Puppet-community release + * Ignore files properly for functional release + * Add authentication to archive::nexus + * Create directory before transfering file + * Refactor file download code + * Create and use fact for archive_windir + * Cleanup old testing code + + +## v0.4.3 (2015-11-25) + + * Puppet-community release + + +## v0.4.1 (2015-11-25) + + * Automate release :) + + +## v0.4.0 (2015-11-25) + + * Migrate Module to Puppet-Community + * Make everything Rubocop Clean + * Make everything lint clean + * Various fixes concerning Jar handling + * Support for wget + * Spec Tests for curl + * Support for bzip + * More robust handling of sha512 checksums + + +## 0.3.0 (2015-04-23) + +Release 0.3.x contains breaking changes + + * The parameter 7zip have been changed to seven_zip to conform to Puppet 4.x variable name requirements. + * The namevar name have been changed to path to allow files with the same filename to exists in different filepath. + * This project have been migrated to [voxpupuli](https://github.com/voxpupuli/puppet-archive), please adjust your repo git source. + + * Fix Puppet 4 compatability issues + * Fix archive namevar to use path + + +## 0.2.2 (2015-03-05) + + * Add FTP and File support + + +## 0.2.1 (2015-02-26) + + * Fix ruby 1.8.7 syntax error + + +## 0.2.0 (2015-02-23) + + * Fix custom flags options + * Add msi installation option for 7zip + * Add support for configuring extract command user/group + * Use temporary filepath for download + + +## 0.1.8 (2014-12-08) + + * Update documentation + * puppet-lint, metadata.json cleanup + + +## 0.1.7 (2014-11-13) + + * Fix Puppet Enterprise detection + * Fix checksum length restriction + * Add puppetlabs stdlib/pe_gem dependency + * Add spec testing + + +## 0.1.6 (2014-11-05) + + * Fix Windows SSL authentication issues + + +## 0.1.5 (2014-11-04) + + * Add cookie support + + +## 0.1.4 (2014-10-03) + + * Fix file overwrite and re-extract + + +## 0.1.3 (2014-10-03) + + * Fix windows x86 path bug + + +## 0.1.2 (2014-10-02) + + * Fix autorequire and installation of dependencies + + +## 0.1.1 (2014-10-01) + + * Add windows extraction support via 7zip + + +## 0.1.0 (2014-09-26) + + * Initial Release
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/LICENSE Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,203 @@ + Copyright 2014 Bodeco Inc + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/README.md Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,565 @@ +# Puppet Archive + +[![License](https://img.shields.io/github/license/voxpupuli/puppet-archive.svg)](https://github.com/voxpupuli/puppet-archive/blob/master/LICENSE) +[![Build Status](https://travis-ci.org/voxpupuli/puppet-archive.png?branch=master)](https://travis-ci.org/voxpupuli/puppet-archive) +[![Code Coverage](https://coveralls.io/repos/github/voxpupuli/puppet-archive/badge.svg?branch=master)](https://coveralls.io/github/voxpupuli/puppet-archive) +[![Puppet Forge](https://img.shields.io/puppetforge/v/puppet/archive.svg)](https://forge.puppetlabs.com/puppet/archive) +[![Puppet Forge - downloads](https://img.shields.io/puppetforge/dt/puppet/archive.svg)](https://forge.puppetlabs.com/puppet/archive) +[![Puppet Forge - endorsement](https://img.shields.io/puppetforge/e/puppet/archive.svg)](https://forge.puppetlabs.com/puppet/archive) +[![Puppet Forge - scores](https://img.shields.io/puppetforge/f/puppet/archive.svg)](https://forge.puppetlabs.com/puppet/archive) +[![Camptocamp compatible](https://img.shields.io/badge/camptocamp-compatible-orange.svg)](https://forge.puppet.com/camptocamp/archive) + +## Table of Contents + +1. [Overview](#overview) +1. [Module Description](#module-description) +1. [Setup](#setup) +1. [Usage](#usage) + * [Example](#usage-example) + * [Puppet URL](#puppet-url) + * [File permission](#file-permission) + * [Network files](#network-files) + * [Extract customization](#extract-customization) + * [S3 Bucket](#s3-bucket) + * [GS Bucket](#gs-bucket) + * [Migrating from puppet-staging](#migrating-from-puppet-staging) +1. [Reference](#reference) +1. [Development](#development) + +## Overview + +This module manages download, deployment, and cleanup of archive files. + +## Module Description + +This module uses types and providers to download and manage compress files, +with optional lifecycle functionality such as checksum, extraction, and +cleanup. The benefits over existing modules such as +[puppet-staging](https://github.com/voxpupuli/puppet-staging): + +* Implemented via types and provider instead of exec resource. +* Follows 302 redirect and propagate download failure. +* Optional checksum verification of archive files. +* Automatic dependency to parent directory. +* Support Windows file extraction via 7zip or PowerShell (Zip file only). +* Able to cleanup archive files after extraction. + +This module is compatible with [camptocamp/archive](https://forge.puppet.com/camptocamp/archive). +For this it provides compatibility shims. + +## Setup + +On Windows 7zip is required to extract all archives except zip files which will +be extracted with PowerShell if 7zip is not available (requires +`System.IO.Compression.FileSystem`/Windows 2012+). Windows clients can install +7zip via `include 'archive'`. On posix systems, curl is the default provider. +The default provider can be overwritten by configuring resource defaults in +site.pp: + +```puppet +Archive { + provider => 'ruby', +} +``` + +Users of the module are responsible for archive package dependencies, for +alternative providers and all extraction utilities such as tar, gunzip, bunzip: + +```puppet +if $facts['osfamily'] != 'windows' { + package { 'wget': + ensure => present, + } + + package { 'bunzip': + ensure => present, + } + + Archive { + provider => 'wget', + require => Package['wget', 'bunzip'], + } +} +``` + +## Usage + +Archive module dependencies are managed by the `archive` class. This is only +required on Windows. By default 7zip is installed via chocolatey, but +the MSI package can be installed instead: + +```puppet +class { 'archive': + seven_zip_name => '7-Zip 9.20 (x64 edition)', + seven_zip_source => 'C:/Windows/Temp/7z920-x64.msi', + seven_zip_provider => 'windows', +} +``` + +To automatically load archives as part of this class you can define the +`archives` parameter. + +```puppet +class { 'archive': + archives => { '/tmp/jta-1.1.jar' => { + 'ensure' => 'present', + 'source' => 'http://central.maven.org/maven2/javax/transaction/jta/1.1/jta-1.1.jar', + }, } +} +``` + +### Usage Example + +Simple example that downloads from web server: + +```puppet +archive { '/tmp/vagrant.deb': + ensure => present, + source => 'https://releases.hashicorp.com/vagrant/2.2.3/vagrant_2.2.3_x86_64.deb', + user => 0, + group => 0, +} +``` + +More complex example : + +```puppet +include 'archive' # NOTE: optional for posix platforms + +archive { '/tmp/jta-1.1.jar': + ensure => present, + extract => true, + extract_path => '/tmp', + source => 'http://central.maven.org/maven2/javax/transaction/jta/1.1/jta-1.1.jar', + checksum => '2ca09f0b36ca7d71b762e14ea2ff09d5eac57558', + checksum_type => 'sha1', + creates => '/tmp/javax', + cleanup => true, +} + +archive { '/tmp/test100k.db': + source => 'ftp://ftp.otenet.gr/test100k.db', + username => 'speedtest', + password => 'speedtest', +} +``` + +If you want to extract a `.tar.gz` file: + +```puppet +$install_path = '/opt/wso2' +$package_name = 'wso2esb' +$package_ensure = '4.9.0' +$repository_url = 'http://company.com/repository/wso2' +$archive_name = "${package_name}-${package_ensure}.tgz" +$wso2_package_source = "${repository_url}/${archive_name}" + +archive { $archive_name: + path => "/tmp/${archive_name}", + source => $wso2_package_source, + extract => true, + extract_path => $install_path, + creates => "${install_path}/${package_name}-${package_ensure}", + cleanup => true, + require => File['wso2_appdir'], +} +``` + +### Puppet URL + +Since march 2017, the Archive type also supports puppet URLs. Here is an example +of how to use this: + +```puppet + +archive { '/home/myuser/help': + source => 'puppet:///modules/profile/help.tar.gz', + extract => true, + extract_path => $homedir, + creates => "${homedir}/help" #directory inside tgz +} +``` + +### File permission + +When extracting files as non-root user, either ensure the target directory +exists with the appropriate permission (see [tomcat.pp](tests/tomcat.pp) for +full working example): + +```puppet +$dirname = 'apache-tomcat-9.0.0.M3' +$filename = "${dirname}.zip" +$install_path = "/opt/${dirname}" + +file { $install_path: + ensure => directory, + owner => 'tomcat', + group => 'tomcat', + mode => '0755', +} + +archive { $filename: + path => "/tmp/${filename}", + source => 'http://www-eu.apache.org/dist/tomcat/tomcat-9/v9.0.0.M3/bin/apache-tomcat-9.0.0.M3.zip', + checksum => 'f2aaf16f5e421b97513c502c03c117fab6569076', + checksum_type => 'sha1', + extract => true, + extract_path => '/opt', + creates => "${install_path}/bin", + cleanup => true, + user => 'tomcat', + group => 'tomcat', + require => File[$install_path], +} +``` + +or use an subscribing exec to chmod the directory afterwards: + +```puppet +$dirname = 'apache-tomcat-9.0.0.M3' +$filename = "${dirname}.zip" +$install_path = "/opt/${dirname}" + +file { '/opt/tomcat': + ensure => 'link', + target => $install_path +} + +archive { $filename: + path => "/tmp/${filename}", + source => "http://www-eu.apache.org/dist/tomcat/tomcat-9/v9.0.0.M3/bin/apache-tomcat-9.0.0.M3.zip", + checksum => 'f2aaf16f5e421b97513c502c03c117fab6569076', + checksum_type => 'sha1', + extract => true, + extract_path => '/opt', + creates => $install_path, + cleanup => 'true', + require => File[$install_path], +} + +exec { 'tomcat permission': + command => "chown tomcat:tomcat $install_path", + path => $path, + subscribe => Archive[$filename], +} +``` + +### Network files + +For large binary files that needs to be extracted locally, instead of copying +the file from the network fileshare, simply set the file path to be the same as +the source and archive will use the network file location: + +```puppet +archive { '/nfs/repo/software.zip': + source => '/nfs/repo/software.zip' + extract => true, + extract_path => '/opt', + checksum_type => 'none', # typically unecessary + cleanup => false, # keep the file on the server +} +``` + +### Extract Customization + +The `extract_flags` or `extract_command` parameters can be used to override the +default extraction command/flag (defaults are specified in +[achive.rb](lib/puppet_x/bodeco/archive.rb)). + +```puppet +# tar striping directories: +archive { '/var/lib/kafka/kafka_2.10-0.8.2.1.tgz': + ensure => present, + extract => true, + extract_command => 'tar xfz %s --strip-components=1', + extract_path => '/opt/kafka_2.10-0.8.2.1', + cleanup => true, + creates => '/opt/kafka_2.10-0.8.2.1/config', +} + +# zip freshen existing files (zip -of %s instead of zip -o %s): +archive { '/var/lib/example.zip': + extract => true, + extract_path => '/opt', + extract_flags => '-of', + cleanup => true, + subscribe => ..., +} +``` + +### S3 bucket + +S3 support is implemented via the [AWS CLI](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html). +On non-Windows systems, the `archive` class will install this dependency when +the `aws_cli_install` parameter is set to `true`: + +```puppet +class { 'archive': + aws_cli_install => true, +} + +# See AWS cli guide for credential and configuration settings: +# http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html +file { '/root/.aws/credentials': + ensure => file, + ... +} +file { '/root/.aws/config': + ensure => file, + ... +} + +archive { '/tmp/gravatar.png': + ensure => present, + source => 's3://bodecoio/gravatar.png', +} +``` + +NOTE: Alternative s3 provider support can be implemented by overriding the +[s3_download method](lib/puppet/provider/archive/ruby.rb): + +### GS bucket + +GSUtil support is implemented via the [GSUtil Package](https://cloud.google.com/storage/docs/gsutil). +On non-Windows systems, the `archive` class will install this dependency when +the `gsutil_install` parameter is set to `true`: + +```puppet +class { 'archive': + gsutil_install => true, +} + +# See Google Cloud SDK cli guide for credential and configuration settings: +# https://cloud.google.com/storage/docs/quickstart-gsutil + +archive { '/tmp/gravatar.png': + ensure => present, + source => 'gs://bodecoio/gravatar.png', +} +``` + +### Download customizations + +In some cases you may need custom flags for curl/wget/s3/gsutil which can be +supplied via `download_options`. Since this parameter is provider specific, +beware of the order of defaults: + +* s3:// files accepts aws cli options + + ```puppet + archive { '/tmp/gravatar.png': + ensure => present, + source => 's3://bodecoio/gravatar.png', + download_options => ['--region', 'eu-central-1'], + } + ``` + +* puppet `provider` override: + + ```puppet + archive { '/tmp/jta-1.1.jar': + ensure => present, + source => 'http://central.maven.org/maven2/javax/transaction/jta/1.1/jta-1.1.jar', + provider => 'wget', + download_options => '--continue', + } + ``` + +* Linux default provider is `curl`, and Windows default is `ruby` (no effect). + +This option can also be applied globally to address issues for specific OS: + +```puppet +if $facts['osfamily'] != 'RedHat' { + Archive { + download_options => '--tlsv1', + } +} +``` + +### Migrating from puppet-staging + +It is recommended to use puppet-archive instead of puppet-staging. +Users wishing to migrate may find the following examples useful. + +#### puppet-staging (without extraction) + +```puppet +class { 'staging': + path => '/tmp/staging', +} + +staging::file { 'master.zip': + source => 'https://github.com/voxpupuli/puppet-archive/archive/master.zip', +} +``` + +#### puppet-archive (without extraction) + +```puppet +archive { '/tmp/staging/master.zip': + source => 'https://github.com/voxpupuli/puppet-archive/archive/master.zip', +} +``` + +#### puppet-staging (with zip file extraction) + +```puppet +class { 'staging': + path => '/tmp/staging', +} + +staging::file { 'master.zip': + source => 'https://github.com/voxpupuli/puppet-archive/archive/master.zip', +} -> +staging::extract { 'master.zip': + target => '/tmp/staging/master.zip', + creates => '/tmp/staging/puppet-archive-master', +} +``` + +#### puppet-archive (with zip file extraction) + +```puppet +archive { '/tmp/staging/master.zip': + source => 'https://github.com/voxpupuli/puppet-archive/archive/master.zip', + extract => true, + extract_path => '/tmp/staging', + creates => '/tmp/staging/puppet-archive-master', + cleanup => false, +} +``` + +## Reference + +### Classes + +* `archive`: install 7zip package (Windows only) and aws cli or gsutil for s3/gs support. + It also permits passing an `archives` argument to generate `archive` resources. +* `archive::staging`: install package dependencies and creates staging directory + for backwards compatibility. Use the archive class instead if you do not need + the staging directory. + +### Define Resources + +* `archive::artifactory`: archive wrapper for [JFrog Artifactory](http://www.jfrog.com/open-source/#os-arti) + files with checksum. +* `archive::go`: archive wrapper for [GO Continuous Delivery](http://www.go.cd/) + files with checksum. +* `archive::nexus`: archive wrapper for [Sonatype Nexus](http://www.sonatype.org/nexus/) + files with checksum. +* `archive::download`: archive wrapper and compatibility shim for [camptocamp/archive](https://forge.puppet.com/camptocamp/archive). + This is considered private API, as it has to change with camptocamp/archive. + For this reason it will remain undocumented, and removed when no longer needed + . We suggest not using it directly. Instead please consider migrating to + archive itself where possible. + +### Resources + +#### Archive + +* `ensure`: whether archive file should be present/absent (default: present) +* `path`: namevar, archive file fully qualified file path. +* `filename`: archive file name (derived from path). +* `source`: archive file source, supports http|https|ftp|file|s3|gs uri. +* `username`: username to download source file. +* `password`: password to download source file. +* `allow_insecure`: Ignore HTTPS certificate errors (true|false). (default: false) +* `cookie`: archive file download cookie. +* `checksum_type`: archive file checksum type (none|md5|sha1|sha2|sha256|sha384| + sha512). (default: none) +* `checksum`: archive file checksum (match checksum_type) +* `checksum_url`: archive file checksum source (instead of specify checksum) +* `checksum_verify`: whether checksum will be verified (true|false). (default: true) +* `extract`: whether archive will be extracted after download (true|false). + (default: false) +* `extract_path`: target folder path to extract archive. +* `extract_command`: custom extraction command ('tar xvf example.tar.gz'), also + support sprintf format ('tar xvf %s') which will be processed with the filename: + sprintf('tar xvf %s', filename) +* `temp_dir`: Specify an alternative temporary directory to use for copying files, + if unset then the operating system default will be used. +* `extract_flags`: custom extraction options, this replaces the default flags. + A string such as 'xvf' for a tar file would replace the default xf flag. A + hash is useful when custom flags are needed for different platforms. {'tar' + => 'xzf', '7z' => 'x -aot'}. +* `user`: extract command user (using this option will configure the archive + file permission to 0644 so the user can read the file). +* `group`: extract command group (using this option will configure the archive + file permission to 0644 so the user can read the file). +* `cleanup`: whether archive file will be removed after extraction (true|false). + (default: true) +* `creates`: if file/directory exists, will not download/extract archive. +* `proxy_server`: specify a proxy server, with port number if needed. ie: + `https://example.com:8080`. +* `proxy_type`: proxy server type (none|http|https|ftp) + +#### Archive::Artifactory + +* `path`: fully qualified filepath for the download the file or use + archive_path and only supply filename. (namevar). +* `ensure`: ensure the file is present/absent. +* `url`: artifactory download url filepath. NOTE: replaces server, port, + url_path parameters. +* `server`: artifactory server name (deprecated). +* `port`: artifactory server port (deprecated). +* `url_path`: artifactory file path + `http:://{server}:{port}/artifactory/{url_path}` (deprecated). +* `owner`: file owner (see archive params for defaults). +* `group`: file group (see archive params for defaults). +* `mode`: file mode (see archive params for defaults). +* `archive_path`: the parent directory of local filepath. +* `extract`: whether to extract the files (true/false). +* `creates`: the file created when the archive is extracted (true/false). +* `cleanup`: remove archive file after file extraction (true/false). + +#### Archive::Artifactory Example + +```puppet +$dirname = 'gradle-1.0-milestone-4-20110723151213+0300' +$filename = "${dirname}-bin.zip" + +archive::artifactory { $filename: + archive_path => '/tmp', + url => "http://repo.jfrog.org/artifactory/distributions/org/gradle/${filename}", + extract => true, + extract_path => '/opt', + creates => "/opt/${dirname}", + cleanup => true, +} + +file { '/opt/gradle': + ensure => link, + target => "/opt/${dirname}", +} +``` + +#### Archive::Nexus + +#### Archive::Nexus Example + +```puppet +archive::nexus { '/tmp/jtstand-ui-0.98.jar': + url => 'https://oss.sonatype.org', + gav => 'org.codehaus.jtstand:jtstand-ui:0.98', + repository => 'codehaus-releases', + packaging => 'jar', + extract => false, +} +``` + +## Development + +We highly welcome new contributions to this module, especially those that +include documentation, and rspec tests ;) but will happily guide you through +the process, so, yes, please submit that pull request! + +Note: If you are writing a dependent module that include specs in it, you will +need to set the puppetversion fact in your puppet-rspec tests. You can do that +by adding it to the default facts of your spec/spec_helper.rb: + +```ruby +RSpec.configure do |c| + c.default_facts = { :puppetversion => Puppet.version } +end +```
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/REFERENCE.md Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,1191 @@ +# Reference + +<!-- DO NOT EDIT: This document was generated by Puppet Strings --> + +## Table of Contents + +### Classes + +#### Public Classes + +* [`archive`](#archive): Manages archive module's dependencies. +* [`archive::staging`](#archivestaging): Class: archive::staging ======================= backwards compatibility class for staging module. + +#### Private Classes + +* `archive::params`: OS specific `archive` settings such as default user and file mode. + +### Defined types + +* [`archive::artifactory`](#archiveartifactory): Define: archive::artifactory ============================ archive wrapper for downloading files from artifactory Parameters ---------- * p +* [`archive::download`](#archivedownload): == Definition: archive::download Archive downloader with integrity verification. Parameters: - *$url: - *$digest_url: - *$digest_string: D +* [`archive::go`](#archivego): download from go +* [`archive::nexus`](#archivenexus): define: archive::nexus ====================== archive wrapper for downloading files from Nexus using REST API. Nexus API: https://repository + +### Resource types + +* [`archive`](#archive): Manage archive file download, extraction, and cleanup. + +### Functions + +#### Public Functions + +* [`archive::artifactory_checksum`](#archiveartifactory_checksum): A function that returns the checksum value of an artifact stored in Artifactory +* [`archive::artifactory_latest_url`](#archiveartifactory_latest_url) +* [`archive::parse_artifactory_url`](#archiveparse_artifactory_url): A function to parse an Artifactory maven 2 repository URL + +#### Private Functions + +* `archive::assemble_nexus_url`: Assembles a complete nexus URL from the base url and query parameters +* `archive::go_md5`: Retrieves and returns specific file's md5 from GoCD server md5 checksum file + +## Classes + +### <a name="archive"></a>`archive` + +Manages archive module's dependencies. + +#### Examples + +##### On Windows, ensure 7zip is installed using the default `chocolatey` provider. + +```puppet +include archive +``` + +##### On Windows, install a 7zip MSI with the native `windows` package provider. + +```puppet +class { 'archive': + seven_zip_name => '7-Zip 9.20 (x64 edition)', + seven_zip_source => 'C:/Windows/Temp/7z920-x64.msi', + seven_zip_provider => 'windows', +} +``` + +##### Install the AWS CLI tool. (Not supported on Windows). + +```puppet +class { 'archive': + aws_cli_install => true, +} +``` + +##### Deploy a specific archive + +```puppet +class { 'archive': + archives => { '/tmp/jta-1.1.jar' => { + 'ensure' => 'present', + 'source' => 'http://central.maven.org/maven2/javax/transaction/jta/1.1/jta-1.1.jar', + }, } +} +``` + +#### Parameters + +The following parameters are available in the `archive` class: + +* [`seven_zip_name`](#seven_zip_name) +* [`seven_zip_provider`](#seven_zip_provider) +* [`seven_zip_source`](#seven_zip_source) +* [`aws_cli_install`](#aws_cli_install) +* [`gsutil_install`](#gsutil_install) +* [`archives`](#archives) + +##### <a name="seven_zip_name"></a>`seven_zip_name` + +Data type: `Optional[String[1]]` + +7zip package name. This parameter only applies to Windows. + +Default value: `$archive::params::seven_zip_name` + +##### <a name="seven_zip_provider"></a>`seven_zip_provider` + +Data type: `Optional[Enum['chocolatey','windows','']]` + +7zip package provider. This parameter only applies to Windows where it defaults to `chocolatey`. Can be set to an empty string, (or `undef` via hiera), if you don't want this module to manage 7zip. + +Default value: `$archive::params::seven_zip_provider` + +##### <a name="seven_zip_source"></a>`seven_zip_source` + +Data type: `Optional[String[1]]` + +Alternative package source for 7zip. This parameter only applies to Windows. + +Default value: ``undef`` + +##### <a name="aws_cli_install"></a>`aws_cli_install` + +Data type: `Boolean` + +Installs the AWS CLI command needed for downloading from S3 buckets. This parameter is currently not implemented on Windows. + +Default value: ``false`` + +##### <a name="gsutil_install"></a>`gsutil_install` + +Data type: `Boolean` + +Installs the GSUtil CLI command needed for downloading from GS buckets. This parameter is currently not implemented on Windows. + +Default value: ``false`` + +##### <a name="archives"></a>`archives` + +Data type: `Hash` + +A hash of archive resources this module should create. + +Default value: `{}` + +### <a name="archivestaging"></a>`archive::staging` + +Class: archive::staging +======================= + +backwards compatibility class for staging module. + +#### Parameters + +The following parameters are available in the `archive::staging` class: + +* [`path`](#path) +* [`owner`](#owner) +* [`group`](#group) +* [`mode`](#mode) + +##### <a name="path"></a>`path` + +Data type: `String` + + + +Default value: `$archive::params::path` + +##### <a name="owner"></a>`owner` + +Data type: `String` + + + +Default value: `$archive::params::owner` + +##### <a name="group"></a>`group` + +Data type: `String` + + + +Default value: `$archive::params::group` + +##### <a name="mode"></a>`mode` + +Data type: `String` + + + +Default value: `$archive::params::mode` + +## Defined types + +### <a name="archiveartifactory"></a>`archive::artifactory` + +Define: archive::artifactory +============================ + +archive wrapper for downloading files from artifactory + +Parameters +---------- + +* path: fully qualified filepath for the download the file or use archive_path and only supply filename. (namevar). +* ensure: ensure the file is present/absent. +* url: artifactory download URL. +* owner: file owner (see archive params for defaults). +* group: file group (see archive params for defaults). +* mode: file mode (see archive params for defaults). +* archive_path: the parent directory of local filepath. +* extract: whether to extract the files (true/false). +* creates: the file created when the archive is extracted (true/false). +* cleanup: remove archive file after file extraction (true/false). + +Examples +-------- + +archive::artifactory { '/tmp/logo.png': + url => 'https://repo.jfrog.org/artifactory/distributions/images/Artifactory_120x75.png', + owner => 'root', + group => 'root', + mode => '0644', +} + +$dirname = 'gradle-1.0-milestone-4-20110723151213+0300' +$filename = "${dirname}-bin.zip" + +archive::artifactory { $filename: + archive_path => '/tmp', + url => "http://repo.jfrog.org/artifactory/distributions/org/gradle/${filename}", + extract => true, + extract_path => '/opt', + creates => "/opt/${dirname}", + cleanup => true, +} + +#### Parameters + +The following parameters are available in the `archive::artifactory` defined type: + +* [`url`](#url) +* [`path`](#path) +* [`ensure`](#ensure) +* [`owner`](#owner) +* [`group`](#group) +* [`mode`](#mode) +* [`extract`](#extract) +* [`extract_path`](#extract_path) +* [`creates`](#creates) +* [`cleanup`](#cleanup) +* [`username`](#username) +* [`password`](#password) +* [`archive_path`](#archive_path) + +##### <a name="url"></a>`url` + +Data type: `Stdlib::HTTPUrl` + + + +##### <a name="path"></a>`path` + +Data type: `String` + + + +Default value: `$name` + +##### <a name="ensure"></a>`ensure` + +Data type: `Enum['present', 'absent']` + + + +Default value: `present` + +##### <a name="owner"></a>`owner` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="group"></a>`group` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="mode"></a>`mode` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="extract"></a>`extract` + +Data type: `Optional[Boolean]` + + + +Default value: ``undef`` + +##### <a name="extract_path"></a>`extract_path` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="creates"></a>`creates` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="cleanup"></a>`cleanup` + +Data type: `Optional[Boolean]` + + + +Default value: ``undef`` + +##### <a name="username"></a>`username` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="password"></a>`password` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="archive_path"></a>`archive_path` + +Data type: `Optional[Stdlib::Absolutepath]` + + + +Default value: ``undef`` + +### <a name="archivedownload"></a>`archive::download` + +== Definition: archive::download + +Archive downloader with integrity verification. + +Parameters: + +- *$url: +- *$digest_url: +- *$digest_string: Default value undef +- *$digest_type: Default value "md5". +- *$timeout: Default value 120. (ignored) +- *$src_target: Default value "/usr/src". +- *$allow_insecure: Default value false. +- *$follow_redirects: Default value false. +- *$verbose: Default value true. +- *$proxy_server: Default value undef. +- *$user: The user used to download the archive + +Example usage: + + archive::download {"apache-tomcat-6.0.26.tar.gz": + ensure => present, + url => "http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.26/bin/apache-tomcat-6.0.26.tar.gz", + } + + archive::download {"apache-tomcat-6.0.26.tar.gz": + ensure => present, + digest_string => "f9eafa9bfd620324d1270ae8f09a8c89", + url => "http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.26/bin/apache-tomcat-6.0.26.tar.gz", + } + +#### Parameters + +The following parameters are available in the `archive::download` defined type: + +* [`url`](#url) +* [`ensure`](#ensure) +* [`checksum`](#checksum) +* [`digest_url`](#digest_url) +* [`digest_string`](#digest_string) +* [`digest_type`](#digest_type) +* [`timeout`](#timeout) +* [`src_target`](#src_target) +* [`allow_insecure`](#allow_insecure) +* [`follow_redirects`](#follow_redirects) +* [`verbose`](#verbose) +* [`path`](#path) +* [`proxy_server`](#proxy_server) +* [`user`](#user) + +##### <a name="url"></a>`url` + +Data type: `String` + + + +##### <a name="ensure"></a>`ensure` + +Data type: `Enum['present', 'absent']` + + + +Default value: `present` + +##### <a name="checksum"></a>`checksum` + +Data type: `Boolean` + + + +Default value: ``true`` + +##### <a name="digest_url"></a>`digest_url` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="digest_string"></a>`digest_string` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="digest_type"></a>`digest_type` + +Data type: `Enum['none', 'md5', 'sha1', 'sha2','sha256', 'sha384', 'sha512']` + + + +Default value: `'md5'` + +##### <a name="timeout"></a>`timeout` + +Data type: `Integer` + + + +Default value: `120` + +##### <a name="src_target"></a>`src_target` + +Data type: `Stdlib::Compat::Absolute_path` + + + +Default value: `'/usr/src'` + +##### <a name="allow_insecure"></a>`allow_insecure` + +Data type: `Boolean` + + + +Default value: ``false`` + +##### <a name="follow_redirects"></a>`follow_redirects` + +Data type: `Boolean` + + + +Default value: ``false`` + +##### <a name="verbose"></a>`verbose` + +Data type: `Boolean` + + + +Default value: ``true`` + +##### <a name="path"></a>`path` + +Data type: `String` + + + +Default value: `$facts['path']` + +##### <a name="proxy_server"></a>`proxy_server` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="user"></a>`user` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +### <a name="archivego"></a>`archive::go` + +download from go + +#### Parameters + +The following parameters are available in the `archive::go` defined type: + +* [`server`](#server) +* [`port`](#port) +* [`url_path`](#url_path) +* [`md5_url_path`](#md5_url_path) +* [`username`](#username) +* [`password`](#password) +* [`ensure`](#ensure) +* [`path`](#path) +* [`owner`](#owner) +* [`group`](#group) +* [`mode`](#mode) +* [`extract`](#extract) +* [`extract_path`](#extract_path) +* [`creates`](#creates) +* [`cleanup`](#cleanup) +* [`archive_path`](#archive_path) + +##### <a name="server"></a>`server` + +Data type: `String` + + + +##### <a name="port"></a>`port` + +Data type: `Integer` + + + +##### <a name="url_path"></a>`url_path` + +Data type: `String` + + + +##### <a name="md5_url_path"></a>`md5_url_path` + +Data type: `String` + + + +##### <a name="username"></a>`username` + +Data type: `String` + + + +##### <a name="password"></a>`password` + +Data type: `String` + + + +##### <a name="ensure"></a>`ensure` + +Data type: `Enum['present', 'absent']` + + + +Default value: `present` + +##### <a name="path"></a>`path` + +Data type: `String` + + + +Default value: `$name` + +##### <a name="owner"></a>`owner` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="group"></a>`group` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="mode"></a>`mode` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="extract"></a>`extract` + +Data type: `Optional[Boolean]` + + + +Default value: ``undef`` + +##### <a name="extract_path"></a>`extract_path` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="creates"></a>`creates` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="cleanup"></a>`cleanup` + +Data type: `Optional[Boolean]` + + + +Default value: ``undef`` + +##### <a name="archive_path"></a>`archive_path` + +Data type: `Optional[Stdlib::Compat::Absolute_path]` + + + +Default value: ``undef`` + +### <a name="archivenexus"></a>`archive::nexus` + +define: archive::nexus +====================== + +archive wrapper for downloading files from Nexus using REST API. Nexus API: +https://repository.sonatype.org/nexus-restlet1x-plugin/default/docs/path__artifact_maven_content.html + +Parameters +---------- + +Examples +-------- + +archive::nexus { '/tmp/jtstand-ui-0.98.jar': + url => 'https://oss.sonatype.org', + gav => 'org.codehaus.jtstand:jtstand-ui:0.98', + repository => 'codehaus-releases', + packaging => 'jar', + extract => false, +} + +#### Parameters + +The following parameters are available in the `archive::nexus` defined type: + +* [`url`](#url) +* [`gav`](#gav) +* [`repository`](#repository) +* [`ensure`](#ensure) +* [`checksum_type`](#checksum_type) +* [`checksum_verify`](#checksum_verify) +* [`packaging`](#packaging) +* [`use_nexus3_urls`](#use_nexus3_urls) +* [`classifier`](#classifier) +* [`extension`](#extension) +* [`username`](#username) +* [`password`](#password) +* [`user`](#user) +* [`owner`](#owner) +* [`group`](#group) +* [`mode`](#mode) +* [`extract`](#extract) +* [`extract_path`](#extract_path) +* [`extract_flags`](#extract_flags) +* [`extract_command`](#extract_command) +* [`creates`](#creates) +* [`cleanup`](#cleanup) +* [`proxy_server`](#proxy_server) +* [`proxy_type`](#proxy_type) +* [`allow_insecure`](#allow_insecure) +* [`temp_dir`](#temp_dir) + +##### <a name="url"></a>`url` + +Data type: `String` + + + +##### <a name="gav"></a>`gav` + +Data type: `String` + + + +##### <a name="repository"></a>`repository` + +Data type: `String` + + + +##### <a name="ensure"></a>`ensure` + +Data type: `Enum['present', 'absent']` + + + +Default value: `present` + +##### <a name="checksum_type"></a>`checksum_type` + +Data type: `Enum['none', 'md5', 'sha1', 'sha2','sha256', 'sha384', 'sha512']` + + + +Default value: `'md5'` + +##### <a name="checksum_verify"></a>`checksum_verify` + +Data type: `Boolean` + + + +Default value: ``true`` + +##### <a name="packaging"></a>`packaging` + +Data type: `String` + + + +Default value: `'jar'` + +##### <a name="use_nexus3_urls"></a>`use_nexus3_urls` + +Data type: `Boolean` + + + +Default value: ``false`` + +##### <a name="classifier"></a>`classifier` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="extension"></a>`extension` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="username"></a>`username` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="password"></a>`password` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="user"></a>`user` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="owner"></a>`owner` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="group"></a>`group` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="mode"></a>`mode` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="extract"></a>`extract` + +Data type: `Optional[Boolean]` + + + +Default value: ``undef`` + +##### <a name="extract_path"></a>`extract_path` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="extract_flags"></a>`extract_flags` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="extract_command"></a>`extract_command` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="creates"></a>`creates` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="cleanup"></a>`cleanup` + +Data type: `Optional[Boolean]` + + + +Default value: ``undef`` + +##### <a name="proxy_server"></a>`proxy_server` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="proxy_type"></a>`proxy_type` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="allow_insecure"></a>`allow_insecure` + +Data type: `Optional[Boolean]` + + + +Default value: ``undef`` + +##### <a name="temp_dir"></a>`temp_dir` + +Data type: `Optional[Stdlib::Absolutepath]` + + + +Default value: ``undef`` + +## Resource types + +### <a name="archive"></a>`archive` + +Manage archive file download, extraction, and cleanup. + +#### Properties + +The following properties are available in the `archive` type. + +##### `creates` + +if file/directory exists, will not download/extract archive. + +##### `ensure` + +Valid values: `present`, `absent` + +whether archive file should be present/absent (default: present) + +Default value: `present` + +#### Parameters + +The following parameters are available in the `archive` type. + +* [`allow_insecure`](#allow_insecure) +* [`checksum`](#checksum) +* [`checksum_type`](#checksum_type) +* [`checksum_url`](#checksum_url) +* [`checksum_verify`](#checksum_verify) +* [`cleanup`](#cleanup) +* [`cookie`](#cookie) +* [`digest_string`](#digest_string) +* [`digest_type`](#digest_type) +* [`digest_url`](#digest_url) +* [`download_options`](#download_options) +* [`extract`](#extract) +* [`extract_command`](#extract_command) +* [`extract_flags`](#extract_flags) +* [`extract_path`](#extract_path) +* [`filename`](#filename) +* [`group`](#group) +* [`password`](#password) +* [`path`](#path) +* [`provider`](#provider) +* [`proxy_server`](#proxy_server) +* [`proxy_type`](#proxy_type) +* [`source`](#source) +* [`target`](#target) +* [`temp_dir`](#temp_dir) +* [`url`](#url) +* [`user`](#user) +* [`username`](#username) + +##### <a name="allow_insecure"></a>`allow_insecure` + +Valid values: ``true``, ``false``, `yes`, `no` + +ignore HTTPS certificate errors + +Default value: ``false`` + +##### <a name="checksum"></a>`checksum` + +Valid values: `%r{\b[0-9a-f]{5,128}\b}`, ``true``, ``false``, ``undef``, `nil`, `''` + +archive file checksum (match checksum_type). + +##### <a name="checksum_type"></a>`checksum_type` + +Valid values: `none`, `md5`, `sha1`, `sha2`, `sha256`, `sha384`, `sha512` + +archive file checksum type (none|md5|sha1|sha2|sha256|sha384|sha512). + +Default value: `none` + +##### <a name="checksum_url"></a>`checksum_url` + +archive file checksum source (instead of specifying checksum) + +##### <a name="checksum_verify"></a>`checksum_verify` + +Valid values: ``true``, ``false`` + +whether checksum wil be verified (true|false). + +Default value: ``true`` + +##### <a name="cleanup"></a>`cleanup` + +Valid values: ``true``, ``false`` + +whether archive file will be removed after extraction (true|false). + +Default value: ``true`` + +##### <a name="cookie"></a>`cookie` + +archive file download cookie. + +##### <a name="digest_string"></a>`digest_string` + +Valid values: `%r{\b[0-9a-f]{5,128}\b}` + +archive file checksum (match checksum_type) +(this parameter is for camptocamp/archive compatibility). + +##### <a name="digest_type"></a>`digest_type` + +Valid values: `none`, `md5`, `sha1`, `sha2`, `sha256`, `sha384`, `sha512` + +archive file checksum type (none|md5|sha1|sha2|sha256|sha384|sha512) +(this parameter is camptocamp/archive compatibility). + +##### <a name="digest_url"></a>`digest_url` + +archive file checksum source (instead of specifying checksum) +(this parameter is for camptocamp/archive compatibility) + +##### <a name="download_options"></a>`download_options` + +provider download options (affects curl, wget, gs, and only s3 downloads for ruby provider) + +##### <a name="extract"></a>`extract` + +Valid values: ``true``, ``false`` + +whether archive will be extracted after download (true|false). + +Default value: ``false`` + +##### <a name="extract_command"></a>`extract_command` + +custom extraction command ('tar xvf example.tar.gz'), also support sprintf format ('tar xvf %s') which will be processed +with the filename: sprintf('tar xvf %s', filename) + +##### <a name="extract_flags"></a>`extract_flags` + +custom extraction options, this replaces the default flags. A string such as 'xvf' for a tar file would replace the +default xf flag. A hash is useful when custom flags are needed for different platforms. {'tar' => 'xzf', '7z' => 'x +-aot'}. + +Default value: ``undef`` + +##### <a name="extract_path"></a>`extract_path` + +target folder path to extract archive. + +##### <a name="filename"></a>`filename` + +archive file name (derived from path). + +##### <a name="group"></a>`group` + +extract command group (using this option will configure the archive file permisison to 0644 so the user can read the +file). + +##### <a name="password"></a>`password` + +password to download source file. + +##### <a name="path"></a>`path` + +namevar, archive file fully qualified file path. + +##### <a name="provider"></a>`provider` + +The specific backend to use for this `archive` resource. You will seldom need to specify this --- Puppet will usually +discover the appropriate provider for your platform. + +##### <a name="proxy_server"></a>`proxy_server` + +proxy address to use when accessing source + +##### <a name="proxy_type"></a>`proxy_type` + +Valid values: `none`, `ftp`, `http`, `https` + +proxy type (none|ftp|http|https) + +##### <a name="source"></a>`source` + +archive file source, supports puppet|http|https|ftp|file|s3|gs uri. + +##### <a name="target"></a>`target` + +target folder path to extract archive. (this parameter is for camptocamp/archive compatibility) + +##### <a name="temp_dir"></a>`temp_dir` + +Specify an alternative temporary directory to use for copying files, if unset then the operating system default will be +used. + +##### <a name="url"></a>`url` + +archive file source, supports http|https|ftp|file uri. +(for camptocamp/archive compatibility) + +##### <a name="user"></a>`user` + +extract command user (using this option will configure the archive file permission to 0644 so the user can read the +file). + +##### <a name="username"></a>`username` + +username to download source file. + +## Functions + +### <a name="archiveartifactory_checksum"></a>`archive::artifactory_checksum` + +Type: Ruby 4.x API + +A function that returns the checksum value of an artifact stored in Artifactory + +#### `archive::artifactory_checksum(Stdlib::HTTPUrl $url, Optional[Enum['sha1','sha256','md5']] $checksum_type)` + +The archive::artifactory_checksum function. + +Returns: `String` Returns the checksum. + +##### `url` + +Data type: `Stdlib::HTTPUrl` + +The URL of the artifact. + +##### `checksum_type` + +Data type: `Optional[Enum['sha1','sha256','md5']]` + +The checksum type. +Note the function will raise an error if you ask for sha256 but your artifactory instance doesn't have the sha256 value calculated. + +### <a name="archiveartifactory_latest_url"></a>`archive::artifactory_latest_url` + +Type: Ruby 4.x API + +The archive::artifactory_latest_url function. + +#### `archive::artifactory_latest_url(Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl] $url, Hash $maven_data)` + +The archive::artifactory_latest_url function. + +Returns: `Any` + +##### `url` + +Data type: `Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]` + + + +##### `maven_data` + +Data type: `Hash` + + + +### <a name="archiveparse_artifactory_url"></a>`archive::parse_artifactory_url` + +Type: Ruby 4.x API + +A function to parse an Artifactory maven 2 repository URL + +#### `archive::parse_artifactory_url(Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl] $url)` + +A function to parse an Artifactory maven 2 repository URL + +Returns: `Any` + +##### `url` + +Data type: `Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]` + + +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/examples/archive.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,14 @@ +include 'archive' + +archive { '/tmp/jta-1.1.jar': + ensure => present, + extract => true, + extract_path => '/tmp', + source => 'http://central.maven.org/maven2/javax/transaction/jta/1.1/jta-1.1.jar', + checksum => '2ca09f0b36ca7d71b762e14ea2ff09d5eac57558', + checksum_type => 'sha1', + creates => '/tmp/javax', + cleanup => true, + user => 'vagrant', + group => 'vagrant', +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/examples/artifactory.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,25 @@ +notice(artifactory_sha1('http://bit.ly/1Tfk4vQ')) + +archive::artifactory { '/tmp/logo.png': + url => 'https://repo.jfrog.org/artifactory/distributions/images/Artifactory_120x75.png', + owner => 'root', + group => 'root', + mode => '0644', +} + +$dirname = 'gradle-1.0-milestone-4-20110723151213+0300' +$filename = "${dirname}-bin.zip" + +archive::artifactory { $filename: + archive_path => '/tmp', + url => "http://repo.jfrog.org/artifactory/distributions/org/gradle/${filename}", + extract => true, + extract_path => '/opt', + creates => "/opt/${dirname}", + cleanup => true, +} + +file { '/opt/gradle': + ensure => link, + target => "/opt/${dirname}", +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/examples/bad_source.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,4 @@ +archive { '/tmp/jta-1.1.jar': + ensure => present, + source => $bad_variable, +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/examples/cookie.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,5 @@ +archive { '/tmp/jdk-7u80-linux-x64.tar.gz': + source => 'http://download.oracle.com/otn-pub/java/jdk/7u80-b15/jdk-7u80-linux-x64.tar.gz', + cookie => 'oraclelicense=accept-securebackup-cookie', + provider => 'wget', +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/examples/duplicate.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,26 @@ +$source_file = '/tmp/source' + +file { $source_file: + ensure => file, + content => 'this is a test', +} + +file { ['/tmp/result1', '/tmp/result2']: + ensure => directory, +} + +archive { '/tmp/result1/result': + ensure => present, + name => '/tmp/result1/result', + source => "file://${source_file}", + extract => false, + require => File[$source_file], +} + +archive { '/tmp/result2/result': + ensure => present, + name => '/tmp/result2/result', + source => "file://${source_file}", + extract => false, + require => File[$source_file], +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/examples/ftp.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,7 @@ +include 'archive' + +archive { '/tmp/test100k.db': + source => 'ftp://ftp.otenet.gr/test100k.db', + username => 'speedtest', + password => 'speedtest', +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/examples/gs.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,8 @@ +class { 'archive': + gsutil_install => true, +} + +archive { '/tmp/gravatar.png': + ensure => present, + source => 'gs://bodecoio/gravatar.png', +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/examples/java.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,6 @@ +include archive + +archive { '/tmp/jre-8u71': + source => 'http://download.oracle.com/otn-pub/java/jdk/7u71-b14/jre-7u71-windows-x64.exe', + cookie => 'oraclelicense=accept-securebackup-cookie', +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/examples/large_file.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,7 @@ +archive { '/tmp/CentOS-7.iso': + ensure => 'present', + source => 'http://mirrors.prometeus.net/centos/7/isos/x86_64/CentOS-7-x86_64-DVD-1511.iso', + checksum => '4c6c65b5a70a1142dadb3c65238e9e97253c0d3a', + checksum_type => 'sha1', + provider => ruby, +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/examples/local.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,14 @@ +include archive + +archive { '/tmp/test.zip': + source => 'file:///vagrant/files/test.zip', +} + +archive { '/tmp/test2.zip': + source => '/vagrant/files/test.zip', +} + +# NOTE: expected to fail +archive { '/tmp/test3.zip': + source => '/vagrant/files/invalid.zip', +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/examples/nexus.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,7 @@ +archive::nexus { '/tmp/jtstand-ui-0.98.jar': + url => 'https://oss.sonatype.org', + gav => 'org.codehaus.jtstand:jtstand-ui:0.98', + repository => 'codehaus-releases', + packaging => 'jar', + extract => false, +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/examples/remote_checksum.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,10 @@ +include 'archive' + +archive { '/tmp/hawtio-web-1.4.36.jar': + ensure => present, + extract => false, + extract_path => '/tmp', + source => 'https://oss.sonatype.org/service/local/artifact/maven/content?g=io.hawt&a=hawtio-web&v=1.4.36&p=war&r=releases', + checksum_url => 'https://oss.sonatype.org/service/local/artifact/maven/content?g=io.hawt&a=hawtio-web&v=1.4.36&p=war.md5&r=releases', + checksum_type => 'md5', +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/examples/ruby.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,13 @@ +archive { '/tmp/bernie_301': + ensure => present, + source => 'https://berniesanders.com/for/president', + provider => ruby, +} + +archive { '/tmp/auth': + ensure => present, + source => 'http://test.webdav.org/auth-basic/', + username => 'user1', + password => 'user1', + provider => ruby, +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/examples/s3.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,8 @@ +class { 'archive': + aws_cli_install => true, +} + +archive { '/tmp/gravatar.png': + ensure => present, + source => 's3://bodecoio/gravatar.png', +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/examples/tomcat.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,38 @@ +$dirname = 'apache-tomcat-9.0.0.M3' +$filename = "${dirname}.zip" +$install_path = "/opt/${dirname}" + +user { 'tomcat': + ensure => present, + gid => 'tomcat', +} + +group { 'tomcat': + ensure => present, +} + +file { '/opt/tomcat': + ensure => 'link', + target => $install_path, +} + +file { $install_path: + ensure => directory, + owner => 'tomcat', + group => 'tomcat', + mode => '0755', +} + +archive { $filename: + path => "/tmp/${filename}", + source => 'http://www-eu.apache.org/dist/tomcat/tomcat-9/v9.0.0.M3/bin/apache-tomcat-9.0.0.M3.zip', + checksum => 'f2aaf16f5e421b97513c502c03c117fab6569076', + checksum_type => 'sha1', + extract => true, + extract_path => '/opt', + creates => "${install_path}/bin", + cleanup => true, + user => 'tomcat', + group => 'tomcat', + require => File[$install_path], +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/lib/facter/archive_windir.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,11 @@ +Facter.add(:archive_windir) do + confine :osfamily => :windows # rubocop:disable Style/HashSyntax + setcode do + program_data = `echo %SYSTEMDRIVE%\\ProgramData`.chomp + if File.directory? program_data + "#{program_data}\\staging" + else + 'C:\\staging' + end + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/lib/puppet/functions/archive/artifactory_checksum.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,26 @@ +require 'json' +require_relative '../../../puppet_x/bodeco/util.rb' + +Puppet::Functions.create_function(:'archive::artifactory_checksum') do + # @summary A function that returns the checksum value of an artifact stored in Artifactory + # @param url The URL of the artifact. + # @param checksum_type The checksum type. + # Note the function will raise an error if you ask for sha256 but your artifactory instance doesn't have the sha256 value calculated. + # @return [String] Returns the checksum. + dispatch :artifactory_checksum do + param 'Stdlib::HTTPUrl', :url + optional_param "Enum['sha1','sha256','md5']", :checksum_type + return_type 'String' + end + + def artifactory_checksum(url, checksum_type = 'sha1') + uri = URI(url.sub('/artifactory/', '/artifactory/api/storage/')) + + response = PuppetX::Bodeco::Util.content(uri) + content = JSON.parse(response) + + checksum = content['checksums'] && content['checksums'][checksum_type] + raise("Could not parse #{checksum_type} from url: #{uri}\nresponse: #{response.body}") unless checksum =~ %r{\b[0-9a-f]{5,64}\b} + checksum + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/lib/puppet/functions/archive/artifactory_latest_url.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,45 @@ +require 'json' +require_relative '../../../puppet_x/bodeco/util.rb' + +Puppet::Functions.create_function(:'archive::artifactory_latest_url') do + dispatch :artifactory_latest_url do + param 'Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]', :url + param 'Hash', :maven_data + end + + def artifactory_latest_url(url, maven_data) + # Turn provided artifactory URL into the fileinfo API endpoint of the parent directory + uri = URI(url.sub('/artifactory/', '/artifactory/api/storage/')[%r{^(.*)/.*$}, 1]) + + response = PuppetX::Bodeco::Util.content(uri) + content = JSON.parse(response) + + uris = if maven_data['classifier'] + content['children'].select do |child| + child['uri'] =~ %r{^/#{maven_data['module']}-#{maven_data['base_rev']}-(SNAPSHOT|(?:(?:[0-9]{8}.[0-9]{6})-(?:[0-9]+)))-#{maven_data['classifier']}\.#{maven_data['ext']}$} && !child['folder'] + end + else + content['children'].select do |child| + child['uri'] =~ %r{^/#{maven_data['module']}-#{maven_data['base_rev']}-(SNAPSHOT|(?:(?:[0-9]{8}.[0-9]{6})-(?:[0-9]+)))\.#{maven_data['ext']}$} && !child['folder'] + end + end + + raise("Couldn't find any Artifactory artifacts") if uris.empty? + + latest = uris.sort_by { |x| x['uri'] }.last['uri'] + Puppet.debug("Latest artifact found for #{url} was #{latest}") + + # Now GET the fileinfo endpoint of the resolved latest version file + uri = URI("#{content['uri']}#{latest}") + response = PuppetX::Bodeco::Util.content(uri) + content = JSON.parse(response) + + url = content['downloadUri'] + sha1 = content['checksums'] && content['checksums']['sha1'] + + { + 'url' => url, + 'sha1' => sha1 + } + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/lib/puppet/functions/archive/assemble_nexus_url.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,27 @@ +require 'cgi' + +# @summary +# Assembles a complete nexus URL from the base url and query parameters +# @api private +Puppet::Functions.create_function(:'archive::assemble_nexus_url') do + # @param nexus_url + # The base nexus URL + # @param params + # The query parameters as a hash + # + # @return [Stdlib::HTTPUrl] + # The assembled URL + dispatch :default_impl do + param 'Stdlib::HTTPUrl', :nexus_url + param 'Hash', :params + return_type 'Stdlib::HTTPUrl' + end + + def default_impl(nexus_url, params) + service_relative_url = 'service/local/artifact/maven/content' + + query_string = params.to_a.map { |x| "#{x[0]}=#{CGI.escape(x[1])}" }.join('&') + + "#{nexus_url}/#{service_relative_url}?#{query_string}" + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/lib/puppet/functions/archive/go_md5.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,36 @@ +require_relative '../../../puppet_x/bodeco/util.rb' + +# @summary +# Retrieves and returns specific file's md5 from GoCD server md5 checksum file +# @api private +# @see http://www.thoughtworks.com/products/docs/go/12.4/help/Artifacts_API.html +Puppet::Functions.create_function(:'archive::go_md5') do + # @param username + # GoCD username + # @param password + # GoCD password + # @param file + # GoCD filename + # @param url + # The GoCD MD5 checkum URL + # @return [String] + # The MD5 string + dispatch :default_impl do + param 'String', :username + param 'String', :password + param 'String[1]', :file + param 'Stdlib::HTTPUrl', :url + return_type 'String' + end + + def default_impl(username, password, file, url) + uri = URI(url) + response = PuppetX::Bodeco::Util.content(uri, username: username, password: password) + + checksums = response.split("\n") + line = checksums.find { |x| x =~ %r{#{file}=} } + md5 = line.match(%r{\b[0-9a-f]{5,40}\b}) unless line.nil? + raise("Could not parse md5 from url #{url} response: #{response}") unless md5 + md5[0] + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/lib/puppet/functions/archive/parse_artifactory_url.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,30 @@ +# A function to parse an Artifactory maven 2 repository URL +Puppet::Functions.create_function(:'archive::parse_artifactory_url') do + dispatch :parse_artifactory_url do + param 'Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]', :url + end + + def parse_artifactory_url(url) + # Regex is for the 'maven-2-default Repository Layout' + matchdata = url.match(%r{ + (?<base_url>.*/artifactory) + / + (?<repository>[^/]+) + / + (?<org_path>.+?) + / + (?<module>[^/]+) + / + (?<base_rev>[^/]+?) + (?:-(?<folder_iteg_rev>SNAPSHOT))? + / + \k<module>-\k<base_rev> + (?:-(?<file_iteg_rev>SNAPSHOT|(?:(?:[0-9]{8}.[0-9]{6})-(?:[0-9]+))))? + (?:-(?<classifier>[^/]+?))? + \. + (?<ext>(?:(?!\d))[^\-/]+|7z) + }x) + return nil unless matchdata + Hash[matchdata.names.zip(matchdata.captures)] + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/lib/puppet/provider/archive/curl.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,76 @@ +require 'uri' +require 'tempfile' + +Puppet::Type.type(:archive).provide(:curl, parent: :ruby) do + commands curl: 'curl' + defaultfor feature: :posix + + def curl_params(params) + if resource[:username] + if resource[:username] =~ %r{\s} || resource[:password] =~ %r{\s} + Puppet.warning('Username or password contains a space. Unable to use netrc file to hide credentials') + account = [resource[:username], resource[:password]].compact.join(':') + params += optional_switch(account, ['--user', '%s']) + else + create_netrcfile + params += ['--netrc-file', @netrc_file.path] + end + end + params += optional_switch(resource[:proxy_server], ['--proxy', '%s']) + params += ['--insecure'] if resource[:allow_insecure] + params += resource[:download_options] if resource[:download_options] + params += optional_switch(resource[:cookie], ['--cookie', '%s']) + + params + end + + def create_netrcfile + @netrc_file = Tempfile.new('.puppet_archive_curl') + machine = URI.parse(resource[:source]).host + @netrc_file.write("machine #{machine}\nlogin #{resource[:username]}\npassword #{resource[:password]}\n") + @netrc_file.close + end + + def delete_netrcfile + return if @netrc_file.nil? + + @netrc_file.unlink + @netrc_file = nil + end + + def download(filepath) + params = curl_params( + [ + resource[:source], + '-o', + filepath, + '-fsSLg', + '--max-redirs', + 5 + ] + ) + + begin + curl(params) + ensure + delete_netrcfile + end + end + + def remote_checksum + params = curl_params( + [ + resource[:checksum_url], + '-fsSLg', + '--max-redirs', + 5 + ] + ) + + begin + curl(params)[%r{\b[\da-f]{32,128}\b}i] + ensure + delete_netrcfile + end + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/lib/puppet/provider/archive/ruby.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,262 @@ +begin + require 'puppet_x/bodeco/archive' + require 'puppet_x/bodeco/util' +rescue LoadError + require 'pathname' # WORK_AROUND #14073 and #7788 + archive = Puppet::Module.find('archive', Puppet[:environment].to_s) + raise(LoadError, "Unable to find archive module in modulepath #{Puppet[:basemodulepath] || Puppet[:modulepath]}") unless archive + require File.join archive.path, 'lib/puppet_x/bodeco/archive' + require File.join archive.path, 'lib/puppet_x/bodeco/util' +end + +require 'securerandom' +require 'tempfile' + +# This provider implements a simple state-machine. The following attempts to # +# document it. In general, `def adjective?` implements a [state], while `def +# verb` implements an {action}. +# Some states are more complex, as they might depend on other states, or trigger +# actions. Since this implements an ad-hoc state-machine, many actions or states +# have to guard themselves against being called out of order. +# +# [exists?] +# | +# v +# [extracted?] -> no -> [checksum?] +# | +# v +# yes +# | +# v +# [path.exists?] -> no -> {cleanup} +# | | | +# v v v +# [checksum?] yes. [extracted?] && [cleanup?] +# | +# v +# {destroy} +# +# Now, with [exists?] defined, we can define [ensure] +# But that's just part of the standard puppet provider state-machine: +# +# [ensure] -> absent -> [exists?] -> no. +# | | +# v v +# present yes +# | | +# v v +# [exists?] {destroy} +# | +# v +# {create} +# +# Here's how we would extend archive for an `ensure => latest`: +# +# [exists?] -> no -> {create} +# | +# v +# yes +# | +# v +# [ttl?] -> expired -> {destroy} -> {create} +# | +# v +# valid. +# + +Puppet::Type.type(:archive).provide(:ruby) do + optional_commands aws: 'aws' + optional_commands gsutil: 'gsutil' + defaultfor feature: :microsoft_windows + attr_reader :archive_checksum + + def exists? + return checksum? unless extracted? + return checksum? if File.exist? archive_filepath + cleanup + true + end + + def create + transfer_download(archive_filepath) unless checksum? + extract + cleanup + end + + def destroy + FileUtils.rm_f(archive_filepath) if File.exist?(archive_filepath) + end + + def archive_filepath + resource[:path] + end + + def tempfile_name + if resource[:checksum] == 'none' + "#{resource[:filename]}_#{SecureRandom.base64}" + else + "#{resource[:filename]}_#{resource[:checksum]}" + end + end + + def creates + if resource[:extract] == :true + extracted? ? resource[:creates] : 'archive not extracted' + else + resource[:creates] + end + end + + def creates=(_value) + extract + end + + def checksum + resource[:checksum] || (resource[:checksum] = remote_checksum if resource[:checksum_url]) + end + + def remote_checksum + PuppetX::Bodeco::Util.content( + resource[:checksum_url], + username: resource[:username], + password: resource[:password], + cookie: resource[:cookie], + proxy_server: resource[:proxy_server], + proxy_type: resource[:proxy_type], + insecure: resource[:allow_insecure] + )[%r{\b[\da-f]{32,128}\b}i] + end + + # Private: See if local archive checksum matches. + # returns boolean + def checksum?(store_checksum = true) + return false unless File.exist? archive_filepath + return true if resource[:checksum_type] == :none + + archive = PuppetX::Bodeco::Archive.new(archive_filepath) + archive_checksum = archive.checksum(resource[:checksum_type]) + @archive_checksum = archive_checksum if store_checksum + checksum == archive_checksum + end + + def cleanup + return unless extracted? && resource[:cleanup] == :true + Puppet.debug("Cleanup archive #{archive_filepath}") + destroy + end + + def extract + return unless resource[:extract] == :true + raise(ArgumentError, 'missing archive extract_path') unless resource[:extract_path] + PuppetX::Bodeco::Archive.new(archive_filepath).extract( + resource[:extract_path], + custom_command: resource[:extract_command], + options: resource[:extract_flags], + uid: resource[:user], + gid: resource[:group] + ) + end + + def extracted? + resource[:creates] && File.exist?(resource[:creates]) + end + + def transfer_download(archive_filepath) + if resource[:temp_dir] && !File.directory?(resource[:temp_dir]) + raise Puppet::Error, "Temporary directory #{resource[:temp_dir]} doesn't exist" + end + tempfile = Tempfile.new(tempfile_name, resource[:temp_dir]) + + temppath = tempfile.path + tempfile.close! + + case resource[:source] + when %r{^(puppet)} + puppet_download(temppath) + when %r{^(http|ftp)} + download(temppath) + when %r{^file} + uri = URI(resource[:source]) + FileUtils.copy(Puppet::Util.uri_to_path(uri), temppath) + when %r{^s3} + s3_download(temppath) + when %r{^gs} + gs_download(temppath) + when nil + raise(Puppet::Error, 'Unable to fetch archive, the source parameter is nil.') + else + raise(Puppet::Error, "Source file: #{resource[:source]} does not exists.") unless File.exist?(resource[:source]) + FileUtils.copy(resource[:source], temppath) + end + + # conditionally verify checksum: + if resource[:checksum_verify] == :true && resource[:checksum_type] != :none + archive = PuppetX::Bodeco::Archive.new(temppath) + actual_checksum = archive.checksum(resource[:checksum_type]) + if actual_checksum != checksum + destroy + FileUtils.rm_f(temppath) if File.exist?(temppath) + raise(Puppet::Error, "Download file checksum mismatch (expected: #{checksum} actual: #{actual_checksum})") + end + end + + move_file_in_place(temppath, archive_filepath) + end + + def move_file_in_place(from, to) + # Ensure to directory exists. + FileUtils.mkdir_p(File.dirname(to)) + FileUtils.mv(from, to) + end + + def download(filepath) + PuppetX::Bodeco::Util.download( + resource[:source], + filepath, + username: resource[:username], + password: resource[:password], + cookie: resource[:cookie], + proxy_server: resource[:proxy_server], + proxy_type: resource[:proxy_type], + insecure: resource[:allow_insecure] + ) + end + + def puppet_download(filepath) + PuppetX::Bodeco::Util.puppet_download( + resource[:source], + filepath + ) + end + + def s3_download(path) + params = [ + 's3', + 'cp', + resource[:source], + path + ] + params += resource[:download_options] if resource[:download_options] + + aws(params) + end + + def gs_download(path) + params = [ + 'cp', + resource[:source], + path + ] + params += resource[:download_options] if resource[:download_options] + + gsutil(params) + end + + def optional_switch(value, option) + if value + option.map { |flags| flags % value } + else + [] + end + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/lib/puppet/provider/archive/wget.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,45 @@ +Puppet::Type.type(:archive).provide(:wget, parent: :ruby) do + commands wget: 'wget' + + def wget_params(params) + username = Shellwords.shellescape(resource[:username]) if resource[:username] + password = Shellwords.shellescape(resource[:password]) if resource[:password] + params += optional_switch(username, ['--user=%s']) + params += optional_switch(password, ['--password=%s']) + params += optional_switch(resource[:cookie], ['--header="Cookie: %s"']) + params += optional_switch(resource[:proxy_server], ['-e use_proxy=yes', "-e #{resource[:proxy_type]}_proxy=#{resource[:proxy_server]}"]) + params += ['--no-check-certificate'] if resource[:allow_insecure] + params += resource[:download_options] if resource[:download_options] + + params + end + + def download(filepath) + params = wget_params( + [ + Shellwords.shellescape(resource[:source]), + '-O', + filepath, + '--max-redirect=5' + ] + ) + + # NOTE: + # Do NOT use wget(params) until https://tickets.puppetlabs.com/browse/PUP-6066 is resolved. + command = "wget #{params.join(' ')}" + Puppet::Util::Execution.execute(command) + end + + def remote_checksum + params = wget_params( + [ + '-qO-', + Shellwords.shellescape(resource[:checksum_url]), + '--max-redirect=5' + ] + ) + + command = "wget #{params.join(' ')}" + Puppet::Util::Execution.execute(command)[%r{\b[\da-f]{32,128}\b}i] + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/lib/puppet/type/archive.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,288 @@ +require 'pathname' +require 'uri' +require 'puppet/util' +require 'puppet/parameter/boolean' + +Puppet::Type.newtype(:archive) do + @doc = 'Manage archive file download, extraction, and cleanup.' + + ensurable do + desc 'whether archive file should be present/absent (default: present)' + + newvalue(:present) do + provider.create + end + + newvalue(:absent) do + provider.destroy + end + + defaultto(:present) + + # The following changes allows us to notify if the resource is being replaced + def is_to_s(value) # rubocop:disable Style/PredicateName + return "(#{resource[:checksum_type]})#{provider.archive_checksum}" if provider.archive_checksum + super + end + + def should_to_s(value) + return "(#{resource[:checksum_type]})#{resource[:checksum]}" if provider.archive_checksum + super + end + + def change_to_s(currentvalue, newvalue) + if currentvalue == :absent || currentvalue.nil? + extract = resource[:extract] == :true ? "and extracted in #{resource[:extract_path]}" : '' + cleanup = resource[:cleanup] == :true ? 'with cleanup' : 'without cleanup' + + if provider.archive_checksum + "replace archive: #{provider.archive_filepath} from #{is_to_s(currentvalue)} to #{should_to_s(newvalue)}" + else + "download archive from #{resource[:source]} to #{provider.archive_filepath} #{extract} #{cleanup}" + end + elsif newvalue == :absent + "remove archive: #{provider.archive_filepath} " + else + super + end + rescue StandardError + super + end + end + + newparam(:path, namevar: true) do + desc 'namevar, archive file fully qualified file path.' + validate do |value| + unless Puppet::Util.absolute_path? value + raise ArgumentError, "archive path must be absolute: #{value}" + end + end + end + + newparam(:filename) do + desc 'archive file name (derived from path).' + end + + newparam(:extract) do + desc 'whether archive will be extracted after download (true|false).' + newvalues(:true, :false) + defaultto(:false) + end + + newparam(:extract_path) do + desc 'target folder path to extract archive.' + validate do |value| + unless Puppet::Util.absolute_path? value + raise ArgumentError, "archive extract_path must be absolute: #{value}" + end + end + end + newparam(:target) do + desc 'target folder path to extract archive. (this parameter is for camptocamp/archive compatibility)' + validate do |value| + unless Puppet::Util.absolute_path? value + raise ArgumentError, "archive extract_path must be absolute: #{value}" + end + end + munge do |val| + resource[:extract_path] = val + end + end + + newparam(:extract_command) do + desc "custom extraction command ('tar xvf example.tar.gz'), also support sprintf format ('tar xvf %s') which will be processed with the filename: sprintf('tar xvf %s', filename)" + end + + newparam(:temp_dir) do + desc 'Specify an alternative temporary directory to use for copying files, if unset then the operating system default will be used.' + validate do |value| + unless Puppet::Util.absolute_path?(value) + raise ArgumentError, "Invalid temp_dir #{value}" + end + end + end + + newparam(:extract_flags) do + desc "custom extraction options, this replaces the default flags. A string such as 'xvf' for a tar file would replace the default xf flag. A hash is useful when custom flags are needed for different platforms. {'tar' => 'xzf', '7z' => 'x -aot'}." + defaultto(:undef) + end + + newproperty(:creates) do + desc 'if file/directory exists, will not download/extract archive.' + + def should_to_s(value) + "extracting in #{resource[:extract_path]} to create #{value}" + end + end + + newparam(:cleanup) do + desc 'whether archive file will be removed after extraction (true|false).' + newvalues(:true, :false) + defaultto(:true) + end + + newparam(:source) do + desc 'archive file source, supports puppet|http|https|ftp|file|s3|gs uri.' + validate do |value| + unless value =~ URI.regexp(%w[puppet http https ftp file s3 gs]) || Puppet::Util.absolute_path?(value) + raise ArgumentError, "invalid source url: #{value}" + end + end + end + + newparam(:url) do + desc 'archive file source, supports http|https|ftp|file uri. + (for camptocamp/archive compatibility)' + validate do |value| + unless value =~ URI.regexp(%w[http https file ftp]) + raise ArgumentError, "invalid source url: #{value}" + end + end + munge do |val| + resource[:source] = val + end + end + + newparam(:cookie) do + desc 'archive file download cookie.' + end + + newparam(:checksum) do + desc 'archive file checksum (match checksum_type).' + newvalues(%r{\b[0-9a-f]{5,128}\b}, :true, :false, :undef, nil, '') + munge do |val| + if val.nil? || val.empty? || val == :undef + :false + elsif [:true, :false].include? val + resource[:checksum_verify] = val + else + val + end + end + end + newparam(:digest_string) do + desc 'archive file checksum (match checksum_type) + (this parameter is for camptocamp/archive compatibility).' + newvalues(%r{\b[0-9a-f]{5,128}\b}) + munge do |val| + if !val.nil? && !val.empty? + resource[:checksum] = val + else + val + end + end + end + + newparam(:checksum_url) do + desc 'archive file checksum source (instead of specifying checksum)' + end + newparam(:digest_url) do + desc 'archive file checksum source (instead of specifying checksum) + (this parameter is for camptocamp/archive compatibility)' + munge do |val| + resource[:checksum_url] = val + end + end + + newparam(:checksum_type) do + desc 'archive file checksum type (none|md5|sha1|sha2|sha256|sha384|sha512).' + newvalues(:none, :md5, :sha1, :sha2, :sha256, :sha384, :sha512) + defaultto(:none) + end + newparam(:digest_type) do + desc 'archive file checksum type (none|md5|sha1|sha2|sha256|sha384|sha512) + (this parameter is camptocamp/archive compatibility).' + newvalues(:none, :md5, :sha1, :sha2, :sha256, :sha384, :sha512) + munge do |val| + resource[:checksum_type] = val + end + end + + newparam(:checksum_verify) do + desc 'whether checksum wil be verified (true|false).' + newvalues(:true, :false) + defaultto(:true) + end + + newparam(:username) do + desc 'username to download source file.' + end + + newparam(:password) do + desc 'password to download source file.' + end + + newparam(:user) do + desc 'extract command user (using this option will configure the archive file permission to 0644 so the user can read the file).' + end + + newparam(:group) do + desc 'extract command group (using this option will configure the archive file permisison to 0644 so the user can read the file).' + end + + newparam(:proxy_type) do + desc 'proxy type (none|ftp|http|https)' + newvalues(:none, :ftp, :http, :https) + end + + newparam(:proxy_server) do + desc 'proxy address to use when accessing source' + end + + newparam(:allow_insecure, boolean: true, parent: Puppet::Parameter::Boolean) do + desc 'ignore HTTPS certificate errors' + defaultto :false + end + + newparam(:download_options) do + desc 'provider download options (affects curl, wget, gs, and only s3 downloads for ruby provider)' + + validate do |val| + unless val.is_a?(::String) || val.is_a?(::Array) + raise ArgumentError, "download_options should be String or Array: #{val}" + end + end + + munge do |val| + case val + when ::String + [val] + else + val + end + end + end + + autorequire(:file) do + [ + Pathname.new(self[:path]).parent.to_s, + self[:extract_path], + '/root/.aws/config', + '/root/.aws/credentials' + ].compact + end + + autorequire(:exec) do + ['install_aws_cli'] + end + + autorequire(:exec) do + ['install_gsutil'] + end + + validate do + filepath = Pathname.new(self[:path]) + self[:filename] = filepath.basename.to_s + if !self[:source].nil? && !self[:url].nil? && self[:source] != self[:url] + raise ArgumentError, "invalid parameter: url (#{self[:url]}) and source (#{self[:source]}) are mutually exclusive." + end + if !self[:checksum_url].nil? && !self[:digest_url].nil? && self[:checksum_url] != self[:digest_url] + raise ArgumentError, "invalid parameter: checksum_url (#{self[:checksum_url]}) and digest_url (#{self[:digest_url]}) are mutually exclusive." + end + if self[:proxy_server] + self[:proxy_type] ||= URI(self[:proxy_server]).scheme.to_sym + else + self[:proxy_type] = :none + end + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/lib/puppet_x/bodeco/archive.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,171 @@ +require 'digest' +require 'puppet/util/execution' +require 'shellwords' + +module PuppetX + module Bodeco + class Archive + def initialize(file) + @file = file + @file_path = if Facter.value(:osfamily) == 'windows' + '"' + file + '"' + else + Shellwords.shellescape file + end + end + + def checksum(type) + return nil if type == :none + + digest = Digest.const_get(type.to_s.upcase) + digest.file(@file).hexdigest + rescue LoadError + raise $ERROR_INFO, "invalid checksum type #{type}. #{$ERROR_INFO}", $ERROR_INFO.backtrace + end + + def root_dir + if Facter.value(:osfamily) == 'windows' + 'C:\\' + else + '/' + end + end + + def extract(path = root_dir, opts = {}) + opts = { + custom_command: nil, + options: '', + uid: nil, + gid: nil + }.merge(opts) + + custom_command = opts.fetch(:custom_command, nil) + options = opts.fetch(:options) + Dir.chdir(path) do + cmd = if custom_command && custom_command =~ %r{%s} + custom_command % @file_path + elsif custom_command + "#{custom_command} #{options} #{@file_path}" + else + command(options) + end + + Puppet.debug("Archive extracting #{@file} in #{path}: #{cmd}") + File.chmod(0o644, @file) if opts[:uid] || opts[:gid] + Puppet::Util::Execution.execute(cmd, uid: opts[:uid], gid: opts[:gid], failonfail: true, squelch: false, combine: true) + end + end + + private + + def win_7zip + if ENV['path'].include?('7-Zip') + '7z.exe' + elsif File.directory?('C:\\Program Files\\7-Zip') + 'C:\\Program Files\\7-Zip\\7z.exe' + elsif File.directory?('C:\\Program Files (x86)\\7-zip') + 'C:\\Program Files (x86)\\7-Zip\\7z.exe' + elsif system("where 7z.exe") + '7z.exe' + elsif @file_path =~ %r{.zip"$} + # Fallback to powershell for zipfiles - this works with windows + # 2012+ if your powershell/.net is too old the script will fail + # on execution and ask user to install 7zip. + # We have to manually extract each entry in the zip file + # to ensure we extract fresh copy because `ExtractToDirectory` + # method does not support overwriting + ps = <<-END + try { + Add-Type -AssemblyName System.IO.Compression.FileSystem -erroraction "silentlycontinue" + $zipFile = [System.IO.Compression.ZipFile]::openread(#{@file_path}) + foreach ($zipFileEntry in $zipFile.Entries) { + $pwd = (Get-Item -Path ".\" -Verbose).FullName + $outputFile = [io.path]::combine($pwd, $zipFileEntry.FullName) + $dir = ([io.fileinfo]$outputFile).DirectoryName + + if (-not(Test-Path -type Container -path $dir)) { + mkdir $dir + } + if ($zipFileEntry.Name -ne "") { + write-host "[extract] $zipFileEntry.Name" + [System.IO.Compression.ZipFileExtensions]::ExtractToFile($zipFileEntry, $outputFile, $true) + } + } + } catch [System.invalidOperationException] { + write-error "Your OS does not support System.IO.Compression.FileSystem - please install 7zip" + } + END + + "powershell -command #{ps.gsub(%r{"}, '\\"').gsub(%r{\n}, '; ')}" + else + raise Exception, '7z.exe not available' + end + end + + def command(options) + if Facter.value(:osfamily) == 'windows' + opt = parse_flags('x -aoa', options, '7z') + cmd = win_7zip + cmd =~ %r{7z.exe} ? "#{cmd} #{opt} #{@file_path}" : cmd + else + case @file + when %r{\.tar$} + opt = parse_flags('xf', options, 'tar') + "tar #{opt} #{@file_path}" + when %r{(\.tgz|\.tar\.gz)$} + case Facter.value(:osfamily) + when 'Solaris', 'AIX' + gunzip_opt = parse_flags('-dc', options, 'gunzip') + tar_opt = parse_flags('xf', options, 'tar') + "gunzip #{gunzip_opt} #{@file_path} | tar #{tar_opt} -" + else + opt = parse_flags('xzf', options, 'tar') + "tar #{opt} #{@file_path}" + end + when %r{(\.tbz|\.tar\.bz2)$} + case Facter.value(:osfamily) + when 'Solaris', 'AIX' + bunzip_opt = parse_flags('-dc', options, 'bunzip') + tar_opt = parse_flags('xf', options, 'tar') + "bunzip2 #{bunzip_opt} #{@file_path} | tar #{tar_opt} -" + else + opt = parse_flags('xjf', options, 'tar') + "tar #{opt} #{@file_path}" + end + when %r{(\.txz|\.tar\.xz)$} + unxz_opt = parse_flags('-dc', options, 'unxz') + tar_opt = parse_flags('xf', options, 'tar') + "unxz #{unxz_opt} #{@file_path} | tar #{tar_opt} -" + when %r{\.gz$} + opt = parse_flags('-d', options, 'gunzip') + "gunzip #{opt} #{@file_path}" + when %r{(\.zip|\.war|\.jar)$} + opt = parse_flags('-o', options, 'zip') + "unzip #{opt} #{@file_path}" + when %r{(\.bz2)$} + opt = parse_flags('-d', options, 'bunzip2') + "bunzip2 #{opt} #{@file_path}" + when %r{(\.tar\.Z)$} + tar_opt = parse_flags('xf', options, 'tar') + "uncompress -c #{@file_path} | tar #{tar_opt} -" + else + raise NotImplementedError, "Unknown filetype: #{@file}" + end + end + end + + def parse_flags(default, options, command = nil) + case options + when :undef + default + when ::String + options + when ::Hash + options[command] + else + raise ArgumentError, "Invalid options for command #{command}: #{options.inspect}" + end + end + end + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/lib/puppet_x/bodeco/cacert.pem Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,3138 @@ +## +## Bundle of CA Root Certificates +## +## Certificate data from Mozilla as of: Tue May 25 03:12:05 2021 GMT +## +## This is a bundle of X.509 certificates of public Certificate Authorities +## (CA). These were automatically extracted from Mozilla's root certificates +## file (certdata.txt). This file can be found in the mozilla source tree: +## https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt +## +## It contains the certificates in PEM format and therefore +## can be directly used with curl / libcurl / php_curl, or with +## an Apache+mod_ssl webserver for SSL client authentication. +## Just configure this file as the SSLCACertificateFile. +## +## Conversion done with mk-ca-bundle.pl version 1.28. +## SHA256: e292bd4e2d500c86df45b830d89417be5c42ee670408f1d2c454c63d8a782865 +## + + +GlobalSign Root CA +================== +-----BEGIN CERTIFICATE----- +MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUx +GTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkds +b2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNV +BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYD +VQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa +DuaZjc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6sc +THAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlb +Kk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgKOOvyJBNP +c1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrX +gzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUF +AAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOzyj1hTdNGCbM+w6Dj +Y1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE38NflNUVyRRBnMRddWQVDf9VMOyG +j/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymPAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhH +hm4qxFYxldBniYUr+WymXUadDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveC +X4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== +-----END CERTIFICATE----- + +GlobalSign Root CA - R2 +======================= +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4GA1UECxMXR2xv +YmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh +bFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT +aWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln +bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6 +ErPLv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8eoLrvozp +s6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklqtTleiDTsvHgMCJiEbKjN +S7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzdC9XZzPnqJworc5HGnRusyMvo4KD0L5CL +TfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pazq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6C +ygPCm48CAwEAAaOBnDCBmTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E +FgQUm+IHV2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9i +YWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjAN +BgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4GsJ0/WwbgcQ3izDJr86iw8bmEbTUsp +9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu +01yiPqFbQfXf5WRDLenVOavSot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG7 +9G+dwfCMNYxdAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- + +Entrust.net Premium 2048 Secure Server CA +========================================= +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChMLRW50cnVzdC5u +ZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBpbmNvcnAuIGJ5IHJlZi4gKGxp +bWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNV +BAMTKkVudHJ1c3QubmV0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQx +NzUwNTFaFw0yOTA3MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3 +d3d3LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTEl +MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5u +ZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEArU1LqRKGsuqjIAcVFmQqK0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOL +Gp18EzoOH1u3Hs/lJBQesYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSr +hRSGlVuXMlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVTXTzW +nLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/HoZdenoVve8AjhUi +VBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH4QIDAQABo0IwQDAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJ +KoZIhvcNAQEFBQADggEBADubj1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPy +T/4xmf3IDExoU8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf +zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5bu/8j72gZyxKT +J1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+bYQLCIt+jerXmCHG8+c8eS9e +nNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/ErfF6adulZkMV8gzURZVE= +-----END CERTIFICATE----- + +Baltimore CyberTrust Root +========================= +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJRTESMBAGA1UE +ChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3li +ZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoXDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMC +SUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFs +dGltb3JlIEN5YmVyVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKME +uyKrmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjrIZ3AQSsB +UnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeKmpYcqWe4PwzV9/lSEy/C +G9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSuXmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9 +XbIGevOF6uvUA65ehD5f/xXtabz5OTZydc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjpr +l3RjM71oGDHweI12v/yejl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoI +VDaGezq1BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB +BQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT929hkTI7gQCvlYpNRh +cL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3WgxjkzSswF07r51XgdIGn9w/xZchMB5 +hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsa +Y71k5h+3zvDyny67G7fyUIhzksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9H +RCwBXbsdtTLSR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp +-----END CERTIFICATE----- + +Entrust Root Certification Authority +==================================== +-----BEGIN CERTIFICATE----- +MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMCVVMxFjAUBgNV +BAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jw +b3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMWKGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsG +A1UEAxMkRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0 +MloXDTI2MTEyNzIwNTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMu +MTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVu +Y2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9v +dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ALaVtkNC+sZtKm9I35RMOVcF7sN5EUFoNu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYsz +A9u3g3s+IIRe7bJWKKf44LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOww +Cj0Yzfv9KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGIrb68 +j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi94DkZfs0Nw4pgHBN +rziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOBsDCBrTAOBgNVHQ8BAf8EBAMCAQYw +DwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAigA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1 +MzQyWjAfBgNVHSMEGDAWgBRokORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DH +hmak8fdLQ/uEvW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA +A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9tO1KzKtvn1ISM +Y/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6ZuaAGAT/3B+XxFNSRuzFVJ7yVTa +v52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTS +W3iDVuycNsMm4hH2Z0kdkquM++v/eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0 +tHuu2guQOHXvgR1m0vdXcDazv/wor3ElhVsT/h5/WrQ8 +-----END CERTIFICATE----- + +Comodo AAA Services root +======================== +-----BEGIN CERTIFICATE----- +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS +R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg +TGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAw +MFoXDTI4MTIzMTIzNTk1OVowezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hl +c3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNV +BAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDFcCLNSS1UY8y2bmhG +C1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRPn2jymJBGhCfHdr/jzDUs +i14HZGWCwEiwqJH5YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszW +Y19zjNoFmag4qMsXeDZRrOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjH +Ypy+g8cmez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEK +Iz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wewYDVR0f +BHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNl +cy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2Vz +LmNybDANBgkqhkiG9w0BAQUFAAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm +7l3sAg9g1o1QGE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z +8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsil2D4kF501KKaU73yqWjgom7C +12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== +-----END CERTIFICATE----- + +QuoVadis Root CA +================ +-----BEGIN CERTIFICATE----- +MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJCTTEZMBcGA1UE +ChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAz +MTkxODMzMzNaFw0yMTAzMTcxODMzMzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRp +cyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQD +EyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Ypli4kVEAkOPcahdxYTMuk +J0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2DrOpm2RgbaIr1VxqYuvXtdj182d6UajtL +F8HVj71lODqV0D1VNk7feVcxKh7YWWVJWCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeL +YzcS19Dsw3sgQUSj7cugF+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWen +AScOospUxbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCCAk4w +PQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVvdmFkaXNvZmZzaG9y +ZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREwggENMIIBCQYJKwYBBAG+WAABMIH7 +MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNlIG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmlj +YXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJs +ZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh +Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYIKwYBBQUHAgEW +Fmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3TKbkGGew5Oanwl4Rqy+/fMIGu +BgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rqy+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkw +FwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6 +tlCLMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSkfnIYj9lo +fFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf87C9TqnN7Az10buYWnuul +LsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1RcHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2x +gI4JVrmcGmD+XcHXetwReNDWXcG31a0ymQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi +5upZIof4l/UO/erMkqQWxFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi +5nrQNiOKSnQ2+Q== +-----END CERTIFICATE----- + +QuoVadis Root CA 2 +================== +-----BEGIN CERTIFICATE----- +MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT +EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMjAeFw0wNjExMjQx +ODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQCaGMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6 +XJxgFyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55JWpzmM+Yk +lvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbB +lDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp+ARz8un+XJiM9XOva7R+zdRcAitMOeGy +lZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt +66/3FsvbzSUr5R/7mp/iUcw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1Jdxn +wQ5hYIizPtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOh +D7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR7hYQe7xFSkyy +BNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuIyV77zGHcizN300QyNQliBJIWENie +J0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1Ud +DgQWBBQahGK8SEwzJQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGU +a6FJpEcwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT +ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2fBluornFdLwUv +Z+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzng/iN/Ae42l9NLmeyhP3ZRPx3 +UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2BlfF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodm +VjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK ++JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrW +IozchLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPRTUIZ3Ph1 +WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWDmbA4CD/pXvk1B+TJYm5X +f6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0ZohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II +4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8 +VCLAAVBpQ570su9t+Oza8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u +-----END CERTIFICATE----- + +QuoVadis Root CA 3 +================== +-----BEGIN CERTIFICATE----- +MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT +EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMzAeFw0wNjExMjQx +OTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQDMV0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNgg +DhoB4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUrH556VOij +KTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd8lyyBTNvijbO0BNO/79K +DDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9CabwvvWhDFlaJKjdhkf2mrk7AyxRllDdLkgbv +BNDInIjbC3uBr7E9KsRlOni27tyAsdLTmZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwp +p5ijJUMv7/FfJuGITfhebtfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8 +nT8KKdjcT5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDtWAEX +MJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZc6tsgLjoC2SToJyM +Gf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A4iLItLRkT9a6fUg+qGkM17uGcclz +uD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYDVR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHT +BgkrBgEEAb5YAAMwgcUwgZMGCCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmlj +YXRlIGNvbnN0aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 +aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVudC4wLQYIKwYB +BQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2NwczALBgNVHQ8EBAMCAQYwHQYD +VR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4GA1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4 +ywLQoUmkRzBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UE +AxMSUXVvVmFkaXMgUm9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZV +qyM07ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSemd1o417+s +hvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd+LJ2w/w4E6oM3kJpK27z +POuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2 +Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadNt54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp +8kokUvd0/bpO5qgdAm6xDYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBC +bjPsMZ57k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6szHXu +g/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0jWy10QJLZYxkNc91p +vGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeTmJlglFwjz1onl14LBQaTNx47aTbr +qZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK4SVhM7JZG+Ju1zdXtg2pEto= +-----END CERTIFICATE----- + +Security Communication Root CA +============================== +-----BEGIN CERTIFICATE----- +MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP +U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw +HhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP +U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw +8yl89f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJDKaVv0uM +DPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9Ms+k2Y7CI9eNqPPYJayX +5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/NQV3Is00qVUarH9oe4kA92819uZKAnDfd +DJZkndwi92SL32HeFZRSFaB9UslLqCHJxrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2 +JChzAgMBAAGjPzA9MB0GA1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYw +DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vGkl3g +0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfrUj94nK9NrvjVT8+a +mCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5Bw+SUEmK3TGXX8npN6o7WWWXlDLJ +s58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJUJRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ +6rBK+1YWc26sTfcioU+tHXotRSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAi +FL39vmwLAw== +-----END CERTIFICATE----- + +Sonera Class 2 Root CA +====================== +-----BEGIN CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEPMA0GA1UEChMG +U29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAxMDQwNjA3Mjk0MFoXDTIxMDQw +NjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJh +IENsYXNzMiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3 +/Ei9vX+ALTU74W+oZ6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybT +dXnt5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s3TmVToMG +f+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2EjvOr7nQKV0ba5cTppCD8P +tOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu8nYybieDwnPz3BjotJPqdURrBGAgcVeH +nfO+oJAjPYok4doh28MCAwEAAaMzMDEwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITT +XjwwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt +0jSv9zilzqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/3DEI +cbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvDFNr450kkkdAdavph +Oe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6Tk6ezAyNlNzZRZxe7EJQY670XcSx +EtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLH +llpwrN9M +-----END CERTIFICATE----- + +XRamp Global CA Root +==================== +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UE +BhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2Vj +dXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwHhcNMDQxMTAxMTcxNDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMx +HjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkg +U2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS638eMpSe2OAtp87ZOqCwu +IR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCPKZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMx +foArtYzAQDsRhtDLooY2YKTVMIJt2W7QDxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FE +zG+gSqmUsE3a56k0enI4qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqs +AxcZZPRaJSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNViPvry +xS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASsjVy16bYbMDYGA1UdHwQvMC0wK6Ap +oCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMC +AQEwDQYJKoZIhvcNAQEFBQADggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc +/Kh4ZzXxHfARvbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt +qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLaIR9NmXmd4c8n +nxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSyi6mx5O+aGtA9aZnuqCij4Tyz +8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQO+7ETPTsJ3xCwnR8gooJybQDJbw= +-----END CERTIFICATE----- + +Go Daddy Class 2 CA +=================== +-----BEGIN CERTIFICATE----- +MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMY +VGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkG +A1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g +RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQAD +ggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv +2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32 +qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6j +YGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmY +vLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0O +BBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2o +atTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMu +MTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwG +A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wim +PQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKt +I3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ +HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VI +Ls9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/b +vZ8= +-----END CERTIFICATE----- + +Starfield Class 2 CA +==================== +-----BEGIN CERTIFICATE----- +MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMc +U3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIg +Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBo +MQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAG +A1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqG +SIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf8MOh2tTY +bitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZ +JRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVm +epsZGD3/cVE8MC5fvj13c7JdBmzDI1aaK4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSN +F4Azbl5KXZnJHoe0nRrA1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HF +MIHCMB0GA1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0f +hvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNo +bm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24g +QXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGs +afPzWdqbAYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLM +PUxA2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl +xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq4xJD +KVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3 +QBFGmh95DmK/D5fs4C8fF5Q= +-----END CERTIFICATE----- + +DigiCert Assured ID Root CA +=========================== +-----BEGIN CERTIFICATE----- +MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw +IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzEx +MTEwMDAwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL +ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0Ew +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7cJpSIqvTO +9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYPmDI2dsze3Tyoou9q+yHy +UmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW +/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpy +oeb6pNnVFzF1roV9Iq4/AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whf +GHdPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF +66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq +hkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2Bc +EkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38Fn +SbNd67IJKusm7Xi+fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i +8b5QZ7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe ++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== +-----END CERTIFICATE----- + +DigiCert Global Root CA +======================= +-----BEGIN CERTIFICATE----- +MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw +HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAw +MDAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3 +dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsBCSDMAZOn +TjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97nh6Vfe63SKMI2tavegw5 +BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt43C/dxC//AH2hdmoRBBYMql1GNXRor5H +4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7PT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y +7vrTC0LUq7dBMtoM1O/4gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQAB +o2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbRTLtm +8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQEF +BQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/EsrhMAtudXH/vTBH1jLuG2cenTnmCmr +EbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIt +tep3Sp+dWOIrWcBAI+0tKIJFPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886 +UAb3LujEV0lsYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk +CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= +-----END CERTIFICATE----- + +DigiCert High Assurance EV Root CA +================================== +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSsw +KQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAw +MFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ +MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFu +Y2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm+9S75S0t +Mqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMS +OO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3 +MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQ +NAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUe +h10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMB +Af8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSY +JhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQ +V8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFp +myPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkK +mNEVX58Svnw2Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K +-----END CERTIFICATE----- + +DST Root CA X3 +============== +-----BEGIN CERTIFICATE----- +MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQK +ExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4X +DTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1 +cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmT +rE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9 +UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRy +xXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40d +utolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0T +AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQ +MA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikug +dB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjE +GB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bw +RLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubS +fZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ +-----END CERTIFICATE----- + +SwissSign Gold CA - G2 +====================== +-----BEGIN CERTIFICATE----- +MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkNIMRUw +EwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcN +MDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBFMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dp +c3NTaWduIEFHMR8wHQYDVQQDExZTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUq +t2/876LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+bbqBHH5C +jCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c6bM8K8vzARO/Ws/BtQpg +vd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqEemA8atufK+ze3gE/bk3lUIbLtK/tREDF +ylqM2tIrfKjuvqblCqoOpd8FUrdVxyJdMmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvR +AiTysybUa9oEVeXBCsdtMDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuend +jIj3o02yMszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69yFGkO +peUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPiaG59je883WX0XaxR +7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxMgI93e2CaHt+28kgeDrpOVG2Y4OGi +GqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUWyV7lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64 +OfPAeGZe6Drn8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov +L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe645R88a7A3hfm +5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczOUYrHUDFu4Up+GC9pWbY9ZIEr +44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOf +Mke6UiI0HTJ6CVanfCU2qT1L2sCCbwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6m +Gu6uLftIdxf+u+yvGPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxp +mo/a77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCChdiDyyJk +vC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid392qgQmwLOM7XdVAyksLf +KzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEppLd6leNcG2mqeSz53OiATIgHQv2ieY2Br +NU0LbbqhPcCT4H8js1WtciVORvnSFu+wZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6Lqj +viOvrv1vA+ACOzB2+httQc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ +-----END CERTIFICATE----- + +SwissSign Silver CA - G2 +======================== +-----BEGIN CERTIFICATE----- +MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCQ0gxFTAT +BgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMB4X +DTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0NlowRzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3 +aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG +9w0BAQEFAAOCAg8AMIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644 +N0MvFz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7brYT7QbNHm ++/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieFnbAVlDLaYQ1HTWBCrpJH +6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH6ATK72oxh9TAtvmUcXtnZLi2kUpCe2Uu +MGoM9ZDulebyzYLs2aFK7PayS+VFheZteJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5h +qAaEuSh6XzjZG6k4sIN/c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5 +FZGkECwJMoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRHHTBs +ROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTfjNFusB3hB48IHpmc +celM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb65i/4z3GcRm25xBWNOHkDRUjvxF3X +CO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQUF6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRB +tjpbO8tFnb0cwpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 +cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBAHPGgeAn0i0P +4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShpWJHckRE1qTodvBqlYJ7YH39F +kWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L +3XWgwF15kIwb4FDm3jH+mHtwX6WQ2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx +/uNncqCxv1yL5PqZIseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFa +DGi8aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2Xem1ZqSqP +e97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQRdAtq/gsD/KNVV4n+Ssuu +WxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJ +DIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ub +DgEj8Z+7fNzcbBGXJbLytGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u +-----END CERTIFICATE----- + +SecureTrust CA +============== +-----BEGIN CERTIFICATE----- +MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQG +EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xFzAVBgNVBAMTDlNlY3VyZVRy +dXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIzMTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAe +BgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQX +OZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO0gMdA+9t +DWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIaowW8xQmxSPmjL8xk037uH +GFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b +01k/unK8RCSc43Oz969XL0Imnal0ugBS8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmH +ursCAwEAAaOBnTCBmjATBgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYj +aHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ +KoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt36Z3q059c4EVlew3KW+JwULKUBRSu +SceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHf +mbx8IVQr5Fiiu1cprp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZ +nMUFdAvnZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR +3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= +-----END CERTIFICATE----- + +Secure Global CA +================ +-----BEGIN CERTIFICATE----- +MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQG +EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBH +bG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkxMjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEg +MB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwg +Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jx +YDiJiQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa/FHtaMbQ +bqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJjnIFHovdRIWCQtBJwB1g +8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnIHmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYV +HDGA76oYa8J719rO+TMg1fW9ajMtgQT7sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi +0XPnj3pDAgMBAAGjgZ0wgZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCswKaAn +oCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsGAQQBgjcVAQQDAgEA +MA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0LURYD7xh8yOOvaliTFGCRsoTciE6+ +OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXOH0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cn +CDpOGR86p1hcF895P4vkp9MmI50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/5 +3CYNv6ZHdAbYiNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc +f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW +-----END CERTIFICATE----- + +COMODO Certification Authority +============================== +-----BEGIN CERTIFICATE----- +MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UE +BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG +A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNVBAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1 +dGhvcml0eTAeFw0wNjEyMDEwMDAwMDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEb +MBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFD +T01PRE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3UcEbVASY06m/weaKXTuH ++7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI2GqGd0S7WWaXUF601CxwRM/aN5VCaTww +xHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV +4EajcNxo2f8ESIl33rXp+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA +1KGzqSX+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5OnKVI +rLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW/zAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmNvbW9k +b2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOC +AQEAPpiem/Yb6dc5t3iuHXIYSdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CP +OGEIqB6BCsAvIC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ +RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmc +IGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5ddBA6+C4OmF4O5MBKgxTMVBbkN ++8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IBZQ== +-----END CERTIFICATE----- + +Network Solutions Certificate Authority +======================================= +-----BEGIN CERTIFICATE----- +MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQG +EwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydOZXR3b3Jr +IFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMx +MjM1OTU5WjBiMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu +MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwzc7MEL7xx +jOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPPOCwGJgl6cvf6UDL4wpPT +aaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rlmGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXT +crA/vGp97Eh/jcOrqnErU2lBUzS1sLnFBgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc +/Qzpf14Dl847ABSHJ3A4qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMB +AAGjgZcwgZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIBBjAP +BgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwubmV0c29sc3NsLmNv +bS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3JpdHkuY3JsMA0GCSqGSIb3DQEBBQUA +A4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc86fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q +4LqILPxFzBiwmZVRDuwduIj/h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/ +GGUsyfJj4akH/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv +wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHNpGxlaKFJdlxD +ydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey +-----END CERTIFICATE----- + +COMODO ECC Certification Authority +================================== +-----BEGIN CERTIFICATE----- +MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTELMAkGA1UEBhMC +R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE +ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwHhcNMDgwMzA2MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0Ix +GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR +Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSRFtSrYpn1PlILBs5BAH+X +4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0JcfRK9ChQtP6IHG4/bC8vCVlbpVsLM5ni +wz2J+Wos77LTBumjQjBAMB0GA1UdDgQWBBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VG +FAkK+qDmfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdvGDeA +U/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= +-----END CERTIFICATE----- + +Certigna +======== +-----BEGIN CERTIFICATE----- +MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNVBAYTAkZSMRIw +EAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4XDTA3MDYyOTE1MTMwNVoXDTI3 +MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwI +Q2VydGlnbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7q +XOEm7RFHYeGifBZ4QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyH +GxnygQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbwzBfsV1/p +ogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q130yGLMLLGq/jj8UEYkg +DncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKf +Irjxwo1p3Po6WAbfAgMBAAGjgbwwgbkwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQ +tCRZvgHyUtVF9lo53BEwZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJ +BgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzjAQ/J +SP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOCAQEA +hQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8hbV6lUmPOEvjvKtpv6zf+EwLHyzs+ +ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFncfca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1klu +PBS1xp81HlDQwY9qcEQCYsuuHWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY +1gkIl2PlwS6wt0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw +WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== +-----END CERTIFICATE----- + +Cybertrust Global Root +====================== +-----BEGIN CERTIFICATE----- +MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYGA1UEChMPQ3li +ZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBSb290MB4XDTA2MTIxNTA4 +MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQD +ExZDeWJlcnRydXN0IEdsb2JhbCBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA ++Mi8vRRQZhP/8NN57CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW +0ozSJ8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2yHLtgwEZL +AfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iPt3sMpTjr3kfb1V05/Iin +89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNzFtApD0mpSPCzqrdsxacwOUBdrsTiXSZT +8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAYXSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAP +BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2 +MDSgMqAwhi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3JsMB8G +A1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUAA4IBAQBW7wojoFRO +lZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMjWqd8BfP9IjsO0QbE2zZMcwSO5bAi +5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUxXOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2 +hO0j9n0Hq0V+09+zv+mKts2oomcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+T +X3EJIrduPuocA06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW +WL1WMRJOEcgh4LMRkWXbtKaIOM5V +-----END CERTIFICATE----- + +ePKI Root Certification Authority +================================= +-----BEGIN CERTIFICATE----- +MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQG +EwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kg +Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMx +MjdaMF4xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEq +MCgGA1UECwwhZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAHSyZbCUNs +IZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAhijHyl3SJCRImHJ7K2RKi +lTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3XDZoTM1PRYfl61dd4s5oz9wCGzh1NlDiv +qOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX +12ruOzjjK9SXDrkb5wdJfzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0O +WQqraffAsgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uUWH1+ +ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLSnT0IFaUQAS2zMnao +lQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pHdmX2Os+PYhcZewoozRrSgx4hxyy/ +vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJipNiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXi +Zo1jDiVN1Rmy5nk3pyKdVDECAwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/Qkqi +MAwGA1UdEwQFMAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH +ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGBuvl2ICO1J2B0 +1GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6YlPwZpVnPDimZI+ymBV3QGypzq +KOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkPJXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdV +xrsStZf0X4OFunHB2WyBEXYKCrC/gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEP +NXubrjlpC2JgQCA2j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+r +GNm65ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUBo2M3IUxE +xJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS/jQ6fbjpKdx2qcgw+BRx +gMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2zGp1iro2C6pSe3VkQw63d4k3jMdXH7Ojy +sP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmOD +BCEIZ43ygknQW/2xzQ+DhNQ+IIX3Sj0rnP0qCglN6oH4EZw= +-----END CERTIFICATE----- + +certSIGN ROOT CA +================ +-----BEGIN CERTIFICATE----- +MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYTAlJPMREwDwYD +VQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTAeFw0wNjA3MDQxNzIwMDRa +Fw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UE +CxMQY2VydFNJR04gUk9PVCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7I +JUqOtdu0KBuqV5Do0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHH +rfAQUySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5dRdY4zTW2 +ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQOA7+j0xbm0bqQfWwCHTD +0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwvJoIQ4uNllAoEwF73XVv4EOLQunpL+943 +AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B +Af8EBAMCAcYwHQYDVR0OBBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IB +AQA+0hyJLjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecYMnQ8 +SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ44gx+FkagQnIl6Z0 +x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6IJd1hJyMctTEHBDa0GpC9oHRxUIlt +vBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7Nz +TogVZ96edhBiIL5VaZVDADlN9u6wWk5JRFRYX0KD +-----END CERTIFICATE----- + +NetLock Arany (Class Gold) Főtanúsítvány +======================================== +-----BEGIN CERTIFICATE----- +MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQGEwJIVTERMA8G +A1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3MDUGA1UECwwuVGFuw7pzw610 +dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBB +cmFueSAoQ2xhc3MgR29sZCkgRsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgx +MjA2MTUwODIxWjCBpzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxO +ZXRMb2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlmaWNhdGlv +biBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNzIEdvbGQpIEbFkXRhbsO6 +c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRec75LbRTDofTjl5Bu +0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrTlF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw +/HpYzY6b7cNGbIRwXdrzAZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAk +H3B5r9s5VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRGILdw +fzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2BJtr+UBdADTHLpl1 +neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAGAQH/AgEEMA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2MU9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwW +qZw8UQCgwBEIBaeZ5m8BiFRhbvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTta +YtOUZcTh5m2C+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC +bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2FuLjbvrW5Kfna +NwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQu +dZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= +-----END CERTIFICATE----- + +Hongkong Post Root CA 1 +======================= +-----BEGIN CERTIFICATE----- +MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoT +DUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMB4XDTAzMDUx +NTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25n +IFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1 +ApzQjVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEnPzlTCeqr +auh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjhZY4bXSNmO7ilMlHIhqqh +qZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9nnV0ttgCXjqQesBCNnLsak3c78QA3xMY +V18meMjWCnl3v/evt3a5pQuEF10Q6m/hq5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNV +HRMBAf8ECDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7i +h9legYsCmEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI37pio +l7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clBoiMBdDhViw+5Lmei +IAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJsEhTkYY2sEJCehFC78JZvRZ+K88ps +T/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpOfMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilT +c4afU9hDDl3WY4JxHYB0yvbiAmvZWg== +-----END CERTIFICATE----- + +SecureSign RootCA11 +=================== +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDErMCkGA1UEChMi +SmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoGA1UEAxMTU2VjdXJlU2lnbiBS +b290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSsw +KQYDVQQKEyJKYXBhbiBDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1 +cmVTaWduIFJvb3RDQTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvL +TJszi1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8h9uuywGO +wvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOVMdrAG/LuYpmGYz+/3ZMq +g6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rP +O7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitA +bpSACW22s293bzUIUPsCh8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZX +t94wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKCh +OBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xmKbabfSVSSUOrTC4r +bnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQX5Ucv+2rIrVls4W6ng+4reV6G4pQ +Oh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWrQbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01 +y8hSyn+B/tlr0/cR7SXf+Of5pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061 +lgeLKBObjBmNQSdJQO7e5iNEOdyhIta6A/I= +-----END CERTIFICATE----- + +Microsec e-Szigno Root CA 2009 +============================== +-----BEGIN CERTIFICATE----- +MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYDVQQGEwJIVTER +MA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jv +c2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o +dTAeFw0wOTA2MTYxMTMwMThaFw0yOTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UE +BwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUt +U3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvPkd6mJviZpWNwrZuuyjNA +fW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tccbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG +0IMZfcChEhyVbUr02MelTTMuhTlAdX4UfIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKA +pxn1ntxVUwOXewdI/5n7N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm +1HxdrtbCxkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1+rUC +AwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTLD8bf +QkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAbBgNVHREE +FDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqGSIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0o +lZMEyL/azXm4Q5DwpL7v8u8hmLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfX +I/OMn74dseGkddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 +tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c2Pm2G2JwCz02 +yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5tHMN1Rq41Bab2XD0h7lbwyYIi +LXpUq3DDfSJlgnCW +-----END CERTIFICATE----- + +GlobalSign Root CA - R3 +======================= +-----BEGIN CERTIFICATE----- +MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xv +YmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh +bFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT +aWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln +bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWt +iHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ +0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3 +rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjl +OCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2 +xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE +FI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZURUm7 +lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5RcOO5LlXbKr8 +EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBovHd7NADdBj+1E +bddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18 +YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7r +kpeDMdmztcpHWD9f +-----END CERTIFICATE----- + +Autoridad de Certificacion Firmaprofesional CIF A62634068 +========================================================= +-----BEGIN CERTIFICATE----- +MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UEBhMCRVMxQjBA +BgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2 +MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEyMzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIw +QAYDVQQDDDlBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBB +NjI2MzQwNjgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDD +Utd9thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQMcas9UX4P +B99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefGL9ItWY16Ck6WaVICqjaY +7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15iNA9wBj4gGFrO93IbJWyTdBSTo3OxDqqH +ECNZXyAFGUftaI6SEspd/NYrspI8IM/hX68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyI +plD9amML9ZMWGxmPsu2bm8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctX +MbScyJCyZ/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirjaEbsX +LZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/TKI8xWVvTyQKmtFLK +bpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF6NkBiDkal4ZkQdU7hwxu+g/GvUgU +vzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVhOSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1Ud +EwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNH +DhpkLzCBpgYDVR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp +cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBvACAAZABlACAA +bABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBlAGwAbwBuAGEAIAAwADgAMAAx +ADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx +51tkljYyGOylMnfX40S2wBEqgLk9am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qk +R71kMrv2JYSiJ0L1ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaP +T481PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS3a/DTg4f +Jl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5kSeTy36LssUzAKh3ntLFl +osS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF3dvd6qJ2gHN99ZwExEWN57kci57q13XR +crHedUTnQn3iV2t93Jm8PYMo6oCTjcVMZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoR +saS8I8nkvof/uZS2+F0gStRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTD +KCOM/iczQ0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQBjLMi +6Et8Vcad+qMUu2WFbm5PEn4KPJ2V +-----END CERTIFICATE----- + +Izenpe.com +========== +-----BEGIN CERTIFICATE----- +MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQG +EwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wHhcNMDcxMjEz +MTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMu +QS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ +03rKDx6sp4boFmVqscIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAK +ClaOxdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6HLmYRY2xU ++zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFXuaOKmMPsOzTFlUFpfnXC +PCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQDyCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxT +OTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbK +F7jJeodWLBoBHmy+E60QrLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK +0GqfvEyNBjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8Lhij+ +0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIBQFqNeb+Lz0vPqhbB +leStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+HMh3/1uaD7euBUbl8agW7EekFwID +AQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2luZm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+ +SVpFTlBFIFMuQS4gLSBDSUYgQTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBG +NjIgUzgxQzBBBgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx +MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O +BBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUAA4ICAQB4pgwWSp9MiDrAyw6l +Fn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWblaQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbga +kEyrkgPH7UIBzg/YsfqikuFgba56awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8q +hT/AQKM6WfxZSzwoJNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Cs +g1lwLDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCTVyvehQP5 +aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGkLhObNA5me0mrZJfQRsN5 +nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJbUjWumDqtujWTI6cfSN01RpiyEGjkpTHC +ClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZo +Q0iy2+tzJOeRf1SktoA+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1Z +WrOZyGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== +-----END CERTIFICATE----- + +Go Daddy Root Certificate Authority - G2 +======================================== +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT +B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMu +MTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 +MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 +b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8G +A1UEAxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKDE6bFIEMBO4Tx5oVJnyfq +9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD ++qK+ihVqf94Lw7YZFAXK6sOoBJQ7RnwyDfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutd +fMh8+7ArU6SSYmlRJQVhGkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMl +NAJWJwGRtDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEAAaNC +MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFDqahQcQZyi27/a9 +BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmXWWcDYfF+OwYxdS2hII5PZYe096ac +vNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r +5N9ss4UXnT3ZJE95kTXWXwTrgIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYV +N8Gb5DKj7Tjo2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO +LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI4uJEvlz36hz1 +-----END CERTIFICATE----- + +Starfield Root Certificate Authority - G2 +========================================= +-----BEGIN CERTIFICATE----- +MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT +B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s +b2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVsZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0 +eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAw +DgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQg +VGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBB +dXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3twQP89o/8ArFv +W59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMgnLRJdzIpVv257IzdIvpy3Cdhl+72WoTs +bhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNk +N3mSwOxGXn/hbVNMYq/NHwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7Nf +ZTD4p7dNdloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0HZbU +JtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0GCSqGSIb3DQEBCwUAA4IBAQARWfol +TwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjUsHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx +4mcujJUDJi5DnUox9g61DLu34jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUw +F5okxBDgBPfg8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K +pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1mMpYjn0q7pBZ +c2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 +-----END CERTIFICATE----- + +Starfield Services Root Certificate Authority - G2 +================================================== +-----BEGIN CERTIFICATE----- +MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT +B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s +b2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRl +IEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNV +BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxT +dGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2VydmljZXMg +Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20pOsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2 +h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4Pa +hHQUw2eeBGg6345AWh1KTs9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLP +LJGmpufehRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFB +rMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqG +SIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPP +E95Dz+I0swSdHynVv/heyNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTy +xQGjhdByPq1zqwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd +iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jza +YyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6 +-----END CERTIFICATE----- + +AffirmTrust Commercial +====================== +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UEBhMCVVMxFDAS +BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMB4XDTEw +MDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly +bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6Eqdb +DuKPHx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yrba0F8PrV +C8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPALMeIrJmqbTFeurCA+ukV6 +BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1yHp52UKqK39c/s4mT6NmgTWvRLpUHhww +MmWd5jyTXlBOeuM61G7MGvv50jeuJCqrVwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNV +HQ4EFgQUnZPGU4teyq8/nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYGXUPG +hi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNjvbz4YYCanrHOQnDi +qX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivtZ8SOyUOyXGsViQK8YvxO8rUzqrJv +0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9gN53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0kh +sUlHRUe072o0EclNmsxZt9YCnlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= +-----END CERTIFICATE----- + +AffirmTrust Networking +====================== +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UEBhMCVVMxFDAS +BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMB4XDTEw +MDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly +bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SE +Hi3yYJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbuakCNrmreI +dIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRLQESxG9fhwoXA3hA/Pe24 +/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gb +h+0t+nvujArjqWaJGctB+d1ENmHP4ndGyH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNV +HQ4EFgQUBx/S55zawm6iQLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfOtDIu +UFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzuQY0x2+c06lkh1QF6 +12S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZLgo/bNjR9eUJtGxUAArgFU2HdW23 +WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4uolu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9 +/ZFvgrG+CJPbFEfxojfHRZ48x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= +-----END CERTIFICATE----- + +AffirmTrust Premium +=================== +-----BEGIN CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UEBhMCVVMxFDAS +BgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMB4XDTEwMDEy +OTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRy +dXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAxBLfqV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtn +BKAQJG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ+jjeRFcV +5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrSs8PhaJyJ+HoAVt70VZVs ++7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmd +GPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d770O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5R +p9EixAqnOEhss/n/fauGV+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NI +S+LI+H+SqHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S5u04 +6uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4IaC1nEWTJ3s7xgaVY5 +/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TXOwF0lkLgAOIua+rF7nKsu7/+6qqo ++Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYEFJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByv +MiPIs0laUZx2KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg +Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B8OWycvpEgjNC +6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQMKSOyARiqcTtNd56l+0OOF6S +L5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK ++4w1IX2COPKpVJEZNZOUbWo6xbLQu4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmV +BtWVyuEklut89pMFu+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFg +IxpHYoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8GKa1qF60 +g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaORtGdFNrHF+QFlozEJLUb +zxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6eKeC2uAloGRwYQw== +-----END CERTIFICATE----- + +AffirmTrust Premium ECC +======================= +-----BEGIN CERTIFICATE----- +MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMCVVMxFDASBgNV +BAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQcmVtaXVtIEVDQzAeFw0xMDAx +MjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1U +cnVzdDEgMB4GA1UEAwwXQWZmaXJtVHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAQNMF4bFZ0D0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQ +N8O9ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0GA1UdDgQW +BBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAK +BggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/VsaobgxCd05DhT1wV/GzTjxi+zygk8N53X +57hG8f2h4nECMEJZh0PUUd+60wkyWs6Iflc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKM +eQ== +-----END CERTIFICATE----- + +Certum Trusted Network CA +========================= +-----BEGIN CERTIFICATE----- +MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQK +ExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIy +MTIwNzM3WhcNMjkxMjMxMTIwNzM3WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBU +ZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +MSIwIAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rHUV+rpDKmYYe2bg+G0jAC +l/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LMTXPb865Px1bVWqeWifrzq2jUI4ZZJ88J +J7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVUBBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4 +fOQtf/WsX+sWn7Et0brMkUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0 +cvW0QM8xAcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNVHRMB +Af8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15ysHhE49wcrwn9I0j6vSrEuVUEtRCj +jSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfLI9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1 +mS1FhIrlQgnXdAIv94nYmem8J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5aj +Zt3hrvJBW8qYVoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI +03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= +-----END CERTIFICATE----- + +TWCA Root Certification Authority +================================= +-----BEGIN CERTIFICATE----- +MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJ +VEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMzWhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQG +EwJUVzESMBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NB +IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFEAcK0HMMx +QhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HHK3XLfJ+utdGdIzdjp9xC +oi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeXRfwZVzsrb+RH9JlF/h3x+JejiB03HFyP +4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/zrX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1r +y+UPizgN7gr8/g+YnzAx3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkqhkiG +9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeCMErJk/9q56YAf4lC +mtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdlsXebQ79NqZp4VKIV66IIArB6nCWlW +QtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62Dlhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVY +T0bf+215WfKEIlKuD8z7fDvnaspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocny +Yh0igzyXxfkZYiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== +-----END CERTIFICATE----- + +Security Communication RootCA2 +============================== +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc +U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMeU2VjdXJpdHkgQ29tbXVuaWNh +dGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoXDTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMC +SlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3Vy +aXR5IENvbW11bmljYXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ANAVOVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGrzbl+dp++ ++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVMVAX3NuRFg3sUZdbcDE3R +3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQhNBqyjoGADdH5H5XTz+L62e4iKrFvlNV +spHEfbmwhRkGeC7bYRr6hfVKkaHnFtWOojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1K +EOtOghY6rCcMU/Gt1SSwawNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8 +QIH4D5csOPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB +CwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpFcoJxDjrSzG+ntKEj +u/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXcokgfGT+Ok+vx+hfuzU7jBBJV1uXk +3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6q +tnRGEmyR7jTV7JqR50S+kDFy1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29 +mvVXIwAHIRc/SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 +-----END CERTIFICATE----- + +EC-ACC +====== +-----BEGIN CERTIFICATE----- +MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB8zELMAkGA1UE +BhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2VydGlmaWNhY2lvIChOSUYgUS0w +ODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYD +VQQLEyxWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UE +CxMsSmVyYXJxdWlhIEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMT +BkVDLUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQGEwJFUzE7 +MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8gKE5JRiBRLTA4MDExNzYt +SSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBDZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZl +Z2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQubmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJh +cnF1aWEgRW50aXRhdHMgZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUND +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R85iK +w5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm4CgPukLjbo73FCeT +ae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaVHMf5NLWUhdWZXqBIoH7nF2W4onW4 +HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNdQlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0a +E9jD2z3Il3rucO2n5nzbcc8tlGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw +0JDnJwIDAQABo4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4opvpXY0wfwYD +VR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBodHRwczovL3d3dy5jYXRjZXJ0 +Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5l +dC92ZXJhcnJlbCAwDQYJKoZIhvcNAQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJ +lF7W2u++AVtd0x7Y/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNa +Al6kSBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhyRp/7SNVe +l+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOSAgu+TGbrIP65y7WZf+a2 +E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xlnJ2lYJU6Un/10asIbvPuW/mIPX64b24D +5EI= +-----END CERTIFICATE----- + +Hellenic Academic and Research Institutions RootCA 2011 +======================================================= +-----BEGIN CERTIFICATE----- +MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1IxRDBCBgNVBAoT +O0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9y +aXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25z +IFJvb3RDQSAyMDExMB4XDTExMTIwNjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYT +AkdSMUQwQgYDVQQKEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25z +IENlcnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNo +IEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPzdYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI +1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJfel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa +71HFK9+WXesyHgLacEnsbgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u +8yBRQlqD75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSPFEDH +3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNVHRMBAf8EBTADAQH/ +MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp5dgTBCPuQSUwRwYDVR0eBEAwPqA8 +MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQub3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQu +b3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVt +XdMiKahsog2p6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8 +TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7dIsXRSZMFpGD +/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8AcysNnq/onN694/BtZqhFLKPM58N +7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXIl7WdmplNsDz4SgCbZN2fOUvRJ9e4 +-----END CERTIFICATE----- + +Actalis Authentication Root CA +============================== +-----BEGIN CERTIFICATE----- +MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCSVQxDjAM +BgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UE +AwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDky +MjExMjIwMlowazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlz +IFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 +IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNvUTufClrJ +wkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX4ay8IMKx4INRimlNAJZa +by/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9KK3giq0itFZljoZUj5NDKd45RnijMCO6 +zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1f +YVEiVRvjRuPjPdA1YprbrxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2 +oxgkg4YQ51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2Fbe8l +EfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxeKF+w6D9Fz8+vm2/7 +hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4Fv6MGn8i1zeQf1xcGDXqVdFUNaBr8 +EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbnfpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5 +jF66CyCU3nuDuP/jVo23Eek7jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLY +iDrIn3hm7YnzezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt +ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQALe3KHwGCmSUyI +WOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70jsNjLiNmsGe+b7bAEzlgqqI0 +JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDzWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKx +K3JCaKygvU5a2hi/a5iB0P2avl4VSM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+ +Xlff1ANATIGk0k9jpwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC +4yyXX04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+OkfcvHlXHo +2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7RK4X9p2jIugErsWx0Hbhz +lefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btUZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXem +OR/qnuOf0GZvBeyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9 +vwGYT7JZVEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== +-----END CERTIFICATE----- + +Trustis FPS Root CA +=================== +-----BEGIN CERTIFICATE----- +MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQG +EwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQLExNUcnVzdGlzIEZQUyBSb290 +IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTExMzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNV +BAoTD1RydXN0aXMgTGltaXRlZDEcMBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQ +RUN+AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihHiTHcDnlk +H5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjjvSkCqPoc4Vu5g6hBSLwa +cY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zt +o3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlBOrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEA +AaNTMFEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAd +BgNVHQ4EFgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01GX2c +GE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmWzaD+vkAMXBJV+JOC +yinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP41BIy+Q7DsdwyhEQsb8tGD+pmQQ9P +8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZEf1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHV +l/9D7S3B2l0pKoU/rGXuhg8FjZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYl +iB6XzCGcKQENZetX2fNXlrtIzYE= +-----END CERTIFICATE----- + +Buypass Class 2 Root CA +======================= +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU +QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMiBSb290IENBMB4X +DTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1owTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1 +eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1 +g1Lr6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPVL4O2fuPn +9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC911K2GScuVr1QGbNgGE41b +/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHxMlAQTn/0hpPshNOOvEu/XAFOBz3cFIqU +CqTqc/sLUegTBxj6DvEr0VQVfTzh97QZQmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeff +awrbD02TTqigzXsu8lkBarcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgI +zRFo1clrUs3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLiFRhn +Bkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRSP/TizPJhk9H9Z2vX +Uq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN9SG9dKpN6nIDSdvHXx1iY8f93ZHs +M+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxPAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD +VR0OBBYEFMmAd+BikoL1RpzzuvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF +AAOCAgEAU18h9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s +A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3tOluwlN5E40EI +osHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo+fsicdl9sz1Gv7SEr5AcD48S +aq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYd +DnkM/crqJIByw5c/8nerQyIKx+u2DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWD +LfJ6v9r9jv6ly0UsH8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0 +oyLQI+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK75t98biGC +wWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h3PFaTWwyI0PurKju7koS +CTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPzY11aWOIv4x3kqdbQCtCev9eBCfHJxyYN +rJgWVqA= +-----END CERTIFICATE----- + +Buypass Class 3 Root CA +======================= +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU +QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMyBSb290IENBMB4X +DTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFowTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1 +eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRH +sJ8YZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3EN3coTRiR +5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9tznDDgFHmV0ST9tD+leh +7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX0DJq1l1sDPGzbjniazEuOQAnFN44wOwZ +ZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH +2xc519woe2v1n/MuwU8XKhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV +/afmiSTYzIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvSO1UQ +RwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D34xFMFbG02SrZvPA +Xpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgPK9Dx2hzLabjKSWJtyNBjYt1gD1iq +j6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD +VR0OBBYEFEe4zf/lb+74suwvTg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF +AAOCAgEAACAjQTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV +cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXSIGrs/CIBKM+G +uIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2HJLw5QY33KbmkJs4j1xrG0aG +Q0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsaO5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8 +ZORK15FTAaggiG6cX0S5y2CBNOxv033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2 +KSb12tjE8nVhz36udmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz +6MkEkbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg413OEMXbug +UZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvDu79leNKGef9JOxqDDPDe +eOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq4/g7u9xN12TyUb7mqqta6THuBrxzvxNi +Cp/HuZc= +-----END CERTIFICATE----- + +T-TeleSec GlobalRoot Class 3 +============================ +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM +IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU +cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgx +MDAxMTAyOTU2WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz +dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD +ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN8ELg63iIVl6bmlQdTQyK +9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/RLyTPWGrTs0NvvAgJ1gORH8EGoel15YU +NpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZF +iP0Zf3WHHx+xGwpzJFu5ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W +0eDrXltMEnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1A/d2O2GCahKqGFPr +AyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOyWL6ukK2YJ5f+AbGwUgC4TeQbIXQb +fsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzT +ucpH9sry9uetuUg/vBa3wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7h +P0HHRwA11fXT91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml +e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4pTpPDpFQUWw== +-----END CERTIFICATE----- + +D-TRUST Root Class 3 CA 2 2009 +============================== +-----BEGIN CERTIFICATE----- +MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQK +DAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTAe +Fw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NThaME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxE +LVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOAD +ER03UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42tSHKXzlA +BF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9RySPocq60vFYJfxLLHLGv +KZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsMlFqVlNpQmvH/pStmMaTJOKDfHR+4CS7z +p+hnUquVH+BGPtikw8paxTGA6Eian5Rp/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUC +AwEAAaOCARowggEWMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ +4PGEMA4GA1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVjdG9y +eS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUyMENBJTIwMiUyMDIw +MDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwQ6BBoD+G +PWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAw +OS5jcmwwDQYJKoZIhvcNAQELBQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm +2H6NMLVwMeniacfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 +o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4KzCUqNQT4YJEV +dT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8PIWmawomDeCTmGCufsYkl4ph +X5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3YJohw1+qRzT65ysCQblrGXnRl11z+o+I= +-----END CERTIFICATE----- + +D-TRUST Root Class 3 CA 2 EV 2009 +================================= +-----BEGIN CERTIFICATE----- +MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK +DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw +OTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUwNDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK +DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw +OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfS +egpnljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM03TP1YtHh +zRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6ZqQTMFexgaDbtCHu39b+T +7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lRp75mpoo6Kr3HGrHhFPC+Oh25z1uxav60 +sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure35 +11H3a6UCAwEAAaOCASQwggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyv +cop9NteaHNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFwOi8v +ZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xhc3MlMjAzJTIwQ0El +MjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRp +b25saXN0MEagRKBChkBodHRwOi8vd3d3LmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xh +c3NfM19jYV8yX2V2XzIwMDkuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+ +PPoeUSbrh/Yp3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 +nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNFCSuGdXzfX2lX +ANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7naxpeG0ILD5EJt/rDiZE4OJudA +NCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVv +w9y4AyHqnxbxLFS1 +-----END CERTIFICATE----- + +CA Disig Root R2 +================ +-----BEGIN CERTIFICATE----- +MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNVBAYTAlNLMRMw +EQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNp +ZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQyMDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sx +EzARBgNVBAcTCkJyYXRpc2xhdmExEzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERp +c2lnIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbC +w3OeNcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNHPWSb6Wia +xswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3Ix2ymrdMxp7zo5eFm1tL7 +A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbeQTg06ov80egEFGEtQX6sx3dOy1FU+16S +GBsEWmjGycT6txOgmLcRK7fWV8x8nhfRyyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqV +g8NTEQxzHQuyRpDRQjrOQG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa +5Beny912H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJQfYE +koopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUDi/ZnWejBBhG93c+A +Ak9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORsnLMOPReisjQS1n6yqEm70XooQL6i +Fh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5u +Qu0wDQYJKoZIhvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM +tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqfGopTpti72TVV +sRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkblvdhuDvEK7Z4bLQjb/D907Je +dR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka+elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W8 +1k/BfDxujRNt+3vrMNDcTa/F1balTFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjx +mHHEt38OFdAlab0inSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01 +utI3gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18DrG5gPcFw0 +sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3OszMOl6W8KjptlwlCFtaOg +UxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8xL4ysEr3vQCj8KWefshNPZiTEUxnpHikV +7+ZtsH8tZ/3zbBt1RqPlShfppNcL +-----END CERTIFICATE----- + +ACCVRAIZ1 +========= +-----BEGIN CERTIFICATE----- +MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UEAwwJQUNDVlJB +SVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQswCQYDVQQGEwJFUzAeFw0xMTA1 +MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQBgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwH +UEtJQUNDVjENMAsGA1UECgwEQUNDVjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQCbqau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gM +jmoYHtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWoG2ioPej0 +RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpAlHPrzg5XPAOBOp0KoVdD +aaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhrIA8wKFSVf+DuzgpmndFALW4ir50awQUZ +0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDG +WuzndN9wrqODJerWx5eHk6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs7 +8yM2x/474KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMOm3WR +5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpacXpkatcnYGMN285J +9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPluUsXQA+xtrn13k/c4LOsOxFwYIRK +Q26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYIKwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRw +Oi8vd3d3LmFjY3YuZXMvZmlsZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEu +Y3J0MB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2 +VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeTVfZW6oHlNsyM +Hj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIGCCsGAQUFBwICMIIBFB6CARAA +QQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUAcgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBh +AO0AegAgAGQAZQAgAGwAYQAgAEEAQwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUA +YwBuAG8AbABvAGcA7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBj +AHQAcgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAAQwBQAFMA +IABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUAczAwBggrBgEFBQcCARYk +aHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2MuaHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0 +dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRtaW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2 +MV9kZXIuY3JsMA4GA1UdDwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZI +hvcNAQEFBQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdpD70E +R9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gUJyCpZET/LtZ1qmxN +YEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+mAM/EKXMRNt6GGT6d7hmKG9Ww7Y49 +nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepDvV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJ +TS+xJlsndQAJxGJ3KQhfnlmstn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3 +sCPdK6jT2iWH7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h +I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szAh1xA2syVP1Xg +Nce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xFd3+YJ5oyXSrjhO7FmGYvliAd +3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2HpPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3p +EfbRD0tVNEYqi4Y7 +-----END CERTIFICATE----- + +TWCA Global Root CA +=================== +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcxEjAQBgNVBAoT +CVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMTVFdDQSBHbG9iYWwgUm9vdCBD +QTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQK +EwlUQUlXQU4tQ0ExEDAOBgNVBAsTB1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3Qg +Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2C +nJfF10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz0ALfUPZV +r2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfChMBwqoJimFb3u/Rk28OKR +Q4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbHzIh1HrtsBv+baz4X7GGqcXzGHaL3SekV +tTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1W +KKD+u4ZqyPpcC1jcxkt2yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99 +sy2sbZCilaLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYPoA/p +yJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQABDzfuBSO6N+pjWxn +kjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcEqYSjMq+u7msXi7Kx/mzhkIyIqJdI +zshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMC +AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6g +cFGn90xHNcgL1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn +LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WFH6vPNOw/KP4M +8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNoRI2T9GRwoD2dKAXDOXC4Ynsg +/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlg +lPx4mI88k1HtQJAH32RjJMtOcQWh15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryP +A9gK8kxkRr05YuWW6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3m +i4TWnsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5jwa19hAM8 +EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWzaGHQRiapIVJpLesux+t3 +zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmyKwbQBM0= +-----END CERTIFICATE----- + +TeliaSonera Root CA v1 +====================== +-----BEGIN CERTIFICATE----- +MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAwNzEUMBIGA1UE +CgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJvb3QgQ0EgdjEwHhcNMDcxMDE4 +MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwW +VGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+ +6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA +3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75Ljo1k +B1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJjmhn +Xb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxH +oLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3 +F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJ +oWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4pgd7 +gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTwEhDc +TwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVNAgMB +AAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qW +DNXr+nuqF+gTEjANBgkqhkiG9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNm +zqjMDfz1mgbldxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx +0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1TjTQpgcmLNkQfW +pb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBedY2gea+zDTYa4EzAvXUYNR0PV +G6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpc +c41teyWRyu5FrgZLAMzTsVlQ2jqIOylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOT +JsjrDNYmiLbAJM+7vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2 +qReWt88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcnHL/EVlP6 +Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVxSK236thZiNSQvxaz2ems +WWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= +-----END CERTIFICATE----- + +E-Tugra Certification Authority +=============================== +-----BEGIN CERTIFICATE----- +MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNVBAYTAlRSMQ8w +DQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamls +ZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN +ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMw +NTEyMDk0OFoXDTIzMDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmEx +QDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxl +cmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQD +DB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEA4vU/kwVRHoViVF56C/UYB4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vd +hQd2h8y/L5VMzH2nPbxHD5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5K +CKpbknSFQ9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEoq1+g +ElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3Dk14opz8n8Y4e0ypQ +BaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcHfC425lAcP9tDJMW/hkd5s3kc91r0 +E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsutdEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gz +rt48Ue7LE3wBf4QOXVGUnhMMti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAq +jqFGOjGY5RH8zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn +rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUXU8u3Zg5mTPj5 +dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6Jyr+zE7S6E5UMA8GA1UdEwEB +/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEG +MA0GCSqGSIb3DQEBCwUAA4ICAQAFNzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAK +kEh47U6YA5n+KGCRHTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jO +XKqYGwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c77NCR807 +VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3+GbHeJAAFS6LrVE1Uweo +a2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WKvJUawSg5TB9D0pH0clmKuVb8P7Sd2nCc +dlqMQ1DujjByTd//SffGqWfZbawCEeI6FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEV +KV0jq9BgoRJP3vQXzTLlyb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gT +Dx4JnW2PAJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpDy4Q0 +8ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8dNL/+I5c30jn6PQ0G +C7TbO6Orb1wdtn7os4I07QZcJA== +-----END CERTIFICATE----- + +T-TeleSec GlobalRoot Class 2 +============================ +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM +IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU +cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgx +MDAxMTA0MDE0WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz +dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD +ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nzHoqvNK38DcLZ +SBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/F +vudocP05l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx970 +2cu+fjOlbpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGV +WOHAD3bZwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/WSA2AHmgoCJrjNXy +YdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhyNsZt+U2e+iKo4YFWz827n+qrkRk4 +r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPACuvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNf +vNoBYimipidx5joifsFvHZVwIEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR +3p1m0IvVVGb6g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN +9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6Fuwg== +-----END CERTIFICATE----- + +Atos TrustedRoot 2011 +===================== +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UEAwwVQXRvcyBU +cnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0xMTA3MDcxNDU4 +MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMMFUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsG +A1UECgwEQXRvczELMAkGA1UEBhMCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV +hTuXbyo7LjvPpvMpNb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr +54rMVD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+SZFhyBH+ +DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ4J7sVaE3IqKHBAUsR320 +HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0Lcp2AMBYHlT8oDv3FdU9T1nSatCQujgKR +z3bFmx5VdJx4IbHwLfELn8LVlhgf8FQieowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7R +l+lwrrw7GWzbITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZ +bNshMBgGA1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +CwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8jvZfza1zv7v1Apt+h +k6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kPDpFrdRbhIfzYJsdHt6bPWHJxfrrh +TZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pcmaHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a9 +61qn8FYiqTxlVMYVqL2Gns2Dlmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G +3mB/ufNPRJLvKrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed +-----END CERTIFICATE----- + +QuoVadis Root CA 1 G3 +===================== +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQELBQAwSDELMAkG +A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv +b3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJN +MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEg +RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakE +PBtVwedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWerNrwU8lm +PNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF34168Xfuw6cwI2H44g4hWf6 +Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh4Pw5qlPafX7PGglTvF0FBM+hSo+LdoIN +ofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXpUhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/l +g6AnhF4EwfWQvTA9xO+oabw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV +7qJZjqlc3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/GKubX +9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSthfbZxbGL0eUQMk1f +iyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KOTk0k+17kBL5yG6YnLUlamXrXXAkg +t3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOtzCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZI +hvcNAQELBQADggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC +MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2cDMT/uFPpiN3 +GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUNqXsCHKnQO18LwIE6PWThv6ct +Tr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP ++V04ikkwj+3x6xn0dxoxGE1nVGwvb2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh +3jRJjehZrJ3ydlo28hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fa +wx/kNSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNjZgKAvQU6 +O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhpq1467HxpvMc7hU6eFbm0 +FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFtnh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOV +hMJKzRwuJIczYOXD +-----END CERTIFICATE----- + +QuoVadis Root CA 2 G3 +===================== +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQELBQAwSDELMAkG +A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv +b3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJN +MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIg +RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFh +ZiFfqq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMWn4rjyduY +NM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ymc5GQYaYDFCDy54ejiK2t +oIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+O7q414AB+6XrW7PFXmAqMaCvN+ggOp+o +MiwMzAkd056OXbxMmO7FGmh77FOm6RQ1o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+l +V0POKa2Mq1W/xPtbAd0jIaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZo +L1NesNKqIcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz8eQQ +sSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43ehvNURG3YBZwjgQQvD +6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l7ZizlWNof/k19N+IxWA1ksB8aRxh +lRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALGcC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZI +hvcNAQELBQADggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66 +AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RCroijQ1h5fq7K +pVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0GaW/ZZGYjeVYg3UQt4XAoeo0L9 +x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4nlv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgz +dWqTHBLmYF5vHX/JHyPLhGGfHoJE+V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6X +U/IyAgkwo1jwDQHVcsaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+Nw +mNtddbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNgKCLjsZWD +zYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeMHVOyToV7BjjHLPj4sHKN +JeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4WSr2Rz0ZiC3oheGe7IUIarFsNMkd7Egr +O3jtZsSOeWmD3n+M +-----END CERTIFICATE----- + +QuoVadis Root CA 3 G3 +===================== +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQELBQAwSDELMAkG +A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv +b3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJN +MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMg +RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286 +IxSR/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNuFoM7pmRL +Mon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXRU7Ox7sWTaYI+FrUoRqHe +6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+cra1AdHkrAj80//ogaX3T7mH1urPnMNA3 +I4ZyYUUpSFlob3emLoG+B01vr87ERRORFHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3U +VDmrJqMz6nWB2i3ND0/kA9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f7 +5li59wzweyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634RylsSqi +Md5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBpVzgeAVuNVejH38DM +dyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0QA4XN8f+MFrXBsj6IbGB/kE+V9/Yt +rQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZI +hvcNAQELBQADggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px +KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnIFUBhynLWcKzS +t/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5WvvoxXqA/4Ti2Tk08HS6IT7SdEQ +TXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFgu/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9Du +DcpmvJRPpq3t/O5jrFc/ZSXPsoaP0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGib +Ih6BJpsQBJFxwAYf3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmD +hPbl8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+DhcI00iX +0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HNPlopNLk9hM6xZdRZkZFW +dSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ywaZWWDYWGWVjUTR939+J399roD1B0y2 +PpxxVJkES/1Y+Zj0 +-----END CERTIFICATE----- + +DigiCert Assured ID Root G2 +=========================== +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw +IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgw +MTE1MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL +ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSAn61UQbVH +35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4HteccbiJVMWWXvdMX0h5i89vq +bFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9HpEgjAALAcKxHad3A2m67OeYfcgnDmCXRw +VWmvo2ifv922ebPynXApVfSr/5Vh88lAbx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OP +YLfykqGxvYmJHzDNw6YuYjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+Rn +lTGNAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTO +w0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPIQW5pJ6d1Ee88hjZv +0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I0jJmwYrA8y8678Dj1JGG0VDjA9tz +d29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4GnilmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAW +hsI6yLETcDbYz+70CjTVW0z9B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0M +jomZmWzwPDCvON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo +IhNzbM8m9Yop5w== +-----END CERTIFICATE----- + +DigiCert Assured ID Root G3 +=========================== +-----BEGIN CERTIFICATE----- +MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYD +VQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1 +MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQ +BgcqhkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJfZn4f5dwb +RXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17QRSAPWXYQ1qAk8C3eNvJs +KTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgF +UaFNN6KDec6NHSrkhDAKBggqhkjOPQQDAwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5Fy +YZ5eEJJZVrmDxxDnOOlYJjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy +1vUhZscv6pZjamVFkpUBtA== +-----END CERTIFICATE----- + +DigiCert Global Root G2 +======================= +-----BEGIN CERTIFICATE----- +MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw +HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUx +MjAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3 +dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI2/Ou8jqJ +kTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx1x7e/dfgy5SDN67sH0NO +3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQq2EGnI/yuum06ZIya7XzV+hdG82MHauV +BJVJ8zUtluNJbd134/tJS7SsVQepj5WztCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyM +UNGPHgm+F6HmIcr9g+UQvIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQAB +o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV5uNu +5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY1Yl9PMWLSn/pvtsr +F9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4NeF22d+mQrvHRAiGfzZ0JFrabA0U +WTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NGFdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBH +QRFXGU7Aj64GxJUTFy8bJZ918rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/ +iyK5S9kJRaTepLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl +MrY= +-----END CERTIFICATE----- + +DigiCert Global Root G3 +======================= +-----BEGIN CERTIFICATE----- +MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYD +VQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAw +MDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5k +aWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0C +AQYFK4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FGfp4tn+6O +YwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPOZ9wj/wMco+I+o0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNp +Yim8S8YwCgYIKoZIzj0EAwMDaAAwZQIxAK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y +3maTD/HMsQmP3Wyr+mt/oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34 +VOKa5Vt8sycX +-----END CERTIFICATE----- + +DigiCert Trusted Root G4 +======================== +-----BEGIN CERTIFICATE----- +MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBiMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEw +HwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1 +MTIwMDAwWjBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3yithZwuEp +pz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1Ifxp4VpX6+n6lXFllVcq9o +k3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDVySAdYyktzuxeTsiT+CFhmzTrBcZe7Fsa +vOvJz82sNEBfsXpm7nfISKhmV1efVFiODCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGY +QJB5w3jHtrHEtWoYOAMQjdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6 +MUSaM0C/CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCiEhtm +mnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADMfRyVw4/3IbKyEbe7 +f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QYuKZ3AeEPlAwhHbJUKSWJbOUOUlFH +dL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXKchYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8 +oR7FwI+isX4KJpn15GkvmB0t9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud +DwEB/wQEAwIBhjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD +ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2SV1EY+CtnJYY +ZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd+SeuMIW59mdNOj6PWTkiU0Tr +yF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWcfFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy +7zBZLq7gcfJW5GqXb5JQbZaNaHqasjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iah +ixTXTBmyUEFxPT9NcCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN +5r5N0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie4u1Ki7wb +/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mIr/OSmbaz5mEP0oUA51Aa +5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tK +G48BtieVU+i2iW1bvGjUI+iLUaJW+fCmgKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP +82Z+ +-----END CERTIFICATE----- + +COMODO RSA Certification Authority +================================== +-----BEGIN CERTIFICATE----- +MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE +BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG +A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC +R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE +ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn +dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ +FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+ +5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG +x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX +2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL +OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3 +sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C +GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5 +WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E +FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt +rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+ +nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg +tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW +sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp +pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA +zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq +ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52 +7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I +LaZRfyHBNVOFBkpdn627G190 +-----END CERTIFICATE----- + +USERTrust RSA Certification Authority +===================================== +-----BEGIN CERTIFICATE----- +MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCBiDELMAkGA1UE +BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK +ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UE +BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK +ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCAEmUXNg7D2wiz +0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2j +Y0K2dvKpOyuR+OJv0OwWIJAJPuLodMkYtJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFn +RghRy4YUVD+8M/5+bJz/Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O ++T23LLb2VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT79uq +/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6c0Plfg6lZrEpfDKE +Y1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmTYo61Zs8liM2EuLE/pDkP2QKe6xJM +lXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97lc6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8 +yexDJtC/QV9AqURE9JnnV4eeUB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+ +eLf8ZxXhyVeEHg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd +BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPFUp/L+M+ZBn8b2kMVn54CVVeW +FPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KOVWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ +7l8wXEskEVX/JJpuXior7gtNn3/3ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQ +Eg9zKC7F4iRO/Fjs8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM +8WcRiQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYzeSf7dNXGi +FSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZXHlKYC6SQK5MNyosycdi +yA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9c +J2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRBVXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGw +sAvgnEzDHNb842m1R0aBL6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gx +Q+6IHdfGjjxDah2nGN59PRbxYvnKkKj9 +-----END CERTIFICATE----- + +USERTrust ECC Certification Authority +===================================== +-----BEGIN CERTIFICATE----- +MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDELMAkGA1UEBhMC +VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMC +VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqfloI+d61SRvU8Za2EurxtW2 +0eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinngo4N+LZfQYcTxmdwlkWOrfzCjtHDix6Ez +nPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNV +HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBB +HU6+4WMBzzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbWRNZu +9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= +-----END CERTIFICATE----- + +GlobalSign ECC Root CA - R4 +=========================== +-----BEGIN CERTIFICATE----- +MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEkMCIGA1UECxMb +R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD +EwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMb +R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD +EwpHbG9iYWxTaWduMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprl +OQcJFspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAwDgYDVR0P +AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61FuOJAf/sKbvu+M8k8o4TV +MAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGXkPoUVy0D7O48027KqGx2vKLeuwIgJ6iF +JzWbVsaj8kfSt24bAgAXqmemFZHe+pTsewv4n4Q= +-----END CERTIFICATE----- + +GlobalSign ECC Root CA - R5 +=========================== +-----BEGIN CERTIFICATE----- +MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEkMCIGA1UECxMb +R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD +EwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMb +R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD +EwpHbG9iYWxTaWduMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6 +SFkc8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8kehOvRnkmS +h5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd +BgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYIKoZIzj0EAwMDaAAwZQIxAOVpEslu28Yx +uglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7 +yFz9SO8NdCKoCOJuxUnOxwy8p2Fp8fc74SrL+SvzZpA3 +-----END CERTIFICATE----- + +Staat der Nederlanden EV Root CA +================================ +-----BEGIN CERTIFICATE----- +MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJOTDEeMBwGA1UE +CgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFhdCBkZXIgTmVkZXJsYW5kZW4g +RVYgUm9vdCBDQTAeFw0xMDEyMDgxMTE5MjlaFw0yMjEyMDgxMTEwMjhaMFgxCzAJBgNVBAYTAk5M +MR4wHAYDVQQKDBVTdGFhdCBkZXIgTmVkZXJsYW5kZW4xKTAnBgNVBAMMIFN0YWF0IGRlciBOZWRl +cmxhbmRlbiBFViBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA48d+ifkk +SzrSM4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nCUiY4iKTW +O0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3dZ//BYY1jTw+bbRcwJu+r +0h8QoPnFfxZpgQNH7R5ojXKhTbImxrpsX23Wr9GxE46prfNeaXUmGD5BKyF/7otdBwadQ8QpCiv8 +Kj6GyzyDOvnJDdrFmeK8eEEzduG/L13lpJhQDBXd4Pqcfzho0LKmeqfRMb1+ilgnQ7O6M5HTp5gV +XJrm0w912fxBmJc+qiXbj5IusHsMX/FjqTf5m3VpTCgmJdrV8hJwRVXj33NeN/UhbJCONVrJ0yPr +08C+eKxCKFhmpUZtcALXEPlLVPxdhkqHz3/KRawRWrUgUY0viEeXOcDPusBCAUCZSCELa6fS/ZbV +0b5GnUngC6agIk440ME8MLxwjyx1zNDFjFE7PZQIZCZhfbnDZY8UnCHQqv0XcgOPvZuM5l5Tnrmd +74K74bzickFbIZTTRTeU0d8JOV3nI6qaHcptqAqGhYqCvkIH1vI4gnPah1vlPNOePqc7nvQDs/nx +fRN0Av+7oeX6AHkcpmZBiFxgV6YuCcS6/ZrPpx9Aw7vMWgpVSzs4dlG4Y4uElBbmVvMCAwEAAaNC +MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFP6rAJCYniT8qcwa +ivsnuL8wbqg7MA0GCSqGSIb3DQEBCwUAA4ICAQDPdyxuVr5Os7aEAJSrR8kN0nbHhp8dB9O2tLsI +eK9p0gtJ3jPFrK3CiAJ9Brc1AsFgyb/E6JTe1NOpEyVa/m6irn0F3H3zbPB+po3u2dfOWBfoqSmu +c0iH55vKbimhZF8ZE/euBhD/UcabTVUlT5OZEAFTdfETzsemQUHSv4ilf0X8rLiltTMMgsT7B/Zq +5SWEXwbKwYY5EdtYzXc7LMJMD16a4/CrPmEbUCTCwPTxGfARKbalGAKb12NMcIxHowNDXLldRqAN +b/9Zjr7dn3LDWyvfjFvO5QxGbJKyCqNMVEIYFRIYvdr8unRu/8G2oGTYqV9Vrp9canaW2HNnh/tN +f1zuacpzEPuKqf2evTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi +5Dp6Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIaGl6I6lD4 +WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeLeG9QgkRQP2YGiqtDhFZK +DyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGy +eUN51q1veieQA6TqJIc/2b3Z6fJfUEkc7uzXLg== +-----END CERTIFICATE----- + +IdenTrust Commercial Root CA 1 +============================== +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQG +EwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBS +b290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQwMTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzES +MBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENB +IDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ld +hNlT3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU+ehcCuz/ +mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gpS0l4PJNgiCL8mdo2yMKi +1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1bVoE/c40yiTcdCMbXTMTEl3EASX2MN0C +XZ/g1Ue9tOsbobtJSdifWwLziuQkkORiT0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl +3ZBWzvurpWCdxJ35UrCLvYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzy +NeVJSQjKVsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZKdHzV +WYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHTc+XvvqDtMwt0viAg +xGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hvl7yTmvmcEpB4eoCHFddydJxVdHix +uuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5NiGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC +AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZI +hvcNAQELBQADggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH +6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwtLRvM7Kqas6pg +ghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93nAbowacYXVKV7cndJZ5t+qnt +ozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmV +YjzlVYA211QC//G5Xc7UI2/YRYRKW2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUX +feu+h1sXIFRRk0pTAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/ro +kTLql1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG4iZZRHUe +2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZmUlO+KWA2yUPHGNiiskz +Z2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7R +cGzM7vRX+Bi6hG6H +-----END CERTIFICATE----- + +IdenTrust Public Sector Root CA 1 +================================= +-----BEGIN CERTIFICATE----- +MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG +EwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3Rv +ciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcNMzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJV +UzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBS +b290IENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTy +P4o7ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGyRBb06tD6 +Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlSbdsHyo+1W/CD80/HLaXI +rcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF/YTLNiCBWS2ab21ISGHKTN9T0a9SvESf +qy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoS +mJxZZoY+rfGwyj4GD3vwEUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFn +ol57plzy9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9VGxyh +LrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ2fjXctscvG29ZV/v +iDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsVWaFHVCkugyhfHMKiq3IXAAaOReyL +4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gDW/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8B +Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMw +DQYJKoZIhvcNAQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj +t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHVDRDtfULAj+7A +mgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9TaDKQGXSc3z1i9kKlT/YPyNt +GtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8GlwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFt +m6/n6J91eEyrRjuazr8FGF1NFTwWmhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMx +NRF4eKLg6TCMf4DfWN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4 +Mhn5+bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJtshquDDI +ajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhAGaQdp/lLQzfcaFpPz+vC +ZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ +3Wl9af0AVqW3rLatt8o+Ae+c +-----END CERTIFICATE----- + +Entrust Root Certification Authority - G2 +========================================= +-----BEGIN CERTIFICATE----- +MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCVVMxFjAUBgNV +BAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVy +bXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ug +b25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIw +HhcNMDkwNzA3MTcyNTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoT +DUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMx +OTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25s +eTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP +/vaCeb9zYQYKpSfYs1/TRU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXz +HHfV1IWNcCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hWwcKU +s/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1U1+cPvQXLOZprE4y +TGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0jaWvYkxN4FisZDQSA/i2jZRjJKRx +AgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ6 +0B7vfec7aVHUbI2fkBJmqzANBgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5Z +iXMRrEPR9RP/jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ +Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v1fN2D807iDgi +nWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4RnAuknZoh8/CbCzB428Hch0P+ +vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmHVHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xO +e4pIb4tF9g== +-----END CERTIFICATE----- + +Entrust Root Certification Authority - EC1 +========================================== +-----BEGIN CERTIFICATE----- +MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkGA1UEBhMCVVMx +FjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVn +YWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXpl +ZCB1c2Ugb25seTEzMDEGA1UEAxMqRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRUMxMB4XDTEyMTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYw +FAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2Fs +LXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQg +dXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt +IEVDMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHy +AsWfoPZb1YsGGYZPUxBtByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef +9eNi1KlHBz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE +FLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVCR98crlOZF7ZvHH3h +vxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nXhTcGtXsI/esni0qU+eH6p44mCOh8 +kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G +-----END CERTIFICATE----- + +CFCA EV ROOT +============ +-----BEGIN CERTIFICATE----- +MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJDTjEwMC4GA1UE +CgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNB +IEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkxMjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEw +MC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQD +DAxDRkNBIEVWIFJPT1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnV +BU03sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpLTIpTUnrD +7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5/ZOkVIBMUtRSqy5J35DN +uF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp7hZZLDRJGqgG16iI0gNyejLi6mhNbiyW +ZXvKWfry4t3uMCz7zEasxGPrb382KzRzEpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7 +xzbh72fROdOXW3NiGUgthxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9f +py25IGvPa931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqotaK8K +gWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNgTnYGmE69g60dWIol +hdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfVPKPtl8MeNPo4+QgO48BdK4PRVmrJ +tqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hvcWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAf +BgNVHSMEGDAWgBTj/i39KNALtbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB +/wQEAwIBBjAdBgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB +ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObTej/tUxPQ4i9q +ecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdLjOztUmCypAbqTuv0axn96/Ua +4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBSESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sG +E5uPhnEFtC+NiWYzKXZUmhH4J/qyP5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfX +BDrDMlI1Dlb4pd19xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjn +aH9dCi77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN5mydLIhy +PDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe/v5WOaHIz16eGWRGENoX +kbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+ZAAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3C +ekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su +-----END CERTIFICATE----- + +OISTE WISeKey Global Root GB CA +=============================== +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQG +EwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl +ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAw +MzJaFw0zOTEyMDExNTEwMzFaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYD +VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEds +b2JhbCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3HEokKtaX +scriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGxWuR51jIjK+FTzJlFXHtP +rby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk +9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNku7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4o +Qnc/nSMbsrY9gBQHTC5P99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvg +GUpuuy9rM2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZI +hvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrghcViXfa43FK8+5/ea4n32cZiZBKpD +dHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0 +VQreUGdNZtGn//3ZwLWoo4rOZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEui +HZeeevJuQHHfaPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic +Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= +-----END CERTIFICATE----- + +SZAFIR ROOT CA2 +=============== +-----BEGIN CERTIFICATE----- +MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQELBQAwUTELMAkG +A1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6ZW5pb3dhIFMuQS4xGDAWBgNV +BAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkwNzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJ +BgNVBAYTAlBMMSgwJgYDVQQKDB9LcmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYD +VQQDDA9TWkFGSVIgUk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5Q +qEvNQLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT3PSQ1hNK +DJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw3gAeqDRHu5rr/gsUvTaE +2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr63fE9biCloBK0TXC5ztdyO4mTp4CEHCdJ +ckm1/zuVnsHMyAHs6A6KCpbns6aH5db5BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwi +ieDhZNRnvDF5YTy7ykHNXGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P +AQH/BAQDAgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsFAAOC +AQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw8PRBEew/R40/cof5 +O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOGnXkZ7/e7DDWQw4rtTw/1zBLZpD67 +oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCPoky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul +4+vJhaAlIDf7js4MNIThPIGyd05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6 ++/NNIxuZMzSgLvWpCz/UXeHPhJ/iGcJfitYgHuNztw== +-----END CERTIFICATE----- + +Certum Trusted Network CA 2 +=========================== +-----BEGIN CERTIFICATE----- +MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UE +BhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1 +bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIGA1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29y +ayBDQSAyMCIYDzIwMTExMDA2MDgzOTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQ +TDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENl +cnRpZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENB +IDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWADGSdhhuWZGc/IjoedQF9 +7/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+o +CgCXhVqqndwpyeI1B+twTUrWwbNWuKFBOJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40b +Rr5HMNUuctHFY9rnY3lEfktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2p +uTRZCr+ESv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1mo130 +GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02isx7QBlrd9pPPV3WZ +9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOWOZV7bIBaTxNyxtd9KXpEulKkKtVB +Rgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgezTv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pye +hizKV/Ma5ciSixqClnrDvFASadgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vM +BhBgu4M1t15n3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI +hvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQF/xlhMcQSZDe28cmk4gmb3DW +Al45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTfCVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuA +L55MYIR4PSFk1vtBHxgP58l1cb29XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMo +clm2q8KMZiYcdywmdjWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tM +pkT/WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jbAoJnwTnb +w3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksqP/ujmv5zMnHCnsZy4Ypo +J/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Kob7a6bINDd82Kkhehnlt4Fj1F4jNy3eFm +ypnTycUm/Q1oBEauttmbjL4ZvrHG8hnjXALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLX +is7VmFxWlgPF7ncGNf/P5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7 +zAYspsbiDrW5viSP +-----END CERTIFICATE----- + +Hellenic Academic and Research Institutions RootCA 2015 +======================================================= +-----BEGIN CERTIFICATE----- +MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcT +BkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0 +aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl +YXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAx +MTIxWjCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMg +QWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNV +BAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIw +MTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDC+Kk/G4n8PDwEXT2QNrCROnk8Zlrv +bTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+eh +iGsxr/CL0BgzuNtFajT0AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+ +6PAQZe104S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06CojXd +FPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV9Cz82XBST3i4vTwr +i5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrDgfgXy5I2XdGj2HUb4Ysn6npIQf1F +GQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2 +fu/Z8VFRfS0myGlZYeCsargqNhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9mu +iNX6hME6wGkoLfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc +Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVdctA4GGqd83EkVAswDQYJKoZI +hvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0IXtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+ +D1hYc2Ryx+hFjtyp8iY/xnmMsVMIM4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrM +d/K4kPFox/la/vot9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+y +d+2VZ5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/eaj8GsGsVn +82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnhX9izjFk0WaSrT2y7Hxjb +davYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQl033DlZdwJVqwjbDG2jJ9SrcR5q+ss7F +Jej6A7na+RZukYT1HCjI/CbM1xyQVqdfbzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVt +J94Cj8rDtSvK6evIIVM4pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGa +JI7ZjnHKe7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0vm9q +p/UsQu0yrbYhnr68 +-----END CERTIFICATE----- + +Hellenic Academic and Research Institutions ECC RootCA 2015 +=========================================================== +-----BEGIN CERTIFICATE----- +MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0 +aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9u +cyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJj +aCBJbnN0aXR1dGlvbnMgRUNDIFJvb3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEw +MzcxMlowgaoxCzAJBgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmlj +IEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUQwQgYD +VQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIEVDQyBSb290 +Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKgQehLgoRc4vgxEZmGZE4JJS+dQS8KrjVP +dJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJajq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoK +Vlp8aQuqgAkkbH7BRqNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O +BBYEFLQiC4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaeplSTA +GiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7SofTUwJCA3sS61kFyjn +dc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR +-----END CERTIFICATE----- + +ISRG Root X1 +============ +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAwTzELMAkGA1UE +BhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMRUwEwYDVQQD +EwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQG +EwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMT +DElTUkcgUm9vdCBYMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54r +Vygch77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+0TM8ukj1 +3Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6UA5/TR5d8mUgjU+g4rk8K +b4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sWT8KOEUt+zwvo/7V3LvSye0rgTBIlDHCN +Aymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyHB5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ +4Q7e2RCOFvu396j3x+UCB5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf +1b0SHzUvKBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWnOlFu +hjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTnjh8BCNAw1FtxNrQH +usEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbwqHyGO0aoSCqI3Haadr8faqU9GY/r +OPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CIrU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4G +A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY +9umbbjANBgkqhkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL +ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ3BebYhtF8GaV +0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KKNFtY2PwByVS5uCbMiogziUwt +hDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJw +TdwJx4nLCgdNbOhdjsnvzqvHu7UrTkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nx +e5AW0wdeRlN8NwdCjNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZA +JzVcoyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq4RgqsahD +YVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPAmRGunUHBcnWEvgJBQl9n +JEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57demyPxgcYxn/eR44/KJ4EBs+lVDR3veyJ +m+kXQ99b21/+jh5Xos1AnX5iItreGCc= +-----END CERTIFICATE----- + +AC RAIZ FNMT-RCM +================ +-----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNVBAYT +AkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTAeFw0wODEw +MjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJD +TTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBALpxgHpMhm5/yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcf +qQgfBBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAzWHFctPVr +btQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxFtBDXaEAUwED653cXeuYL +j2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z374jNUUeAlz+taibmSXaXvMiwzn15Cou +08YfxGyqxRxqAQVKL9LFwag0Jl1mpdICIfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mw +WsXmo8RZZUc1g16p6DULmbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnT +tOmlcYF7wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peSMKGJ +47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2ZSysV4999AeU14EC +ll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMetUqIJ5G+GR4of6ygnXYMgrwTJbFaa +i0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE +FPd9xf3E6Jobd2Sn9R2gzL+HYJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1o +dHRwOi8vd3d3LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD +nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1RXxlDPiyN8+s +D8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYMLVN0V2Ue1bLdI4E7pWYjJ2cJ +j+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrT +Qfv6MooqtyuGC2mDOL7Nii4LcK2NJpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW ++YJF1DngoABd15jmfZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7 +Ixjp6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp1txyM/1d +8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B9kiABdcPUXmsEKvU7ANm +5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wokRqEIr9baRRmW1FMdW4R58MD3R++Lj8UG +rp1MYp3/RgT408m2ECVAdf4WqslKYIYvuu8wd+RU4riEmViAqhOLUTpPSPaLtrM= +-----END CERTIFICATE----- + +Amazon Root CA 1 +================ +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsFADA5MQswCQYD +VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAxMB4XDTE1 +MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv +bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBALJ4gHHKeNXjca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgH +FzZM9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qwIFAGbHrQ +gLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6VOujw5H5SNz/0egwLX0t +dHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L93FcXmn/6pUCyziKrlA4b9v7LWIbxcce +VOF34GfID5yHI9Y/QCB/IIDEgEw+OyQmjgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3 +DQEBCwUAA4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDIU5PM +CCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUsN+gDS63pYaACbvXy +8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vvo/ufQJVtMVT8QtPHRh8jrdkPSHCa +2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2 +xJNDd2ZhwLnoQdeXeGADbkpyrqXRfboQnoZsG4q5WTP468SQvvG5 +-----END CERTIFICATE----- + +Amazon Root CA 2 +================ +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwFADA5MQswCQYD +VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAyMB4XDTE1 +MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv +bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAK2Wny2cSkxKgXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4 +kHbZW0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg1dKmSYXp +N+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K8nu+NQWpEjTj82R0Yiw9 +AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvd +fLC6HM783k81ds8P+HgfajZRRidhW+mez/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAEx +kv8LV/SasrlX6avvDXbR8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSS +btqDT6ZjmUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz7Mt0 +Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6+XUyo05f7O0oYtlN +c/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI0u1ufm8/0i2BWSlmy5A5lREedCf+ +3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSw +DPBMMPQFWAJI/TPlUq9LhONmUjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oA +A7CXDpO8Wqj2LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY ++gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kSk5Nrp+gvU5LE +YFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl7uxMMne0nxrpS10gxdr9HIcW +xkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygmbtmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQ +gj9sAq+uEjonljYE1x2igGOpm/HlurR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbW +aQbLU8uz/mtBzUF+fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoV +Yh63n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE76KlXIx3 +KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H9jVlpNMKVv/1F2Rs76gi +JUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT4PsJYGw= +-----END CERTIFICATE----- + +Amazon Root CA 3 +================ +-----BEGIN CERTIFICATE----- +MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5MQswCQYDVQQG +EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAzMB4XDTE1MDUy +NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ +MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZB +f8ANm+gBG1bG8lKlui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjr +Zt6jQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSrttvXBp43 +rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkrBqWTrBqYaGFy+uGh0Psc +eGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteMYyRIHN8wfdVoOw== +-----END CERTIFICATE----- + +Amazon Root CA 4 +================ +-----BEGIN CERTIFICATE----- +MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5MQswCQYDVQQG +EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSA0MB4XDTE1MDUy +NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ +MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN +/sGKe0uoe0ZLY7Bi9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri +83BkM6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WBMAoGCCqGSM49BAMDA2gA +MGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlwCkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1 +AE47xDqUEpHJWEadIRNyp4iciuRMStuW1KyLa2tJElMzrdfkviT8tQp21KW8EA== +-----END CERTIFICATE----- + +TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 +============================================= +-----BEGIN CERTIFICATE----- +MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIxGDAWBgNVBAcT +D0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxpbXNlbCB2ZSBUZWtub2xvamlr +IEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0wKwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24g +TWVya2V6aSAtIEthbXUgU00xNjA0BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRp +ZmlrYXNpIC0gU3VydW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYD +VQQGEwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXllIEJpbGlt +c2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklUQUsxLTArBgNVBAsTJEth +bXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBTTTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11 +IFNNIFNTTCBLb2sgU2VydGlmaWthc2kgLSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAr3UwM6q7a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y8 +6Ij5iySrLqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INrN3wc +wv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2XYacQuFWQfw4tJzh0 +3+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/iSIzL+aFCr2lqBs23tPcLG07xxO9 +WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4fAJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQU +ZT/HiobGPN08VFw1+DrtUgxHV8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh +AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPfIPP54+M638yc +lNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4lzwDGrpDxpa5RXI4s6ehlj2R +e37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0j +q5Rm+K37DwhuJi1/FwcJsoz7UMCflo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM= +-----END CERTIFICATE----- + +GDCA TrustAUTH R5 ROOT +====================== +-----BEGIN CERTIFICATE----- +MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCQ04xMjAw +BgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8wHQYDVQQD +DBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVow +YjELMAkGA1UEBhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ +IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJjDp6L3TQs +AlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBjTnnEt1u9ol2x8kECK62p +OqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+uKU49tm7srsHwJ5uu4/Ts765/94Y9cnrr +pftZTqfrlYwiOXnhLQiPzLyRuEH3FMEjqcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ +9Cy5WmYqsBebnh52nUpmMUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQ +xXABZG12ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloPzgsM +R6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3GkL30SgLdTMEZeS1SZ +D2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeCjGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4 +oR24qoAATILnsn8JuLwwoC8N9VKejveSswoAHQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx +9hoh49pwBiFYFIeFd3mqgnkCAwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlR +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg +p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZmDRd9FBUb1Ov9 +H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5COmSdI31R9KrO9b7eGZONn35 +6ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ryL3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd ++PwyvzeG5LuOmCd+uh8W4XAR8gPfJWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQ +HtZa37dG/OaG+svgIHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBD +F8Io2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV09tL7ECQ +8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQXR4EzzffHqhmsYzmIGrv +/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrqT8p+ck0LcIymSLumoRT2+1hEmRSuqguT +aaApJUqlyyvdimYHFngVV3Eb7PVHhPOeMTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== +-----END CERTIFICATE----- + +TrustCor RootCert CA-1 +====================== +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIJANqb7HHzA7AZMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYDVQQGEwJQQTEP +MA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3Ig +U3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3Jp +dHkxHzAdBgNVBAMMFlRydXN0Q29yIFJvb3RDZXJ0IENBLTEwHhcNMTYwMjA0MTIzMjE2WhcNMjkx +MjMxMTcyMzE2WjCBpDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBhbmFtYTEUMBIGA1UEBwwLUGFu +YW1hIENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMgUy4gZGUgUi5MLjEnMCUGA1UECwwe +VHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYDVQQDDBZUcnVzdENvciBSb290Q2Vy +dCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv463leLCJhJrMxnHQFgKq1mq +jQCj/IDHUHuO1CAmujIS2CNUSSUQIpidRtLByZ5OGy4sDjjzGiVoHKZaBeYei0i/mJZ0PmnK6bV4 +pQa81QBeCQryJ3pS/C3Vseq0iWEk8xoT26nPUu0MJLq5nux+AHT6k61sKZKuUbS701e/s/OojZz0 +JEsq1pme9J7+wH5COucLlVPat2gOkEz7cD+PSiyU8ybdY2mplNgQTsVHCJCZGxdNuWxu72CVEY4h +gLW9oHPY0LJ3xEXqWib7ZnZ2+AYfYW0PVcWDtxBWcgYHpfOxGgMFZA6dWorWhnAbJN7+KIor0Gqw +/Hqi3LJ5DotlDwIDAQABo2MwYTAdBgNVHQ4EFgQU7mtJPHo/DeOxCbeKyKsZn3MzUOcwHwYDVR0j +BBgwFoAU7mtJPHo/DeOxCbeKyKsZn3MzUOcwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AYYwDQYJKoZIhvcNAQELBQADggEBACUY1JGPE+6PHh0RU9otRCkZoB5rMZ5NDp6tPVxBb5UrJKF5 +mDo4Nvu7Zp5I/5CQ7z3UuJu0h3U/IJvOcs+hVcFNZKIZBqEHMwwLKeXx6quj7LUKdJDHfXLy11yf +ke+Ri7fc7Waiz45mO7yfOgLgJ90WmMCV1Aqk5IGadZQ1nJBfiDcGrVmVCrDRZ9MZyonnMlo2HD6C +qFqTvsbQZJG2z9m2GM/bftJlo6bEjhcxwft+dtvTheNYsnd6djtsL1Ac59v2Z3kf9YKVmgenFK+P +3CghZwnS1k1aHBkcjndcw5QkPTJrS37UeJSDvjdNzl/HHk484IkzlQsPpTLWPFp5LBk= +-----END CERTIFICATE----- + +TrustCor RootCert CA-2 +====================== +-----BEGIN CERTIFICATE----- +MIIGLzCCBBegAwIBAgIIJaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNVBAYTAlBBMQ8w +DQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQwIgYDVQQKDBtUcnVzdENvciBT +eXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0 +eTEfMB0GA1UEAwwWVHJ1c3RDb3IgUm9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEy +MzExNzI2MzlaMIGkMQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5h +bWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U +cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29yIFJvb3RDZXJ0 +IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnIG7CKqJiJJWQdsg4foDSq8Gb +ZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+QVqedd2NyuCb7GgypGmSaIwLgQ5WoD4a3SwlFIIvl9Nk +RvRUqdw6VC0xK5mC8tkq1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2YVpHI7TYabS3OtB0PAx1 +oYxOdqHp2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbIXvRR/u8OYzo7cbrPb1nKDOOb +XUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFapRBF37120Hapeaz6LMvYHL1cEksr1 +/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTCHWKF3wP+TfSvPd9cW436cOGlfifHhi5q +jxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88oWP7+ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQP +eSghYA2FFn3XVDjxklb9tTNMg9zXEJ9L/cb4Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+Ctg +rKAmrhQhJ8Z3mjOAPF5GP/fDsaOGM8boXg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh +8N0JqSDIvgmk0H5Ew7IwSjiqqewYmgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAdBgNVHQ4EFgQU +2f4hQG6UnrybPZx9mCAZ5YwwYrIwHwYDVR0jBBgwFoAU2f4hQG6UnrybPZx9mCAZ5YwwYrIwDwYD +VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/h +Osh80QA9z+LqBrWyOrsGS2h60COXdKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnp +kpfbsEZC89NiqpX+MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv +2wnL/V9lFDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RXCI/hOWB3 +S6xZhBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYaZH9bDTMJBzN7Bj8RpFxw +PIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW2dCFmU2Umw9Lje4AWkcdEQOsQRivh7dv +DDqPys/cA8GiCcjl/YBeyGBCARsaU1q7N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JMLiI+h2IYU +RpFHmygk71dSTlxCnKr3Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8hAs/hCBcNANE +xdqtvArBAs8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQguLvqcAFLTxWYp5KeX +RKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/D1Fu1uwJ +-----END CERTIFICATE----- + +TrustCor ECA-1 +============== +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIJAISCLF8cYtBAMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYDVQQGEwJQQTEP +MA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3Ig +U3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3Jp +dHkxFzAVBgNVBAMMDlRydXN0Q29yIEVDQS0xMB4XDTE2MDIwNDEyMzIzM1oXDTI5MTIzMTE3Mjgw +N1owgZwxCzAJBgNVBAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5 +MSQwIgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29y +IENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3IgRUNBLTEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPj+ARtZ+odnbb3w9U73NjKYKtR8aja+3+XzP4Q1HpGjOR +MRegdMTUpwHmspI+ap3tDvl0mEDTPwOABoJA6LHip1GnHYMma6ve+heRK9jGrB6xnhkB1Zem6g23 +xFUfJ3zSCNV2HykVh0A53ThFEXXQmqc04L/NyFIduUd+Dbi7xgz2c1cWWn5DkR9VOsZtRASqnKmc +p0yJF4OuowReUoCLHhIlERnXDH19MURB6tuvsBzvgdAsxZohmz3tQjtQJvLsznFhBmIhVE5/wZ0+ +fyCMgMsq2JdiyIMzkX2woloPV+g7zPIlstR8L+xNxqE6FXrntl019fZISjZFZtS6mFjBAgMBAAGj +YzBhMB0GA1UdDgQWBBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAfBgNVHSMEGDAWgBREnkj1zG1I1KBL +f/5ZJC+Dl5mahjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF +AAOCAQEABT41XBVwm8nHc2FvcivUwo/yQ10CzsSUuZQRg2dd4mdsdXa/uwyqNsatR5Nj3B5+1t4u +/ukZMjgDfxT2AHMsWbEhBuH7rBiVDKP/mZb3Kyeb1STMHd3BOuCYRLDE5D53sXOpZCz2HAF8P11F +hcCF5yWPldwX8zyfGm6wyuMdKulMY/okYWLW2n62HGz1Ah3UKt1VkOsqEUc8Ll50soIipX1TH0Xs +J5F95yIW6MBoNtjG8U+ARDL54dHRHareqKucBK+tIA5kmE2la8BIWJZpTdwHjFGTot+fDz2LYLSC +jaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1WitJ/X5g== +-----END CERTIFICATE----- + +SSL.com Root Certification Authority RSA +======================================== +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxDjAM +BgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24x +MTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYw +MjEyMTczOTM5WhcNNDEwMjEyMTczOTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx +EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NM +LmNvbSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2RxFdHaxh3a3by/ZPkPQ/C +Fp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aXqhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8 +P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcCC52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/ge +oeOy3ZExqysdBP+lSgQ36YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkp +k8zruFvh/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrFYD3Z +fBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93EJNyAKoFBbZQ+yODJ +gUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVcUS4cK38acijnALXRdMbX5J+tB5O2 +UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi8 +1xtZPCvM8hnIk2snYxnP/Okm+Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4s +bE6x/c+cCbqiM+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4GA1UdDwEB/wQE +AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGVcpNxJK1ok1iOMq8bs3AD/CUr +dIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBcHadm47GUBwwyOabqG7B52B2ccETjit3E+ZUf +ijhDPwGFpUenPUayvOUiaPd7nNgsPgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAsl +u1OJD7OAUN5F7kR/q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjq +erQ0cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jra6x+3uxj +MxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90IH37hVZkLId6Tngr75qNJ +vTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/YK9f1JmzJBjSWFupwWRoyeXkLtoh/D1JI +Pb9s2KJELtFOt3JY04kTlf5Eq/jXixtunLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406y +wKBjYZC6VWg3dGq2ktufoYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NI +WuuA8ShYIc2wBlX7Jz9TkHCpBB5XJ7k= +-----END CERTIFICATE----- + +SSL.com Root Certification Authority ECC +======================================== +-----BEGIN CERTIFICATE----- +MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMCVVMxDjAMBgNV +BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xMTAv +BgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEy +MTgxNDAzWhcNNDEwMjEyMTgxNDAzWjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAO +BgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv +bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuBBAAiA2IA +BEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI7Z4INcgn64mMU1jrYor+ +8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPgCemB+vNH06NjMGEwHQYDVR0OBBYEFILR +hXMw5zUE044CkvvlpNHEIejNMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTT +jgKS++Wk0cQh6M0wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCW +e+0F+S8Tkdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+gA0z +5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl +-----END CERTIFICATE----- + +SSL.com EV Root Certification Authority RSA R2 +============================================== +-----BEGIN CERTIFICATE----- +MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMQ4w +DAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9u +MTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy +MB4XDTE3MDUzMTE4MTQzN1oXDTQyMDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQI +DAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYD +VQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvqM0fNTPl9fb69LT3w23jh +hqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssufOePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7w +cXHswxzpY6IXFJ3vG2fThVUCAtZJycxa4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTO +Zw+oz12WGQvE43LrrdF9HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+ +B6KjBSYRaZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcAb9Zh +CBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQGp8hLH94t2S42Oim +9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQVPWKchjgGAGYS5Fl2WlPAApiiECto +RHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMOpgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+Slm +JuwgUHfbSguPvuUCYHBBXtSuUDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48 ++qvWBkofZ6aYMBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV +HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa49QaAJadz20Zp +qJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBWs47LCp1Jjr+kxJG7ZhcFUZh1 +++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nx +Y/hoLVUE0fKNsKTPvDxeH3jnpaAgcLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2G +guDKBAdRUNf/ktUM79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDz +OFSz/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXtll9ldDz7 +CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEmKf7GUmG6sXP/wwyc5Wxq +lD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKKQbNmC1r7fSOl8hqw/96bg5Qu0T/fkreR +rwU7ZcegbLHNYhLDkBvjJc40vG93drEQw/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1 +hlMYegouCRw2n5H9gooiS9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX +9hwJ1C07mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w== +-----END CERTIFICATE----- + +SSL.com EV Root Certification Authority ECC +=========================================== +-----BEGIN CERTIFICATE----- +MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMCVVMxDjAMBgNV +BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xNDAy +BgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYw +MjEyMTgxNTIzWhcNNDEwMjEyMTgxNTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx +EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NM +LmNvbSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB +BAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMAVIbc/R/fALhBYlzccBYy +3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1KthkuWnBaBu2+8KGwytAJKaNjMGEwHQYDVR0O +BBYEFFvKXuXe0oGqzagtZFG22XKbl+ZPMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe +5d7SgarNqC1kUbbZcpuX5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJ +N+vp1RPZytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZgh5Mm +m7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg== +-----END CERTIFICATE----- + +GlobalSign Root CA - R6 +======================= +-----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEgMB4GA1UECxMX +R2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds +b2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQxMjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9i +YWxTaWduIFJvb3QgQ0EgLSBSNjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFs +U2lnbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQss +grRIxutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1kZguSgMpE +3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxDaNc9PIrFsmbVkJq3MQbF +vuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJwLnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqM +PKq0pPbzlUoSB239jLKJz9CgYXfIWHSw1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+ +azayOeSsJDa38O+2HBNXk7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05O +WgtH8wY2SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/hbguy +CLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4nWUx2OVvq+aWh2IMP +0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpYrZxCRXluDocZXFSxZba/jJvcE+kN +b7gu3GduyYsRtYQUigAZcIN5kZeR1BonvzceMgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNV +HSMEGDAWgBSubAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN +nsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGtIxg93eFyRJa0 +lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr6155wsTLxDKZmOMNOsIeDjHfrY +BzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLjvUYAGm0CuiVdjaExUd1URhxN25mW7xocBFym +Fe944Hn+Xds+qkxV/ZoVqW/hpvvfcDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr +3TsTjxKM4kEaSHpzoHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB1 +0jZpnOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfspA9MRf/T +uTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+vJJUEeKgDu+6B5dpffItK +oZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+t +JDfLRVpOoERIyNiwmcUVhAn21klJwGW45hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA= +-----END CERTIFICATE----- + +OISTE WISeKey Global Root GC CA +=============================== +-----BEGIN CERTIFICATE----- +MIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQswCQYDVQQGEwJD +SDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNlZDEo +MCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQyBDQTAeFw0xNzA1MDkwOTQ4MzRa +Fw00MjA1MDkwOTU4MzNaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQL +ExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh +bCBSb290IEdDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETOlQwMYPchi82PG6s4nieUqjFqdr +VCTbUf/q9Akkwwsin8tqJ4KBDdLArzHkdIJuyiXZjHWd8dvQmqJLIX4Wp2OQ0jnUsYd4XxiWD1Ab +NTcPasbc2RNNpI6QN+a9WzGRo1QwUjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd +BgNVHQ4EFgQUSIcUrOPDnpBgOtfKie7TrYy0UGYwEAYJKwYBBAGCNxUBBAMCAQAwCgYIKoZIzj0E +AwMDaAAwZQIwJsdpW9zV57LnyAyMjMPdeYwbY9XJUpROTYJKcx6ygISpJcBMWm1JKWB4E+J+SOtk +AjEA2zQgMgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9 +-----END CERTIFICATE----- + +GTS Root R1 +=========== +-----BEGIN CERTIFICATE----- +MIIFWjCCA0KgAwIBAgIQbkepxUtHDA3sM9CJuRz04TANBgkqhkiG9w0BAQwFADBHMQswCQYDVQQG +EwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJv +b3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAG +A1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx +9vaMf/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7wCl7r +aKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7zUjwTcLCeoiKu7rPWRnW +r4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0PfyblqAj+lug8aJRT7oM6iCsVlgmy4HqM +LnXWnOunVmSPlk9orj2XwoSPwLxAwAtcvfaHszVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly +4cpk9+aCEI3oncKKiPo4Zor8Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr +06zqkUspzBmkMiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOORc92 +wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYWk70paDPvOmbsB4om +3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+DVrNVjzRlwW5y0vtOUucxD/SVRNu +JLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgFlQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEM +BQADggIBADiWCu49tJYeX++dnAsznyvgyv3SjgofQXSlfKqE1OXyHuY3UjKcC9FhHb8owbZEKTV1 +d5iyfNm9dKyKaOOpMQkpAWBz40d8U6iQSifvS9efk+eCNs6aaAyC58/UEBZvXw6ZXPYfcX3v73sv +fuo21pdwCxXu11xWajOl40k4DLh9+42FpLFZXvRq4d2h9mREruZRgyFmxhE+885H7pwoHyXa/6xm +ld01D1zvICxi/ZG6qcz8WpyTgYMpl0p8WnK0OdC3d8t5/Wk6kjftbjhlRn7pYL15iJdfOBL07q9b +gsiG1eGZbYwE8na6SfZu6W0eX6DvJ4J2QPim01hcDyxC2kLGe4g0x8HYRZvBPsVhHdljUEn2NIVq +4BjFbkerQUIpm/ZgDdIx02OYI5NaAIFItO/Nis3Jz5nu2Z6qNuFoS3FJFDYoOj0dzpqPJeaAcWEr +tXvM+SUWgeExX6GjfhaknBZqlxi9dnKlC54dNuYvoS++cJEPqOba+MSSQGwlfnuzCdyyF62ARPBo +pY+Udf90WuioAnwMCeKpSwughQtiue+hMZL77/ZRBIls6Kl0obsXs7X9SQ98POyDGCBDTtWTurQ0 +sR8WNh8M5mQ5Fkzc4P4dyKliPUDqysU0ArSuiYgzNdwsE3PYJ/HQcu51OyLemGhmW/HGY0dVHLql +CFF1pkgl +-----END CERTIFICATE----- + +GTS Root R2 +=========== +-----BEGIN CERTIFICATE----- +MIIFWjCCA0KgAwIBAgIQbkepxlqz5yDFMJo/aFLybzANBgkqhkiG9w0BAQwFADBHMQswCQYDVQQG +EwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJv +b3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAG +A1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTuk +k3LvCvptnfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3KgGjSY6Dlo +7JUle3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9BuXvAuMC6C/Pq8tBcKSOWI +m8Wba96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOdre7kRXuJVfeKH2JShBKzwkCX44ofR5Gm +dFrS+LFjKBC4swm4VndAoiaYecb+3yXuPuWgf9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbu +ak7MkogwTZq9TwtImoS1mKPV+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscsz +cTJGr61K8YzodDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqjx5RW +Ir9qS34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsRnTKaG73Vululycsl +aVNVJ1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0kzCqgc7dGtxRcw1PcOnlthYhGXmy +5okLdWTK1au8CcEYof/UVKGFPP0UJAOyh9OktwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEM +BQADggIBALZp8KZ3/p7uC4Gt4cCpx/k1HUCCq+YEtN/L9x0Pg/B+E02NjO7jMyLDOfxA325BS0JT +vhaI8dI4XsRomRyYUpOM52jtG2pzegVATX9lO9ZY8c6DR2Dj/5epnGB3GFW1fgiTz9D2PGcDFWEJ ++YF59exTpJ/JjwGLc8R3dtyDovUMSRqodt6Sm2T4syzFJ9MHwAiApJiS4wGWAqoC7o87xdFtCjMw +c3i5T1QWvwsHoaRc5svJXISPD+AVdyx+Jn7axEvbpxZ3B7DNdehyQtaVhJ2Gg/LkkM0JR9SLA3Da +WsYDQvTtN6LwG1BUSw7YhN4ZKJmBR64JGz9I0cNv4rBgF/XuIwKl2gBbbZCr7qLpGzvpx0QnRY5r +n/WkhLx3+WuXrD5RRaIRpsyF7gpo8j5QOHokYh4XIDdtak23CZvJ/KRY9bb7nE4Yu5UC56Gtmwfu +Nmsk0jmGwZODUNKBRqhfYlcsu2xkiAhu7xNUX90txGdj08+JN7+dIPT7eoOboB6BAFDC5AwiWVIQ +7UNWhwD4FFKnHYuTjKJNRn8nxnGbJN7k2oaLDX5rIMHAnuFl2GqjpuiFizoHCBy69Y9Vmhh1fuXs +gWbRIXOhNUQLgD1bnF5vKheW0YMjiGZt5obicDIvUiLnyOd/xCxgXS/Dr55FBcOEArf9LAhST4Ld +o/DUhgkC +-----END CERTIFICATE----- + +GTS Root R3 +=========== +-----BEGIN CERTIFICATE----- +MIICDDCCAZGgAwIBAgIQbkepx2ypcyRAiQ8DVd2NHTAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJV +UzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3Qg +UjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UE +ChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUU +Rout736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2ADDL24Cej +QjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTB8Sa6oC2uhYHP +0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEAgFukfCPAlaUs3L6JbyO5o91lAFJekazInXJ0 +glMLfalAvWhgxeG4VDvBNhcl2MG9AjEAnjWSdIUlUfUk7GRSJFClH9voy8l27OyCbvWFGFPouOOa +KaqW04MjyaR7YbPMAuhd +-----END CERTIFICATE----- + +GTS Root R4 +=========== +-----BEGIN CERTIFICATE----- +MIICCjCCAZGgAwIBAgIQbkepyIuUtui7OyrYorLBmTAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJV +UzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3Qg +UjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UE +ChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa +6zzuhXyiQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvRHYqj +QjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSATNbrdP9JNqPV +2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNnADBkAjBqUFJ0CMRw3J5QdCHojXohw0+WbhXRIjVhLfoI +N+4Zba3bssx9BzT1YBkstTTZbyACMANxsbqjYAuG7ZoIapVon+Kz4ZNkfF6Tpt95LY2F45TPI11x +zPKwTdb+mciUqXWi4w== +-----END CERTIFICATE----- + +UCA Global G2 Root +================== +-----BEGIN CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIQXd+x2lqj7V2+WmUgZQOQ7zANBgkqhkiG9w0BAQsFADA9MQswCQYDVQQG +EwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBHbG9iYWwgRzIgUm9vdDAeFw0x +NjAzMTEwMDAwMDBaFw00MDEyMzEwMDAwMDBaMD0xCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlU +cnVzdDEbMBkGA1UEAwwSVUNBIEdsb2JhbCBHMiBSb290MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAxeYrb3zvJgUno4Ek2m/LAfmZmqkywiKHYUGRO8vDaBsGxUypK8FnFyIdK+35KYmT +oni9kmugow2ifsqTs6bRjDXVdfkX9s9FxeV67HeToI8jrg4aA3++1NDtLnurRiNb/yzmVHqUwCoV +8MmNsHo7JOHXaOIxPAYzRrZUEaalLyJUKlgNAQLx+hVRZ2zA+te2G3/RVogvGjqNO7uCEeBHANBS +h6v7hn4PJGtAnTRnvI3HLYZveT6OqTwXS3+wmeOwcWDcC/Vkw85DvG1xudLeJ1uK6NjGruFZfc8o +LTW4lVYa8bJYS7cSN8h8s+1LgOGN+jIjtm+3SJUIsUROhYw6AlQgL9+/V087OpAh18EmNVQg7Mc/ +R+zvWr9LesGtOxdQXGLYD0tK3Cv6brxzks3sx1DoQZbXqX5t2Okdj4q1uViSukqSKwxW/YDrCPBe +KW4bHAyvj5OJrdu9o54hyokZ7N+1wxrrFv54NkzWbtA+FxyQF2smuvt6L78RHBgOLXMDj6DlNaBa +4kx1HXHhOThTeEDMg5PXCp6dW4+K5OXgSORIskfNTip1KnvyIvbJvgmRlld6iIis7nCs+dwp4wwc +OxJORNanTrAmyPPZGpeRaOrvjUYG0lZFWJo8DA+DuAUlwznPO6Q0ibd5Ei9Hxeepl2n8pndntd97 +8XplFeRhVmUCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFIHEjMz15DD/pQwIX4wVZyF0Ad/fMA0GCSqGSIb3DQEBCwUAA4ICAQATZSL1jiutROTL/7lo +5sOASD0Ee/ojL3rtNtqyzm325p7lX1iPyzcyochltq44PTUbPrw7tgTQvPlJ9Zv3hcU2tsu8+Mg5 +1eRfB70VVJd0ysrtT7q6ZHafgbiERUlMjW+i67HM0cOU2kTC5uLqGOiiHycFutfl1qnN3e92mI0A +Ds0b+gO3joBYDic/UvuUospeZcnWhNq5NXHzJsBPd+aBJ9J3O5oUb3n09tDh05S60FdRvScFDcH9 +yBIw7m+NESsIndTUv4BFFJqIRNow6rSn4+7vW4LVPtateJLbXDzz2K36uGt/xDYotgIVilQsnLAX +c47QN6MUPJiVAAwpBVueSUmxX8fjy88nZY41F7dXyDDZQVu5FLbowg+UMaeUmMxq67XhJ/UQqAHo +jhJi6IjMtX9Gl8CbEGY4GjZGXyJoPd/JxhMnq1MGrKI8hgZlb7F+sSlEmqO6SWkoaY/X5V+tBIZk +bxqgDMUIYs6Ao9Dz7GjevjPHF1t/gMRMTLGmhIrDO7gJzRSBuhjjVFc2/tsvfEehOjPI+Vg7RE+x +ygKJBJYoaMVLuCaJu9YzL1DV/pqJuhgyklTGW+Cd+V7lDSKb9triyCGyYiGqhkCyLmTTX8jjfhFn +RR8F/uOi77Oos/N9j/gMHyIfLXC0uAE0djAA5SN4p1bXUB+K+wb1whnw0A== +-----END CERTIFICATE----- + +UCA Extended Validation Root +============================ +-----BEGIN CERTIFICATE----- +MIIFWjCCA0KgAwIBAgIQT9Irj/VkyDOeTzRYZiNwYDANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQG +EwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9u +IFJvb3QwHhcNMTUwMzEzMDAwMDAwWhcNMzgxMjMxMDAwMDAwWjBHMQswCQYDVQQGEwJDTjERMA8G +A1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCpCQcoEwKwmeBkqh5DFnpzsZGgdT6o+uM4AHrs +iWogD4vFsJszA1qGxliG1cGFu0/GnEBNyr7uaZa4rYEwmnySBesFK5pI0Lh2PpbIILvSsPGP2KxF +Rv+qZ2C0d35qHzwaUnoEPQc8hQ2E0B92CvdqFN9y4zR8V05WAT558aopO2z6+I9tTcg1367r3CTu +eUWnhbYFiN6IXSV8l2RnCdm/WhUFhvMJHuxYMjMR83dksHYf5BA1FxvyDrFspCqjc/wJHx4yGVMR +59mzLC52LqGj3n5qiAno8geK+LLNEOfic0CTuwjRP+H8C5SzJe98ptfRr5//lpr1kXuYC3fUfugH +0mK1lTnj8/FtDw5lhIpjVMWAtuCeS31HJqcBCF3RiJ7XwzJE+oJKCmhUfzhTA8ykADNkUVkLo4KR +el7sFsLzKuZi2irbWWIQJUoqgQtHB0MGcIfS+pMRKXpITeuUx3BNr2fVUbGAIAEBtHoIppB/TuDv +B0GHr2qlXov7z1CymlSvw4m6WC31MJixNnI5fkkE/SmnTHnkBVfblLkWU41Gsx2VYVdWf6/wFlth +WG82UBEL2KwrlRYaDh8IzTY0ZRBiZtWAXxQgXy0MoHgKaNYs1+lvK9JKBZP8nm9rZ/+I8U6laUpS +NwXqxhaN0sSZ0YIrO7o1dfdRUVjzyAfd5LQDfwIDAQABo0IwQDAdBgNVHQ4EFgQU2XQ65DA9DfcS +3H5aBZ8eNJr34RQwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEL +BQADggIBADaNl8xCFWQpN5smLNb7rhVpLGsaGvdftvkHTFnq88nIua7Mui563MD1sC3AO6+fcAUR +ap8lTwEpcOPlDOHqWnzcSbvBHiqB9RZLcpHIojG5qtr8nR/zXUACE/xOHAbKsxSQVBcZEhrxH9cM +aVr2cXj0lH2RC47skFSOvG+hTKv8dGT9cZr4QQehzZHkPJrgmzI5c6sq1WnIeJEmMX3ixzDx/BR4 +dxIOE/TdFpS/S2d7cFOFyrC78zhNLJA5wA3CXWvp4uXViI3WLL+rG761KIcSF3Ru/H38j9CHJrAb ++7lsq+KePRXBOy5nAliRn+/4Qh8st2j1da3Ptfb/EX3C8CSlrdP6oDyp+l3cpaDvRKS+1ujl5BOW +F3sGPjLtx7dCvHaj2GU4Kzg1USEODm8uNBNA4StnDG1KQTAYI1oyVZnJF+A83vbsea0rWBmirSwi +GpWOvpaQXUJXxPkUAzUrHC1RVwinOt4/5Mi0A3PCwSaAuwtCH60NryZy2sy+s6ODWA2CxR9GUeOc +GMyNm43sSet1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmxcmtpzyKEC2IPrNkZAJSi +djzULZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbMfjKaiJUINlK73nZfdklJrX+9ZSCyycEr +dhh2n1ax +-----END CERTIFICATE----- + +Certigna Root CA +================ +-----BEGIN CERTIFICATE----- +MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE +BhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAwMiA0ODE0NjMwODEwMDAzNjEZ +MBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0xMzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjda +MFoxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYz +MDgxMDAwMzYxGTAXBgNVBAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQDNGDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sOty3tRQgX +stmzy9YXUnIo245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9MCiBtnyN6tMbaLOQdLNyz +KNAT8kxOAkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPuI9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8 +JXrJhFwLrN1CTivngqIkicuQstDuI7pmTLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16 +XdG+RCYyKfHx9WzMfgIhC59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQwFsWq +4NYKpkDfePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBBe3YzIoej +wpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWTCo/1VTp2lc5ZmIoJ +lXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1kJWumIWmbat10TWuXekG9qxf5kBdI +jzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5hwjCxAnxl4YqKE3idMDaxIzb3+KhF1nOJFl0Mdp/ +/TBt2dzhauH8XwIDAQABo4IBGjCCARYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +HQYDVR0OBBYEFBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1UdIwQYMBaAFBiHVuBud+4kNTxOc5of +1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3d3cuY2Vy +dGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBkMC+gLaArhilodHRwOi8vY3JsLmNlcnRpZ25h +LmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+gLYYraHR0cDovL2NybC5kaGlteW90aXMuY29tL2Nl +cnRpZ25hcm9vdGNhLmNybDANBgkqhkiG9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOIt +OoldaDgvUSILSo3L6btdPrtcPbEo/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxP +TGRGHVyH41neQtGbqH6mid2PHMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH60BGM+RFq +7q89w1DTj18zeTyGqHNFkIwgtnJzFyO+B2XleJINugHA64wcZr+shncBlA2c5uk5jR+mUYyZDDl3 +4bSb+hxnV29qao6pK0xXeXpXIs/NX2NGjVxZOob4Mkdio2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd +8VRY+WCv2hikLyhF3HqgiIZd8zvn/yk1gPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS +6Cvu5zHbugRqh5jnxV/vfaci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaY +tlu3zM63Nwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayhjWZS +aX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw3kAP+HwV96LOPNde +E4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0= +-----END CERTIFICATE----- + +emSign Root CA - G1 +=================== +-----BEGIN CERTIFICATE----- +MIIDlDCCAnygAwIBAgIKMfXkYgxsWO3W2DANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJJTjET +MBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRl +ZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBHMTAeFw0xODAyMTgxODMwMDBaFw00MzAyMTgx +ODMwMDBaMGcxCzAJBgNVBAYTAklOMRMwEQYDVQQLEwplbVNpZ24gUEtJMSUwIwYDVQQKExxlTXVk +aHJhIFRlY2hub2xvZ2llcyBMaW1pdGVkMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEcxMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0u76WaK7p1b1TST0Bsew+eeuGQzf2N4aLTN +LnF115sgxk0pvLZoYIr3IZpWNVrzdr3YzZr/k1ZLpVkGoZM0Kd0WNHVO8oG0x5ZOrRkVUkr+PHB1 +cM2vK6sVmjM8qrOLqs1D/fXqcP/tzxE7lM5OMhbTI0Aqd7OvPAEsbO2ZLIvZTmmYsvePQbAyeGHW +DV/D+qJAkh1cF+ZwPjXnorfCYuKrpDhMtTk1b+oDafo6VGiFbdbyL0NVHpENDtjVaqSW0RM8LHhQ +6DqS0hdW5TUaQBw+jSztOd9C4INBdN+jzcKGYEho42kLVACL5HZpIQ15TjQIXhTCzLG3rdd8cIrH +hQIDAQABo0IwQDAdBgNVHQ4EFgQU++8Nhp6w492pufEhF38+/PB3KxowDgYDVR0PAQH/BAQDAgEG +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFn/8oz1h31xPaOfG1vR2vjTnGs2 +vZupYeveFix0PZ7mddrXuqe8QhfnPZHr5X3dPpzxz5KsbEjMwiI/aTvFthUvozXGaCocV685743Q +NcMYDHsAVhzNixl03r4PEuDQqqE/AjSxcM6dGNYIAwlG7mDgfrbESQRRfXBgvKqy/3lyeqYdPV8q ++Mri/Tm3R7nrft8EI6/6nAYH6ftjk4BAtcZsCjEozgyfz7MjNYBBjWzEN3uBL4ChQEKF6dk4jeih +U80Bv2noWgbyRQuQ+q7hv53yrlc8pa6yVvSLZUDp/TGBLPQ5Cdjua6e0ph0VpZj3AYHYhX3zUVxx +iN66zB+Afko= +-----END CERTIFICATE----- + +emSign ECC Root CA - G3 +======================= +-----BEGIN CERTIFICATE----- +MIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQswCQYDVQQGEwJJTjETMBEG +A1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEg +MB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4 +MTgzMDAwWjBrMQswCQYDVQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11 +ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0g +RzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQjpQy4LRL1KPOxst3iAhKAnjlfSU2fySU0WXTsuwYc +58Byr+iuL+FBVIcUqEqy6HyC5ltqtdyzdc6LBtCGI79G1Y4PPwT01xySfvalY8L1X44uT6EYGQIr +MgqCZH0Wk9GjQjBAMB0GA1UdDgQWBBR8XQKEE9TMipuBzhccLikenEhjQjAOBgNVHQ8BAf8EBAMC +AQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNpADBmAjEAvvNhzwIQHWSVB7gYboiFBS+D +CBeQyh+KTOgNG3qxrdWBCUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7 +jHvrZQnD+JbNR6iC8hZVdyR+EhCVBCyj +-----END CERTIFICATE----- + +emSign Root CA - C1 +=================== +-----BEGIN CERTIFICATE----- +MIIDczCCAlugAwIBAgILAK7PALrEzzL4Q7IwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCVVMx +EzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQDExNlbVNp +Z24gUm9vdCBDQSAtIEMxMB4XDTE4MDIxODE4MzAwMFoXDTQzMDIxODE4MzAwMFowVjELMAkGA1UE +BhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQD +ExNlbVNpZ24gUm9vdCBDQSAtIEMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+up +ufGZBczYKCFK83M0UYRWEPWgTywS4/oTmifQz/l5GnRfHXk5/Fv4cI7gklL35CX5VIPZHdPIWoU/ +Xse2B+4+wM6ar6xWQio5JXDWv7V7Nq2s9nPczdcdioOl+yuQFTdrHCZH3DspVpNqs8FqOp099cGX +OFgFixwR4+S0uF2FHYP+eF8LRWgYSKVGczQ7/g/IdrvHGPMF0Ybzhe3nudkyrVWIzqa2kbBPrH4V +I5b2P/AgNBbeCsbEBEV5f6f9vtKppa+cxSMq9zwhbL2vj07FOrLzNBL834AaSaTUqZX3noleooms +lMuoaJuvimUnzYnu3Yy1aylwQ6BpC+S5DwIDAQABo0IwQDAdBgNVHQ4EFgQU/qHgcB4qAzlSWkK+ +XJGFehiqTbUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD +ggEBAMJKVvoVIXsoounlHfv4LcQ5lkFMOycsxGwYFYDGrK9HWS8mC+M2sO87/kOXSTKZEhVb3xEp +/6tT+LvBeA+snFOvV71ojD1pM/CjoCNjO2RnIkSt1XHLVip4kqNPEjE2NuLe/gDEo2APJ62gsIq1 +NnpSob0n9CAnYuhNlCQT5AoE6TyrLshDCUrGYQTlSTR+08TI9Q/Aqum6VF7zYytPT1DU/rl7mYw9 +wC68AivTxEDkigcxHpvOJpkT+xHqmiIMERnHXhuBUDDIlhJu58tBf5E7oke3VIAb3ADMmpDqw8NQ +BmIMMMAVSKeoWXzhriKi4gp6D/piq1JM4fHfyr6DDUI= +-----END CERTIFICATE----- + +emSign ECC Root CA - C3 +======================= +-----BEGIN CERTIFICATE----- +MIICKzCCAbGgAwIBAgIKe3G2gla4EnycqDAKBggqhkjOPQQDAzBaMQswCQYDVQQGEwJVUzETMBEG +A1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMxIDAeBgNVBAMTF2VtU2lnbiBF +Q0MgUm9vdCBDQSAtIEMzMB4XDTE4MDIxODE4MzAwMFoXDTQzMDIxODE4MzAwMFowWjELMAkGA1UE +BhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMSAwHgYDVQQD +ExdlbVNpZ24gRUNDIFJvb3QgQ0EgLSBDMzB2MBAGByqGSM49AgEGBSuBBAAiA2IABP2lYa57JhAd +6bciMK4G9IGzsUJxlTm801Ljr6/58pc1kjZGDoeVjbk5Wum739D+yAdBPLtVb4OjavtisIGJAnB9 +SMVK4+kiVCJNk7tCDK93nCOmfddhEc5lx/h//vXyqaNCMEAwHQYDVR0OBBYEFPtaSNCAIEDyqOkA +B2kZd6fmw/TPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gA +MGUCMQC02C8Cif22TGK6Q04ThHK1rt0c3ta13FaPWEBaLd4gTCKDypOofu4SQMfWh0/434UCMBwU +ZOR8loMRnLDRWmFLpg9J0wD8ofzkpf9/rdcw0Md3f76BB1UwUCAU9Vc4CqgxUQ== +-----END CERTIFICATE----- + +Hongkong Post Root CA 3 +======================= +-----BEGIN CERTIFICATE----- +MIIFzzCCA7egAwIBAgIUCBZfikyl7ADJk0DfxMauI7gcWqQwDQYJKoZIhvcNAQELBQAwbzELMAkG +A1UEBhMCSEsxEjAQBgNVBAgTCUhvbmcgS29uZzESMBAGA1UEBxMJSG9uZyBLb25nMRYwFAYDVQQK +Ew1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25na29uZyBQb3N0IFJvb3QgQ0EgMzAeFw0xNzA2 +MDMwMjI5NDZaFw00MjA2MDMwMjI5NDZaMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtv +bmcxEjAQBgNVBAcTCUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UEAxMX +SG9uZ2tvbmcgUG9zdCBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz +iNfqzg8gTr7m1gNt7ln8wlffKWihgw4+aMdoWJwcYEuJQwy51BWy7sFOdem1p+/l6TWZ5Mwc50tf +jTMwIDNT2aa71T4Tjukfh0mtUC1Qyhi+AViiE3CWu4mIVoBc+L0sPOFMV4i707mV78vH9toxdCim +5lSJ9UExyuUmGs2C4HDaOym71QP1mbpV9WTRYA6ziUm4ii8F0oRFKHyPaFASePwLtVPLwpgchKOe +sL4jpNrcyCse2m5FHomY2vkALgbpDDtw1VAliJnLzXNg99X/NWfFobxeq81KuEXryGgeDQ0URhLj +0mRiikKYvLTGCAj4/ahMZJx2Ab0vqWwzD9g/KLg8aQFChn5pwckGyuV6RmXpwtZQQS4/t+TtbNe/ +JgERohYpSms0BpDsE9K2+2p20jzt8NYt3eEV7KObLyzJPivkaTv/ciWxNoZbx39ri1UbSsUgYT2u +y1DhCDq+sI9jQVMwCFk8mB13umOResoQUGC/8Ne8lYePl8X+l2oBlKN8W4UdKjk60FSh0Tlxnf0h ++bV78OLgAo9uliQlLKAeLKjEiafv7ZkGL7YKTE/bosw3Gq9HhS2KX8Q0NEwA/RiTZxPRN+ZItIsG +xVd7GYYKecsAyVKvQv83j+GjHno9UKtjBucVtT+2RTeUN7F+8kjDf8V1/peNRY8apxpyKBpADwID +AQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQXnc0e +i9Y5K3DTXNSguB+wAPzFYTAdBgNVHQ4EFgQUF53NHovWOStw01zUoLgfsAD8xWEwDQYJKoZIhvcN +AQELBQADggIBAFbVe27mIgHSQpsY1Q7XZiNc4/6gx5LS6ZStS6LG7BJ8dNVI0lkUmcDrudHr9Egw +W62nV3OZqdPlt9EuWSRY3GguLmLYauRwCy0gUCCkMpXRAJi70/33MvJJrsZ64Ee+bs7Lo3I6LWld +y8joRTnU+kLBEUx3XZL7av9YROXrgZ6voJmtvqkBZss4HTzfQx/0TW60uhdG/H39h4F5ag0zD/ov ++BS5gLNdTaqX4fnkGMX41TiMJjz98iji7lpJiCzfeT2OnpA8vUFKOt1b9pq0zj8lMH8yfaIDlNDc +eqFS3m6TjRgm/VWsvY+b0s+v54Ysyx8Jb6NvqYTUc79NoXQbTiNg8swOqn+knEwlqLJmOzj/2ZQw +9nKEvmhVEA/GcywWaZMH/rFF7buiVWqw2rVKAiUnhde3t4ZEFolsgCs+l6mc1X5VTMbeRRAc6uk7 +nwNT7u56AQIWeNTowr5GdogTPyK7SBIdUgC0An4hGh6cJfTzPV4e0hz5sy229zdcxsshTrD3mUcY +hcErulWuBurQB7Lcq9CClnXO0lD+mefPL5/ndtFhKvshuzHQqp9HpLIiyhY6UFfEW0NnxWViA0kB +60PZ2Pierc+xYw5F9KBaLJstxabArahH9CdMOA0uG0k7UvToiIMrVCjU8jVStDKDYmlkDJGcn5fq +dBb9HxEGmpv0 +-----END CERTIFICATE----- + +Entrust Root Certification Authority - G4 +========================================= +-----BEGIN CERTIFICATE----- +MIIGSzCCBDOgAwIBAgIRANm1Q3+vqTkPAAAAAFVlrVgwDQYJKoZIhvcNAQELBQAwgb4xCzAJBgNV +BAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3Qu +bmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1 +dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1 +dGhvcml0eSAtIEc0MB4XDTE1MDUyNzExMTExNloXDTM3MTIyNzExNDExNlowgb4xCzAJBgNVBAYT +AlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0 +L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhv +cml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhv +cml0eSAtIEc0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsewsQu7i0TD/pZJH4i3D +umSXbcr3DbVZwbPLqGgZ2K+EbTBwXX7zLtJTmeH+H17ZSK9dE43b/2MzTdMAArzE+NEGCJR5WIoV +3imz/f3ET+iq4qA7ec2/a0My3dl0ELn39GjUu9CH1apLiipvKgS1sqbHoHrmSKvS0VnM1n4j5pds +8ELl3FFLFUHtSUrJ3hCX1nbB76W1NhSXNdh4IjVS70O92yfbYVaCNNzLiGAMC1rlLAHGVK/XqsEQ +e9IFWrhAnoanw5CGAlZSCXqc0ieCU0plUmr1POeo8pyvi73TDtTUXm6Hnmo9RR3RXRv06QqsYJn7 +ibT/mCzPfB3pAqoEmh643IhuJbNsZvc8kPNXwbMv9W3y+8qh+CmdRouzavbmZwe+LGcKKh9asj5X +xNMhIWNlUpEbsZmOeX7m640A2Vqq6nPopIICR5b+W45UYaPrL0swsIsjdXJ8ITzI9vF01Bx7owVV +7rtNOzK+mndmnqxpkCIHH2E6lr7lmk/MBTwoWdPBDFSoWWG9yHJM6Nyfh3+9nEg2XpWjDrk4JFX8 +dWbrAuMINClKxuMrLzOg2qOGpRKX/YAr2hRC45K9PvJdXmd0LhyIRyk0X+IyqJwlN4y6mACXi0mW +Hv0liqzc2thddG5msP9E36EYxr5ILzeUePiVSj9/E15dWf10hkNjc0kCAwEAAaNCMEAwDwYDVR0T +AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJ84xFYjwznooHFs6FRM5Og6sb9n +MA0GCSqGSIb3DQEBCwUAA4ICAQAS5UKme4sPDORGpbZgQIeMJX6tuGguW8ZAdjwD+MlZ9POrYs4Q +jbRaZIxowLByQzTSGwv2LFPSypBLhmb8qoMi9IsabyZIrHZ3CL/FmFz0Jomee8O5ZDIBf9PD3Vht +7LGrhFV0d4QEJ1JrhkzO3bll/9bGXp+aEJlLdWr+aumXIOTkdnrG0CSqkM0gkLpHZPt/B7NTeLUK +YvJzQ85BK4FqLoUWlFPUa19yIqtRLULVAJyZv967lDtX/Zr1hstWO1uIAeV8KEsD+UmDfLJ/fOPt +jqF/YFOOVZ1QNBIPt5d7bIdKROf1beyAN/BYGW5KaHbwH5Lk6rWS02FREAutp9lfx1/cH6NcjKF+ +m7ee01ZvZl4HliDtC3T7Zk6LERXpgUl+b7DUUH8i119lAg2m9IUe2K4GS0qn0jFmwvjO5QimpAKW +RGhXxNUzzxkvFMSUHHuk2fCfDrGA4tGeEWSpiBE6doLlYsKA2KSD7ZPvfC+QsDJMlhVoSFLUmQjA +JOgc47OlIQ6SwJAfzyBfyjs4x7dtOvPmRLgOMWuIjnDrnBdSqEGULoe256YSxXXfW8AKbnuk5F6G ++TaU33fD6Q3AOfF5u0aOq0NZJ7cguyPpVkAh7DE9ZapD8j3fcEThuk0mEDuYn/PIjhs4ViFqUZPT +kcpG2om3PVODLAgfi49T3f+sHw== +-----END CERTIFICATE----- + +Microsoft ECC Root Certificate Authority 2017 +============================================= +-----BEGIN CERTIFICATE----- +MIICWTCCAd+gAwIBAgIQZvI9r4fei7FK6gxXMQHC7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJV +UzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNyb3NvZnQgRUND +IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwHhcNMTkxMjE4MjMwNjQ1WhcNNDIwNzE4 +MjMxNjA0WjBlMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYw +NAYDVQQDEy1NaWNyb3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwdjAQ +BgcqhkjOPQIBBgUrgQQAIgNiAATUvD0CQnVBEyPNgASGAlEvaqiBYgtlzPbKnR5vSmZRogPZnZH6 +thaxjG7efM3beaYvzrvOcS/lpaso7GMEZpn4+vKTEAXhgShC48Zo9OYbhGBKia/teQ87zvH2RPUB +eMCjVDBSMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTIy5lycFIM ++Oa+sgRXKSrPQhDtNTAQBgkrBgEEAYI3FQEEAwIBADAKBggqhkjOPQQDAwNoADBlAjBY8k3qDPlf +Xu5gKcs68tvWMoQZP3zVL8KxzJOuULsJMsbG7X7JNpQS5GiFBqIb0C8CMQCZ6Ra0DvpWSNSkMBaR +eNtUjGUBiudQZsIxtzm6uBoiB078a1QWIP8rtedMDE2mT3M= +-----END CERTIFICATE----- + +Microsoft RSA Root Certificate Authority 2017 +============================================= +-----BEGIN CERTIFICATE----- +MIIFqDCCA5CgAwIBAgIQHtOXCV/YtLNHcB6qvn9FszANBgkqhkiG9w0BAQwFADBlMQswCQYDVQQG +EwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNyb3NvZnQg +UlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwHhcNMTkxMjE4MjI1MTIyWhcNNDIw +NzE4MjMwMDIzWjBlMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u +MTYwNAYDVQQDEy1NaWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcw +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKW76UM4wplZEWCpW9R2LBifOZNt9GkMml +7Xhqb0eRaPgnZ1AzHaGm++DlQ6OEAlcBXZxIQIJTELy/xztokLaCLeX0ZdDMbRnMlfl7rEqUrQ7e +S0MdhweSE5CAg2Q1OQT85elss7YfUJQ4ZVBcF0a5toW1HLUX6NZFndiyJrDKxHBKrmCk3bPZ7Pw7 +1VdyvD/IybLeS2v4I2wDwAW9lcfNcztmgGTjGqwu+UcF8ga2m3P1eDNbx6H7JyqhtJqRjJHTOoI+ +dkC0zVJhUXAoP8XFWvLJjEm7FFtNyP9nTUwSlq31/niol4fX/V4ggNyhSyL71Imtus5Hl0dVe49F +yGcohJUcaDDv70ngNXtk55iwlNpNhTs+VcQor1fznhPbRiefHqJeRIOkpcrVE7NLP8TjwuaGYaRS +MLl6IE9vDzhTyzMMEyuP1pq9KsgtsRx9S1HKR9FIJ3Jdh+vVReZIZZ2vUpC6W6IYZVcSn2i51BVr +lMRpIpj0M+Dt+VGOQVDJNE92kKz8OMHY4Xu54+OU4UZpyw4KUGsTuqwPN1q3ErWQgR5WrlcihtnJ +0tHXUeOrO8ZV/R4O03QK0dqq6mm4lyiPSMQH+FJDOvTKVTUssKZqwJz58oHhEmrARdlns87/I6KJ +ClTUFLkqqNfs+avNJVgyeY+QW5g5xAgGwax/Dj0ApQIDAQABo1QwUjAOBgNVHQ8BAf8EBAMCAYYw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUCctZf4aycI8awznjwNnpv7tNsiMwEAYJKwYBBAGC +NxUBBAMCAQAwDQYJKoZIhvcNAQEMBQADggIBAKyvPl3CEZaJjqPnktaXFbgToqZCLgLNFgVZJ8og +6Lq46BrsTaiXVq5lQ7GPAJtSzVXNUzltYkyLDVt8LkS/gxCP81OCgMNPOsduET/m4xaRhPtthH80 +dK2Jp86519efhGSSvpWhrQlTM93uCupKUY5vVau6tZRGrox/2KJQJWVggEbbMwSubLWYdFQl3JPk ++ONVFT24bcMKpBLBaYVu32TxU5nhSnUgnZUP5NbcA/FZGOhHibJXWpS2qdgXKxdJ5XbLwVaZOjex +/2kskZGT4d9Mozd2TaGf+G0eHdP67Pv0RR0Tbc/3WeUiJ3IrhvNXuzDtJE3cfVa7o7P4NHmJweDy +AmH3pvwPuxwXC65B2Xy9J6P9LjrRk5Sxcx0ki69bIImtt2dmefU6xqaWM/5TkshGsRGRxpl/j8nW +ZjEgQRCHLQzWwa80mMpkg/sTV9HB8Dx6jKXB/ZUhoHHBk2dxEuqPiAppGWSZI1b7rCoucL5mxAyE +7+WL85MB+GqQk2dLsmijtWKP6T+MejteD+eMuMZ87zf9dOLITzNy4ZQ5bb0Sr74MTnB8G2+NszKT +c0QWbej09+CVgI+WXTik9KveCjCHk9hNAHFiRSdLOkKEW39lt2c0Ui2cFmuqqNh7o0JMcccMyj6D +5KbvtwEwXlGjefVwaaZBRA+GsCyRxj3qrg+E +-----END CERTIFICATE----- + +e-Szigno Root CA 2017 +===================== +-----BEGIN CERTIFICATE----- +MIICQDCCAeWgAwIBAgIMAVRI7yH9l1kN9QQKMAoGCCqGSM49BAMCMHExCzAJBgNVBAYTAkhVMREw +DwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMgTHRkLjEXMBUGA1UEYQwOVkFUSFUt +MjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25vIFJvb3QgQ0EgMjAxNzAeFw0xNzA4MjIxMjA3MDZa +Fw00MjA4MjIxMjA3MDZaMHExCzAJBgNVBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UE +CgwNTWljcm9zZWMgTHRkLjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3pp +Z25vIFJvb3QgQ0EgMjAxNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJbcPYrYsHtvxie+RJCx +s1YVe45DJH0ahFnuY2iyxl6H0BVIHqiQrb1TotreOpCmYF9oMrWGQd+HWyx7xf58etqjYzBhMA8G +A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSHERUI0arBeAyxr87GyZDv +vzAEwDAfBgNVHSMEGDAWgBSHERUI0arBeAyxr87GyZDvvzAEwDAKBggqhkjOPQQDAgNJADBGAiEA +tVfd14pVCzbhhkT61NlojbjcI4qKDdQvfepz7L9NbKgCIQDLpbQS+ue16M9+k/zzNY9vTlp8tLxO +svxyqltZ+efcMQ== +-----END CERTIFICATE----- + +certSIGN Root CA G2 +=================== +-----BEGIN CERTIFICATE----- +MIIFRzCCAy+gAwIBAgIJEQA0tk7GNi02MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNVBAYTAlJPMRQw +EgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04gUk9PVCBDQSBHMjAeFw0xNzAy +MDYwOTI3MzVaFw00MjAyMDYwOTI3MzVaMEExCzAJBgNVBAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lH +TiBTQTEcMBoGA1UECxMTY2VydFNJR04gUk9PVCBDQSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBAMDFdRmRfUR0dIf+DjuW3NgBFszuY5HnC2/OOwppGnzC46+CjobXXo9X69MhWf05 +N0IwvlDqtg+piNguLWkh59E3GE59kdUWX2tbAMI5Qw02hVK5U2UPHULlj88F0+7cDBrZuIt4Imfk +abBoxTzkbFpG583H+u/E7Eu9aqSs/cwoUe+StCmrqzWaTOTECMYmzPhpn+Sc8CnTXPnGFiWeI8Mg +wT0PPzhAsP6CRDiqWhqKa2NYOLQV07YRaXseVO6MGiKscpc/I1mbySKEwQdPzH/iV8oScLumZfNp +dWO9lfsbl83kqK/20U6o2YpxJM02PbyWxPFsqa7lzw1uKA2wDrXKUXt4FMMgL3/7FFXhEZn91Qqh +ngLjYl/rNUssuHLoPj1PrCy7Lobio3aP5ZMqz6WryFyNSwb/EkaseMsUBzXgqd+L6a8VTxaJW732 +jcZZroiFDsGJ6x9nxUWO/203Nit4ZoORUSs9/1F3dmKh7Gc+PoGD4FapUB8fepmrY7+EF3fxDTvf +95xhszWYijqy7DwaNz9+j5LP2RIUZNoQAhVB/0/E6xyjyfqZ90bp4RjZsbgyLcsUDFDYg2WD7rlc +z8sFWkz6GZdr1l0T08JcVLwyc6B49fFtHsufpaafItzRUZ6CeWRgKRM+o/1Pcmqr4tTluCRVLERL +iohEnMqE0yo7AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1Ud +DgQWBBSCIS1mxteg4BXrzkwJd8RgnlRuAzANBgkqhkiG9w0BAQsFAAOCAgEAYN4auOfyYILVAzOB +ywaK8SJJ6ejqkX/GM15oGQOGO0MBzwdw5AgeZYWR5hEit/UCI46uuR59H35s5r0l1ZUa8gWmr4UC +b6741jH/JclKyMeKqdmfS0mbEVeZkkMR3rYzpMzXjWR91M08KCy0mpbqTfXERMQlqiCA2ClV9+BB +/AYm/7k29UMUA2Z44RGx2iBfRgB4ACGlHgAoYXhvqAEBj500mv/0OJD7uNGzcgbJceaBxXntC6Z5 +8hMLnPddDnskk7RI24Zf3lCGeOdA5jGokHZwYa+cNywRtYK3qq4kNFtyDGkNzVmf9nGvnAvRCjj5 +BiKDUyUM/FHE5r7iOZULJK2v0ZXkltd0ZGtxTgI8qoXzIKNDOXZbbFD+mpwUHmUUihW9o4JFWklW +atKcsWMy5WHgUyIOpwpJ6st+H6jiYoD2EEVSmAYY3qXNL3+q1Ok+CHLsIwMCPKaq2LxndD0UF/tU +Sxfj03k9bWtJySgOLnRQvwzZRjoQhsmnP+mg7H/rpXdYaXHmgwo38oZJar55CJD2AhZkPuXaTH4M +NMn5X7azKFGnpyuqSfqNZSlO42sTp5SjLVFteAxEy9/eCG/Oo2Sr05WE1LlSVHJ7liXMvGnjSG4N +0MedJ5qq+BOS3R7fY581qRY27Iy4g/Q9iY/NtBde17MXQRBdJ3NghVdJIgc= +-----END CERTIFICATE----- + +Trustwave Global Certification Authority +======================================== +-----BEGIN CERTIFICATE----- +MIIF2jCCA8KgAwIBAgIMBfcOhtpJ80Y1LrqyMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJV +UzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAfBgNVBAoMGFRydXN0d2F2 +ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9u +IEF1dGhvcml0eTAeFw0xNzA4MjMxOTM0MTJaFw00MjA4MjMxOTM0MTJaMIGIMQswCQYDVQQGEwJV +UzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAfBgNVBAoMGFRydXN0d2F2 +ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9u +IEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALldUShLPDeS0YLOvR29 +zd24q88KPuFd5dyqCblXAj7mY2Hf8g+CY66j96xz0XznswuvCAAJWX/NKSqIk4cXGIDtiLK0thAf +LdZfVaITXdHG6wZWiYj+rDKd/VzDBcdu7oaJuogDnXIhhpCujwOl3J+IKMujkkkP7NAP4m1ET4Bq +stTnoApTAbqOl5F2brz81Ws25kCI1nsvXwXoLG0R8+eyvpJETNKXpP7ScoFDB5zpET71ixpZfR9o +WN0EACyW80OzfpgZdNmcc9kYvkHHNHnZ9GLCQ7mzJ7Aiy/k9UscwR7PJPrhq4ufogXBeQotPJqX+ +OsIgbrv4Fo7NDKm0G2x2EOFYeUY+VM6AqFcJNykbmROPDMjWLBz7BegIlT1lRtzuzWniTY+HKE40 +Cz7PFNm73bZQmq131BnW2hqIyE4bJ3XYsgjxroMwuREOzYfwhI0Vcnyh78zyiGG69Gm7DIwLdVcE +uE4qFC49DxweMqZiNu5m4iK4BUBjECLzMx10coos9TkpoNPnG4CELcU9402x/RpvumUHO1jsQkUm ++9jaJXLE9gCxInm943xZYkqcBW89zubWR2OZxiRvchLIrH+QtAuRcOi35hYQcRfO3gZPSEF9NUqj +ifLJS3tBEW1ntwiYTOURGa5CgNz7kAXU+FDKvuStx8KU1xad5hePrzb7AgMBAAGjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFJngGWcNYtt2s9o9uFvo/ULSMQ6HMA4GA1UdDwEB/wQEAwIB +BjANBgkqhkiG9w0BAQsFAAOCAgEAmHNw4rDT7TnsTGDZqRKGFx6W0OhUKDtkLSGm+J1WE2pIPU/H +PinbbViDVD2HfSMF1OQc3Og4ZYbFdada2zUFvXfeuyk3QAUHw5RSn8pk3fEbK9xGChACMf1KaA0H +ZJDmHvUqoai7PF35owgLEQzxPy0QlG/+4jSHg9bP5Rs1bdID4bANqKCqRieCNqcVtgimQlRXtpla +4gt5kNdXElE1GYhBaCXUNxeEFfsBctyV3lImIJgm4nb1J2/6ADtKYdkNy1GTKv0WBpanI5ojSP5R +vbbEsLFUzt5sQa0WZ37b/TjNuThOssFgy50X31ieemKyJo90lZvkWx3SD92YHJtZuSPTMaCm/zjd +zyBP6VhWOmfD0faZmZ26NraAL4hHT4a/RDqA5Dccprrql5gR0IRiR2Qequ5AvzSxnI9O4fKSTx+O +856X3vOmeWqJcU9LJxdI/uz0UA9PSX3MReO9ekDFQdxhVicGaeVyQYHTtgGJoC86cnn+OjC/QezH +Yj6RS8fZMXZC+fc8Y+wmjHMMfRod6qh8h6jCJ3zhM0EPz8/8AKAigJ5Kp28AsEFFtyLKaEjFQqKu +3R3y4G5OBVixwJAWKqQ9EEC+j2Jjg6mcgn0tAumDMHzLJ8n9HmYAsC7TIS+OMxZsmO0QqAfWzJPP +29FpHOTKyeC2nOnOcXHebD8WpHk= +-----END CERTIFICATE----- + +Trustwave Global ECC P256 Certification Authority +================================================= +-----BEGIN CERTIFICATE----- +MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYDVQQGEwJVUzER +MA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0d2F2ZSBI +b2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYD +VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRy +dXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDI1 +NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH77bOYj +43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoNFWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqm +P62jQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt +0UrrdaVKEJmzsaGLSvcwCgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjz +RM4q3wghDDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7 +-----END CERTIFICATE----- + +Trustwave Global ECC P384 Certification Authority +================================================= +-----BEGIN CERTIFICATE----- +MIICnTCCAiSgAwIBAgIMCL2Fl2yZJ6SAaEc7MAoGCCqGSM49BAMDMIGRMQswCQYDVQQGEwJVUzER +MA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0d2F2ZSBI +b2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDM4NCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMxOTM2NDNaFw00MjA4MjMxOTM2NDNaMIGRMQswCQYD +VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRy +dXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDM4 +NCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTB2MBAGByqGSM49AgEGBSuBBAAiA2IABGvaDXU1CDFH +Ba5FmVXxERMuSvgQMSOjfoPTfygIOiYaOs+Xgh+AtycJj9GOMMQKmw6sWASr9zZ9lCOkmwqKi6vr +/TklZvFe/oyujUF5nQlgziip04pt89ZF1PKYhDhloKNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNV +HQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBRVqYSJ0sEyvRjLbKYHTsjnnb6CkDAKBggqhkjOPQQDAwNn +ADBkAjA3AZKXRRJ+oPM+rRk6ct30UJMDEr5E0k9BpIycnR+j9sKS50gU/k6bpZFXrsY3crsCMGcl +CrEMXu6pY5Jv5ZAL/mYiykf9ijH3g/56vxC+GCsej/YpHpRZ744hN8tRmKVuSw== +-----END CERTIFICATE----- + +NAVER Global Root Certification Authority +========================================= +-----BEGIN CERTIFICATE----- +MIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJKoZIhvcNAQEMBQAwaTELMAkG +A1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBMQVRGT1JNIENvcnAuMTIwMAYDVQQD +DClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MTgwODU4 +NDJaFw0zNzA4MTgyMzU5NTlaMGkxCzAJBgNVBAYTAktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVT +UyBQTEFURk9STSBDb3JwLjEyMDAGA1UEAwwpTkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVAiQqrDZBb +UGOukJR0F0Vy1ntlWilLp1agS7gvQnXp2XskWjFlqxcX0TM62RHcQDaH38dq6SZeWYp34+hInDEW ++j6RscrJo+KfziFTowI2MMtSAuXaMl3Dxeb57hHHi8lEHoSTGEq0n+USZGnQJoViAbbJAh2+g1G7 +XNr4rRVqmfeSVPc0W+m/6imBEtRTkZazkVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2 +aacp+yPOiNgSnABIqKYPszuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4 +Yb8ObtoqvC8MC3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHfnZ3z +VHbOUzoBppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaGYQ5fG8Ir4ozVu53B +A0K6lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo0es+nPxdGoMuK8u180SdOqcXYZai +cdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3aCJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv8ejy +YhbLgGvtPe31HzClrkvJE+2KAQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0IwQDAdBgNV +HQ4EFgQU0p+I36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7gyKoNqo0hV4/GPnrK +21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatjcu3cvuzHV+YwIHHW1xDBE1UB +jCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm+LUx5vR1yblTmXVHIloUFcd4G7ad6Qz4G3bx +hYTeodoS76TiEJd6eN4MUZeoIUCLhr0N8F5OSza7OyAfikJW4Qsav3vQIkMsRIz75Sq0bBwcupTg +E34h5prCy8VCZLQelHsIJchxzIdFV4XTnyliIoNRlwAYl3dqmJLJfGBs32x9SuRwTMKeuB330DTH +D8z7p/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzyqkn+Zvjp2DXrDige7kgvOtB5CTh8piKCk5XQ +A76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmWNcf7I4GOODm4RStDeKLRLBT/DShycpWbXgnbiUSY +qqFJu3FS8r/2/yehNq+4tneI3TqkbZs0kNwUXTC/t+sX5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oG +I/hGoiLtk/bdmuYqh7GYVPEi92tF4+KOdh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmg +kpzNNIaRkPpkUZ3+/uul9XXeifdy +-----END CERTIFICATE----- + +AC RAIZ FNMT-RCM SERVIDORES SEGUROS +=================================== +-----BEGIN CERTIFICATE----- +MIICbjCCAfOgAwIBAgIQYvYybOXE42hcG2LdnC6dlTAKBggqhkjOPQQDAzB4MQswCQYDVQQGEwJF +UzERMA8GA1UECgwIRk5NVC1SQ00xDjAMBgNVBAsMBUNlcmVzMRgwFgYDVQRhDA9WQVRFUy1RMjgy +NjAwNEoxLDAqBgNVBAMMI0FDIFJBSVogRk5NVC1SQ00gU0VSVklET1JFUyBTRUdVUk9TMB4XDTE4 +MTIyMDA5MzczM1oXDTQzMTIyMDA5MzczM1oweDELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQt +UkNNMQ4wDAYDVQQLDAVDZXJlczEYMBYGA1UEYQwPVkFURVMtUTI4MjYwMDRKMSwwKgYDVQQDDCNB +QyBSQUlaIEZOTVQtUkNNIFNFUlZJRE9SRVMgU0VHVVJPUzB2MBAGByqGSM49AgEGBSuBBAAiA2IA +BPa6V1PIyqvfNkpSIeSX0oNnnvBlUdBeh8dHsVnyV0ebAAKTRBdp20LHsbI6GA60XYyzZl2hNPk2 +LEnb80b8s0RpRBNm/dfF/a82Tc4DTQdxz69qBdKiQ1oKUm8BA06Oi6NCMEAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFAG5L++/EYZg8k/QQW6rcx/n0m5JMAoGCCqG +SM49BAMDA2kAMGYCMQCuSuMrQMN0EfKVrRYj3k4MGuZdpSRea0R7/DjiT8ucRRcRTBQnJlU5dUoD +zBOQn5ICMQD6SmxgiHPz7riYYqnOK8LZiqZwMR2vsJRM60/G49HzYqc8/5MuB1xJAWdpEgJyv+c= +-----END CERTIFICATE----- + +GlobalSign Root R46 +=================== +-----BEGIN CERTIFICATE----- +MIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUAMEYxCzAJBgNV +BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJv +b3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAX +BgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBSNDYwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsrHQy6LNl5brtQyYdpokNRbopiLKkHWPd08Es +CVeJOaFV6Wc0dwxu5FUdUiXSE2te4R2pt32JMl8Nnp8semNgQB+msLZ4j5lUlghYruQGvGIFAha/ +r6gjA7aUD7xubMLL1aa7DOn2wQL7Id5m3RerdELv8HQvJfTqa1VbkNud316HCkD7rRlr+/fKYIje +2sGP1q7Vf9Q8g+7XFkyDRTNrJ9CG0Bwta/OrffGFqfUo0q3v84RLHIf8E6M6cqJaESvWJ3En7YEt +bWaBkoe0G1h6zD8K+kZPTXhc+CtI4wSEy132tGqzZfxCnlEmIyDLPRT5ge1lFgBPGmSXZgjPjHvj +K8Cd+RTyG/FWaha/LIWFzXg4mutCagI0GIMXTpRW+LaCtfOW3T3zvn8gdz57GSNrLNRyc0NXfeD4 +12lPFzYE+cCQYDdF3uYM2HSNrpyibXRdQr4G9dlkbgIQrImwTDsHTUB+JMWKmIJ5jqSngiCNI/on +ccnfxkF0oE32kRbcRoxfKWMxWXEM2G/CtjJ9++ZdU6Z+Ffy7dXxd7Pj2Fxzsx2sZy/N78CsHpdls +eVR2bJ0cpm4O6XkMqCNqo98bMDGfsVR7/mrLZqrcZdCinkqaByFrgY/bxFn63iLABJzjqls2k+g9 +vXqhnQt2sQvHnf3PmKgGwvgqo6GDoLclcqUC4wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYD +VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA1yrc4GHqMywptWU4jaWSf8FmSwwDQYJKoZIhvcNAQEM +BQADggIBAHx47PYCLLtbfpIrXTncvtgdokIzTfnvpCo7RGkerNlFo048p9gkUbJUHJNOxO97k4Vg +JuoJSOD1u8fpaNK7ajFxzHmuEajwmf3lH7wvqMxX63bEIaZHU1VNaL8FpO7XJqti2kM3S+LGteWy +gxk6x9PbTZ4IevPuzz5i+6zoYMzRx6Fcg0XERczzF2sUyQQCPtIkpnnpHs6i58FZFZ8d4kuaPp92 +CC1r2LpXFNqD6v6MVenQTqnMdzGxRBF6XLE+0xRFFRhiJBPSy03OXIPBNvIQtQ6IbbjhVp+J3pZm +OUdkLG5NrmJ7v2B0GbhWrJKsFjLtrWhV/pi60zTe9Mlhww6G9kuEYO4Ne7UyWHmRVSyBQ7N0H3qq +JZ4d16GLuc1CLgSkZoNNiTW2bKg2SnkheCLQQrzRQDGQob4Ez8pn7fXwgNNgyYMqIgXQBztSvwye +qiv5u+YfjyW6hY0XHgL+XVAEV8/+LbzvXMAaq7afJMbfc2hIkCwU9D9SGuTSyxTDYWnP4vkYxboz +nxSjBF25cfe1lNj2M8FawTSLfJvdkzrnE6JwYZ+vj+vYxXX4M2bUdGc6N3ec592kD3ZDZopD8p/7 +DEJ4Y9HiD2971KE9dJeFt0g5QdYg/NA6s/rob8SKunE3vouXsXgxT7PntgMTzlSdriVZzH81Xwj3 +QEUxeCp6 +-----END CERTIFICATE----- + +GlobalSign Root E46 +=================== +-----BEGIN CERTIFICATE----- +MIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYxCzAJBgNVBAYT +AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJvb3Qg +RTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNV +BAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAAScDrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkB +jtjqR+q+soArzfwoDdusvKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGddyXqBPCCj +QjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQxCpCPtsad0kRL +gLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZk +vLtoURMMA/cVi4RguYv/Uo7njLwcAjA8+RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+ +CAezNIm8BZ/3Hobui3A= +-----END CERTIFICATE-----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/lib/puppet_x/bodeco/util.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,180 @@ +module PuppetX + module Bodeco + module Util + def self.download(url, filepath, options = {}) + uri = URI(url) + @connection = PuppetX::Bodeco.const_get(uri.scheme.upcase).new("#{uri.scheme}://#{uri.host}:#{uri.port}", options) + @connection.download(uri, filepath) + end + + def self.content(url, options = {}) + uri = URI(url) + @connection = PuppetX::Bodeco.const_get(uri.scheme.upcase).new("#{uri.scheme}://#{uri.host}:#{uri.port}", options) + @connection.content(uri) + end + + # + # This allows you to use a puppet syntax for a file and return its content. + # + # @example + # puppet_download 'puppet:///modules/my_module_name/my_file.dat + # + # @param [String] url this is the puppet url of the file to be fetched + # @param [String] filepath this is path of the file to create + # + # @raise [ArgumentError] when the file doesn't exist + # + def self.puppet_download(url, filepath) + # Somehow there is no consistent way to determine what terminus to use. So we switch to a + # trial and error method. First we start withe the default. And if it doesn't work, we try the + # other ones + status = load_file_with_any_terminus(url) + raise ArgumentError, "Previous error(s) resulted in Puppet being unable to retrieve information from environment #{Puppet['environment']} source(s) #{url}'\nMost probable cause is file not found." unless status + File.open(filepath, 'wb') { |file| file.write(status.content) } + end + + # @private + # rubocop:disable HandleExceptions + def self.load_file_with_any_terminus(url) + termini_to_try = [:file_server, :rest] + termini_to_try.each do |terminus| + with_terminus(terminus) do + begin + content = Puppet::FileServing::Content.indirection.find(url) + rescue SocketError, Timeout::Error, Errno::ECONNREFUSED, Errno::EHOSTDOWN, Errno::EHOSTUNREACH, Errno::ETIMEDOUT, Puppet::HTTP::RouteError + # rescue any network error + end + return content if content + end + end + nil + end + # rubocop:enable HandleExceptions + + def self.with_terminus(terminus) + old_terminus = Puppet[:default_file_terminus] + Puppet[:default_file_terminus] = terminus + value = yield + Puppet[:default_file_terminus] = old_terminus + value + end + end + class HTTP + require 'net/http' + + FOLLOW_LIMIT = 5 + URI_UNSAFE = %r{[^\-_.!~*'()a-zA-Z\d;\/?:@&=+$,\[\]%]} + + def initialize(_url, options) + @username = options[:username] + @password = options[:password] + @cookie = options[:cookie] + @insecure = options[:insecure] + + if options[:proxy_server] + uri = URI(options[:proxy_server]) + unless uri.scheme + uri = URI("#{options[:proxy_type]}://#{options[:proxy_server]}") + end + @proxy_addr = uri.hostname + @proxy_port = uri.port + end + + ENV['SSL_CERT_FILE'] = File.expand_path(File.join(__FILE__, '..', 'cacert.pem')) if Facter.value(:osfamily) == 'windows' && !ENV.key?('SSL_CERT_FILE') + end + + def generate_request(uri) + header = @cookie && { 'Cookie' => @cookie } + + request = Net::HTTP::Get.new(uri.request_uri, header) + request.basic_auth(@username, @password) if @username && @password + request + end + + def follow_redirect(uri, option = { limit: FOLLOW_LIMIT }, &block) + http_opts = if uri.scheme == 'https' + { use_ssl: true, + verify_mode: (@insecure ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER) } + else + { use_ssl: false } + end + Net::HTTP.start(uri.host, uri.port, @proxy_addr, @proxy_port, http_opts) do |http| + http.request(generate_request(uri)) do |response| + case response + when Net::HTTPSuccess + yield response + when Net::HTTPRedirection + limit = option[:limit] - 1 + raise Puppet::Error, "Redirect limit exceeded, last url: #{uri}" if limit < 0 + location = safe_escape(response['location']) + new_uri = URI(location) + new_uri = URI(uri.to_s + location) if new_uri.relative? + follow_redirect(new_uri, limit: limit, &block) + else + raise Puppet::Error, "HTTP Error Code #{response.code}\nURL: #{uri}\nContent:\n#{response.body}" + end + end + end + end + + def download(uri, file_path, option = { limit: FOLLOW_LIMIT }) + follow_redirect(uri, option) do |response| + File.open file_path, 'wb' do |io| + response.read_body do |chunk| + io.write chunk + end + end + end + end + + def content(uri, option = { limit: FOLLOW_LIMIT }) + follow_redirect(uri, option) do |response| + return response.body + end + end + + def safe_escape(uri) + uri.to_s.gsub(URI_UNSAFE) do |match| + '%' + match.unpack('H2' * match.bytesize).join('%').upcase + end + end + end + + class HTTPS < HTTP + end + + class FTP + require 'net/ftp' + + def initialize(url, options) + uri = URI(url) + username = options[:username] + password = options[:password] + proxy_server = options[:proxy_server] + proxy_type = options[:proxy_type] + + ENV["#{proxy_type}_proxy"] = proxy_server + + @ftp = Net::FTP.new + @ftp.connect(uri.host, uri.port) + if username + @ftp.login(username, password) + else + @ftp.login + end + end + + def download(uri, file_path) + @ftp.getbinaryfile(uri.path, file_path) + end + end + + class FILE + def initialize(_url, _options) end + + def download(uri, file_path) + FileUtils.copy(uri.path, file_path) + end + end + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/manifests/artifactory.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,108 @@ +# Define: archive::artifactory +# ============================ +# +# archive wrapper for downloading files from artifactory +# +# Parameters +# ---------- +# +# * path: fully qualified filepath for the download the file or use archive_path and only supply filename. (namevar). +# * ensure: ensure the file is present/absent. +# * url: artifactory download URL. +# * owner: file owner (see archive params for defaults). +# * group: file group (see archive params for defaults). +# * mode: file mode (see archive params for defaults). +# * archive_path: the parent directory of local filepath. +# * extract: whether to extract the files (true/false). +# * creates: the file created when the archive is extracted (true/false). +# * cleanup: remove archive file after file extraction (true/false). +# +# Examples +# -------- +# +# archive::artifactory { '/tmp/logo.png': +# url => 'https://repo.jfrog.org/artifactory/distributions/images/Artifactory_120x75.png', +# owner => 'root', +# group => 'root', +# mode => '0644', +# } +# +# $dirname = 'gradle-1.0-milestone-4-20110723151213+0300' +# $filename = "${dirname}-bin.zip" +# +# archive::artifactory { $filename: +# archive_path => '/tmp', +# url => "http://repo.jfrog.org/artifactory/distributions/org/gradle/${filename}", +# extract => true, +# extract_path => '/opt', +# creates => "/opt/${dirname}", +# cleanup => true, +# } +# +define archive::artifactory ( + Stdlib::HTTPUrl $url, + String $path = $name, + Enum['present', 'absent'] $ensure = present, + Optional[String] $owner = undef, + Optional[String] $group = undef, + Optional[String] $mode = undef, + Optional[Boolean] $extract = undef, + Optional[String] $extract_path = undef, + Optional[String] $creates = undef, + Optional[Boolean] $cleanup = undef, + Optional[String] $username = undef, + Optional[String] $password = undef, + Optional[Stdlib::Absolutepath] $archive_path = undef, +) { + include archive::params + + if $archive_path { + $file_path = "${archive_path}/${name}" + } else { + $file_path = $path + } + + assert_type(Stdlib::Absolutepath, $file_path) |$expected, $actual| { + fail("archive::artifactory[${name}]: \$name or \$archive_path must be '${expected}', not '${actual}'") + } + + $maven2_data = archive::parse_artifactory_url($url) + if $maven2_data and $maven2_data['folder_iteg_rev'] == 'SNAPSHOT' { + # URL represents a SNAPSHOT version. eg 'http://artifactory.example.com/artifactory/repo/com/example/artifact/0.0.1-SNAPSHOT/artifact-0.0.1-SNAPSHOT.zip' + # Only Artifactory Pro lets you download this directly but the corresponding fileinfo endpoint (where the sha1 checksum is published) doesn't exist. + # This means we can't use the artifactory_sha1 function + + $latest_url_data = archive::artifactory_latest_url($url, $maven2_data) + + $file_url = $latest_url_data['url'] + $sha1 = $latest_url_data['sha1'] + } else { + $file_url = $url + $sha1 = archive::artifactory_checksum($url,'sha1') + } + + archive { $file_path: + ensure => $ensure, + path => $file_path, + extract => $extract, + extract_path => $extract_path, + username => $username, + password => $password, + source => $file_url, + checksum => $sha1, + checksum_type => 'sha1', + creates => $creates, + cleanup => $cleanup, + } + + $file_owner = pick($owner, $archive::params::owner) + $file_group = pick($group, $archive::params::group) + $file_mode = pick($mode, $archive::params::mode) + + file { $file_path: + owner => $file_owner, + group => $file_group, + mode => $file_mode, + require => Archive[$file_path], + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/manifests/download.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,64 @@ +# == Definition: archive::download +# +# Archive downloader with integrity verification. +# +# Parameters: +# +# - *$url: +# - *$digest_url: +# - *$digest_string: Default value undef +# - *$digest_type: Default value "md5". +# - *$timeout: Default value 120. (ignored) +# - *$src_target: Default value "/usr/src". +# - *$allow_insecure: Default value false. +# - *$follow_redirects: Default value false. +# - *$verbose: Default value true. +# - *$proxy_server: Default value undef. +# - *$user: The user used to download the archive +# +# Example usage: +# +# archive::download {"apache-tomcat-6.0.26.tar.gz": +# ensure => present, +# url => "http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.26/bin/apache-tomcat-6.0.26.tar.gz", +# } +# +# archive::download {"apache-tomcat-6.0.26.tar.gz": +# ensure => present, +# digest_string => "f9eafa9bfd620324d1270ae8f09a8c89", +# url => "http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.26/bin/apache-tomcat-6.0.26.tar.gz", +# } +# +define archive::download ( + String $url, + Enum['present', 'absent'] $ensure = present, + Boolean $checksum = true, + Optional[String] $digest_url = undef, + Optional[String] $digest_string = undef, + Enum['none', 'md5', 'sha1', 'sha2','sha256', 'sha384', 'sha512'] $digest_type = 'md5', # bad default! + Integer $timeout = 120, # ignored + Stdlib::Compat::Absolute_path $src_target = '/usr/src', + Boolean $allow_insecure = false, + Boolean $follow_redirects = false, # ignored (default) + Boolean $verbose = true, # ignored + String $path = $facts['path'], # ignored + Optional[String] $proxy_server = undef, + Optional[String] $user = undef, +) { + $target = ($title =~ Stdlib::Compat::Absolute_path) ? { + false => "${src_target}/${title}", + default => $title, + } + + archive { $target: + ensure => $ensure, + source => $url, + checksum_verify => $checksum, + checksum => $digest_string, + checksum_type => $digest_type, + checksum_url => $digest_url, + proxy_server => $proxy_server, + user => $user, + allow_insecure => $allow_insecure, + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/manifests/go.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,60 @@ +# download from go +define archive::go ( + String $server, + Integer $port, + String $url_path, + String $md5_url_path, + String $username, + String $password, + Enum['present', 'absent'] $ensure = present, + String $path = $name, + Optional[String] $owner = undef, + Optional[String] $group = undef, + Optional[String] $mode = undef, + Optional[Boolean] $extract = undef, + Optional[String] $extract_path = undef, + Optional[String] $creates = undef, + Optional[Boolean] $cleanup = undef, + Optional[Stdlib::Compat::Absolute_path] $archive_path = undef, +) { + include archive::params + + if $archive_path { + $file_path = "${archive_path}/${name}" + } else { + $file_path = $path + } + + if $file_path !~ Stdlib::Compat::Absolute_path { + fail("archive::go[${name}]: \$name or \$archive_path must be an absolute path!") # lint:ignore:trailing_comma + } + + $go_url = "http://${server}:${port}" + $file_url = "${go_url}/${url_path}" + $md5_url = "${go_url}/${md5_url_path}" + + archive { $file_path: + ensure => $ensure, + path => $file_path, + extract => $extract, + extract_path => $extract_path, + source => $file_url, + checksum => archive::go_md5($username, $password, $name, $md5_url), + checksum_type => 'md5', + creates => $creates, + cleanup => $cleanup, + username => $username, + password => $password, + } + + $file_owner = pick($owner, $archive::params::owner) + $file_group = pick($group, $archive::params::group) + $file_mode = pick($mode, $archive::params::mode) + + file { $file_path: + owner => $file_owner, + group => $file_group, + mode => $file_mode, + require => Archive[$file_path], + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/manifests/init.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,117 @@ +# @summary Manages archive module's dependencies. +# +# @example On Windows, ensure 7zip is installed using the default `chocolatey` provider. +# include archive +# +# @example On Windows, install a 7zip MSI with the native `windows` package provider. +# class { 'archive': +# seven_zip_name => '7-Zip 9.20 (x64 edition)', +# seven_zip_source => 'C:/Windows/Temp/7z920-x64.msi', +# seven_zip_provider => 'windows', +# } +# +# @example Install the AWS CLI tool. (Not supported on Windows). +# class { 'archive': +# aws_cli_install => true, +# } +# +# @example Deploy a specific archive +# class { 'archive': +# archives => { '/tmp/jta-1.1.jar' => { +# 'ensure' => 'present', +# 'source' => 'http://central.maven.org/maven2/javax/transaction/jta/1.1/jta-1.1.jar', +# }, } +# } +# +# @param seven_zip_name +# 7zip package name. This parameter only applies to Windows. +# @param seven_zip_provider +# 7zip package provider. This parameter only applies to Windows where it defaults to `chocolatey`. Can be set to an empty string, (or `undef` via hiera), if you don't want this module to manage 7zip. +# @param seven_zip_source +# Alternative package source for 7zip. This parameter only applies to Windows. +# @param aws_cli_install +# Installs the AWS CLI command needed for downloading from S3 buckets. This parameter is currently not implemented on Windows. +# @param gsutil_install +# Installs the GSUtil CLI command needed for downloading from GS buckets. This parameter is currently not implemented on Windows. +# +# @param archives +# A hash of archive resources this module should create. +class archive ( + Optional[String[1]] $seven_zip_name = $archive::params::seven_zip_name, + Optional[Enum['chocolatey','windows','']] $seven_zip_provider = $archive::params::seven_zip_provider, + Optional[String[1]] $seven_zip_source = undef, + Boolean $aws_cli_install = false, + Boolean $gsutil_install = false, + Hash $archives = {}, +) inherits archive::params { + if $facts['os']['family'] == 'Windows' and !($seven_zip_provider in ['', undef]) { + package { '7zip': + ensure => present, + name => $seven_zip_name, + source => $seven_zip_source, + provider => $seven_zip_provider, + } + } + + if $aws_cli_install { + # TODO: Windows support. + if $facts['os']['family'] != 'Windows' { + # Using bundled install option: + # http://docs.aws.amazon.com/cli/latest/userguide/installing.html#install-bundle-other-os + + file { '/opt/awscli-bundle': + ensure => 'directory', + } + + archive { 'awscli-bundle.zip': + ensure => present, + path => '/opt/awscli-bundle/awscli-bundle.zip', + source => 'https://s3.amazonaws.com/aws-cli/awscli-bundle.zip', + extract => true, + extract_path => '/opt', + creates => '/opt/awscli-bundle/install', + cleanup => true, + } + + exec { 'install_aws_cli': + command => '/opt/awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws', + refreshonly => true, + subscribe => Archive['awscli-bundle.zip'], + } + } + } + + if $gsutil_install { + # TODO: Windows support. + if $facts['os']['family'] != 'Windows' { + # Using bundled install option: + # https://cloud.google.com/storage/docs/quickstart-gsutil + + file { '/opt/gsutil-bundle': + ensure => 'directory', + } + + archive { 'gsutil.zip': + ensure => present, + path => '/opt/gsutil-bundle/gsutil.zip', + source => 'https://storage.googleapis.com/pub/gsutil.zip', + extract => true, + extract_path => '/opt', + creates => '/opt/gsutil-bundle/gsutil', + cleanup => true, + } + + exec { 'install_gsutil': + command => '/opt/gsutil-bundle/gsutil/setup.py install -q', + refreshonly => true, + subscribe => Archive['gsutil.zip'], + } + } + } + + $archives.each |$archive_name, $archive_settings| { + archive { $archive_name: + * => $archive_settings, + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/manifests/nexus.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,124 @@ +# define: archive::nexus +# ====================== +# +# archive wrapper for downloading files from Nexus using REST API. Nexus API: +# https://repository.sonatype.org/nexus-restlet1x-plugin/default/docs/path__artifact_maven_content.html +# +# Parameters +# ---------- +# +# Examples +# -------- +# +# archive::nexus { '/tmp/jtstand-ui-0.98.jar': +# url => 'https://oss.sonatype.org', +# gav => 'org.codehaus.jtstand:jtstand-ui:0.98', +# repository => 'codehaus-releases', +# packaging => 'jar', +# extract => false, +# } +# +define archive::nexus ( + String $url, + String $gav, + String $repository, + Enum['present', 'absent'] $ensure = present, + Enum['none', 'md5', 'sha1', 'sha2','sha256', 'sha384', 'sha512'] $checksum_type = 'md5', + Boolean $checksum_verify = true, + String $packaging = 'jar', + Boolean $use_nexus3_urls = false, + Optional[String] $classifier = undef, + Optional[String] $extension = undef, + Optional[String] $username = undef, + Optional[String] $password = undef, + Optional[String] $user = undef, + Optional[String] $owner = undef, + Optional[String] $group = undef, + Optional[String] $mode = undef, + Optional[Boolean] $extract = undef, + Optional[String] $extract_path = undef, + Optional[String] $extract_flags = undef, + Optional[String] $extract_command = undef, + Optional[String] $creates = undef, + Optional[Boolean] $cleanup = undef, + Optional[String] $proxy_server = undef, + Optional[String] $proxy_type = undef, + Optional[Boolean] $allow_insecure = undef, + Optional[Stdlib::Absolutepath] $temp_dir = undef, +) { + include archive::params + + $artifact_info = split($gav, ':') + + $group_id = $artifact_info[0] + $artifact_id = $artifact_info[1] + $version = $artifact_info[2] + + $query_params = { + 'g' => $group_id, + 'a' => $artifact_id, + 'v' => $version, + 'r' => $repository, + 'p' => $packaging, + 'c' => $classifier, + 'e' => $extension, + }.filter |$keys, $values| { $values != undef } + + if $use_nexus3_urls { + if $classifier { + $c = "-${classifier}" + } else { + $c = '' + } + + $artifact_url = sprintf( + '%s/repository/%s/%s/%s/%s/%s-%s%s.%s', + $url, + $repository, + regsubst($group_id, '\.', '/', 'G'), + $artifact_id, + $version, + $artifact_id, + $version, + $c, + $packaging + ) + + $checksum_url = sprintf('%s.%s', $artifact_url, $checksum_type) + } else { + $artifact_url = archive::assemble_nexus_url($url, $query_params) + $checksum_url = regsubst($artifact_url, "p=${packaging}", "p=${packaging}.${checksum_type}") + } + archive { $name: + ensure => $ensure, + source => $artifact_url, + username => $username, + password => $password, + checksum_url => $checksum_url, + checksum_type => $checksum_type, + checksum_verify => $checksum_verify, + extract => $extract, + extract_path => $extract_path, + extract_flags => $extract_flags, + extract_command => $extract_command, + user => $user, + group => $group, + creates => $creates, + cleanup => $cleanup, + proxy_server => $proxy_server, + proxy_type => $proxy_type, + allow_insecure => $allow_insecure, + temp_dir => $temp_dir, + } + + $file_owner = pick($owner, $archive::params::owner) + $file_group = pick($group, $archive::params::group) + $file_mode = pick($mode, $archive::params::mode) + + file { $name: + owner => $file_owner, + group => $file_group, + mode => $file_mode, + require => Archive[$name], + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/manifests/params.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,22 @@ +# @summary OS specific `archive` settings such as default user and file mode. +# @api private +class archive::params { + case $facts['os']['family'] { + 'Windows': { + $path = $facts['archive_windir'] + $owner = 'S-1-5-32-544' # Adminstrators + $group = 'S-1-5-18' # SYSTEM + $mode = '0640' + $seven_zip_name = '7zip' + $seven_zip_provider = 'chocolatey' + } + default: { + $path = '/opt/staging' + $owner = '0' + $group = '0' + $mode = '0640' + $seven_zip_name = undef + $seven_zip_provider = undef + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/manifests/staging.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,22 @@ +# Class: archive::staging +# ======================= +# +# backwards compatibility class for staging module. +# +class archive::staging ( + String $path = $archive::params::path, + String $owner = $archive::params::owner, + String $group = $archive::params::group, + String $mode = $archive::params::mode, +) inherits archive::params { + include 'archive' + + if !defined(File[$path]) { + file { $path: + ensure => directory, + owner => $owner, + group => $group, + mode => $mode, + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/archive/metadata.json Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,106 @@ +{ + "operatingsystem_support": [ + { + "operatingsystem": "RedHat", + "operatingsystemrelease": [ + "7", + "8" + ] + }, + { + "operatingsystem": "CentOS", + "operatingsystemrelease": [ + "7", + "8" + ] + }, + { + "operatingsystem": "OracleLinux", + "operatingsystemrelease": [ + "7", + "8" + ] + }, + { + "operatingsystem": "Scientific", + "operatingsystemrelease": [ + "7" + ] + }, + { + "operatingsystem": "SLES", + "operatingsystemrelease": [ + "11 SP1" + ] + }, + { + "operatingsystem": "Ubuntu", + "operatingsystemrelease": [ + "18.04", + "20.04" + ] + }, + { + "operatingsystem": "Debian", + "operatingsystemrelease": [ + "10", + "11" + ] + }, + { + "operatingsystem": "Solaris", + "operatingsystemrelease": [ + "10", + "11" + ] + }, + { + "operatingsystem": "Windows", + "operatingsystemrelease": [ + "2016" + ] + }, + { + "operatingsystem": "AIX", + "operatingsystemrelease": [ + "7.1" + ] + }, + { + "operatingsystem": "Archlinux" + }, + { + "operatingsystem": "Darwin", + "operatingsystemrelease": [ + "19" + ] + }, + { + "operatingsystem": "VirtuozzoLinux", + "operatingsystemrelease": [ + "7" + ] + } + ], + "requirements": [ + { + "name": "puppet", + "version_requirement": ">= 6.1.0 < 8.0.0" + } + ], + "name": "puppet-archive", + "version": "6.0.2", + "source": "https://github.com/voxpupuli/puppet-archive", + "author": "Vox Pupuli", + "license": "Apache-2.0", + "summary": "Compressed archive file download and extraction with native types/providers for Windows and Unix", + "description": "The archive module provides native puppet resources for managing compressed file download and extraction with optional checksum verification and cleanup.", + "project_page": "https://github.com/voxpupuli/puppet-archive", + "issues_url": "https://github.com/voxpupuli/puppet-archive/issues", + "dependencies": [ + { + "name": "puppetlabs/stdlib", + "version_requirement": ">= 4.18.0 < 9.0.0" + } + ] +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/.github/workflows/auto_release.yml Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,84 @@ +name: "Auto release" + +on: + workflow_dispatch: + +env: + HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 + HONEYCOMB_DATASET: litmus tests + CHANGELOG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + +jobs: + auto_release: + name: "Automatic release prep" + runs-on: ubuntu-20.04 + + steps: + - name: "Honeycomb: Start recording" + uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + + - name: "Honeycomb: start first step" + run: | + echo STEP_ID="auto-release" >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: "Checkout Source" + if: ${{ github.repository_owner == 'puppetlabs' }} + uses: actions/checkout@v2 + with: + fetch-depth: 0 + persist-credentials: false + + - name: "PDK Release prep" + uses: docker://puppet/iac_release:ci + with: + args: 'release prep --force' + env: + CHANGELOG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: "Get Version" + if: ${{ github.repository_owner == 'puppetlabs' }} + id: gv + run: | + echo "::set-output name=ver::$(jq --raw-output .version metadata.json)" + + - name: "Commit changes" + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + git config --local user.email "${{ github.repository_owner }}@users.noreply.github.com" + git config --local user.name "GitHub Action" + git add . + git commit -m "Release prep v${{ steps.gv.outputs.ver }}" + + - name: Create Pull Request + id: cpr + uses: puppetlabs/peter-evans-create-pull-request@v3 + if: ${{ github.repository_owner == 'puppetlabs' }} + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: "Release prep v${{ steps.gv.outputs.ver }}" + branch: "release-prep" + delete-branch: true + title: "Release prep v${{ steps.gv.outputs.ver }}" + body: | + Automated release-prep through [pdk-templates](https://github.com/puppetlabs/pdk-templates/blob/main/moduleroot/.github/workflows/auto_release.yml.erb) from commit ${{ github.sha }}. + Please verify before merging: + - [ ] last [nightly](https://github.com/${{ github.repository }}/actions/workflows/nightly.yml) run is green + - [ ] [Changelog](https://github.com/${{ github.repository }}/blob/release-prep/CHANGELOG.md) is readable and has no unlabeled pull requests + - [ ] Ensure the [changelog](https://github.com/${{ github.repository }}/blob/release-prep/CHANGELOG.md) version and [metadata](https://github.com/${{ github.repository }}/blob/release-prep/metadata.json) version match + labels: "maintenance" + + - name: PR outputs + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" + echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" + + - name: "Honeycomb: Record finish step" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Finished auto release workflow'
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/.github/workflows/nightly.yml Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,204 @@ +name: "nightly" + +on: + schedule: + - cron: '0 0 * * *' + +env: + HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 + HONEYCOMB_DATASET: litmus tests + +jobs: + setup_matrix: + name: "Setup Test Matrix" + runs-on: ubuntu-20.04 + outputs: + matrix: ${{ steps.get-matrix.outputs.matrix }} + + steps: + - name: "Honeycomb: Start recording" + uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + + - name: "Honeycomb: Start first step" + run: | + echo STEP_ID=setup-environment >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Checkout Source + uses: actions/checkout@v2 + if: ${{ github.repository_owner == 'puppetlabs' }} + + - name: Activate Ruby 2.7 + uses: ruby/setup-ruby@v1 + if: ${{ github.repository_owner == 'puppetlabs' }} + with: + ruby-version: "2.7" + bundler-cache: true + + - name: Print bundle environment + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + echo ::group::bundler environment + buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env + echo ::endgroup:: + + - name: "Honeycomb: Record Setup Environment time" + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' + echo STEP_ID=Setup-Acceptance-Test-Matrix >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Setup Acceptance Test Matrix + id: get-matrix + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + if [ '${{ github.repository_owner }}' == 'puppetlabs' ]; then + buildevents cmd $TRACE_ID $STEP_ID matrix_from_metadata -- bundle exec matrix_from_metadata_v2 + else + echo "::set-output name=matrix::{}" + fi + + - name: "Honeycomb: Record Setup Test Matrix time" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Test Matrix' + + Acceptance: + name: "${{matrix.platforms.label}}, ${{matrix.collection}}" + needs: + - setup_matrix + + runs-on: ubuntu-20.04 + strategy: + fail-fast: false + matrix: ${{fromJson(needs.setup_matrix.outputs.matrix)}} + + env: + BUILDEVENT_FILE: '../buildevents.txt' + + steps: + - run: | + echo 'platform=${{ matrix.platforms.image }}' >> $BUILDEVENT_FILE + echo 'collection=${{ matrix.collection }}' >> $BUILDEVENT_FILE + echo 'label=${{ matrix.platforms.label }}' >> $BUILDEVENT_FILE + + + - name: "Honeycomb: Start recording" + uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + matrix-key: ${{ matrix.platforms.label }}-${{ matrix.collection }} + + - name: "Honeycomb: start first step" + run: | + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-1 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Checkout Source + uses: actions/checkout@v2 + + - name: Activate Ruby 2.7 + uses: ruby/setup-ruby@v1 + with: + ruby-version: "2.7" + bundler-cache: true + + - name: Print bundle environment + run: | + echo ::group::bundler environment + buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env + echo ::endgroup:: + + - name: "Honeycomb: Record Setup Environment time" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-2 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Provision test environment + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:provision ${{ matrix.platforms.image }}' -- bundle exec rake 'litmus:provision[${{matrix.platforms.provider}},${{ matrix.platforms.image }}]' + echo ::group::=== REQUEST === + cat request.json || true + echo + echo ::endgroup:: + echo ::group::=== INVENTORY === + if [ -f 'spec/fixtures/litmus_inventory.yaml' ]; + then + FILE='spec/fixtures/litmus_inventory.yaml' + elif [ -f 'inventory.yaml' ]; + then + FILE='inventory.yaml' + fi + sed -e 's/password: .*/password: "[redacted]"/' < $FILE || true + echo ::endgroup:: + + - name: Install agent + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_agent ${{ matrix.collection }}' -- bundle exec rake 'litmus:install_agent[${{ matrix.collection }}]' + + - name: Install module + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_module' -- bundle exec rake 'litmus:install_module' + + - name: "Honeycomb: Record deployment times" + if: ${{ always() }} + run: | + echo ::group::honeycomb step + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Deploy test system' + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-3 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + echo ::endgroup:: + + - name: Run acceptance tests + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:acceptance:parallel' -- bundle exec rake 'litmus:acceptance:parallel' + + - name: "Honeycomb: Record acceptance testing times" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Run acceptance tests' + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-4 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Remove test environment + if: ${{ always() }} + continue-on-error: true + run: | + if [[ -f inventory.yaml || -f spec/fixtures/litmus_inventory.yaml ]]; then + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:tear_down' -- bundle exec rake 'litmus:tear_down' + echo ::group::=== REQUEST === + cat request.json || true + echo + echo ::endgroup:: + fi + + - name: "Honeycomb: Record removal times" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Remove test environment' + + slack-workflow-status: + if: always() + name: Post Workflow Status To Slack + needs: + - Acceptance + runs-on: ubuntu-20.04 + steps: + - name: Slack Workflow Notification + uses: puppetlabs/Gamesight-slack-workflow-status@pdk-templates-v1 + with: + # Required Input + repo_token: ${{ secrets.GITHUB_TOKEN }} + slack_webhook_url: ${{ secrets.SLACK_WEBHOOK }} + # Optional Input + channel: '#team-ia-bots' + name: 'GABot'
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/.github/workflows/pr_test.yml Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,184 @@ +name: "PR Testing" + +on: [pull_request] + +env: + HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 + HONEYCOMB_DATASET: litmus tests + +jobs: + setup_matrix: + name: "Setup Test Matrix" + runs-on: ubuntu-20.04 + outputs: + matrix: ${{ steps.get-matrix.outputs.matrix }} + + steps: + - name: "Honeycomb: Start recording" + uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + + - name: "Honeycomb: Start first step" + run: | + echo STEP_ID=setup-environment >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Checkout Source + uses: actions/checkout@v2 + if: ${{ github.repository_owner == 'puppetlabs' }} + + - name: Activate Ruby 2.7 + uses: ruby/setup-ruby@v1 + if: ${{ github.repository_owner == 'puppetlabs' }} + with: + ruby-version: "2.7" + bundler-cache: true + + - name: Print bundle environment + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + echo ::group::bundler environment + buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env + echo ::endgroup:: + + - name: "Honeycomb: Record Setup Environment time" + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' + echo STEP_ID=Setup-Acceptance-Test-Matrix >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Setup Acceptance Test Matrix + id: get-matrix + run: | + if [ '${{ github.repository_owner }}' == 'puppetlabs' ]; then + buildevents cmd $TRACE_ID $STEP_ID matrix_from_metadata -- bundle exec matrix_from_metadata_v2 + else + echo "::set-output name=matrix::{}" + fi + + - name: "Honeycomb: Record Setup Test Matrix time" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Test Matrix' + + Acceptance: + name: "${{matrix.platforms.label}}, ${{matrix.collection}}" + needs: + - setup_matrix + if: ${{ needs.setup_matrix.outputs.matrix != '{}' }} + + runs-on: ubuntu-20.04 + strategy: + fail-fast: false + matrix: ${{fromJson(needs.setup_matrix.outputs.matrix)}} + + env: + BUILDEVENT_FILE: '../buildevents.txt' + + steps: + - run: | + echo 'platform=${{ matrix.platforms.image }}' >> $BUILDEVENT_FILE + echo 'collection=${{ matrix.collection }}' >> $BUILDEVENT_FILE + echo 'label=${{ matrix.platforms.label }}' >> $BUILDEVENT_FILE + + - name: "Honeycomb: Start recording" + uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + matrix-key: ${{ matrix.platforms.label }}-${{ matrix.collection }} + + - name: "Honeycomb: start first step" + run: | + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-1 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Checkout Source + uses: actions/checkout@v2 + + - name: Activate Ruby 2.7 + uses: ruby/setup-ruby@v1 + with: + ruby-version: "2.7" + bundler-cache: true + + - name: Print bundle environment + run: | + echo ::group::bundler environment + buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env + echo ::endgroup:: + + - name: "Honeycomb: Record Setup Environment time" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-2 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Provision test environment + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:provision ${{ matrix.platforms.image }}' -- bundle exec rake 'litmus:provision[${{matrix.platforms.provider}},${{ matrix.platforms.image }}]' + echo ::group::=== REQUEST === + cat request.json || true + echo + echo ::endgroup:: + echo ::group::=== INVENTORY === + if [ -f 'spec/fixtures/litmus_inventory.yaml' ]; + then + FILE='spec/fixtures/litmus_inventory.yaml' + elif [ -f 'inventory.yaml' ]; + then + FILE='inventory.yaml' + fi + sed -e 's/password: .*/password: "[redacted]"/' < $FILE || true + echo ::endgroup:: + + - name: Install agent + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_agent ${{ matrix.collection }}' -- bundle exec rake 'litmus:install_agent[${{ matrix.collection }}]' + + - name: Install module + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_module' -- bundle exec rake 'litmus:install_module' + + - name: "Honeycomb: Record deployment times" + if: ${{ always() }} + run: | + echo ::group::honeycomb step + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Deploy test system' + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-3 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + echo ::endgroup:: + + - name: Run acceptance tests + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:acceptance:parallel' -- bundle exec rake 'litmus:acceptance:parallel' + + - name: "Honeycomb: Record acceptance testing times" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Run acceptance tests' + echo STEP_ID=${{ matrix.platforms.image }}-${{ matrix.collection }}-4 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Remove test environment + if: ${{ always() }} + continue-on-error: true + run: | + if [[ -f inventory.yaml || -f spec/fixtures/litmus_inventory.yaml ]]; then + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:tear_down' -- bundle exec rake 'litmus:tear_down' + echo ::group::=== REQUEST === + cat request.json || true + echo + echo ::endgroup:: + fi + + - name: "Honeycomb: Record removal times" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Remove test environment'
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/.github/workflows/release.yml Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,47 @@ +name: "Publish module" + +on: + workflow_dispatch: + +jobs: + create-github-release: + name: Deploy GitHub Release + runs-on: ubuntu-20.04 + steps: + - name: Checkout code + uses: actions/checkout@v2 + with: + ref: ${{ github.ref }} + clean: true + fetch-depth: 0 + - name: Get Version + id: gv + run: | + echo "::set-output name=ver::$(jq --raw-output .version metadata.json)" + - name: Create Release + uses: actions/create-release@v1 + id: create_release + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: "v${{ steps.gv.outputs.ver }}" + draft: false + prerelease: false + + deploy-forge: + name: Deploy to Forge + runs-on: ubuntu-20.04 + steps: + - name: Checkout code + uses: actions/checkout@v2 + with: + ref: ${{ github.ref }} + clean: true + - name: "PDK Build" + uses: docker://puppet/pdk:nightly + with: + args: 'build' + - name: "Push to Forge" + uses: docker://puppet/pdk:nightly + with: + args: 'release publish --forge-token ${{ secrets.FORGE_API_KEY }} --force'
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/.github/workflows/spec.yml Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,129 @@ +name: "Spec Tests" + +on: + schedule: + - cron: '0 0 * * *' + workflow_dispatch: + pull_request: + +env: + HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 + HONEYCOMB_DATASET: litmus tests + +jobs: + setup_matrix: + name: "Setup Test Matrix" + runs-on: ubuntu-20.04 + outputs: + spec_matrix: ${{ steps.get-matrix.outputs.spec_matrix }} + + steps: + - name: "Honeycomb: Start recording" + uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + + - name: "Honeycomb: Start first step" + run: | + echo STEP_ID=setup-environment >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Checkout Source + uses: actions/checkout@v2 + if: ${{ github.repository_owner == 'puppetlabs' }} + + - name: Activate Ruby 2.7 + uses: ruby/setup-ruby@v1 + if: ${{ github.repository_owner == 'puppetlabs' }} + with: + ruby-version: "2.7" + bundler-cache: true + + - name: Print bundle environment + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + echo ::group::bundler environment + buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env + echo ::endgroup:: + + - name: "Honeycomb: Record Setup Environment time" + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment' + echo STEP_ID=Setup-Acceptance-Test-Matrix >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Setup Spec Test Matrix + id: get-matrix + run: | + if [ '${{ github.repository_owner }}' == 'puppetlabs' ]; then + buildevents cmd $TRACE_ID $STEP_ID matrix_from_metadata -- bundle exec matrix_from_metadata_v2 + else + echo "::set-output name=spec_matrix::{}" + fi + + - name: "Honeycomb: Record Setup Test Matrix time" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Test Matrix' + + Spec: + name: "Spec Tests (Puppet: ${{matrix.puppet_version}}, Ruby Ver: ${{matrix.ruby_version}})" + needs: + - setup_matrix + if: ${{ needs.setup_matrix.outputs.spec_matrix != '{}' }} + + runs-on: ubuntu-20.04 + strategy: + fail-fast: false + matrix: ${{fromJson(needs.setup_matrix.outputs.spec_matrix)}} + + env: + BUILDEVENT_FILE: '../buildevents.txt' + PUPPET_GEM_VERSION: ${{ matrix.puppet_version }} + FACTER_GEM_VERSION: 'https://github.com/puppetlabs/facter#main' + + steps: + - run: | + echo "SANITIZED_PUPPET_VERSION=$(echo '${{ matrix.puppet_version }}' | sed 's/~> //g')" >> $GITHUB_ENV + + - run: | + echo 'puppet_version=${{ env.SANITIZED_PUPPET_VERSION }}' >> $BUILDEVENT_FILE + + - name: "Honeycomb: Start first step" + run: | + echo "STEP_ID=${{ env.SANITIZED_PUPPET_VERSION }}-spec" >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: "Honeycomb: Start recording" + uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + matrix-key: ${{ env.SANITIZED_PUPPET_VERSION }} + + - name: Checkout Source + uses: actions/checkout@v2 + + - name: "Activate Ruby ${{ matrix.ruby_version }}" + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{matrix.ruby_version}} + bundler-cache: true + + - name: Print bundle environment + run: | + echo ::group::bundler environment + buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env + echo ::endgroup:: + + - name: Run Static & Syntax Tests + run: | + buildevents cmd $TRACE_ID $STEP_ID 'static_syntax_checks Puppet ${{ matrix.puppet_version }}, Ruby ${{ matrix.ruby_version }}' -- bundle exec rake syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop + + - name: Run parallel_spec tests + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake parallel_spec Puppet ${{ matrix.puppet_version }}, Ruby ${{ matrix.ruby_version }}' -- bundle exec rake parallel_spec
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/.gitpod.Dockerfile Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,18 @@ +FROM gitpod/workspace-full +RUN sudo wget https://apt.puppet.com/puppet-tools-release-bionic.deb && \ + wget https://apt.puppetlabs.com/puppet6-release-bionic.deb && \ + sudo dpkg -i puppet6-release-bionic.deb && \ + sudo dpkg -i puppet-tools-release-bionic.deb && \ + sudo apt-get update && \ + sudo apt-get install -y pdk zsh puppet-agent && \ + sudo apt-get clean && \ + sudo rm -rf /var/lib/apt/lists/* +RUN sudo usermod -s $(which zsh) gitpod && \ + sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" && \ + echo "plugins=(git gitignore github gem pip bundler python ruby docker docker-compose)" >> /home/gitpod/.zshrc && \ + echo 'PATH="$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/opt/puppetlabs/bin:/opt/puppetlabs/puppet/bin"' >> /home/gitpod/.zshrc && \ + sudo /opt/puppetlabs/puppet/bin/gem install puppet-debugger hub -N && \ + mkdir -p /home/gitpod/.config/puppet && \ + /opt/puppetlabs/puppet/bin/ruby -r yaml -e "puts ({'disabled' => true}).to_yaml" > /home/gitpod/.config/puppet/analytics.yml +RUN rm -f puppet6-release-bionic.deb puppet-tools-release-bionic.deb +ENTRYPOINT /usr/bin/zsh
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/.gitpod.yml Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,9 @@ +image: + file: .gitpod.Dockerfile + +tasks: + - init: pdk bundle install + +vscode: + extensions: + - puppet.puppet-vscode@1.2.0:f5iEPbmOj6FoFTOV6q8LTg==
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/CHANGELOG.md Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,502 @@ +# Change log + +All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). + +## [v5.2.0](https://github.com/puppetlabs/puppetlabs-inifile/tree/v5.2.0) (2021-08-25) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-inifile/compare/v5.1.0...v5.2.0) + +### Added + +- pdksync - \(IAC-1709\) - Add Support for Debian 11 [\#458](https://github.com/puppetlabs/puppetlabs-inifile/pull/458) ([david22swan](https://github.com/david22swan)) + +### Fixed + +- \(IAC-1741\) Allow stdlib v8.0.0 [\#459](https://github.com/puppetlabs/puppetlabs-inifile/pull/459) ([david22swan](https://github.com/david22swan)) + +## [v5.1.0](https://github.com/puppetlabs/puppetlabs-inifile/tree/v5.1.0) (2021-06-28) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-inifile/compare/v5.0.1...v5.1.0) + +### Added + +- Accept Datatype Sensitive [\#454](https://github.com/puppetlabs/puppetlabs-inifile/pull/454) ([cocker-cc](https://github.com/cocker-cc)) + +## [v5.0.1](https://github.com/puppetlabs/puppetlabs-inifile/tree/v5.0.1) (2021-03-29) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-inifile/compare/v5.0.0...v5.0.1) + +### Fixed + +- \(IAC-149\) - Removal of Unsupported Translate Module [\#442](https://github.com/puppetlabs/puppetlabs-inifile/pull/442) ([david22swan](https://github.com/david22swan)) + +## [v5.0.0](https://github.com/puppetlabs/puppetlabs-inifile/tree/v5.0.0) (2021-03-02) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-inifile/compare/v4.4.0...v5.0.0) + +### Changed + +- pdksync - Remove Puppet 5 from testing and bump minimal version to 6.0.0 [\#432](https://github.com/puppetlabs/puppetlabs-inifile/pull/432) ([carabasdaniel](https://github.com/carabasdaniel)) + +## [v4.4.0](https://github.com/puppetlabs/puppetlabs-inifile/tree/v4.4.0) (2020-12-08) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-inifile/compare/v4.3.1...v4.4.0) + +### Added + +- \(feat\) - Add Puppet 7 support [\#422](https://github.com/puppetlabs/puppetlabs-inifile/pull/422) ([daianamezdrea](https://github.com/daianamezdrea)) + +## [v4.3.1](https://github.com/puppetlabs/puppetlabs-inifile/tree/v4.3.1) (2020-11-09) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-inifile/compare/v4.3.0...v4.3.1) + +### Fixed + +- \(IAC-992\) - Removal of inappropriate terminology [\#415](https://github.com/puppetlabs/puppetlabs-inifile/pull/415) ([david22swan](https://github.com/david22swan)) + +## [v4.3.0](https://github.com/puppetlabs/puppetlabs-inifile/tree/v4.3.0) (2020-09-10) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-inifile/compare/v4.2.0...v4.3.0) + +### Added + +- pdksync - \(IAC-973\) - Update travis/appveyor to run on new default branch `main` [\#407](https://github.com/puppetlabs/puppetlabs-inifile/pull/407) ([david22swan](https://github.com/david22swan)) +- Add delete\_if\_empty parameter to the ini\_subsetting type/provider [\#405](https://github.com/puppetlabs/puppetlabs-inifile/pull/405) ([mmarod](https://github.com/mmarod)) +- \(IAC-746\) - Add ubuntu 20.04 support [\#396](https://github.com/puppetlabs/puppetlabs-inifile/pull/396) ([david22swan](https://github.com/david22swan)) + +## [v4.2.0](https://github.com/puppetlabs/puppetlabs-inifile/tree/v4.2.0) (2020-04-27) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-inifile/compare/v4.1.0...v4.2.0) + +### Added + +- Finish API conversion of `create_ini_settings` [\#387](https://github.com/puppetlabs/puppetlabs-inifile/pull/387) ([alexjfisher](https://github.com/alexjfisher)) + +## [v4.1.0](https://github.com/puppetlabs/puppetlabs-inifile/tree/v4.1.0) (2020-01-15) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-inifile/compare/v4.0.0...v4.1.0) + +### Added + +- pdksync - \(FM-8581\) - Debian 10 added to travis and provision file refactored [\#374](https://github.com/puppetlabs/puppetlabs-inifile/pull/374) ([david22swan](https://github.com/david22swan)) +- Puppet 4 functions [\#373](https://github.com/puppetlabs/puppetlabs-inifile/pull/373) ([binford2k](https://github.com/binford2k)) +- pdksync - "MODULES-10242 Add ubuntu14 support back to the modules" [\#368](https://github.com/puppetlabs/puppetlabs-inifile/pull/368) ([sheenaajay](https://github.com/sheenaajay)) +- \(FM-8689\) - Addition of Support for CentOS 8 [\#366](https://github.com/puppetlabs/puppetlabs-inifile/pull/366) ([david22swan](https://github.com/david22swan)) + +## [v4.0.0](https://github.com/puppetlabs/puppetlabs-inifile/tree/v4.0.0) (2019-11-11) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-inifile/compare/v3.1.0...v4.0.0) + +### Changed + +- pdksync - FM-8499 - remove ubuntu14 support [\#363](https://github.com/puppetlabs/puppetlabs-inifile/pull/363) ([lionce](https://github.com/lionce)) + +### Added + +- FM-8402 add debian 10 support [\#352](https://github.com/puppetlabs/puppetlabs-inifile/pull/352) ([lionce](https://github.com/lionce)) + +## [v3.1.0](https://github.com/puppetlabs/puppetlabs-inifile/tree/v3.1.0) (2019-07-31) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-inifile/compare/v3.0.0...v3.1.0) + +### Added + +- FM-8222 - Port Module inifile to Litmus [\#344](https://github.com/puppetlabs/puppetlabs-inifile/pull/344) ([lionce](https://github.com/lionce)) +- \(FM-8154\) Add Windows Server 2019 support [\#340](https://github.com/puppetlabs/puppetlabs-inifile/pull/340) ([eimlav](https://github.com/eimlav)) +- \(FM-8041\) Add RedHat 8 support [\#339](https://github.com/puppetlabs/puppetlabs-inifile/pull/339) ([eimlav](https://github.com/eimlav)) + +## [v3.0.0](https://github.com/puppetlabs/puppetlabs-inifile/tree/v3.0.0) (2019-04-22) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-inifile/compare/2.5.0...v3.0.0) + +### Changed + +- pdksync - \(MODULES-8444\) - Raise lower Puppet bound [\#335](https://github.com/puppetlabs/puppetlabs-inifile/pull/335) ([david22swan](https://github.com/david22swan)) + +### Fixed + +- FM-7779 - Cleanup Inifile [\#328](https://github.com/puppetlabs/puppetlabs-inifile/pull/328) ([lionce](https://github.com/lionce)) + +## [2.5.0](https://github.com/puppetlabs/puppetlabs-inifile/tree/2.5.0) (2018-12-28) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-inifile/compare/2.4.0...2.5.0) + +### Added + +- \(MODULES-8142\) - Addition of support for SLES 15 [\#315](https://github.com/puppetlabs/puppetlabs-inifile/pull/315) ([david22swan](https://github.com/david22swan)) +- \(MODULES-7560\) - removed spaces from the beginning or from the end of the value [\#311](https://github.com/puppetlabs/puppetlabs-inifile/pull/311) ([lionce](https://github.com/lionce)) + +### Fixed + +- pdksync - \(FM-7655\) Fix rubygems-update for ruby \< 2.3 [\#320](https://github.com/puppetlabs/puppetlabs-inifile/pull/320) ([tphoney](https://github.com/tphoney)) +- \(MODULES-6714\) - inifile: ensure absent not working with refreshonly = true [\#313](https://github.com/puppetlabs/puppetlabs-inifile/pull/313) ([Lavinia-Dan](https://github.com/Lavinia-Dan)) +- \(FM-7483\) - update module to the latest version [\#310](https://github.com/puppetlabs/puppetlabs-inifile/pull/310) ([lionce](https://github.com/lionce)) +- \(FM-7331\)-Fix japanese test [\#308](https://github.com/puppetlabs/puppetlabs-inifile/pull/308) ([lionce](https://github.com/lionce)) + +## [2.4.0](https://github.com/puppetlabs/puppetlabs-inifile/tree/2.4.0) (2018-09-27) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-inifile/compare/2.3.0...2.4.0) + +### Added + +- pdksync - \(FM-7392\) - Puppet 6 Testing Changes [\#300](https://github.com/puppetlabs/puppetlabs-inifile/pull/300) ([pmcmaw](https://github.com/pmcmaw)) +- pdksync - \(MODULES-7658\) use beaker4 in puppet-module-gems [\#296](https://github.com/puppetlabs/puppetlabs-inifile/pull/296) ([tphoney](https://github.com/tphoney)) +- \(MODULES-7552\) - Addition of support for Ubuntu 18.04 to inifile [\#292](https://github.com/puppetlabs/puppetlabs-inifile/pull/292) ([david22swan](https://github.com/david22swan)) + +### Fixed + +- \(MODULES-7625\) - Update README Limitations section [\#293](https://github.com/puppetlabs/puppetlabs-inifile/pull/293) ([eimlav](https://github.com/eimlav)) + +## 2.3.0 +### Summary +This release uses the PDK convert functionality which in return makes the module PDK compliant. It also includes a feature for `force_new_section_creation` and a roll up of maintenance changes. + +### Added +- Added `force_new_section_creation` parameter. +- PDK convert and update to use pdk 1.5.0 (MODULES-6326). + +### Removed +- Support for Scientific Linux 5 +- Support for Debian 7 + +## Supported Release [2.2.2] +### Summary +This is a bug fix release that corrects type autoloading. + +### Fixed +- Correct type autoload ([FM-6932](https://tickets.puppet.com/browse/FM-6932)). + +## Supported Release [2.2.1] +### Summary +This is a bug fix release for a problem with managing existing lines in Puppet > 5.4.0 + +### Fixed +- issue with ini_setting's :refreshonly parameter validation ([MODULES-6687](https://tickets.puppet.com/browse/MODULES-6687)) + +## Supported Release [2.2.0] +### Summary +This release uses the PDK convert functionality which in return makes the module PDK compliant. It also includes a roll up of maintenance changes. + +### Added +- PDK convert inifile ([MODULES-6453](https://tickets.puppet.com/browse/MODULES-6453)). +- Modulesync updates. + +### Fixed +- Changes to address additional Rubocop failures. +- Addressing puppet-lint doc warnings. + +### Removed +- `gem update bundler` command in .travis.yml due to ([MODULES-6339](https://tickets.puppet.com/browse/MODULES-6339)). + +## Supported Release 2.1.1 +### Summary +This release is in order to implement Rubocop within the module and includes a wide array of formatting changes throughout the code and the enabling of rubocop checks to be run against all pull requests against the module. + +### Changed +- Rubocop checks will now be run against any PRs made towards the module. +- The module has undergone a substantial reformatting in order to comply with the designated standards. + +## Supported Release 2.1.0 +### Summary +This is a clean release prior to the implementation of rubocop within the module. + +### Added +- Several Modulesync updates have been made. +- Indent Character can now be set. +- Support for Debian 9 has been added. + +### Removed +- Support for Ubuntu 1004 and 1204 has been removed. +- Support for SLES 10 SP4 has been removed. +- Support for Debian 6 has been removed. +- Support for Solaris 12 has been removed. +- Support for Windows Server 2003 R2 has been removed. + +## Supported Release 2.0.0 +### Summary +This is a major release that includes a few bugfixes as well as some general module updates. + +**This release drops Puppet 3 support** + +### Changed +- Moved lower Puppet version requirement to 4.7.0, MODULES-4830 + +### Fixed +- Fix path validation on windows MODULES-4170 +- Fix headings in README +- Fix for mimicking commented settings MODULES-4932 +- Fix for Backwards compatible ini_file.set_value MODULES-5172 + +## Supported Release 1.6.0 +### Summary +This release expands functionality around sub-settings and adds the `refreshonly` parameter so the user can specify whether a resource should or should not respond to a refresh event. + +### Features +- `refreshonly` decide whether or not a value should be updated as part of a refresh +- `insert_type` choose where the sub-setting is placed in the final string +- `subsetting_key_val_separator` specify a key/value separator for sub-settings + +### Bugfixes +- MODULES-3145 Cast values to strings before passing to provider + + +## Supported Release 1.5.0 +### Summary +This release adds the long-awaited `show_diff` parameter for diffing the complete file on changes (or can also just show the md5 sums). + +### Features +- Added `show_diff` parameter to show diffs on changes. +- Remove empty ini sections when the last line in the section is removed. + +### Bugfixes +- Workaround `create_ini_settings()` duplicate resources puppet bug PUP-4709 + +## Supported Release 1.4.3 +###Summary + +Small release for support of newer PE versions. This increments the version of PE in the metadata.json file. + +## 2015-09-01 - Supported Release 1.4.2 +### Summary +This release adds some bugfixes. + +####Bugfixes +- MODULES-2212 Add use_exact_match parameter for subsettings +- MODULES-1908 Munge the setting to ensure we always strip the whitespace +- MODULES-2369 Support a space as a key_val_separator + +## 2015-07-15 - Supported Release 1.4.1 +### Summary +This release bumps the metadata for PE up. + +##2015-07-07 - Supported Releases 1.4.0 +###Summary + +This is primarily a release which includes acceptance tests updates, but also includes some minor bug fixes and improvements + +####Features +- Solaris 12 Support +- Acceptance testing improvements + +####Bugfixes +- MODULES-1599 Match only on space and tab whitespace after k/v separator + +##2015-06-09 - Supported Releases 1.3.0 +###Summary + +This is primarily a feature release, but also includes test fixes, documentation updates and synchronization of files with modulesync. + +####Features +- Synchronized files using modulesync +- Improved documentation +- Allow changing key value separator beyond indentation +- Adding the ability to change regex match for $section in inifile + +####Bugfixes +- pin beaker-rspec for windows testing +- pin rspec gems for testing +- Adds default values for section +- Fixed names containing spaces + +##2014-11-11 - Supported Releases 1.2.0 +###Summary + +This is primarily a bugfix release, but also includes documentation updates and synchronization of files with modulesync. + +####Features +- Synchronized files using modulesync +- Improved documentation with a warning about old, manually installed inifile with PE3.3+ + +####Bugfixes +- Fix issue where single character settings were not being saved + +##2014-09-30 - Supported Releases 1.1.4 +###Summary + +This release includes documentation and test updates. + +##2014-07-15 - Supported Release 1.1.3 +###Summary + +This release merely updates metadata.json so the module can be uninstalled and +upgraded via the puppet module command. + +##2014-07-10 - Supported Release 1.1.2 +###Summary + +This is a re-packaging release. + +##2014-07-07 - Release 1.1.1 +###Summary + +This supported bugfix release corrects the inifile section header detection +regex (so you can use more characters in your section titles). + +####Bugfixes +- Correct section regex to allow anything other than ] +- Correct `exists?` to return a boolean +- Lots of test updates +- Add missing CONTRIBUTING.md + +##2014-06-04 - Release 1.1.0 +###Summary + +This is a compatibility and feature release. This release adds one new +feature, the ability to control the quote character used. This allows you to +do things like: + +``` +ini_subsetting { '-Xms': + ensure => present, + path => '/some/config/file', + section => '', + setting => 'JAVA_ARGS', + quote_char => '"', + subsetting => '-Xms' + value => '256m', + } +``` + +Which builds: + +``` +JAVA_ARGS="-Xmx256m -Xms256m" +``` + +####Features +- Add quote_char parameter to the ini_subsetting resource type + +####Bugfixes + +####Known Bugs +* No known bugs + +##2014-03-04 - Supported Release 1.0.3 +###Summary + +This is a supported release. It has only test changes. + +####Features + +####Bugfixes + +####Known Bugs +* No known bugs + + +##2014-02-26 - Version 1.0.2 +###Summary +This release adds supported platforms to metadata.json and contains spec fixes + + +##2014-02-12 - Version 1.0.1 +###Summary +This release is a bugfix for handling whitespace/[]'s better, and adding a +bunch of tests. + +####Bugfixes +- Handle whitespace in sections +- Handle square brances in values +- Add metadata.json +- Update some travis testing +- Tons of beaker-rspec tests + + +##2013-07-16 - Version 1.0.0 +####Features +- Handle empty values. +- Handle whitespace in settings names (aka: server role = something) +- Add mechanism for allowing ini_setting subclasses to override the +formation of the namevar during .instances, to allow for ini_setting +derived types that manage flat ini-file-like files and still purge +them. + +--- +##2013-05-28 - Chris Price <chris@puppetlabs.com> - 0.10.3 + * Fix bug in subsetting handling for new settings (cbea5dc) + +##2013-05-22 - Chris Price <chris@puppetlabs.com> - 0.10.2 + * Better handling of quotes for subsettings (1aa7e60) + +##2013-05-21 - Chris Price <chris@puppetlabs.com> - 0.10.1 + * Change constants to class variables to avoid ruby warnings (6b19864) + +##2013-04-10 - Erik Dalén <dalen@spotify.com> - 0.10.1 + * Style fixes (c4af8c3) + +##2013-04-02 - Dan Bode <dan@puppetlabs.com> - 0.10.1 + * Add travisfile and Gemfile (c2052b3) + +##2013-04-02 - Chris Price <chris@puppetlabs.com> - 0.10.1 + * Update README.markdown (ad38a08) + +##2013-02-15 - Karel Brezina <karel.brezina@gmail.com> - 0.10.0 + * Added 'ini_subsetting' custom resource type (4351d8b) + +##2013-03-11 - Dan Bode <dan@puppetlabs.com> - 0.10.0 + * guard against nil indentation values (5f71d7f) + +##2013-01-07 - Dan Bode <dan@puppetlabs.com> - 0.10.0 + * Add purging support to ini file (2f22483) + +##2013-02-05 - James Sweeny <james.sweeny@puppetlabs.com> - 0.10.0 + * Fix test to use correct key_val_parameter (b1aff63) + +##2012-11-06 - Chris Price <chris@puppetlabs.com> - 0.10.0 + * Added license file w/Apache 2.0 license (5e1d203) + +##2012-11-02 - Chris Price <chris@puppetlabs.com> - 0.9.0 + * Version 0.9.0 released + +##2012-10-26 - Chris Price <chris@puppetlabs.com> - 0.9.0 + * Add detection for commented versions of settings (a45ab65) + +##2012-10-20 - Chris Price <chris@puppetlabs.com> - 0.9.0 + * Refactor to clarify implementation of `save` (f0d443f) + +##2012-10-20 - Chris Price <chris@puppetlabs.com> - 0.9.0 + * Add example for `ensure=absent` (e517148) + +##2012-10-20 - Chris Price <chris@puppetlabs.com> - 0.9.0 + * Better handling of whitespace lines at ends of sections (845fa70) + +##2012-10-20 - Chris Price <chris@puppetlabs.com> - 0.9.0 + * Respect indentation / spacing for existing sections and settings (c2c26de) + +##2012-10-17 - Chris Price <chris@puppetlabs.com> - 0.9.0 + * Minor tweaks to handling of removing settings (cda30a6) + +##2012-10-10 - Dan Bode <dan@puppetlabs.com> - 0.9.0 + * Add support for removing lines (1106d70) + +##2012-10-02 - Dan Bode <dan@puppetlabs.com> - 0.9.0 + * Make value a property (cbc90d3) + +##2012-10-02 - Dan Bode <dan@puppetlabs.com> - 0.9.0 + * Make ruby provider a better parent. (1564c47) + +##2012-09-29 - Reid Vandewiele <reid@puppetlabs.com> - 0.9.0 + * Allow values with spaces to be parsed and set (3829e20) + +##2012-09-24 - Chris Price <chris@pupppetlabs.com> - 0.0.3 + * Version 0.0.3 released + +##2012-09-20 - Chris Price <chris@puppetlabs.com> - 0.0.3 + * Add validation for key_val_separator (e527908) + +##2012-09-19 - Chris Price <chris@puppetlabs.com> - 0.0.3 + * Allow overriding separator string between key/val pairs (8d1fdc5) + +##2012-08-20 - Chris Price <chris@pupppetlabs.com> - 0.0.2 + * Version 0.0.2 released + +##2012-08-17 - Chris Price <chris@pupppetlabs.com> - 0.0.2 + * Add support for "global" section at beginning of file (c57dab4) + +[2.3.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/2.2.2...2.3.0 +[2.2.2]:https://github.com/puppetlabs/puppetlabs-apt/compare/2.2.1...2.2.2 +[2.2.1]:https://github.com/puppetlabs/puppetlabs-apt/compare/2.2.0...2.2.1 +[2.2.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/2.1.1...2.2.0 + + +\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/CODEOWNERS Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,2 @@ +# Setting ownership to the modules team +* @puppetlabs/modules
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/CONTRIBUTING.md Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,3 @@ +# Contributing to Puppet modules + +Check out our [Contributing to Supported Modules Blog Post](https://puppetlabs.github.io/iac/docs/contributing_to_a_module.html) to find all the information that you will need.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/HISTORY.md Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,350 @@ +## 2.3.0 +### Summary +This release uses the PDK convert functionality which in return makes the module PDK compliant. It also includes a feature for `force_new_section_creation` and a roll up of maintenance changes. + +### Added +- Added `force_new_section_creation` parameter. +- PDK convert and update to use pdk 1.5.0 (MODULES-6326). + +### Removed +- Support for Scientific Linux 5 +- Support for Debian 7 + +## Supported Release [2.2.2] +### Summary +This is a bug fix release that corrects type autoloading. + +### Fixed +- Correct type autoload ([FM-6932](https://tickets.puppet.com/browse/FM-6932)). + +## Supported Release [2.2.1] +### Summary +This is a bug fix release for a problem with managing existing lines in Puppet > 5.4.0 + +### Fixed +- issue with ini_setting's :refreshonly parameter validation ([MODULES-6687](https://tickets.puppet.com/browse/MODULES-6687)) + +## Supported Release [2.2.0] +### Summary +This release uses the PDK convert functionality which in return makes the module PDK compliant. It also includes a roll up of maintenance changes. + +### Added +- PDK convert inifile ([MODULES-6453](https://tickets.puppet.com/browse/MODULES-6453)). +- Modulesync updates. + +### Fixed +- Changes to address additional Rubocop failures. +- Addressing puppet-lint doc warnings. + +### Removed +- `gem update bundler` command in .travis.yml due to ([MODULES-6339](https://tickets.puppet.com/browse/MODULES-6339)). + +## Supported Release 2.1.1 +### Summary +This release is in order to implement Rubocop within the module and includes a wide array of formatting changes throughout the code and the enabling of rubocop checks to be run against all pull requests against the module. + +### Changed +- Rubocop checks will now be run against any PRs made towards the module. +- The module has undergone a substantial reformatting in order to comply with the designated standards. + +## Supported Release 2.1.0 +### Summary +This is a clean release prior to the implementation of rubocop within the module. + +### Added +- Several Modulesync updates have been made. +- Indent Character can now be set. +- Support for Debian 9 has been added. + +### Removed +- Support for Ubuntu 1004 and 1204 has been removed. +- Support for SLES 10 SP4 has been removed. +- Support for Debian 6 has been removed. +- Support for Solaris 12 has been removed. +- Support for Windows Server 2003 R2 has been removed. + +## Supported Release 2.0.0 +### Summary +This is a major release that includes a few bugfixes as well as some general module updates. + +**This release drops Puppet 3 support** + +### Changed +- Moved lower Puppet version requirement to 4.7.0, MODULES-4830 + +### Fixed +- Fix path validation on windows MODULES-4170 +- Fix headings in README +- Fix for mimicking commented settings MODULES-4932 +- Fix for Backwards compatible ini_file.set_value MODULES-5172 + +## Supported Release 1.6.0 +### Summary +This release expands functionality around sub-settings and adds the `refreshonly` parameter so the user can specify whether a resource should or should not respond to a refresh event. + +### Features +- `refreshonly` decide whether or not a value should be updated as part of a refresh +- `insert_type` choose where the sub-setting is placed in the final string +- `subsetting_key_val_separator` specify a key/value separator for sub-settings + +### Bugfixes +- MODULES-3145 Cast values to strings before passing to provider + + +## Supported Release 1.5.0 +### Summary +This release adds the long-awaited `show_diff` parameter for diffing the complete file on changes (or can also just show the md5 sums). + +### Features +- Added `show_diff` parameter to show diffs on changes. +- Remove empty ini sections when the last line in the section is removed. + +### Bugfixes +- Workaround `create_ini_settings()` duplicate resources puppet bug PUP-4709 + +## Supported Release 1.4.3 +###Summary + +Small release for support of newer PE versions. This increments the version of PE in the metadata.json file. + +## 2015-09-01 - Supported Release 1.4.2 +### Summary +This release adds some bugfixes. + +####Bugfixes +- MODULES-2212 Add use_exact_match parameter for subsettings +- MODULES-1908 Munge the setting to ensure we always strip the whitespace +- MODULES-2369 Support a space as a key_val_separator + +## 2015-07-15 - Supported Release 1.4.1 +### Summary +This release bumps the metadata for PE up. + +##2015-07-07 - Supported Releases 1.4.0 +###Summary + +This is primarily a release which includes acceptance tests updates, but also includes some minor bug fixes and improvements + +####Features +- Solaris 12 Support +- Acceptance testing improvements + +####Bugfixes +- MODULES-1599 Match only on space and tab whitespace after k/v separator + +##2015-06-09 - Supported Releases 1.3.0 +###Summary + +This is primarily a feature release, but also includes test fixes, documentation updates and synchronization of files with modulesync. + +####Features +- Synchronized files using modulesync +- Improved documentation +- Allow changing key value separator beyond indentation +- Adding the ability to change regex match for $section in inifile + +####Bugfixes +- pin beaker-rspec for windows testing +- pin rspec gems for testing +- Adds default values for section +- Fixed names containing spaces + +##2014-11-11 - Supported Releases 1.2.0 +###Summary + +This is primarily a bugfix release, but also includes documentation updates and synchronization of files with modulesync. + +####Features +- Synchronized files using modulesync +- Improved documentation with a warning about old, manually installed inifile with PE3.3+ + +####Bugfixes +- Fix issue where single character settings were not being saved + +##2014-09-30 - Supported Releases 1.1.4 +###Summary + +This release includes documentation and test updates. + +##2014-07-15 - Supported Release 1.1.3 +###Summary + +This release merely updates metadata.json so the module can be uninstalled and +upgraded via the puppet module command. + +##2014-07-10 - Supported Release 1.1.2 +###Summary + +This is a re-packaging release. + +##2014-07-07 - Release 1.1.1 +###Summary + +This supported bugfix release corrects the inifile section header detection +regex (so you can use more characters in your section titles). + +####Bugfixes +- Correct section regex to allow anything other than ] +- Correct `exists?` to return a boolean +- Lots of test updates +- Add missing CONTRIBUTING.md + +##2014-06-04 - Release 1.1.0 +###Summary + +This is a compatibility and feature release. This release adds one new +feature, the ability to control the quote character used. This allows you to +do things like: + +``` +ini_subsetting { '-Xms': + ensure => present, + path => '/some/config/file', + section => '', + setting => 'JAVA_ARGS', + quote_char => '"', + subsetting => '-Xms' + value => '256m', + } +``` + +Which builds: + +``` +JAVA_ARGS="-Xmx256m -Xms256m" +``` + +####Features +- Add quote_char parameter to the ini_subsetting resource type + +####Bugfixes + +####Known Bugs +* No known bugs + +##2014-03-04 - Supported Release 1.0.3 +###Summary + +This is a supported release. It has only test changes. + +####Features + +####Bugfixes + +####Known Bugs +* No known bugs + + +##2014-02-26 - Version 1.0.2 +###Summary +This release adds supported platforms to metadata.json and contains spec fixes + + +##2014-02-12 - Version 1.0.1 +###Summary +This release is a bugfix for handling whitespace/[]'s better, and adding a +bunch of tests. + +####Bugfixes +- Handle whitespace in sections +- Handle square brances in values +- Add metadata.json +- Update some travis testing +- Tons of beaker-rspec tests + + +##2013-07-16 - Version 1.0.0 +####Features +- Handle empty values. +- Handle whitespace in settings names (aka: server role = something) +- Add mechanism for allowing ini_setting subclasses to override the +formation of the namevar during .instances, to allow for ini_setting +derived types that manage flat ini-file-like files and still purge +them. + +--- +##2013-05-28 - Chris Price <chris@puppetlabs.com> - 0.10.3 + * Fix bug in subsetting handling for new settings (cbea5dc) + +##2013-05-22 - Chris Price <chris@puppetlabs.com> - 0.10.2 + * Better handling of quotes for subsettings (1aa7e60) + +##2013-05-21 - Chris Price <chris@puppetlabs.com> - 0.10.1 + * Change constants to class variables to avoid ruby warnings (6b19864) + +##2013-04-10 - Erik Dalén <dalen@spotify.com> - 0.10.1 + * Style fixes (c4af8c3) + +##2013-04-02 - Dan Bode <dan@puppetlabs.com> - 0.10.1 + * Add travisfile and Gemfile (c2052b3) + +##2013-04-02 - Chris Price <chris@puppetlabs.com> - 0.10.1 + * Update README.markdown (ad38a08) + +##2013-02-15 - Karel Brezina <karel.brezina@gmail.com> - 0.10.0 + * Added 'ini_subsetting' custom resource type (4351d8b) + +##2013-03-11 - Dan Bode <dan@puppetlabs.com> - 0.10.0 + * guard against nil indentation values (5f71d7f) + +##2013-01-07 - Dan Bode <dan@puppetlabs.com> - 0.10.0 + * Add purging support to ini file (2f22483) + +##2013-02-05 - James Sweeny <james.sweeny@puppetlabs.com> - 0.10.0 + * Fix test to use correct key_val_parameter (b1aff63) + +##2012-11-06 - Chris Price <chris@puppetlabs.com> - 0.10.0 + * Added license file w/Apache 2.0 license (5e1d203) + +##2012-11-02 - Chris Price <chris@puppetlabs.com> - 0.9.0 + * Version 0.9.0 released + +##2012-10-26 - Chris Price <chris@puppetlabs.com> - 0.9.0 + * Add detection for commented versions of settings (a45ab65) + +##2012-10-20 - Chris Price <chris@puppetlabs.com> - 0.9.0 + * Refactor to clarify implementation of `save` (f0d443f) + +##2012-10-20 - Chris Price <chris@puppetlabs.com> - 0.9.0 + * Add example for `ensure=absent` (e517148) + +##2012-10-20 - Chris Price <chris@puppetlabs.com> - 0.9.0 + * Better handling of whitespace lines at ends of sections (845fa70) + +##2012-10-20 - Chris Price <chris@puppetlabs.com> - 0.9.0 + * Respect indentation / spacing for existing sections and settings (c2c26de) + +##2012-10-17 - Chris Price <chris@puppetlabs.com> - 0.9.0 + * Minor tweaks to handling of removing settings (cda30a6) + +##2012-10-10 - Dan Bode <dan@puppetlabs.com> - 0.9.0 + * Add support for removing lines (1106d70) + +##2012-10-02 - Dan Bode <dan@puppetlabs.com> - 0.9.0 + * Make value a property (cbc90d3) + +##2012-10-02 - Dan Bode <dan@puppetlabs.com> - 0.9.0 + * Make ruby provider a better parent. (1564c47) + +##2012-09-29 - Reid Vandewiele <reid@puppetlabs.com> - 0.9.0 + * Allow values with spaces to be parsed and set (3829e20) + +##2012-09-24 - Chris Price <chris@pupppetlabs.com> - 0.0.3 + * Version 0.0.3 released + +##2012-09-20 - Chris Price <chris@puppetlabs.com> - 0.0.3 + * Add validation for key_val_separator (e527908) + +##2012-09-19 - Chris Price <chris@puppetlabs.com> - 0.0.3 + * Allow overriding separator string between key/val pairs (8d1fdc5) + +##2012-08-20 - Chris Price <chris@pupppetlabs.com> - 0.0.2 + * Version 0.0.2 released + +##2012-08-17 - Chris Price <chris@pupppetlabs.com> - 0.0.2 + * Add support for "global" section at beginning of file (c57dab4) + +[2.3.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/2.2.2...2.3.0 +[2.2.2]:https://github.com/puppetlabs/puppetlabs-apt/compare/2.2.1...2.2.2 +[2.2.1]:https://github.com/puppetlabs/puppetlabs-apt/compare/2.2.0...2.2.1 +[2.2.0]:https://github.com/puppetlabs/puppetlabs-apt/compare/2.1.1...2.2.0
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/LICENSE Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/NOTICE Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,19 @@ +inifile puppet module + +Copyright (C) 2012-2016 Puppet Labs, Inc. +Copyright (C) 2012 Chris Price + +Puppet Labs can be contacted at: info@puppetlabs.com + + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/README.md Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,315 @@ +# inifile + +[![Build Status](https://travis-ci.org/puppetlabs/puppetlabs-inifile.png?branch=main)](https://travis-ci.org/puppetlabs/puppetlabs-inifile) + +#### Table of Contents + +1. [Overview](#overview) +1. [Module Description - What the module does and why it is useful](#module-description) +1. [Setup - The basics of getting started with inifile module](#setup) +1. [Usage - Configuration options and additional functionality](#usage) +1. [Reference - An under-the-hood peek at what the module is doing and how](#reference) +1. [Limitations - OS compatibility, etc.](#limitations) +1. [Development - Guide for contributing to the module](#development) + +<a id="overview"></a> +## Overview + +The inifile module lets Puppet manage settings stored in INI-style configuration files. + +<a id="module-description"></a> +## Module Description + +Many applications use INI-style configuration files to store their settings. This module supplies two custom resource types to let you manage those settings through Puppet. + +<a id="setup"></a> +## Setup + +### Beginning with inifile + +To manage a single setting in an INI file, add the `ini_setting` type to a class: + +~~~puppet +ini_setting { "sample setting": + ensure => present, + path => '/tmp/foo.ini', + section => 'bar', + setting => 'baz', + value => 'quux', +} +~~~ + +<a id="usage"></a> +## Usage + + +The inifile module is used to: + + * Support comments starting with either '#' or ';'. + * Support either whitespace or no whitespace around '='. + * Add any missing sections to the INI file. + +It does not manipulate your file any more than it needs to. In most cases, it doesn't affect the original whitespace, comments, or ordering. See the common usages below for examples. + +### Manage multiple values in a setting + +Use the `ini_subsetting` type: + +~~~puppet +ini_subsetting {'sample subsetting': + ensure => present, + section => '', + key_val_separator => '=', + path => '/etc/default/pe-puppetdb', + setting => 'JAVA_ARGS', + subsetting => '-Xmx', + value => '512m', +} +~~~ + +Results in managing this `-Xmx` subsetting: + +~~~puppet +JAVA_ARGS="-Xmx512m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/pe-puppetdb/puppetdb-oom.hprof" +~~~ + + +### Use a non-standard section header + +~~~puppet +ini_setting { 'default minage': + ensure => present, + path => '/etc/security/users', + section => 'default', + setting => 'minage', + value => '1', + section_prefix => '', + section_suffix => ':', +} +~~~ + +Results in: + +~~~puppet +default: + minage = 1 +~~~ + +### Use a non-standard indent character + +To use a non-standard indent character or string for added settings, set the `indent_char` and the `indent_width` parameters. The `indent_width` parameter controls how many `indent_char` appear in the indent. + + +~~~puppet +ini_setting { 'procedure cache size': + ensure => present, + path => '/var/lib/ase/config/ASE-16_0/SYBASE.cfg', + section => 'SQL Server Administration', + setting => 'procedure cache size', + value => '15000', + indent_char => "\t", + indent_width => 2, +} +~~~ + +Results in: + +~~~puppet +[SQL Server Administration] + procedure cache size = 15000 +~~~ + +### Implement child providers + +You might want to create child providers that inherit the `ini_setting` provider for one of the following reasons: + + * To make a custom resource to manage an application that stores its settings in INI files, without recreating the code to manage the files themselves. + * To [purge all unmanaged settings](https://docs.puppetlabs.com/references/latest/type.html#resources-attribute-purge) from a managed INI file. + +To implement child providers, first specify a custom type. Have it implement a namevar called `name` and a property called `value`: + +~~~ruby +#my_module/lib/puppet/type/glance_api_config.rb +Puppet::Type.newtype(:glance_api_config) do + ensurable + newparam(:name, :namevar => true) do + desc 'Section/setting name to manage from glance-api.conf' + # namevar should be of the form section/setting + newvalues(/\S+\/\S+/) + end + newproperty(:value) do + desc 'The value of the setting to define' + munge do |v| + v.to_s.strip + end + end +end +~~~ + +Your type also needs a provider that uses the `ini_setting` provider as its parent: + +~~~ruby +# my_module/lib/puppet/provider/glance_api_config/ini_setting.rb +Puppet::Type.type(:glance_api_config).provide( + :ini_setting, + # set ini_setting as the parent provider + :parent => Puppet::Type.type(:ini_setting).provider(:ruby) +) do + # implement section as the first part of the namevar + def section + resource[:name].split('/', 2).first + end + def setting + # implement setting as the second part of the namevar + resource[:name].split('/', 2).last + end + # hard code the file path (this allows purging) + def self.file_path + '/etc/glance/glance-api.conf' + end +end +~~~ + +Now you can manage the settings in the `/etc/glance/glance-api.conf` file as individual resources: + +~~~puppet +glance_api_config { 'HEADER/important_config': + value => 'secret_value', +} +~~~ + +If you've implemented `self.file_path`, you can have Puppet purge the file of the all lines that aren't implemented as Puppet resources: + +~~~puppet +resources { 'glance_api_config': + purge => true, +} +~~~ + +### Manage multiple ini_settings + +To manage multiple `ini_settings`, use the [`inifile::create_ini_settings`](REFERENCE.md#inifilecreate_ini_settings) function. + +~~~puppet +$defaults = { 'path' => '/tmp/foo.ini' } +$example = { 'section1' => { 'setting1' => 'value1' } } +inifile::create_ini_settings($example, $defaults) +~~~ + +Results in: + +~~~puppet +ini_setting { '[section1] setting1': + ensure => present, + section => 'section1', + setting => 'setting1', + value => 'value1', + path => '/tmp/foo.ini', +} +~~~ + +To include special parameters, use the following code: + +~~~puppet +$defaults = { 'path' => '/tmp/foo.ini' } +$example = { + 'section1' => { + 'setting1' => 'value1', + 'settings2' => { + 'ensure' => 'absent' + } + } +} +inifile::create_ini_settings($example, $defaults) +~~~ + +Results in: + +~~~puppet +ini_setting { '[section1] setting1': + ensure => present, + section => 'section1', + setting => 'setting1', + value => 'value1', + path => '/tmp/foo.ini', +} +ini_setting { '[section1] setting2': + ensure => absent, + section => 'section1', + setting => 'setting2', + path => '/tmp/foo.ini', +} +~~~ + +#### Manage multiple ini_settings with Hiera + +For the profile `example`: + +~~~puppet +class profile::example ( + Hash $settings, +) { + $defaults = { 'path' => '/tmp/foo.ini' } + inifile::create_ini_settings($settings, $defaults) +} +~~~ + +Provide this in your Hiera data: + +~~~puppet +profile::example::settings: + section1: + setting1: value1 + setting2: value2 + setting3: + ensure: absent +~~~ + +Results in: + +~~~puppet +ini_setting { '[section1] setting1': + ensure => present, + section => 'section1', + setting => 'setting1', + value => 'value1', + path => '/tmp/foo.ini', +} +ini_setting { '[section1] setting2': + ensure => present, + section => 'section1', + setting => 'setting2', + value => 'value2', + path => '/tmp/foo.ini', +} +ini_setting { '[section1] setting3': + ensure => absent, + section => 'section1', + setting => 'setting3', + path => '/tmp/foo.ini', +} +~~~ + +<a id="reference"></a> +## Reference +See [REFERENCE.md](https://github.com/puppetlabs/puppetlabs-inifile/blob/main/REFERENCE.md) + +<a id="limitations"></a> +## Limitations + +For an extensive list of supported operating systems, see [metadata.json](https://github.com/puppetlabs/puppetlabs-inifile/blob/main/metadata.json) + +<a id="development"></a> +## Development + +We are experimenting with a new tool for running acceptance tests. It's name is [puppet_litmus](https://github.com/puppetlabs/puppet_litmus) this replaces beaker as the test runner. To run the acceptance tests follow the instructions [here](https://github.com/puppetlabs/puppet_litmus/wiki/Tutorial:-use-Litmus-to-execute-acceptance-tests-with-a-sample-module-(MoTD)#install-the-necessary-gems-for-the-module). + +Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can't access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve. + +We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. + +For more information, see our [module contribution guide.](https://puppet.com/docs/puppet/latest/contributing.html) + +### Contributors + +To see who's already involved, see the [list of contributors.](https://github.com/puppetlabs/puppetlabs-inifile/graphs/contributors)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/REFERENCE.md Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,313 @@ +# Reference + +<!-- DO NOT EDIT: This document was generated by Puppet Strings --> + +## Table of Contents + +### Resource types + +* [`ini_setting`](#ini_setting): ini_settings is used to manage a single setting in an INI file +* [`ini_subsetting`](#ini_subsetting): ini_subsettings is used to manage multiple values in a setting in an INI file + +### Functions + +* [`create_ini_settings`](#create_ini_settings): DEPRECATED. Use the namespaced function [`inifile::create_ini_settings`](#inifilecreate_ini_settings) instead. +* [`inifile::create_ini_settings`](#inifilecreate_ini_settings): This function is used to create a set of ini_setting resources from a hash + +## Resource types + +### <a name="ini_setting"></a>`ini_setting` + +ini_settings is used to manage a single setting in an INI file + +#### Properties + +The following properties are available in the `ini_setting` type. + +##### `ensure` + +Valid values: `present`, `absent` + +Ensurable method handles modeling creation. It creates an ensure property + +Default value: `present` + +##### `value` + +The value of the setting to be defined. + +#### Parameters + +The following parameters are available in the `ini_setting` type. + +* [`force_new_section_creation`](#force_new_section_creation) +* [`indent_char`](#indent_char) +* [`indent_width`](#indent_width) +* [`key_val_separator`](#key_val_separator) +* [`name`](#name) +* [`path`](#path) +* [`provider`](#provider) +* [`refreshonly`](#refreshonly) +* [`section`](#section) +* [`section_prefix`](#section_prefix) +* [`section_suffix`](#section_suffix) +* [`setting`](#setting) +* [`show_diff`](#show_diff) + +##### <a name="force_new_section_creation"></a>`force_new_section_creation` + +Valid values: ``true``, ``false``, `yes`, `no` + +Create setting only if the section exists + +Default value: ``true`` + +##### <a name="indent_char"></a>`indent_char` + +The character to indent new settings with. + +Default value: ` ` + +##### <a name="indent_width"></a>`indent_width` + +The number of indent_chars to use to indent a new setting. + +##### <a name="key_val_separator"></a>`key_val_separator` + +The separator string to use between each setting name and value. + +Default value: ` = ` + +##### <a name="name"></a>`name` + +namevar + +An arbitrary name used as the identity of the resource. + +##### <a name="path"></a>`path` + +The ini file Puppet will ensure contains the specified setting. + +##### <a name="provider"></a>`provider` + +The specific backend to use for this `ini_setting` resource. You will seldom need to specify this --- Puppet will +usually discover the appropriate provider for your platform. + +##### <a name="refreshonly"></a>`refreshonly` + +Valid values: ``true``, ``false``, `yes`, `no` + +A flag indicating whether or not the ini_setting should be updated only when called as part of a refresh event + +Default value: ``false`` + +##### <a name="section"></a>`section` + +The name of the section in the ini file in which the setting should be defined. + +Default value: `''` + +##### <a name="section_prefix"></a>`section_prefix` + +The prefix to the section name\'s header. + +Default value: `[` + +##### <a name="section_suffix"></a>`section_suffix` + +The suffix to the section name\'s header. + +Default value: `]` + +##### <a name="setting"></a>`setting` + +The name of the setting to be defined. + +##### <a name="show_diff"></a>`show_diff` + +Valid values: ``true``, `md5`, ``false`` + +Whether to display differences when the setting changes. + +Default value: ``true`` + +### <a name="ini_subsetting"></a>`ini_subsetting` + +ini_subsettings is used to manage multiple values in a setting in an INI file + +#### Properties + +The following properties are available in the `ini_subsetting` type. + +##### `ensure` + +Valid values: `present`, `absent` + +Ensurable method handles modeling creation. It creates an ensure property + +Default value: `present` + +##### `value` + +The value of the subsetting to be defined. + +#### Parameters + +The following parameters are available in the `ini_subsetting` type. + +* [`delete_if_empty`](#delete_if_empty) +* [`insert_type`](#insert_type) +* [`insert_value`](#insert_value) +* [`key_val_separator`](#key_val_separator) +* [`name`](#name) +* [`path`](#path) +* [`provider`](#provider) +* [`quote_char`](#quote_char) +* [`section`](#section) +* [`setting`](#setting) +* [`show_diff`](#show_diff) +* [`subsetting`](#subsetting) +* [`subsetting_key_val_separator`](#subsetting_key_val_separator) +* [`subsetting_separator`](#subsetting_separator) +* [`use_exact_match`](#use_exact_match) + +##### <a name="delete_if_empty"></a>`delete_if_empty` + +Valid values: ``true``, ``false`` + +Set to true to delete the parent setting when the subsetting is empty instead of writing an empty string + +Default value: ``false`` + +##### <a name="insert_type"></a>`insert_type` + +Valid values: `start`, `end`, `before`, `after`, `index` + +Where the new subsetting item should be inserted + +* :start - insert at the beginning of the line. +* :end - insert at the end of the line (default). +* :before - insert before the specified element if possible. +* :after - insert after the specified element if possible. +* :index - insert at the specified index number. + +Default value: `end` + +##### <a name="insert_value"></a>`insert_value` + +The value for the insert types which require one. + +##### <a name="key_val_separator"></a>`key_val_separator` + +The separator string to use between each setting name and value. + +Default value: ` = ` + +##### <a name="name"></a>`name` + +namevar + +An arbitrary name used as the identity of the resource. + +##### <a name="path"></a>`path` + +The ini file Puppet will ensure contains the specified setting. + +##### <a name="provider"></a>`provider` + +The specific backend to use for this `ini_subsetting` resource. You will seldom need to specify this --- Puppet will +usually discover the appropriate provider for your platform. + +##### <a name="quote_char"></a>`quote_char` + +The character used to quote the entire value of the setting. Valid values are '', '\"' and \"'\" + +Default value: `''` + +##### <a name="section"></a>`section` + +The name of the section in the ini file in which the setting should be defined. + +Default value: `''` + +##### <a name="setting"></a>`setting` + +The name of the setting to be defined. + +##### <a name="show_diff"></a>`show_diff` + +Valid values: ``true``, `md5`, ``false`` + +Whether to display differences when the setting changes. + +Default value: ``true`` + +##### <a name="subsetting"></a>`subsetting` + +The name of the subsetting to be defined. + +##### <a name="subsetting_key_val_separator"></a>`subsetting_key_val_separator` + +The separator string between the subsetting name and its value. Defaults to the empty string. + +Default value: `''` + +##### <a name="subsetting_separator"></a>`subsetting_separator` + +The separator string between subsettings. Defaults to the empty string. + +Default value: ` ` + +##### <a name="use_exact_match"></a>`use_exact_match` + +Valid values: ``true``, ``false`` + +Set to true if your subsettings don\'t have values and you want to use exact matches to determine if the subsetting +exists. + +Default value: ``false`` + +## Functions + +### <a name="create_ini_settings"></a>`create_ini_settings` + +Type: Ruby 4.x API + +DEPRECATED. Use the namespaced function [`inifile::create_ini_settings`](#inifilecreate_ini_settings) instead. + +#### `create_ini_settings(Any *$args)` + +The create_ini_settings function. + +Returns: `Any` + +##### `*args` + +Data type: `Any` + + + +### <a name="inifilecreate_ini_settings"></a>`inifile::create_ini_settings` + +Type: Ruby 4.x API + +This function is used to create a set of ini_setting resources from a hash + +#### `inifile::create_ini_settings(Hash $settings, Optional[Hash] $defaults)` + +The inifile::create_ini_settings function. + +Returns: `Any` + +##### `settings` + +Data type: `Hash` + +A hash of settings you want to create ini_setting resources from + +##### `defaults` + +Data type: `Optional[Hash]` + +A hash of defaults you would like to use in the ini_setting resources +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/data/common.yaml Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,1 @@ +--- {}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/examples/ini_setting.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,25 @@ +ini_setting { 'sample setting': + ensure => present, + path => '/tmp/foo.ini', + section => 'foo', + setting => 'foosetting', + value => 'FOO!', +} + +ini_setting { 'sample setting2': + ensure => present, + path => '/tmp/foo.ini', + section => 'bar', + setting => 'barsetting', + value => 'BAR!', + key_val_separator => '=', + require => Ini_setting['sample setting'], +} + +ini_setting { 'sample setting3': + ensure => absent, + path => '/tmp/foo.ini', + section => 'bar', + setting => 'bazsetting', + require => Ini_setting['sample setting2'], +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/examples/ini_subsetting.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,31 @@ +ini_subsetting { 'sample subsetting': + ensure => 'present', + section => '', + key_val_separator => '=', + path => '/etc/default/pe-puppetdb', + setting => 'JAVA_ARGS', + subsetting => '-Xmx', + value => '512m', +} + +ini_subsetting { 'sample subsetting2': + ensure => 'absent', + section => '', + key_val_separator => '=', + path => '/etc/default/pe-puppetdb', + setting => 'JAVA_ARGS', + subsetting => '-Xms', +} + +ini_subsetting { 'sample subsetting3': + ensure => 'present', + section => '', + key_val_separator => '=', + subsetting_key_val_separator => ':', + path => '/etc/default/pe-puppetdb', + setting => 'JAVA_ARGS', + subsetting => '-XX', + value => '+HeapDumpOnOutOfMemoryError', + insert_type => 'after', + insert_value => '-Xmx', +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/hiera.yaml Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,21 @@ +--- +version: 5 + +defaults: # Used for any hierarchy level that omits these keys. + datadir: data # This path is relative to hiera.yaml's directory. + data_hash: yaml_data # Use the built-in YAML backend. + +hierarchy: + - name: "osfamily/major release" + paths: + # Used to distinguish between Debian and Ubuntu + - "os/%{facts.os.name}/%{facts.os.release.major}.yaml" + - "os/%{facts.os.family}/%{facts.os.release.major}.yaml" + # Used for Solaris + - "os/%{facts.os.family}/%{facts.kernelrelease}.yaml" + - name: "osfamily" + paths: + - "os/%{facts.os.name}.yaml" + - "os/%{facts.os.family}.yaml" + - name: 'common' + path: 'common.yaml'
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/lib/puppet/functions/create_ini_settings.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,12 @@ +# frozen_string_literal: true + +# @summary DEPRECATED. Use the namespaced function [`inifile::create_ini_settings`](#inifilecreate_ini_settings) instead. +Puppet::Functions.create_function(:create_ini_settings) do + dispatch :deprecation_gen do + repeated_param 'Any', :args + end + def deprecation_gen(*args) + call_function('deprecation', 'create_ini_settings', 'This method is deprecated, please use inifile::create_ini_settings instead.') + call_function('inifile::create_ini_settings', *args) + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/lib/puppet/functions/inifile/create_ini_settings.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,39 @@ +# frozen_string_literal: true + +# @summary This function is used to create a set of ini_setting resources from a hash +Puppet::Functions.create_function(:'inifile::create_ini_settings') do + # @param settings + # A hash of settings you want to create ini_setting resources from + # @param defaults + # A hash of defaults you would like to use in the ini_setting resources + dispatch :default_impl do + param 'Hash', :settings + optional_param 'Hash', :defaults + end + + def default_impl(settings, defaults = {}) + resources = settings.keys.each_with_object({}) do |section, res| + unless settings[section].is_a?(Hash) + raise(Puppet::ParseError, + _('create_ini_settings(): Section %{section} must contain a Hash') % { section: section }) + end + + path = defaults.merge(settings)['path'] + raise Puppet::ParseError, _('create_ini_settings(): must pass the path parameter to the Ini_setting resource!') unless path + + settings[section].each do |setting, value| + res["#{path} [#{section}] #{setting}"] = { + 'ensure' => 'present', + 'section' => section, + 'setting' => setting, + }.merge(if value.is_a?(Hash) + value + else + { 'value' => value } + end) + end + end + + call_function('create_resources', 'ini_setting', resources, defaults) + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/lib/puppet/provider/ini_setting/ruby.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,152 @@ +# frozen_string_literal: true + +require File.expand_path('../../../util/ini_file', __FILE__) + +Puppet::Type.type(:ini_setting).provide(:ruby) do + def self.instances + desc ' + Creates new ini_setting file, a specific config file with a provider that uses + this as its parent and implements the method + self.file_path, and that will provide the value for the path to the + ini file.' + raise(Puppet::Error, 'Ini_settings only support collecting instances when a file path is hard coded') unless respond_to?(:file_path) + # figure out what to do about the seperator + ini_file = Puppet::Util::IniFile.new(file_path, '=') + resources = [] + ini_file.section_names.each do |section_name| + ini_file.get_settings(section_name).each do |setting, value| + resources.push( + new( + name: namevar(section_name, setting), + value: value, + ensure: :present, + ), + ) + end + end + resources + end + + def self.namevar(section_name, setting) + setting.nil? ? section_name : "#{section_name}/#{setting}" + end + + def exists? + setting.nil? && ini_file.section_names.include?(section) || !ini_file.get_value(section, setting).nil? + if ini_file.section?(section) + !ini_file.get_value(section, setting).nil? + elsif resource.parameters.key?(:force_new_section_creation) && !resource[:force_new_section_creation] + # for backwards compatibility, if a user is using their own ini_setting + # types but does not have this parameter, we need to fall back to the + # previous functionality which was to create the section. Anyone + # wishing to leverage this setting must define it in their provider + # type. See comments on + # https://github.com/puppetlabs/puppetlabs-inifile/pull/286 + resource[:ensure] = :absent + resource[:force_new_section_creation] + elsif resource.parameters.key?(:force_new_section_creation) && resource[:force_new_section_creation] + !resource[:force_new_section_creation] + else + false + end + end + + def create + if setting.nil? && resource[:value].nil? + ini_file.set_value(section) + else + ini_file.set_value(section, setting, separator, resource[:value]) + end + ini_file.save + @ini_file = nil + end + + def destroy + ini_file.remove_setting(section, setting) + ini_file.save + @ini_file = nil + end + + def value + ini_file.get_value(section, setting) + end + + def value=(_value) + if setting.nil? && resource[:value].nil? + ini_file.set_value(section) + else + ini_file.set_value(section, setting, separator, resource[:value]) + end + ini_file.save + end + + def section + # this method is here so that it can be overridden by a child provider + resource[:section] + end + + def setting + # this method is here so that it can be overridden by a child provider + resource[:setting] + end + + def file_path + # this method is here to support purging and sub-classing. + # if a user creates a type and subclasses our provider and provides a + # 'file_path' method, then they don't have to specify the + # path as a parameter for every ini_setting declaration. + # This implementation allows us to support that while still + # falling back to the parameter value when necessary. + if self.class.respond_to?(:file_path) + self.class.file_path + else + resource[:path] + end + end + + def separator + if resource.class.validattr?(:key_val_separator) + resource[:key_val_separator] || '=' + else + '=' + end + end + + def section_prefix + if resource.class.validattr?(:section_prefix) + resource[:section_prefix] || '[' + else + '[' + end + end + + def section_suffix + if resource.class.validattr?(:section_suffix) + resource[:section_suffix] || ']' + else + ']' + end + end + + def indent_char + if resource.class.validattr?(:indent_char) + resource[:indent_char] || ' ' + else + ' ' + end + end + + def indent_width + if resource.class.validattr?(:indent_width) + resource[:indent_width] || nil + else + nil + end + end + + private + + def ini_file + @ini_file ||= Puppet::Util::IniFile.new(file_path, separator, section_prefix, section_suffix, indent_char, indent_width) + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/lib/puppet/provider/ini_subsetting/ruby.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,96 @@ +# frozen_string_literal: true + +require File.expand_path('../../../util/ini_file', __FILE__) +require File.expand_path('../../../util/setting_value', __FILE__) + +Puppet::Type.type(:ini_subsetting).provide(:ruby) do + desc ' + Creates new ini_subsetting file, a specific config file with a provider that uses + this as its parent and implements the method + self.file_path, and that will provide the value for the path to the + ini file.' + def exists? + setting_value.get_subsetting_value(subsetting, resource[:use_exact_match]) + end + + def create + setting_value.add_subsetting( + subsetting, resource[:value], resource[:use_exact_match], + resource[:insert_type], resource[:insert_value] + ) + ini_file.set_value(section, setting, key_val_separator, setting_value.get_value) + ini_file.save + @ini_file = nil + @setting_value = nil + end + + def destroy + setting_value.remove_subsetting(subsetting, resource[:use_exact_match]) + if setting_value.get_value.empty? && resource[:delete_if_empty] + ini_file.remove_setting(section, setting) + else + ini_file.set_value(section, setting, key_val_separator, setting_value.get_value) + end + ini_file.save + @ini_file = nil + @setting_value = nil + end + + def value + setting_value.get_subsetting_value(subsetting) + end + + def value=(value) + setting_value.add_subsetting( + subsetting, value, resource[:use_exact_match], + resource[:insert_type], resource[:insert_value] + ) + ini_file.set_value(section, setting, key_val_separator, setting_value.get_value) + ini_file.save + end + + def section + resource[:section] + end + + def setting + resource[:setting] + end + + def subsetting + resource[:subsetting] + end + + def subsetting_separator + resource[:subsetting_separator] + end + + def file_path + resource[:path] + end + + def key_val_separator + resource[:key_val_separator] || '=' + end + + def subsetting_key_val_separator + resource[:subsetting_key_val_separator] || '' + end + + def quote_char + resource[:quote_char] + end + + private + + def ini_file + @ini_file ||= Puppet::Util::IniFile.new(file_path, key_val_separator) + end + + def setting_value + @setting_value ||= Puppet::Util::SettingValue.new( + ini_file.get_value(section, setting), + subsetting_separator, quote_char, subsetting_key_val_separator + ) + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/lib/puppet/type/ini_setting.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,158 @@ +# frozen_string_literal: true + +require 'digest/md5' +require 'puppet/parameter/boolean' + +Puppet::Type.newtype(:ini_setting) do + desc 'ini_settings is used to manage a single setting in an INI file' + ensurable do + desc 'Ensurable method handles modeling creation. It creates an ensure property' + newvalue(:present) do + provider.create + end + newvalue(:absent) do + provider.destroy + end + def insync?(current) + if @resource[:refreshonly] + true + else + current == should + end + end + defaultto :present + end + + def munge_boolean_md5(value) + case value + when true, :true, 'true', :yes, 'yes' + :true + when false, :false, 'false', :no, 'no' + :false + when :md5, 'md5' + :md5 + else + raise(_('expected a boolean value or :md5')) + end + end + newparam(:name, namevar: true) do + desc 'An arbitrary name used as the identity of the resource.' + end + + newparam(:section) do + desc 'The name of the section in the ini file in which the setting should be defined.' + defaultto('') + end + + newparam(:setting) do + desc 'The name of the setting to be defined.' + munge do |value| + if value.match?(%r{(^\s|\s$)}) + Puppet.warn('Settings should not have spaces in the value, we are going to strip the whitespace') + end + value.strip + end + end + + newparam(:force_new_section_creation, boolean: true, parent: Puppet::Parameter::Boolean) do + desc 'Create setting only if the section exists' + defaultto(true) + end + + newparam(:path) do + desc 'The ini file Puppet will ensure contains the specified setting.' + validate do |value| + unless Puppet::Util.absolute_path?(value) + raise(Puppet::Error, _("File paths must be fully qualified, not '%{value}'") % { value: value }) + end + end + end + + newparam(:show_diff) do + desc 'Whether to display differences when the setting changes.' + + defaultto :true + + newvalues(:true, :md5, :false) + + munge do |value| + @resource.munge_boolean_md5(value) + end + end + + newparam(:key_val_separator) do + desc 'The separator string to use between each setting name and value.' + defaultto(' = ') + end + + newproperty(:value) do + desc 'The value of the setting to be defined.' + + munge do |value| + value = value.unwrap if value.respond_to?(:unwrap) + if ([true, false].include? value) || value.is_a?(Numeric) + value.to_s + else + value.strip.to_s + end + end + + def should_to_s(newvalue) + if @resource[:show_diff] == :true && Puppet[:show_diff] + newvalue + elsif @resource[:show_diff] == :md5 && Puppet[:show_diff] + '{md5}' + Digest::MD5.hexdigest(newvalue.to_s) + else + '[redacted sensitive information]' + end + end + + def is_to_s(value) # rubocop:disable Naming/PredicateName : Changing breaks the code (./.bundle/gems/gems/puppet-5.3.3-universal-darwin/lib/puppet/parameter.rb:525:in `to_s') + should_to_s(value) + end + + def insync?(current) + if @resource[:refreshonly] + true + else + current == should + end + end + end + + newparam(:section_prefix) do + desc 'The prefix to the section name\'s header.' + defaultto('[') + end + + newparam(:section_suffix) do + desc 'The suffix to the section name\'s header.' + defaultto(']') + end + + newparam(:indent_char) do + desc 'The character to indent new settings with.' + defaultto(' ') + end + + newparam(:indent_width) do + desc 'The number of indent_chars to use to indent a new setting.' + end + + newparam(:refreshonly, boolean: true, parent: Puppet::Parameter::Boolean) do + desc 'A flag indicating whether or not the ini_setting should be updated only when called as part of a refresh event' + defaultto false + end + + def refresh + if self[:ensure] == :absent && self[:refreshonly] + return provider.destroy + end + # update the value in the provider, which will save the value to the ini file + provider.value = self[:value] if self[:refreshonly] + end + + autorequire(:file) do + Pathname.new(self[:path]).parent.to_s + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/lib/puppet/type/ini_subsetting.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,134 @@ +# frozen_string_literal: true + +require 'digest/md5' + +Puppet::Type.newtype(:ini_subsetting) do + desc 'ini_subsettings is used to manage multiple values in a setting in an INI file' + ensurable do + desc 'Ensurable method handles modeling creation. It creates an ensure property' + defaultvalues + defaultto :present + end + + def munge_boolean_md5(value) + case value + when true, :true, 'true', :yes, 'yes' + :true + when false, :false, 'false', :no, 'no' + :false + when :md5, 'md5' + :md5 + else + raise(_('expected a boolean value or :md5')) + end + end + newparam(:name, namevar: true) do + desc 'An arbitrary name used as the identity of the resource.' + end + + newparam(:section) do + desc 'The name of the section in the ini file in which the setting should be defined.' + defaultto('') + end + + newparam(:setting) do + desc 'The name of the setting to be defined.' + end + + newparam(:subsetting) do + desc 'The name of the subsetting to be defined.' + end + + newparam(:subsetting_separator) do + desc 'The separator string between subsettings. Defaults to the empty string.' + defaultto(' ') + end + + newparam(:subsetting_key_val_separator) do + desc 'The separator string between the subsetting name and its value. Defaults to the empty string.' + defaultto('') + end + + newparam(:path) do + desc 'The ini file Puppet will ensure contains the specified setting.' + validate do |value| + unless Puppet::Util.absolute_path?(value) + raise(Puppet::Error, _("File paths must be fully qualified, not '%{value}'") % { value: value }) + end + end + end + newparam(:show_diff) do + desc 'Whether to display differences when the setting changes.' + defaultto :true + newvalues(:true, :md5, :false) + + munge do |value| + @resource.munge_boolean_md5(value) + end + end + + newparam(:key_val_separator) do + desc 'The separator string to use between each setting name and value.' + defaultto(' = ') + end + + newparam(:quote_char) do + desc "The character used to quote the entire value of the setting. Valid values are '', '\"' and \"'\"" + defaultto('') + + validate do |value| + unless value.match?(%r{^["']?$}) + raise Puppet::Error, _(%q(:quote_char valid values are '', '"' and "'")) + end + end + end + + newparam(:use_exact_match) do + desc 'Set to true if your subsettings don\'t have values and you want to use exact matches to determine if the subsetting exists.' + newvalues(:true, :false) + defaultto(:false) + end + + newproperty(:value) do + desc 'The value of the subsetting to be defined.' + + def should_to_s(newvalue) + if @resource[:show_diff] == :true && Puppet[:show_diff] + newvalue + elsif @resource[:show_diff] == :md5 && Puppet[:show_diff] + '{md5}' + Digest::MD5.hexdigest(newvalue.to_s) + else + '[redacted sensitive information]' + end + end + + def is_to_s(value) # rubocop:disable Naming/PredicateName : Changing breaks the code (./.bundle/gems/gems/puppet-5.3.3-universal-darwin/lib/puppet/parameter.rb:525:in `to_s') + should_to_s(value) + end + end + + newparam(:insert_type) do + desc <<-eof + Where the new subsetting item should be inserted + + * :start - insert at the beginning of the line. + * :end - insert at the end of the line (default). + * :before - insert before the specified element if possible. + * :after - insert after the specified element if possible. + * :index - insert at the specified index number. + eof + + newvalues(:start, :end, :before, :after, :index) + defaultto(:end) + end + + newparam(:insert_value) do + desc 'The value for the insert types which require one.' + end + + newparam(:delete_if_empty) do + desc 'Set to true to delete the parent setting when the subsetting is empty instead of writing an empty string' + newvalues(:true, :false) + defaultto(:false) + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/lib/puppet/util/external_iterator.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,32 @@ +# frozen_string_literal: true + +module Puppet::Util + # + # external_iterator.rb + # + class ExternalIterator + def initialize(coll) + @coll = coll + @cur_index = -1 + end + + def next + @cur_index += 1 + item_at(@cur_index) + end + + def peek + item_at(@cur_index + 1) + end + + private + + def item_at(index) + if @coll.length > index + [@coll[index], index] + else + [nil, nil] + end + end + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/lib/puppet/util/ini_file.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,349 @@ +# frozen_string_literal: true + +require File.expand_path('../external_iterator', __FILE__) +require File.expand_path('../ini_file/section', __FILE__) + +module Puppet::Util + # + # ini_file.rb + # + class IniFile + def initialize(path, key_val_separator = ' = ', section_prefix = '[', section_suffix = ']', + indent_char = ' ', indent_width = nil) + + k_v_s = (key_val_separator =~ %r{^\s+$}) ? ' ' : key_val_separator.strip + + @section_prefix = section_prefix + @section_suffix = section_suffix + @indent_char = indent_char + @indent_width = indent_width ? indent_width.to_i : nil + + @section_regex = section_regex + @setting_regex = %r{^(\s*)([^#;\s]|[^#;\s].*?[^\s#{k_v_s}])(\s*#{k_v_s}[ \t]*)(.*)\s*$} + @commented_setting_regex = %r{^(\s*)[#;]+(\s*)(.*?[^\s#{k_v_s}])(\s*#{k_v_s}[ \t]*)(.*)\s*$} + + @path = path + @key_val_separator = key_val_separator + @section_names = [] + @sections_hash = {} + parse_file + end + + def section_regex + # Only put in prefix/suffix if they exist + # Also, if the prefix is '', the negated + # set match should be a match all instead. + r_string = '^\s*' + r_string += Regexp.escape(@section_prefix) + r_string += '(' + if @section_prefix != '' + r_string += '[^' + r_string += Regexp.escape(@section_prefix) + r_string += ']' + else + r_string += '.' + end + r_string += '*)' + r_string += Regexp.escape(@section_suffix) + r_string += '\s*$' + %r{#{r_string}} + end + + attr_reader :section_names + + def get_settings(section_name) + section = @sections_hash[section_name] + section.setting_names.each_with_object({}) do |setting, result| + result[setting] = section.get_value(setting) + end + end + + def section?(section_name) + @sections_hash.key?(section_name) + end + + def get_value(section_name, setting) + @sections_hash[section_name].get_value(setting) if @sections_hash.key?(section_name) + end + + def set_value(*args) + case args.size + when 1 + section_name = args[0] + when 3 + # Backwards compatible set_value function, See MODULES-5172 + (section_name, setting, value) = args + when 4 + (section_name, setting, separator, value) = args + end + + complete_setting = { + setting: setting, + separator: separator, + value: value, + } + unless @sections_hash.key?(section_name) + add_section(Section.new(section_name, nil, nil, nil, nil)) + end + + section = @sections_hash[section_name] + + if section.existing_setting?(setting) + update_line(section, setting, value) + section.update_existing_setting(setting, value) + elsif find_commented_setting(section, setting) + # So, this stanza is a bit of a hack. What we're trying + # to do here is this: for settings that don't already + # exist, we want to take a quick peek to see if there + # is a commented-out version of them in the section. + # If so, we'd prefer to add the setting directly after + # the commented line, rather than at the end of the section. + + # If we get here then we found a commented line, so we + # call "insert_inline_setting_line" to update the lines array + insert_inline_setting_line(find_commented_setting(section, setting), section, complete_setting) + + # Then, we need to tell the setting object that we hacked + # in an inline setting + section.insert_inline_setting(setting, value) + + # Finally, we need to update all of the start/end line + # numbers for all of the sections *after* the one that + # was modified. + section_index = @section_names.index(section_name) + increment_section_line_numbers(section_index + 1) + elsif !setting.nil? || !value.nil? + section.set_additional_setting(setting, value) + end + end + + def remove_setting(section_name, setting) + section = @sections_hash[section_name] + return unless section.existing_setting?(setting) + # If the setting is found, we have some work to do. + # First, we remove the line from our array of lines: + remove_line(section, setting) + + # Then, we need to tell the setting object to remove + # the setting from its state: + section.remove_existing_setting(setting) + + # Finally, we need to update all of the start/end line + # numbers for all of the sections *after* the one that + # was modified. + section_index = @section_names.index(section_name) + decrement_section_line_numbers(section_index + 1) + + return unless section.empty? + # By convention, it's time to remove this newly emptied out section + lines.delete_at(section.start_line) + decrement_section_line_numbers(section_index + 1) + @section_names.delete_at(section_index) + @sections_hash.delete(section.name) + end + + def save + global_empty = @sections_hash[''].empty? && @sections_hash[''].additional_settings.empty? + File.open(@path, 'w') do |fh| + @section_names.each_index do |index| + name = @section_names[index] + + section = @sections_hash[name] + + # We need a buffer to cache lines that are only whitespace + whitespace_buffer = [] + + if section.new_section? && !section.global? + if index == 1 && !global_empty || index > 1 + fh.puts('') + end + + fh.puts("#{@section_prefix}#{section.name}#{@section_suffix}") + end + + unless section.new_section? + # write all of the pre-existing lines + (section.start_line..section.end_line).each do |line_num| + line = lines[line_num] + + # We buffer any lines that are only whitespace so that + # if they are at the end of a section, we can insert + # any new settings *before* the final chunk of whitespace + # lines. + if line.match?(%r{^\s*$}) + whitespace_buffer << line + else + # If we get here, we've found a non-whitespace line. + # We'll flush any cached whitespace lines before we + # write it. + flush_buffer_to_file(whitespace_buffer, fh) + fh.puts(line) + end + end + end + + # write new settings, if there are any + section.additional_settings.each_pair do |key, value| + fh.puts("#{@indent_char * (@indent_width || section.indentation || 0)}#{key}#{@key_val_separator}#{value}") + end + + if !whitespace_buffer.empty? + flush_buffer_to_file(whitespace_buffer, fh) + elsif section.new_section? && !section.additional_settings.empty? && (index < @section_names.length - 1) + # We get here if there were no blank lines at the end of the + # section. + # + # If we are adding a new section with a new setting, + # and if there are more sections that come after this one, + # we'll write one blank line just so that there is a little + # whitespace between the sections. + # if (section.end_line.nil? && + fh.puts('') + end + end + end + end + + private + + def add_section(section) + @sections_hash[section.name] = section + @section_names << section.name + end + + def parse_file + line_iter = create_line_iter + + # We always create a "global" section at the beginning of the file, for + # anything that appears before the first named section. + section = read_section('', 0, line_iter) + add_section(section) + line, line_num = line_iter.next + + while line + if (match = @section_regex.match(line)) + section = read_section(match[1], line_num, line_iter) + add_section(section) + end + line, line_num = line_iter.next + end + end + + def read_section(name, start_line, line_iter) + settings = {} + end_line_num = start_line + min_indentation = nil + empty = true + loop do + line, line_num = line_iter.peek + if line_num.nil? || @section_regex.match(line) + # the global section always exists, even when it's empty; + # when it's empty, we must be sure it's thought of as new, + # which is signalled with a nil ending line + end_line_num = nil if name == '' && empty + return Section.new(name, start_line, end_line_num, settings, min_indentation) + end + if (match = @setting_regex.match(line)) + settings[match[2]] = match[4] + indentation = match[1].length + min_indentation = [indentation, min_indentation || indentation].min + end + end_line_num = line_num + empty = false + line_iter.next + end + end + + def update_line(section, setting, value) + (section.start_line..section.end_line).each do |line_num| + next unless (match = @setting_regex.match(lines[line_num])) + if match[2] == setting + lines[line_num] = "#{match[1]}#{match[2]}#{match[3]}#{value}" + end + end + end + + def remove_line(section, setting) + (section.start_line..section.end_line).each do |line_num| + next unless (match = @setting_regex.match(lines[line_num])) + if match[2] == setting + lines.delete_at(line_num) + end + end + end + + def create_line_iter + ExternalIterator.new(lines) + end + + def lines + @lines ||= IniFile.readlines(@path) + end + + # This is mostly here because it makes testing easier--we don't have + # to try to stub any methods on File. + def self.readlines(path) # rubocop:disable Lint/IneffectiveAccessModifier : Attempting to change breaks tests + # If this type is ever used with very large files, we should + # write this in a different way, using a temp + # file; for now assuming that this type is only used on + # small-ish config files that can fit into memory without + # too much trouble. + File.file?(path) ? File.readlines(path) : [] + end + + # This utility method scans through the lines for a section looking for + # commented-out versions of a setting. It returns `nil` if it doesn't + # find one. If it does find one, then it returns a hash containing + # two keys: + # + # :line_num - the line number that contains the commented version + # of the setting + # :match - the ruby regular expression match object, which can + # be used to mimic the whitespace from the comment line + def find_commented_setting(section, setting) + return nil if section.new_section? + (section.start_line..section.end_line).each do |line_num| + next unless (match = @commented_setting_regex.match(lines[line_num])) + if match[3] == setting + return { match: match, line_num: line_num } + end + end + nil + end + + # This utility method is for inserting a line into the existing + # lines array. The `result` argument is expected to be in the + # format of the return value of `find_commented_setting`. + def insert_inline_setting_line(result, section, complete_setting) + line_num = result[:line_num] + s = complete_setting + lines.insert(line_num + 1, "#{@indent_char * (@indent_width || section.indentation || 0)}#{s[:setting]}#{s[:separator]}#{s[:value]}") + end + + # Utility method; given a section index (index into the @section_names + # array), decrement the start/end line numbers for that section and all + # all of the other sections that appear *after* the specified section. + def decrement_section_line_numbers(section_index) + @section_names[section_index..(@section_names.length - 1)].each do |name| + section = @sections_hash[name] + section.decrement_line_nums + end + end + + # Utility method; given a section index (index into the @section_names + # array), increment the start/end line numbers for that section and all + # all of the other sections that appear *after* the specified section. + def increment_section_line_numbers(section_index) + @section_names[section_index..(@section_names.length - 1)].each do |name| + section = @sections_hash[name] + section.increment_line_nums + end + end + + def flush_buffer_to_file(buffer, fh) + return if buffer.empty? + buffer.each { |l| fh.puts(l) } + buffer.clear + end + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/lib/puppet/util/ini_file/section.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,95 @@ +# frozen_string_literal: true + +class Puppet::Util::IniFile + # + # section.rb + # + class Section + # Some implementation details: + # + # * `name` will be set to the empty string for the 'global' section. + # * there will always be a 'global' section, with a `start_line` of 0, + # but if the file actually begins with a real section header on + # the first line, then the 'global' section will have an + # `end_line` of `nil`. + # * `start_line` and `end_line` will be set to `nil` for a new non-global + # section. + def initialize(name, start_line, end_line, settings, indentation) + @name = name + @start_line = start_line + @end_line = end_line + @existing_settings = settings.nil? ? {} : settings + @additional_settings = {} + @indentation = indentation + end + + attr_reader :name, :start_line, :end_line, :additional_settings, :indentation + + def global? + @name == '' + end + + def new_section? + # a new section (global or named) will always have `end_line` + # set to `nil` + @end_line.nil? + end + + def setting_names + @existing_settings.keys | @additional_settings.keys + end + + def get_value(setting_name) + @existing_settings[setting_name] || @additional_settings[setting_name] + end + + def existing_setting?(setting_name) + @existing_settings.key?(setting_name) + end + + # the global section is empty whenever it's new; + # other sections are empty when they have no lines + def empty? + global? ? new_section? : start_line == end_line + end + + def update_existing_setting(setting_name, value) + @existing_settings[setting_name] = value + end + + def remove_existing_setting(setting_name) + @end_line -= 1 if @existing_settings.delete(setting_name) && @end_line + end + + # This is a hacky method; it's basically called when we need to insert + # a new setting but we don't want it to appear at the very end of the + # section. Instead we hack it into the existing settings list and + # increment our end_line number--this assumes that the caller (`ini_file`) + # is doing some babysitting w/rt the other sections and the actual data + # of the lines. + def insert_inline_setting(setting_name, value) + @existing_settings[setting_name] = value + @end_line += 1 if @end_line + end + + def set_additional_setting(setting_name, value) + @additional_settings[setting_name] = value + end + + # Decrement the start and end line numbers for the section (if they are + # defined); this is intended to be called when a setting is removed + # from a section that comes before this section in the ini file. + def decrement_line_nums + @start_line -= 1 if @start_line + @end_line -= 1 if @end_line + end + + # Increment the start and end line numbers for the section (if they are + # defined); this is intended to be called when an inline setting is added + # to a section that comes before this section in the ini file. + def increment_line_nums + @start_line += 1 if @start_line + @end_line += 1 if @end_line + end + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/lib/puppet/util/setting_value.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,184 @@ +# frozen_string_literal: true + +module Puppet::Util + # This class can work with a list of subsettings inside + # an ini file setting string to add, remove, extract and set their values. + class SettingValue + # The constructor method + # @param setting_value [String] The initial setting value + # @param subsetting_separator [String] The character is used to separate + # subsettings in the setting_value string. + # @param default_quote_char [String] Quote the setting string with this character. + def initialize(setting_value, subsetting_separator = ' ', default_quote_char = '', key_val_separator = '') + @setting_value = setting_value + @subsetting_separator = subsetting_separator + @quote_char = default_quote_char + @key_val_separator = key_val_separator + @subsetting_items = [] + + return unless @setting_value + unquoted, quote_char = unquote_setting_value(setting_value) + @quote_char = quote_char unless quote_char.empty? + # an item can contain escaped separator + @subsetting_items = unquoted.scan(Regexp.new("(?:(?:[^\\#{@subsetting_separator}]|\\.)+)")) + @subsetting_items.map! { |item| item.strip } + end + + # If the setting value is quoted, the quotes are + # removed and the unquoted string and the quoting + # character are returned. + # @param setting_value [String] The input value + # @return [Array] The unquoted string and the quoting character + def unquote_setting_value(setting_value) + quote_char = '' + if setting_value.start_with?('"') && setting_value.end_with?('"') + quote_char = '"' + elsif setting_value.start_with?("'") && setting_value.end_with?("'") + quote_char = "'" + end + + unquoted = if quote_char != '' + setting_value[1, setting_value.length - 2] + else + setting_value + end + + [unquoted, quote_char] + end + + # Get the resulting setting value by joining all the + # subsettings, separator and quote characters. + # @return [String] + def get_value + value = @subsetting_items.join @subsetting_separator + @quote_char + value + @quote_char + end + + # Get the value of the given subsetting item. + # If the exact match is used the value will be true + # if the item is found. + # @param subsetting [String] The name of the subsetting to add. + # @param use_exact_match [:true,:false] Should the full name match be used? + # @return [nil,true,String] + def get_subsetting_value(subsetting, use_exact_match = :false) + index = find_subsetting(subsetting, use_exact_match) + # the item is not found in the list + return nil unless index + # the exact match is set and the item is found, the value should be true + return true if use_exact_match == :true + item = @subsetting_items[index] + item[(subsetting.length + @key_val_separator.length)..-1] + end + + # Add a new subsetting item to the list of existing items + # if such item is not already there. + # @param subsetting [String] The name of the subsetting to add. + # @param subsetting_value [String] The value of the subsetting. + # It will be appended to the name. + # @param use_exact_match [:true,:false] Should the full name match be used? + # @param [Symbol] insert_type + # @param [String,Integer] insert_value + # @return [Array] The resulting subsettings list. + def add_subsetting(subsetting, subsetting_value, use_exact_match = :false, insert_type = :end, insert_value = nil) + index = find_subsetting(subsetting, use_exact_match) + + # update the existing values if the subsetting is found in the list + return update_subsetting(subsetting, subsetting_value, use_exact_match) if index + + new_item = item_value(subsetting, subsetting_value) + + case insert_type + when :start + @subsetting_items.unshift(new_item) + when :end + @subsetting_items.push(new_item) + when :before + before_index = find_subsetting(insert_value, use_exact_match) + if before_index + @subsetting_items.insert(before_index, new_item) + else + @subsetting_items.push(new_item) + end + when :after + after_index = find_subsetting(insert_value, use_exact_match) + if after_index + @subsetting_items.insert(after_index + 1, new_item) + else + @subsetting_items.push(new_item) + end + when :index + before_index = insert_value.to_i + before_index = @subsetting_items.length if before_index > @subsetting_items.length + @subsetting_items.insert(before_index, new_item) + else + @subsetting_items.push(new_item) + end + + @subsetting_items + end + + # Update all matching items in the settings list to the new values. + # @param subsetting [String] The name of the subsetting to add. + # @param subsetting_value [String] The value of the subsetting. + # @param use_exact_match [:true,:false] Should the full name match be used? + # @return [Array] The resulting subsettings list. + def update_subsetting(subsetting, subsetting_value, use_exact_match = :false) + new_item = item_value(subsetting, subsetting_value) + @subsetting_items.map! do |item| + if match_subsetting?(item, subsetting, use_exact_match) + new_item + else + item + end + end + end + + # Find the first subsetting item matching the given name, + # or, if the exact match is set, equal to the given name + # and return its array index value. Returns nil if not found. + # @param subsetting [String] The name of the subsetting to search. + # @param use_exact_match [:true,:false] Look for the full string match? + # @return [Integer, nil] + def find_subsetting(subsetting, use_exact_match = :false) + @subsetting_items.index do |item| + match_subsetting?(item, subsetting, use_exact_match) + end + end + + # Check if the subsetting item matches the given name. + # If the exact match is set the entire item is matched, + # and only the item name and separator string if not. + # @param item [String] The item value to check against the subsetting name. + # @param subsetting [String] The subsetting name. + # @param use_exact_match [:true,:false] Look for the full string match? + # @return [true,false] + def match_subsetting?(item, subsetting, use_exact_match = :false) + if use_exact_match == :true + item.eql?(subsetting) + else + item.start_with?(subsetting + @key_val_separator) + end + end + + # Remove all the subsetting items that match + # the given subsetting name. + # @param subsetting [String] The subsetting name to remove. + # @param use_exact_match [:true,:false] Look for the full string match? + # @return [Array] The resulting subsettings list. + def remove_subsetting(subsetting, use_exact_match = :false) + @subsetting_items.delete_if do |item| + match_subsetting?(item, subsetting, use_exact_match) + end + end + + # The actual value of the subsetting item. + # It's built from the subsetting name, its value and the separator + # string if present. + # @param subsetting [String] The subsetting name + # @param subsetting_value [String] The value of the subsetting + # @return [String] + def item_value(subsetting, subsetting_value) + (subsetting || '') + (@key_val_separator || '') + (subsetting_value || '') + end + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/metadata.json Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,107 @@ +{ + "name": "puppetlabs-inifile", + "version": "5.2.0", + "author": "puppetlabs", + "summary": "Resource types for managing settings in INI files", + "license": "Apache-2.0", + "source": "https://github.com/puppetlabs/puppetlabs-inifile", + "project_page": "https://github.com/puppetlabs/puppetlabs-inifile", + "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", + "dependencies": [ + { + "name": "puppetlabs/stdlib", + "version_requirement": ">= 4.13.0 < 9.0.0" + } + ], + "operatingsystem_support": [ + { + "operatingsystem": "RedHat", + "operatingsystemrelease": [ + "6", + "7", + "8" + ] + }, + { + "operatingsystem": "CentOS", + "operatingsystemrelease": [ + "6", + "7", + "8" + ] + }, + { + "operatingsystem": "OracleLinux", + "operatingsystemrelease": [ + "6", + "7" + ] + }, + { + "operatingsystem": "Scientific", + "operatingsystemrelease": [ + "6", + "7" + ] + }, + { + "operatingsystem": "SLES", + "operatingsystemrelease": [ + "12", + "15" + ] + }, + { + "operatingsystem": "Debian", + "operatingsystemrelease": [ + "8", + "9", + "10", + "11" + ] + }, + { + "operatingsystem": "Ubuntu", + "operatingsystemrelease": [ + "14.04", + "16.04", + "18.04", + "20.04" + ] + }, + { + "operatingsystem": "Solaris", + "operatingsystemrelease": [ + "10", + "11" + ] + }, + { + "operatingsystem": "Windows", + "operatingsystemrelease": [ + "2008 R2", + "2012 R2", + "2016", + "2019", + "10" + ] + }, + { + "operatingsystem": "AIX", + "operatingsystemrelease": [ + "5.3", + "6.1", + "7.1" + ] + } + ], + "requirements": [ + { + "name": "puppet", + "version_requirement": ">= 6.0.0 < 8.0.0" + } + ], + "template-url": "https://github.com/puppetlabs/pdk-templates.git#main", + "template-ref": "heads/main-0-g03daa92", + "pdk-version": "2.1.0" +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/inifile/provision.yaml Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,81 @@ +--- +default: + provisioner: docker + images: + - litmusimage/centos:7 +vagrant: + provisioner: vagrant + images: + - centos/7 + - generic/ubuntu1804 + - gusztavvargadr/windows-server +travis_deb: + provisioner: docker + images: + - litmusimage/debian:8 + - litmusimage/debian:9 + - litmusimage/debian:10 +travis_ub_6: + provisioner: docker + images: + - litmusimage/ubuntu:14.04 + - litmusimage/ubuntu:16.04 + - litmusimage/ubuntu:18.04 + - litmusimage/ubuntu:20.04 +travis_el7: + provisioner: docker + images: + - litmusimage/centos:7 + - litmusimage/oraclelinux:7 + - litmusimage/scientificlinux:7 +travis_el8: + provisioner: docker + images: + - litmusimage/centos:8 +release_checks_6: + provisioner: abs + images: + - redhat-6-x86_64 + - redhat-7-x86_64 + - redhat-8-x86_64 + - centos-6-x86_64 + - centos-7-x86_64 + - centos-8-x86_64 + - oracle-5-x86_64 + - oracle-6-x86_64 + - oracle-7-x86_64 + - scientific-6-x86_64 + - scientific-7-x86_64 + - debian-8-x86_64 + - debian-9-x86_64 + - debian-10-x86_64 + - sles-12-x86_64 + - sles-15-x86_64 + - ubuntu-1404-x86_64 + - ubuntu-1604-x86_64 + - ubuntu-1804-x86_64 + - ubuntu-2004-x86_64 + - win-2008r2-x86_64 + - win-2012r2-x86_64 + - win-2016-x86_64 + - win-2019-x86_64 + - win-10-pro-x86_64 +release_checks_7: + provisioner: abs + images: + - redhat-7-x86_64 + - redhat-8-x86_64 + - centos-7-x86_64 + - centos-8-x86_64 + - oracle-7-x86_64 + - scientific-7-x86_64 + - sles-12-x86_64 + - sles-15-x86_64 + - debian-9-x86_64 + - debian-10-x86_64 + - ubuntu-1804-x86_64 + - ubuntu-2004-x86_64 + - win-2012r2-x86_64 + - win-2016-x86_64 + - win-2019-x86_64 + - win-10-pro-x86_64
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/CHANGELOG.md Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,526 @@ +# Changelog + +All notable changes to this project will be documented in this file. +Each new release typically also includes the latest modulesync defaults. +These should not affect the functionality of the module. + +## [v8.0.2](https://github.com/voxpupuli/puppet-php/tree/v8.0.2) (2021-09-05) + +[Full Changelog](https://github.com/voxpupuli/puppet-php/compare/v8.0.1...v8.0.2) + +**Fixed bugs:** + +- Allow 0 for pm\_start\_servers [\#642](https://github.com/voxpupuli/puppet-php/pull/642) ([jkroepke](https://github.com/jkroepke)) + +## [v8.0.1](https://github.com/voxpupuli/puppet-php/tree/v8.0.1) (2021-08-27) + +[Full Changelog](https://github.com/voxpupuli/puppet-php/compare/v8.0.0...v8.0.1) + +**Fixed bugs:** + +- Allow empty string for setting value [\#640](https://github.com/voxpupuli/puppet-php/pull/640) ([smortex](https://github.com/smortex)) + +**Closed issues:** + +- String\[1\] forbids empty php::settings value [\#639](https://github.com/voxpupuli/puppet-php/issues/639) + +## [v8.0.0](https://github.com/voxpupuli/puppet-php/tree/v8.0.0) (2021-08-26) + +[Full Changelog](https://github.com/voxpupuli/puppet-php/compare/v7.1.0...v8.0.0) + +**Breaking changes:** + +- Drop EOL FreeBSD 9 and 10 from metadata.json [\#591](https://github.com/voxpupuli/puppet-php/issues/591) +- Drop Debian 9/Ubuntu 16.04 support [\#636](https://github.com/voxpupuli/puppet-php/pull/636) ([root-expert](https://github.com/root-expert)) +- Drop support for Puppet 5 \(EOL\) [\#631](https://github.com/voxpupuli/puppet-php/pull/631) ([smortex](https://github.com/smortex)) +- Drop support for RedHat 6 / CentOS 6 \(EOL\) [\#630](https://github.com/voxpupuli/puppet-php/pull/630) ([smortex](https://github.com/smortex)) +- Drop EOL Debian 7/8 & Ubuntu 12/14 [\#592](https://github.com/voxpupuli/puppet-php/pull/592) ([bastelfreak](https://github.com/bastelfreak)) + +**Implemented enhancements:** + +- Add/Fix data types of all parameters [\#634](https://github.com/voxpupuli/puppet-php/pull/634) ([smortex](https://github.com/smortex)) +- Add support for Debian 11 [\#633](https://github.com/voxpupuli/puppet-php/pull/633) ([smortex](https://github.com/smortex)) +- Add support for Puppet 7 [\#632](https://github.com/voxpupuli/puppet-php/pull/632) ([smortex](https://github.com/smortex)) +- Add PHP 8 Support [\#627](https://github.com/voxpupuli/puppet-php/pull/627) ([bratucornel](https://github.com/bratucornel)) +- puppet/archive: allow 5.x [\#620](https://github.com/voxpupuli/puppet-php/pull/620) ([bastelfreak](https://github.com/bastelfreak)) +- php::globals: support Ubuntu 20.04 that ships php 7.4 [\#599](https://github.com/voxpupuli/puppet-php/pull/599) ([simondeziel](https://github.com/simondeziel)) +- php-fpm: Make service reload/restart configurable [\#598](https://github.com/voxpupuli/puppet-php/pull/598) ([bastelfreak](https://github.com/bastelfreak)) +- Add apparmor\_hat support to php::fpm::pool [\#524](https://github.com/voxpupuli/puppet-php/pull/524) ([simondeziel](https://github.com/simondeziel)) + +**Closed issues:** + +- remove puppet 5 support, introduce puppet 7 support [\#616](https://github.com/voxpupuli/puppet-php/issues/616) +- php reloading on each run [\#613](https://github.com/voxpupuli/puppet-php/issues/613) +- Is it possible to ensure the fpm service from hiera? [\#609](https://github.com/voxpupuli/puppet-php/issues/609) +- Restart service 'php-fpm' if socket owner / group changes [\#596](https://github.com/voxpupuli/puppet-php/issues/596) +- Support for Ondřej Surýs PPA on Ubuntu 18.04 [\#586](https://github.com/voxpupuli/puppet-php/issues/586) +- Unused variable 'log\_group\_final' [\#568](https://github.com/voxpupuli/puppet-php/issues/568) +- New Release 7.0.0+ ? [\#562](https://github.com/voxpupuli/puppet-php/issues/562) +- undesired service restart due to missing /var/run/php-fpm dir [\#501](https://github.com/voxpupuli/puppet-php/issues/501) +- New Release after Ubuntu 18.04 support is added? [\#442](https://github.com/voxpupuli/puppet-php/issues/442) +- Deprecate mayflower/php in favor for voxpupuli/php [\#348](https://github.com/voxpupuli/puppet-php/issues/348) + +**Merged pull requests:** + +- Allow up-to-date dependencies [\#635](https://github.com/voxpupuli/puppet-php/pull/635) ([smortex](https://github.com/smortex)) +- Update dependencies [\#629](https://github.com/voxpupuli/puppet-php/pull/629) ([saz](https://github.com/saz)) +- Remove duplicate mysqlnd from example in README [\#574](https://github.com/voxpupuli/puppet-php/pull/574) ([saz](https://github.com/saz)) +- remove www pool from defaults [\#572](https://github.com/voxpupuli/puppet-php/pull/572) ([bovy89](https://github.com/bovy89)) +- Cleanup fpm config class [\#570](https://github.com/voxpupuli/puppet-php/pull/570) ([paescuj](https://github.com/paescuj)) + +## [v7.1.0](https://github.com/voxpupuli/puppet-php/tree/v7.1.0) (2020-05-05) + +[Full Changelog](https://github.com/voxpupuli/puppet-php/compare/v7.0.0...v7.1.0) + +**Implemented enhancements:** + +- add ability to define composer update channel [\#571](https://github.com/voxpupuli/puppet-php/pull/571) ([CyberLine](https://github.com/CyberLine)) +- add pool\_purge option to init.pp [\#557](https://github.com/voxpupuli/puppet-php/pull/557) ([bovy89](https://github.com/bovy89)) +- Improve package prefix selection on FreeBSD [\#552](https://github.com/voxpupuli/puppet-php/pull/552) ([oxc](https://github.com/oxc)) + +**Fixed bugs:** + +- Fix enabling of zend extensions [\#567](https://github.com/voxpupuli/puppet-php/pull/567) ([coreyralph](https://github.com/coreyralph)) +- Fix running apt update on Debian family [\#554](https://github.com/voxpupuli/puppet-php/pull/554) ([Hexta](https://github.com/Hexta)) +- Do a `deep` merge on `fpm` lookup [\#550](https://github.com/voxpupuli/puppet-php/pull/550) ([sigv](https://github.com/sigv)) + +**Closed issues:** + +- mod 'puppetlabs-inifile', '4.1.0' [\#566](https://github.com/voxpupuli/puppet-php/issues/566) +- Fpm config results in "expects a Hash value, got Tuple" [\#536](https://github.com/voxpupuli/puppet-php/issues/536) +- composer created as folder not binary file [\#535](https://github.com/voxpupuli/puppet-php/issues/535) +- Forge Release [\#528](https://github.com/voxpupuli/puppet-php/issues/528) +- Invalid tag '::php::config' on node ... [\#177](https://github.com/voxpupuli/puppet-php/issues/177) + +**Merged pull requests:** + +- delete legacy travis directory [\#556](https://github.com/voxpupuli/puppet-php/pull/556) ([bastelfreak](https://github.com/bastelfreak)) +- allow puppetlabs/inifile 4.x [\#553](https://github.com/voxpupuli/puppet-php/pull/553) ([bastelfreak](https://github.com/bastelfreak)) +- Clean up acceptance spec helper [\#551](https://github.com/voxpupuli/puppet-php/pull/551) ([ekohl](https://github.com/ekohl)) + +## [v7.0.0](https://github.com/voxpupuli/puppet-php/tree/v7.0.0) (2019-09-12) + +[Full Changelog](https://github.com/voxpupuli/puppet-php/compare/v6.0.2...v7.0.0) + +**Breaking changes:** + +- Drop Ubuntu 14.04 [\#520](https://github.com/voxpupuli/puppet-php/pull/520) ([bastelfreak](https://github.com/bastelfreak)) +- Do not manage mysql.ini when using Ubuntu repo \(and fix CI\) [\#519](https://github.com/voxpupuli/puppet-php/pull/519) ([smortex](https://github.com/smortex)) +- modulesync 2.5.1 and drop Puppet 4 [\#507](https://github.com/voxpupuli/puppet-php/pull/507) ([bastelfreak](https://github.com/bastelfreak)) + +**Implemented enhancements:** + +- Remove hard dependency from apt-transport-https [\#454](https://github.com/voxpupuli/puppet-php/issues/454) +- use php::global::php\_version for php::repo::\* version [\#222](https://github.com/voxpupuli/puppet-php/issues/222) +- refactor ::php::repo::debian to use the version variable [\#219](https://github.com/voxpupuli/puppet-php/issues/219) +- push back hard dependency on hiera [\#215](https://github.com/voxpupuli/puppet-php/issues/215) +- Support PHP 7.0 on FreeBSD [\#207](https://github.com/voxpupuli/puppet-php/issues/207) +- set default version for debian buster and add support for buster [\#530](https://github.com/voxpupuli/puppet-php/pull/530) ([lelutin](https://github.com/lelutin)) +- Simplify php \(extension\) removal [\#526](https://github.com/voxpupuli/puppet-php/pull/526) ([TuningYourCode](https://github.com/TuningYourCode)) +- Rely more on puppetlabs-apt [\#494](https://github.com/voxpupuli/puppet-php/pull/494) ([ekohl](https://github.com/ekohl)) +- Add cli\_settings parameter to php class [\#491](https://github.com/voxpupuli/puppet-php/pull/491) ([sunnz](https://github.com/sunnz)) +- Allow `clear_env` to be disabled [\#483](https://github.com/voxpupuli/puppet-php/pull/483) ([joshuaspence](https://github.com/joshuaspence)) +- allow php 7.2 [\#455](https://github.com/voxpupuli/puppet-php/pull/455) ([cbergmann](https://github.com/cbergmann)) + +**Fixed bugs:** + +- Fixed repositories managed for all patch version of 7.x for Ubuntu. [\#505](https://github.com/voxpupuli/puppet-php/pull/505) ([Conzar](https://github.com/Conzar)) +- Fix php::fpm eternal reload for mysqli a simplexml extension [\#503](https://github.com/voxpupuli/puppet-php/pull/503) ([miranovy](https://github.com/miranovy)) + +**Closed issues:** + +- No default version for debian buster in globals [\#529](https://github.com/voxpupuli/puppet-php/issues/529) +- php module is not using hiera deep merge anymore. [\#500](https://github.com/voxpupuli/puppet-php/issues/500) +- Extension mysqli causes php7-fpm to reload [\#497](https://github.com/voxpupuli/puppet-php/issues/497) +- Cannot declare both php and php::cli classes [\#489](https://github.com/voxpupuli/puppet-php/issues/489) +- PHP modules are enabled even when ensure is absent [\#477](https://github.com/voxpupuli/puppet-php/issues/477) +- The "PHP 7.1 install from hell" on Debian 9 [\#459](https://github.com/voxpupuli/puppet-php/issues/459) +- PHP 7.1 on Debian 9 [\#457](https://github.com/voxpupuli/puppet-php/issues/457) +- Wrong merge behavior for settings, extensions, fpm\_pools, fpm\_global\_pool\_settings [\#434](https://github.com/voxpupuli/puppet-php/issues/434) +- Ubuntu 16 mysql extension so name with packages from ondrej PPA [\#309](https://github.com/voxpupuli/puppet-php/issues/309) + +**Merged pull requests:** + +- fix "cannot redefine $real\_settings" error [\#533](https://github.com/voxpupuli/puppet-php/pull/533) ([crispygoth](https://github.com/crispygoth)) +- hotfix:: updating key id for debian repo sury [\#532](https://github.com/voxpupuli/puppet-php/pull/532) ([caherrera](https://github.com/caherrera)) +- Fix deprecated Hiera lookup warnings. Add default www pool in YAML. [\#522](https://github.com/voxpupuli/puppet-php/pull/522) ([comport3](https://github.com/comport3)) +- Allow `puppetlabs/stdlib` 6.x and `puppet/archive` 4.x [\#521](https://github.com/voxpupuli/puppet-php/pull/521) ([alexjfisher](https://github.com/alexjfisher)) +- Allow puppetlabs/apt 7.x, puppetlabs/inifile 3.x [\#518](https://github.com/voxpupuli/puppet-php/pull/518) ([dhoppe](https://github.com/dhoppe)) +- Simplify ensure check [\#493](https://github.com/voxpupuli/puppet-php/pull/493) ([amateo](https://github.com/amateo)) + +## [v6.0.2](https://github.com/voxpupuli/puppet-php/tree/v6.0.2) (2018-10-14) + +[Full Changelog](https://github.com/voxpupuli/puppet-php/compare/v6.0.1...v6.0.2) + +**Fixed bugs:** + +- allow `latest` for php extensions again [\#485](https://github.com/voxpupuli/puppet-php/pull/485) ([amateo](https://github.com/amateo)) + +**Closed issues:** + +- Ubuntu 18.04 issue just installing [\#475](https://github.com/voxpupuli/puppet-php/issues/475) + +**Merged pull requests:** + +- Remove readable permissions for others on fpm pool config file [\#484](https://github.com/voxpupuli/puppet-php/pull/484) ([l-lotz](https://github.com/l-lotz)) + +## [v6.0.1](https://github.com/voxpupuli/puppet-php/tree/v6.0.1) (2018-10-06) + +[Full Changelog](https://github.com/voxpupuli/puppet-php/compare/v6.0.0...v6.0.1) + +**Fixed bugs:** + +- Fix enable extension when there is no module associated [\#479](https://github.com/voxpupuli/puppet-php/pull/479) ([amateo](https://github.com/amateo)) +- Remove config when module is ensured to absent [\#478](https://github.com/voxpupuli/puppet-php/pull/478) ([amateo](https://github.com/amateo)) + +**Closed issues:** + +- "php::manage\_repos: true" causes failure on Ubuntu 18.04, needs newer puppetlabs-apt version\(\>=5.0.0\) [\#467](https://github.com/voxpupuli/puppet-php/issues/467) + +**Merged pull requests:** + +- modulesync 2.1.0 and allow puppet 6.x [\#481](https://github.com/voxpupuli/puppet-php/pull/481) ([bastelfreak](https://github.com/bastelfreak)) +- Add acceptance tests for system php with extensions [\#476](https://github.com/voxpupuli/puppet-php/pull/476) ([bastelfreak](https://github.com/bastelfreak)) +- Allow puppetlabs/stdlib 5.x and puppetlabs/apt 6.x [\#472](https://github.com/voxpupuli/puppet-php/pull/472) ([bastelfreak](https://github.com/bastelfreak)) + +## [v6.0.0](https://github.com/voxpupuli/puppet-php/tree/v6.0.0) (2018-07-29) + +[Full Changelog](https://github.com/voxpupuli/puppet-php/compare/v5.3.0...v6.0.0) + +**Breaking changes:** + +- Tests failing under debian8 [\#433](https://github.com/voxpupuli/puppet-php/issues/433) +- fixed hiera merge bug [\#435](https://github.com/voxpupuli/puppet-php/pull/435) ([c33s](https://github.com/c33s)) + +**Implemented enhancements:** + +- Compatibility with Software collections \(SCL\) [\#451](https://github.com/voxpupuli/puppet-php/pull/451) ([oranenj](https://github.com/oranenj)) +- Add Debian 9 support [\#440](https://github.com/voxpupuli/puppet-php/pull/440) ([SimonHoenscheid](https://github.com/SimonHoenscheid)) +- Add initial ubuntu 18.04 support [\#428](https://github.com/voxpupuli/puppet-php/pull/428) ([jkroepke](https://github.com/jkroepke)) + +**Fixed bugs:** + +- php.ini not updated [\#422](https://github.com/voxpupuli/puppet-php/issues/422) +- Error: Could not upgrade module 'puppet-php' \(v4.0.0 -\> v5.0.0\) [\#378](https://github.com/voxpupuli/puppet-php/issues/378) +- Fix paths for phpunit on FreeBSD [\#291](https://github.com/voxpupuli/puppet-php/pull/291) ([bitnexus](https://github.com/bitnexus)) + +**Closed issues:** + +- Debian 9 \(Stretch\) support [\#439](https://github.com/voxpupuli/puppet-php/issues/439) +- Repository class switch failing on Ubuntu [\#392](https://github.com/voxpupuli/puppet-php/issues/392) +- Next stable release? [\#352](https://github.com/voxpupuli/puppet-php/issues/352) +- PHP extensions loaded twice [\#341](https://github.com/voxpupuli/puppet-php/issues/341) +- PECL/Extension checks for beta packages [\#73](https://github.com/voxpupuli/puppet-php/issues/73) + +**Merged pull requests:** + +- Update README.md with working RHSCL example. [\#463](https://github.com/voxpupuli/puppet-php/pull/463) ([Tamerz](https://github.com/Tamerz)) +- enable ubuntu 18.04 acceptance tests [\#462](https://github.com/voxpupuli/puppet-php/pull/462) ([bastelfreak](https://github.com/bastelfreak)) +- drop EOL OSs; fix puppet version range [\#453](https://github.com/voxpupuli/puppet-php/pull/453) ([bastelfreak](https://github.com/bastelfreak)) +- Rely on beaker-hostgenerator for docker nodesets [\#452](https://github.com/voxpupuli/puppet-php/pull/452) ([ekohl](https://github.com/ekohl)) +- mark private classes with assert\_private\(\) [\#447](https://github.com/voxpupuli/puppet-php/pull/447) ([bastelfreak](https://github.com/bastelfreak)) +- migrate vars from topscope to relative scope [\#444](https://github.com/voxpupuli/puppet-php/pull/444) ([bastelfreak](https://github.com/bastelfreak)) +- bump puppet to latest supported version 4.10.0 [\#443](https://github.com/voxpupuli/puppet-php/pull/443) ([bastelfreak](https://github.com/bastelfreak)) +- Update puppet/archive dependency [\#438](https://github.com/voxpupuli/puppet-php/pull/438) ([marknl](https://github.com/marknl)) +- switch the dotdeb repo url to https [\#431](https://github.com/voxpupuli/puppet-php/pull/431) ([bastelfreak](https://github.com/bastelfreak)) + +## [v5.3.0](https://github.com/voxpupuli/puppet-php/tree/v5.3.0) (2018-03-06) + +[Full Changelog](https://github.com/voxpupuli/puppet-php/compare/v5.2.0...v5.3.0) + +**Implemented enhancements:** + +- mark Ubuntu 16.04 as supported and fix its tests [\#221](https://github.com/voxpupuli/puppet-php/issues/221) +- Using the new facts hash instead of the global var in repo/debian.pp [\#425](https://github.com/voxpupuli/puppet-php/pull/425) ([c33s](https://github.com/c33s)) +- Add Acceptance tests [\#414](https://github.com/voxpupuli/puppet-php/pull/414) ([bastelfreak](https://github.com/bastelfreak)) + +**Fixed bugs:** + +- Fix Archlinux support [\#423](https://github.com/voxpupuli/puppet-php/pull/423) ([bastelfreak](https://github.com/bastelfreak)) +- Fix wrongly named parameters for apt::source/key [\#420](https://github.com/voxpupuli/puppet-php/pull/420) ([bitcrush](https://github.com/bitcrush)) +- manage software-properties-common on ubuntu [\#419](https://github.com/voxpupuli/puppet-php/pull/419) ([bastelfreak](https://github.com/bastelfreak)) + +**Merged pull requests:** + +- add examples for php-fpm/nginx [\#424](https://github.com/voxpupuli/puppet-php/pull/424) ([bastelfreak](https://github.com/bastelfreak)) +- add tests for php5.6 [\#418](https://github.com/voxpupuli/puppet-php/pull/418) ([bastelfreak](https://github.com/bastelfreak)) + +## [v5.2.0](https://github.com/voxpupuli/puppet-php/tree/v5.2.0) (2018-02-14) + +[Full Changelog](https://github.com/voxpupuli/puppet-php/compare/v5.1.0...v5.2.0) + +**Implemented enhancements:** + +- add ubuntu 16.04 support [\#412](https://github.com/voxpupuli/puppet-php/pull/412) ([bastelfreak](https://github.com/bastelfreak)) +- Add PHP 7.1 support on Debian [\#293](https://github.com/voxpupuli/puppet-php/pull/293) ([fstr](https://github.com/fstr)) + +**Fixed bugs:** + +- Auto\_update not idempotent [\#402](https://github.com/voxpupuli/puppet-php/issues/402) +- use correct require arguments [\#415](https://github.com/voxpupuli/puppet-php/pull/415) ([bastelfreak](https://github.com/bastelfreak)) +- fix composer auto\_update idempotency in case no update is available [\#408](https://github.com/voxpupuli/puppet-php/pull/408) ([joekohlsdorf](https://github.com/joekohlsdorf)) +- Fixing wrong pear package name in Amazon Linux [\#399](https://github.com/voxpupuli/puppet-php/pull/399) ([gdurandvadas](https://github.com/gdurandvadas)) + +**Closed issues:** + +- Upgrade to work with Puppet5 [\#406](https://github.com/voxpupuli/puppet-php/issues/406) +- php 7.2 + ubuntu 16.04 - pdo-mysql extension not installing correctly [\#405](https://github.com/voxpupuli/puppet-php/issues/405) +- config\_root parameter does nothing on RHEL7 [\#397](https://github.com/voxpupuli/puppet-php/issues/397) + +**Merged pull requests:** + +- Deprecate hiera\_hash functions [\#410](https://github.com/voxpupuli/puppet-php/pull/410) ([minorOffense](https://github.com/minorOffense)) +- mark Puppet 5 as supported [\#407](https://github.com/voxpupuli/puppet-php/pull/407) ([joekohlsdorf](https://github.com/joekohlsdorf)) +- Change default RedHat params to use config\_root [\#398](https://github.com/voxpupuli/puppet-php/pull/398) ([DALUofM](https://github.com/DALUofM)) + +## [v5.1.0](https://github.com/voxpupuli/puppet-php/tree/v5.1.0) (2017-11-10) + +[Full Changelog](https://github.com/voxpupuli/puppet-php/compare/v5.0.0...v5.1.0) + +**Fixed bugs:** + +- Fix syntax issues with data types [\#385](https://github.com/voxpupuli/puppet-php/pull/385) ([craigwatson](https://github.com/craigwatson)) +- fix ubuntu 17.04 version for php7 [\#383](https://github.com/voxpupuli/puppet-php/pull/383) ([arudat](https://github.com/arudat)) +- Fix OS fact comparison for Ubuntu 12 and 14 [\#375](https://github.com/voxpupuli/puppet-php/pull/375) ([dbeckham](https://github.com/dbeckham)) +- Fix OS facts usage when selecting repo class for Ubuntu systems [\#374](https://github.com/voxpupuli/puppet-php/pull/374) ([dbeckham](https://github.com/dbeckham)) +- Confine pecl provider to where pear command is available [\#364](https://github.com/voxpupuli/puppet-php/pull/364) ([walkamongus](https://github.com/walkamongus)) +- fix default value of php::fpm::pool::access\_log\_format [\#361](https://github.com/voxpupuli/puppet-php/pull/361) ([lesinigo](https://github.com/lesinigo)) + +**Closed issues:** + +- Debian repository classes are being selected on Ubuntu systems [\#373](https://github.com/voxpupuli/puppet-php/issues/373) +- Changes in \#357 break Ubuntu version dependent resources [\#372](https://github.com/voxpupuli/puppet-php/issues/372) + +**Merged pull requests:** + +- Proposed fix for failing parallel spec tests [\#386](https://github.com/voxpupuli/puppet-php/pull/386) ([wyardley](https://github.com/wyardley)) +- update dependencies in metadata [\#379](https://github.com/voxpupuli/puppet-php/pull/379) ([mmoll](https://github.com/mmoll)) +- Bump metadata.json version to 5.0.1-rc [\#377](https://github.com/voxpupuli/puppet-php/pull/377) ([dhollinger](https://github.com/dhollinger)) +- bump dep on puppet/archive to '\< 3.0.0' [\#376](https://github.com/voxpupuli/puppet-php/pull/376) ([costela](https://github.com/costela)) +- Add missing php-fpm user and group class param docs [\#346](https://github.com/voxpupuli/puppet-php/pull/346) ([dbeckham](https://github.com/dbeckham)) + +## [v5.0.0](https://github.com/voxpupuli/puppet-php/tree/v5.0.0) (2017-08-07) +### Summary +This backwards-incompatible release drops puppet 3, PHP 5.5 on Ubuntu, and the deprecated `php::extension` parameter `pecl_source`. It improves much of the internal code quality, and adds several useful features the most interesting of which is probably the `php::extension` parameter `ini_prefix`. + +### Changed +- Drop puppet 3 compatibility. +- Bumped puppetlabs-apt lower bound to 4.1.0 +- Bumped puppetlabs-stdlib lower bound to 4.13.1 + +### Removed +- Deprecated `php::extension` define parameters `pecl_source`. Use `source` instead. +- PHP 5.5 support on ubuntu. + +### Added +- `php` class parameters `fpm_user` and `fpm_group` to customize php-fpm user/group. +- `php::fpm` class parameters `user` and `group`. +- `php::fpm::pool` define parameter `pm_process_idle_timeout` and pool.conf `pm.process_idle_timeout` directive. +- `php::extension` class parameters `ini_prefix` and `install_options`. +- Archlinux compatibility. +- Bumped puppetlabs-apt upper bound to 5.0.0 + +### Fixed +- Replaced validate functions with data types. +- Linting issues. +- Replace legacy facts with facts hash. +- Simplify `php::extension` +- Only apt dependency when `manage_repos => true` +- No more example42/yum dependency + +## 2017-02-11 Release [4.0.0] + +This is the last release with Puppet3 support! +* Fix a bug turning `manage_repos` off on wheezy +* Fix a deprecation warning on `apt::key` when using `manage_repos` on wheezy (#110). This change requires puppetlabs/apt at >= 1.8.0 +* Allow removal of config values (#124) +* Add `phpversion` fact, for querying through PuppetDB or Foreman (#119) +* Allow configuring the fpm pid file (#123) +* Add embedded SAPI support (#115) +* Add options to fpm config and pool configs (#139) +* Add parameter logic for PHP 7 on Ubuntu/Debian (#180) +* add SLES PHP 7.0 Support (#220) +* allow packaged extensions to be loaded as zend extensions +* Fix command to enable php extensions (#226) +* Fix many rucocop warnings +* Update module Ubuntu 14.04 default to official repository setup +* Fix dependency for extentions with no package source +* Allow packaged extensions to be loaded as Zend extensions +* Support using an http proxy for downloading composer +* Refactor classes php::fpm and php::fpm:service +* Manage apache/PHP configurations on Debian and RHEL systems +* use voxpupuli/archive to download composer +* respect $manage_repos, do not include ::apt if set to false +* Bump min version_requirement for Puppet + deps +* allow pipe param for pecl extensions +* Fix: composer auto_update: exec's environment must be array + +### Breaking Changes + * Deep merge `php::extensions` the same way as `php::settings`. This technically is a + breaking change but should not affect many people. + * PHP 5.6 is the default version on all systems now (except Ubuntu 16.04, where 7.0 is the default). + * There's a php::globals class now, where global paramters (like the PHP version) are set. (#132) + * Removal of php::repo::ubuntu::ppa (#218) + +## 3.4.2 + * Fix a bug that changed the default of `php::manage_repos` to `false` on + Debian-based operating systems except wheezy. It should be turned on by + default. (#116) + * Fix a bug that prevented reloading php-fpm on Ubuntu in some cases. + (#117, #107) + +## 3.4.1 + * Fix reloading php-fpm on Ubuntu trusty & utopic (#107) + +## 3.4.0 + * New parameter `ppa` for class `php::repo::ubuntu` to specify the ppa + name to use. We default to `ondrej/php5-oldstable` for precise and + `ondrej/php5` otherwise. + * New parameter `include` for `php::fpm::pool` resources to specify + custom configuration files. + +## 3.3.1 + * Make `systemd_interval` parameter for class `php::fpm::config` optional + +## 3.3.0 + * `php::extension` resources: + * New boolean parameter `settings_prefix` to automatically prefix all + settings keys with the extensions names. Defaults to false to ensurre + the current behaviour. + * New string parameter `so_name` to set the DSO name of an extension if + it doesn't match the package name. + * New string parameter `php_api_version` to set a custom api version. If + not `undef`, the `so_name` is prefixed with the full module path in the + ini file. Defaults to `undef`. + * The default of the parameter `listen_allowed_clients` of `php::fpm::pool` + resources is now `undef` instead of `'127.0.0.1'`. This way it is more + intuitive to change the default tcp listening socket at `127.0.0.1:9000` + to a unix socket by only setting the `listen` parameter instead of + additionally needing to unset `listen_allowed_clients`. This has no + security implications. + * New parameters for the `php::fpm::config` class: + * `error_log` + * `syslog_facility` + * `syslog_ident` + * `systemd_interval` + * A bug that prevented merging the global `php::settings` parameter into + SAPI configs for `php::cli` and `php::fpm` was fixed. + * The dotdeb repos are now only installed for Debian wheezy as Debian jessie + has a sufficiently recent PHP version. + +## 3.2.2 + * Fix a typo in hiera keys `php::settings` & `php::fpm::settings` (#83) + +## 3.2.1 + * Fixed default `yum_repo` key in `php::repo::redhat` + * On Ubuntu precise we now use the ondrej/php5-oldstable ppa. This can be + manually enabled with by setting `$php::repo::ubuntu::oldstable` to + `true`. + * `$php::ensure` now defaults to `present` instead of `latest`. Though, + strictly speaking, this represents a functional change, we consider this + to be a bugfix because automatic updates should be enabled explicitely. + * `$php::ensure` is not anymore passed to `php::extension` resources as + default ensure parameter because this doesn't make sense. + +## 3.2.0 + * Support for FreeBSD added by Frank Wall + * RedHat now uses remi-php56 yum repo by default + * The resource `php::fpm::pool` is now public, you can use it in your + manifests without using `$php::fpm::pools` + * We now have autogenerated documentation using `puppetlabs/strings` + +## 3.1.0 + * New parameter `pool_purge` for `php::extension` to remove files not + managed by puppet from the pool directory. + * The `pecl_source` parameter for `php::extension` was renamend to + `source` because it is also useful for PEAR extensions. + `pecl_source` can still be used but is deprecated and will be + removed in the next major release. + * Parameters referring to time in `php::fpm::config` can now be + specified with units (i.e. `'60s'`, `'1d'`): + * `emergency_restart_threshold` + * `emergency_restart_interval` + * `process_control_timeout` + * The PEAR version is not independant of `$php::ensure` and can be + configured with `$php::pear_ensure` + * Give special thanks to the contributors of this release: + * Petr Sedlacek + * Sherlan Moriah + +## 3.0.1 + * Fix typo in package suffix for php-fpm on RHEL in params.pp + +## 3.0.0 + * Removes `$php::fpm::pool::error_log`. Use the `php_admin_flag` and + `php_admin_value` parameters to set the php settings `log_errors` and + `error_log` instead. + * Removes support for PHP 5.3 on Debian-based systems. See the notes in the + README for more information. + * Removes the `php_version` fact which had only worked on the later puppet runs. + * Moves CLI-package handling to `php::packages` + * Allows changing the package prefix via `php::package_prefix`. + * Moves FPM-package handling from `php::fpm::package` to `php::fpm` + * Changes `php::packages`, so that `php::packages::packages` becomes + `php::packages::names` and are installed and `php::packages::names_to_prefix` + are installed prefixed by `php::package_prefix`. + * PHPUnit is now installed as phar in the same way composer is installed, + causing all parameters to change + * The `php::extension` resource has a new parameter: `zend`. If set to true, + exenstions that were installed with pecl are loaded with `zend_extension`. + +## 2.0.4 + * Style fixes all over the place + * Module dependencies are now bound to the current major version + +## 2.0.3 + * Some issues & bugs with extensions were fixed + * If you set the `provider` parameter of an extension to `"none"`, no + extension packages will be installed + * The EPEL yum repo has been added for RedHat systems + +## 2.0.2 + * Adds support for `header_packages` on all extensions + * Adds `install_options` to pear package provider + +## 2.0.1 + * This is a pure bug fix release + * Fix for CVE 2014-0185 (https://bugs.php.net/bug.php?id=67060) + +## 2.0.0 + * Remove augeas and switch to puppetlabs/inifile for configs + * Old: `settings => [‘set PHP/short_open_tag On‘]` + * New: `settings => {‘PHP/short_open_tag’ => ‘On‘}` + * Settings parmeter cleanups + * The parameter `config` of `php::extension` resources is now called `settings` + * The parameters `user` and `group` of `php::fpm` have been moved to `php::fpm::config` + * New parameter `php::settings` for global settings (i.e. CLI & FPM) + * New parameter `php::cli` to disable CLI if supported + +## 1.1.2 + * SLES: PHP 5.5 will now be installed + * Pecl extensions now autoload the .so based on $name instead of $title + +## 1.1.1 + * some nasty bugs with the pecl php::extension provider were fixed + * php::extension now has a new pecl_source parameter for specifying custom + source channels for the pecl provider + +## 1.1.0 + * add phpunit to main class + * fix variable access for augeas + +## 1.0.2 + * use correct suse apache service name + * fix anchoring of augeas + +## 1.0.1 + * fixes #9 undefined pool_base_dir + +## 1.0.0 +Initial release + +[4.1.0]: https://github.com/olivierlacan/keep-a-changelog/compare/v4.0.0...v4.1.0 +[4.0.0]: https://github.com/olivierlacan/keep-a-changelog/compare/v3.4.2...v4.0.0 + + +\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/HISTORY.md Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,222 @@ +## [v5.0.0](https://github.com/voxpupuli/puppet-php/tree/v5.0.0) (2017-08-07) +### Summary +This backwards-incompatible release drops puppet 3, PHP 5.5 on Ubuntu, and the deprecated `php::extension` parameter `pecl_source`. It improves much of the internal code quality, and adds several useful features the most interesting of which is probably the `php::extension` parameter `ini_prefix`. + +### Changed +- Drop puppet 3 compatibility. +- Bumped puppetlabs-apt lower bound to 4.1.0 +- Bumped puppetlabs-stdlib lower bound to 4.13.1 + +### Removed +- Deprecated `php::extension` define parameters `pecl_source`. Use `source` instead. +- PHP 5.5 support on ubuntu. + +### Added +- `php` class parameters `fpm_user` and `fpm_group` to customize php-fpm user/group. +- `php::fpm` class parameters `user` and `group`. +- `php::fpm::pool` define parameter `pm_process_idle_timeout` and pool.conf `pm.process_idle_timeout` directive. +- `php::extension` class parameters `ini_prefix` and `install_options`. +- Archlinux compatibility. +- Bumped puppetlabs-apt upper bound to 5.0.0 + +### Fixed +- Replaced validate functions with data types. +- Linting issues. +- Replace legacy facts with facts hash. +- Simplify `php::extension` +- Only apt dependency when `manage_repos => true` +- No more example42/yum dependency + +## 2017-02-11 Release [4.0.0] + +This is the last release with Puppet3 support! +* Fix a bug turning `manage_repos` off on wheezy +* Fix a deprecation warning on `apt::key` when using `manage_repos` on wheezy (#110). This change requires puppetlabs/apt at >= 1.8.0 +* Allow removal of config values (#124) +* Add `phpversion` fact, for querying through PuppetDB or Foreman (#119) +* Allow configuring the fpm pid file (#123) +* Add embedded SAPI support (#115) +* Add options to fpm config and pool configs (#139) +* Add parameter logic for PHP 7 on Ubuntu/Debian (#180) +* add SLES PHP 7.0 Support (#220) +* allow packaged extensions to be loaded as zend extensions +* Fix command to enable php extensions (#226) +* Fix many rucocop warnings +* Update module Ubuntu 14.04 default to official repository setup +* Fix dependency for extentions with no package source +* Allow packaged extensions to be loaded as Zend extensions +* Support using an http proxy for downloading composer +* Refactor classes php::fpm and php::fpm:service +* Manage apache/PHP configurations on Debian and RHEL systems +* use voxpupuli/archive to download composer +* respect $manage_repos, do not include ::apt if set to false +* Bump min version_requirement for Puppet + deps +* allow pipe param for pecl extensions +* Fix: composer auto_update: exec's environment must be array + +### Breaking Changes + * Deep merge `php::extensions` the same way as `php::settings`. This technically is a + breaking change but should not affect many people. + * PHP 5.6 is the default version on all systems now (except Ubuntu 16.04, where 7.0 is the default). + * There's a php::globals class now, where global paramters (like the PHP version) are set. (#132) + * Removal of php::repo::ubuntu::ppa (#218) + +## 3.4.2 + * Fix a bug that changed the default of `php::manage_repos` to `false` on + Debian-based operating systems except wheezy. It should be turned on by + default. (#116) + * Fix a bug that prevented reloading php-fpm on Ubuntu in some cases. + (#117, #107) + +## 3.4.1 + * Fix reloading php-fpm on Ubuntu trusty & utopic (#107) + +## 3.4.0 + * New parameter `ppa` for class `php::repo::ubuntu` to specify the ppa + name to use. We default to `ondrej/php5-oldstable` for precise and + `ondrej/php5` otherwise. + * New parameter `include` for `php::fpm::pool` resources to specify + custom configuration files. + +## 3.3.1 + * Make `systemd_interval` parameter for class `php::fpm::config` optional + +## 3.3.0 + * `php::extension` resources: + * New boolean parameter `settings_prefix` to automatically prefix all + settings keys with the extensions names. Defaults to false to ensurre + the current behaviour. + * New string parameter `so_name` to set the DSO name of an extension if + it doesn't match the package name. + * New string parameter `php_api_version` to set a custom api version. If + not `undef`, the `so_name` is prefixed with the full module path in the + ini file. Defaults to `undef`. + * The default of the parameter `listen_allowed_clients` of `php::fpm::pool` + resources is now `undef` instead of `'127.0.0.1'`. This way it is more + intuitive to change the default tcp listening socket at `127.0.0.1:9000` + to a unix socket by only setting the `listen` parameter instead of + additionally needing to unset `listen_allowed_clients`. This has no + security implications. + * New parameters for the `php::fpm::config` class: + * `error_log` + * `syslog_facility` + * `syslog_ident` + * `systemd_interval` + * A bug that prevented merging the global `php::settings` parameter into + SAPI configs for `php::cli` and `php::fpm` was fixed. + * The dotdeb repos are now only installed for Debian wheezy as Debian jessie + has a sufficiently recent PHP version. + +## 3.2.2 + * Fix a typo in hiera keys `php::settings` & `php::fpm::settings` (#83) + +## 3.2.1 + * Fixed default `yum_repo` key in `php::repo::redhat` + * On Ubuntu precise we now use the ondrej/php5-oldstable ppa. This can be + manually enabled with by setting `$php::repo::ubuntu::oldstable` to + `true`. + * `$php::ensure` now defaults to `present` instead of `latest`. Though, + strictly speaking, this represents a functional change, we consider this + to be a bugfix because automatic updates should be enabled explicitely. + * `$php::ensure` is not anymore passed to `php::extension` resources as + default ensure parameter because this doesn't make sense. + +## 3.2.0 + * Support for FreeBSD added by Frank Wall + * RedHat now uses remi-php56 yum repo by default + * The resource `php::fpm::pool` is now public, you can use it in your + manifests without using `$php::fpm::pools` + * We now have autogenerated documentation using `puppetlabs/strings` + +## 3.1.0 + * New parameter `pool_purge` for `php::extension` to remove files not + managed by puppet from the pool directory. + * The `pecl_source` parameter for `php::extension` was renamend to + `source` because it is also useful for PEAR extensions. + `pecl_source` can still be used but is deprecated and will be + removed in the next major release. + * Parameters referring to time in `php::fpm::config` can now be + specified with units (i.e. `'60s'`, `'1d'`): + * `emergency_restart_threshold` + * `emergency_restart_interval` + * `process_control_timeout` + * The PEAR version is not independant of `$php::ensure` and can be + configured with `$php::pear_ensure` + * Give special thanks to the contributors of this release: + * Petr Sedlacek + * Sherlan Moriah + +## 3.0.1 + * Fix typo in package suffix for php-fpm on RHEL in params.pp + +## 3.0.0 + * Removes `$php::fpm::pool::error_log`. Use the `php_admin_flag` and + `php_admin_value` parameters to set the php settings `log_errors` and + `error_log` instead. + * Removes support for PHP 5.3 on Debian-based systems. See the notes in the + README for more information. + * Removes the `php_version` fact which had only worked on the later puppet runs. + * Moves CLI-package handling to `php::packages` + * Allows changing the package prefix via `php::package_prefix`. + * Moves FPM-package handling from `php::fpm::package` to `php::fpm` + * Changes `php::packages`, so that `php::packages::packages` becomes + `php::packages::names` and are installed and `php::packages::names_to_prefix` + are installed prefixed by `php::package_prefix`. + * PHPUnit is now installed as phar in the same way composer is installed, + causing all parameters to change + * The `php::extension` resource has a new parameter: `zend`. If set to true, + exenstions that were installed with pecl are loaded with `zend_extension`. + +## 2.0.4 + * Style fixes all over the place + * Module dependencies are now bound to the current major version + +## 2.0.3 + * Some issues & bugs with extensions were fixed + * If you set the `provider` parameter of an extension to `"none"`, no + extension packages will be installed + * The EPEL yum repo has been added for RedHat systems + +## 2.0.2 + * Adds support for `header_packages` on all extensions + * Adds `install_options` to pear package provider + +## 2.0.1 + * This is a pure bug fix release + * Fix for CVE 2014-0185 (https://bugs.php.net/bug.php?id=67060) + +## 2.0.0 + * Remove augeas and switch to puppetlabs/inifile for configs + * Old: `settings => [‘set PHP/short_open_tag On‘]` + * New: `settings => {‘PHP/short_open_tag’ => ‘On‘}` + * Settings parmeter cleanups + * The parameter `config` of `php::extension` resources is now called `settings` + * The parameters `user` and `group` of `php::fpm` have been moved to `php::fpm::config` + * New parameter `php::settings` for global settings (i.e. CLI & FPM) + * New parameter `php::cli` to disable CLI if supported + +## 1.1.2 + * SLES: PHP 5.5 will now be installed + * Pecl extensions now autoload the .so based on $name instead of $title + +## 1.1.1 + * some nasty bugs with the pecl php::extension provider were fixed + * php::extension now has a new pecl_source parameter for specifying custom + source channels for the pecl provider + +## 1.1.0 + * add phpunit to main class + * fix variable access for augeas + +## 1.0.2 + * use correct suse apache service name + * fix anchoring of augeas + +## 1.0.1 + * fixes #9 undefined pool_base_dir + +## 1.0.0 +Initial release + +[4.1.0]: https://github.com/olivierlacan/keep-a-changelog/compare/v4.0.0...v4.1.0 +[4.0.0]: https://github.com/olivierlacan/keep-a-changelog/compare/v3.4.2...v4.0.0
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/LICENSE.txt Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,23 @@ +The MIT License (MIT) + +Copyright (c) 2012-2013 Christian "Jippi" Winther <jippignu@gmail.com> + Tobias Nyholm <tobias@happyrecruiting.se> + 2014-2015 Mayflower GmbH <devops@mayflower.de> + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/README.md Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,460 @@ +[![Puppet Forge](http://img.shields.io/puppetforge/v/puppet/php.svg)](https://forge.puppetlabs.com/puppet/php) +[![Build Status](https://travis-ci.org/voxpupuli/puppet-php.svg?branch=master)](https://travis-ci.org/voxpupuli/puppet-php) + +## Current Status +As the original creators of `puppet-php` are no longer maintaining the module, it has been handed over into the care of Vox Pupuli. +Please be sure to update all your links to the new location. + +# voxpupuli/php Puppet Module + +voxpupuli/php is a Puppet module for managing PHP with a strong focus +on php-fpm. The module aims to use sane defaults for the supported +architectures. We strive to support all recent versions of Debian, +Ubuntu, RedHat/CentOS, openSUSE/SLES and FreeBSD. Managing Apache +with `mod_php` is not supported. + +This originally was a fork of [jippi/puppet-php](https://github.com/jippi/puppet-php) +(nodes-php on Puppet Forge) but has since been rewritten in large parts. + +## Usage + +Quickest way to get started is simply `include`'ing the _`php` class_. + +```puppet +include '::php' +``` + +Or, you can override defaults and specify additional custom +configurations by declaring `class { '::php': }` with parameters: + +```puppet +class { '::php': + ensure => latest, + manage_repos => true, + fpm => true, + dev => true, + composer => true, + pear => true, + phpunit => false, +} +``` + +Optionally the PHP version or configuration root directory can be changed also: + +```puppet +class { '::php::globals': + php_version => '7.0', + config_root => '/etc/php/7.0', +}-> +class { '::php': + manage_repos => true +} +``` + +There are more configuration options available. Please refer to the +auto-generated documentation at http://php.puppet.mayflower.de/. + +### Defining `php.ini` settings + +PHP configuration parameters in `php.ini` files can be defined as parameter +`settings` on the main `php` class, or `php::fpm` / `php::cli` classes, +or `php::extension` resources for each component independently. + +These settings are written into their respective `php.ini` file. Global +settings in `php::settings` are merged with the settings of all components. +Please note that settings of extensions are always independent. + +In the following example the PHP options and timezone will be set in +all PHP configurations, i.e. the PHP cli application and all php-fpm pools. + +```puppet + class { '::php': + settings => { + 'PHP/max_execution_time' => '90', + 'PHP/max_input_time' => '300', + 'PHP/memory_limit' => '64M', + 'PHP/post_max_size' => '32M', + 'PHP/upload_max_filesize' => '32M', + 'Date/date.timezone' => 'Europe/Berlin', + }, + } +``` + +### Installing extensions + +PHP configuration parameters in `php.ini` files can be defined +as parameter `extensions` on the main `php` class. They are +activated for all activated SAPIs. + +```puppet + class { '::php': + extensions => { + bcmath => { }, + imagick => { + provider => pecl, + }, + xmlrpc => { }, + memcached => { + provider => 'pecl', + header_packages => [ 'libmemcached-devel', ], + }, + apc => { + provider => 'pecl', + settings => { + 'apc/stat' => '1', + 'apc/stat_ctime' => '1', + }, + sapi => 'fpm', + }, + }, + } +``` + +See [the documentation](http://php.puppet.mayflower.de/php/extension.html) +of the `php::extension` resource for all available parameters and default +values. + +### Defining php-fpm pools + +If different php-fpm pools are required, you can use `php::fpm::pool` +defined resource type. A single pool called `www` will be configured +by default. Specify additional pools like so: + +```puppet + php::fpm::pool { 'www2': + listen => '127.0.1.1:9000', + } +``` + +For an overview of all possible parameters for `php::fpm::pool` resources +please see [its documention](http://php.puppet.mayflower.de/php/fpm/pool.html). + +### Overriding php-fpm user + +By default, php-fpm is set up to run as Apache. If you need to customize that user, you can do that like so: + +```puppet + class { '::php': + fpm_user => 'nginx', + fpm_group => 'nginx', + } +``` + +### PHP with one FPM pool per user + +This will create one vhost. $users is an array of people having php files at +$fqdn/$user. This codesnipped uses voxpupuli/php and voxpupuli/nginx to create +the vhost and one php fpm pool per user. This was tested on Archlinux with +nginx 1.13 and PHP 7.2.3. + +```puppet +$users = ['bob', 'alice'] + +class { 'php': + ensure => 'present', + manage_repos => false, + fpm => true, + dev => false, + composer => false, + pear => true, + phpunit => false, + fpm_pools => {}, +} + +include nginx + +nginx::resource::server{$facts['fqdn']: + www_root => '/var/www', + autoindex => 'on', +} +nginx::resource::location{'dontexportprivatedata': + server => $facts['fqdn'], + location => '~ /\.', + location_deny => ['all'], +} +$users.each |$user| { + # create one fpm pool. will be owned by the specific user + # fpm socket will be owned by the nginx user 'http' + php::fpm::pool{$user: + user => $user, + group => $user, + listen_owner => 'http', + listen_group => 'http', + listen_mode => '0660', + listen => "/var/run/php-fpm/${user}-fpm.sock", + } + nginx::resource::location { "${name}_root": + ensure => 'present', + server => $facts['fqdn'], + location => "~ .*${user}\/.*\.php$", + index_files => ['index.php'], + fastcgi => "unix:/var/run/php-fpm/${user}-fpm.sock", + include => ['fastcgi.conf'], + } +} +``` + +### Alternative examples using Hiera +Alternative to the Puppet DSL code examples above, you may optionally define your PHP configuration using Hiera. + +Below are all the examples you see above, but defined in YAML format for use with Hiera. + +```yaml + +--- +php::ensure: latest +php::manage_repos: true +php::fpm: true +php::fpm_user: 'nginx' +php::fpm_group: 'nginx' +php::dev: true +php::composer: true +php::pear: true +php::phpunit: false +php::settings: + 'PHP/max_execution_time': '90' + 'PHP/max_input_time': '300' + 'PHP/memory_limit': '64M' + 'PHP/post_max_size': '32M' + 'PHP/upload_max_filesize': '32M' + 'Date/date.timezone': 'Europe/Berlin' +php::extensions: + bcmath: {} + xmlrpc: {} + imagick: + provider: pecl + memcached: + provider: pecl + header_packages: + - libmemcached-dev + apc: + provider: pecl + settings: + 'apc/stat': 1 + 'apc/stat_ctime': 1 + sapi: 'fpm' +php::fpm::pools: + www2: + listen: '127.0.1.1:9000' +``` + +## Notes + +### Inheriting configuration across mutliple Hiera sources + +Configuration from Hiera such as `php::fpm::pools` is automatically +lookup up using the "first" merge method. This means that the first +value found is used. If you instead want to merge the hash keys +across multiple Hiera sources, you can use [`lookup_options`] to +set [`hash` or `deep` behaviors] such as in the example +[data/default.yaml](data/default.yaml): + +```yaml +lookup_options: + php::fpm::pools: + merge: hash +``` + +[`lookup_options`]: https://puppet.com/docs/puppet/6.4/hiera_merging.html#concept-2997 +[`hash` or `deep` behaviors]: https://puppet.com/docs/puppet/6.4/hiera_merging.html#merge-behaviors + +### Debian squeeze & Ubuntu precise come with PHP 5.3 + +On Debian-based systems, we use `php5enmod` to enable extension-specific +configuration. This script is only present in `php5` packages beginning with +version 5.4. Furthermore, PHP 5.3 is not supported by upstream anymore. + +We strongly suggest you use a recent PHP version, even if you're using an +older though still supported distribution release. Our default is to have +`php::manage_repos` enabled to add apt sources for +[Dotdeb](http://www.dotdeb.org/) on Debian and +[ppa:ondrej/php5](https://launchpad.net/~ondrej/+archive/ubuntu/php5/) on +Ubuntu with packages for the current stable PHP version closely tracking +upstream. + +### Ubuntu systems and Ondřej's PPA + +The older Ubuntu PPAs run by Ondřej have been deprecated (ondrej/php5, ondrej/php5.6) +in favor of a new PPA: ondrej/php which contains all 3 versions of PHP: 5.5, 5.6, and 7.0 +Here's an example in hiera of getting PHP 5.6 installed with php-fpm, pear/pecl, and composer: + +```puppet +php::globals::php_version: '5.6' +php::fpm: true +php::dev: true +php::composer: true +php::pear: true +php::phpunit: false +``` + +If you do not specify a php version, in Ubuntu the default will be 7.0 if you are +running Xenial (16.04), otherwise PHP 5.6 will be installed (for other versions) + +### Apache support + +Apache with `mod_php` is not supported by this module. Please use +[puppetlabs/apache](https://forge.puppetlabs.com/puppetlabs/apache) instead. + +We prefer using php-fpm. You can find an example Apache vhost in +`manifests/apache_vhost.pp` that shows you how to use `mod_proxy_fcgi` to +connect to php-fpm. + + +### RedHat/CentOS SCL Users +If you plan to use the SCL repositories with this module you must do the following adjustments: + +#### General config +This ensures that the module will create configurations in the directory ``/etc/opt/rh/<php_version>/` (also in php.d/ +for extensions). Anyway you have to manage the SCL repo's by your own. + +```puppet +class { '::php::globals': + php_version => 'rh-php71', + rhscl_mode => 'rhscl', +} +-> class { '::php': + manage_repos => false +} +``` + +#### Extensions +Extensions in SCL are being installed with packages that cover 1 or more .so files. This is kinda incompatible with +this module, since this module specifies an extension by name and derives the name of the package and the config (.ini) +from it. To manage extensions of SCL packages you must use the following parameters: + +```puppet +class { '::php': + ... + extensions => { + 'soap' => { + ini_prefix => '20-', + }, + } +} +``` + +By this you tell the module to configure bz2 and calender while ensuring only the package `common`. Additionally to the +installation of 'common' the inifiles 'calender.ini' and 'bz2.ini' will be created by the scheme +`<config_file_prefix><extension_title>`. + +A list of commonly used modules: +```puppet + { + extensions => { + 'xml' => { + ini_prefix => '20-', + multifile_settings => true, + settings => { + 'dom' => {}, + 'simplexml' => {}, + 'xmlwriter' => {}, + 'xsl' => {}, + 'wddx' => {}, + 'xmlreader' => {}, + }, + }, + 'soap' => { + ini_prefix => '20-', + }, + 'imap' => { + ini_prefix => '20-', + }, + 'intl' => { + ini_prefix => '20-', + }, + 'gd' => { + ini_prefix => '20-', + }, + 'mbstring' => { + ini_prefix => '20-', + }, + 'xmlrpc' => { + ini_prefix => '20-', + }, + 'pdo' => { + ini_prefix => '20-', + multifile_settings => true, + settings => { + 'pdo' => {}, + 'pdo_sqlite' => {}, + 'sqlite3' => {}, + }, + }, + 'process' => { + ini_prefix => '20-', + multifile_settings => true, + settings => { + 'posix' => {}, + 'shmop' => {}, + 'sysvmsg' => {}, + 'sysvsem' => {}, + 'sysvshm' => {}, + }, + }, + 'mysqlnd' => { + ini_prefix => '30-', + multifile_settings => true, + settings => { + 'mysqlnd' => {}, + 'mysql' => {}, + 'mysqli' => {}, + 'pdo_mysql' => {}, + 'sysvshm' => {}, + }, + }, + } + } +``` + +### Facts + +We deliver a `phpversion` fact with this module. This is explicitly **NOT** intended +to be used within your puppet manifests as it will only work on your second puppet +run. Its intention is to make querying PHP versions per server easy via PuppetDB or Foreman. + +### FreeBSD support + +On FreeBSD systems we purge the system-wide `extensions.ini` in favour of +per-module configuration files. + +Please also note that support for Composer and PHPUnit on FreeBSD is untested +and thus likely incomplete. + +### Running the test suite + +To run the tests install the ruby dependencies with `bundler` and execute +`rake`: + +``` +bundle install --path vendor/bundle +bundle exec rake +``` + +## Bugs & New Features + +If you happen to stumble upon a bug, please feel free to create a pull request +with a fix (optionally with a test), and a description of the bug and how it +was resolved. + +Or if you're not into coding, simply create an issue adding steps to let us +reproduce the bug and we will happily fix it. + +If you have a good idea for a feature or how to improve this module in general, +please create an issue to discuss it. We are very open to feedback. Pull +requests are always welcome. + +We hate orphaned and unmaintained Puppet modules as much as you do and +therefore promise that we will continue to maintain this module and keep +response times to issues short. If we happen to lose interest, we will write +a big fat warning into this README to let you know. + +## License + +The project is released under the permissive MIT license. + +The source can be found at +[github.com/voxpupuli/puppet-php](https://github.com/voxpupuli/puppet-php/). + +This Puppet module was originally maintained by some fellow puppeteers at +[Mayflower GmbH](https://mayflower.de) and is now maintained by +[Vox Pupuli](https://voxpupuli.org/).
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/REFERENCE.md Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,3241 @@ +# Reference + +<!-- DO NOT EDIT: This document was generated by Puppet Strings --> + +## Table of Contents + +### Classes + +* [`php`](#php): Base class with global configuration parameters that pulls in all enabled components. === Parameters [*ensure*] Specify which version of +* [`php::apache_config`](#phpapache_config): Install and configure php apache settings === Parameters [*inifile*] The path to the ini php-apache ini file [*settings*] Hash with ne +* [`php::cli`](#phpcli): Install and configure php CLI === Parameters [*inifile*] The path to the ini php5-cli ini file [*settings*] Hash with nested hash of k +* [`php::composer`](#phpcomposer): Install composer package manager === Parameters [*source*] Holds URL to the Composer source file [*path*] Holds path to the Composer e +* [`php::composer::auto_update`](#phpcomposerauto_update): Install composer package manager === Parameters [*max_age*] Defines number of days after which Composer should be updated [*source*] H +* [`php::dev`](#phpdev): Install the development package with headers for PHP === Parameters [*ensure*] The PHP ensure of PHP dev to install [*package*] The pa +* [`php::embedded`](#phpembedded): Install and configure php embedded SAPI === Parameters [*inifile*] The path to the ini php5-embeded ini file [*settings*] Hash with ne +* [`php::fpm`](#phpfpm): Install and configure mod_php for fpm === Parameters [*user*] The user that php-fpm should run as [*group*] The group that php-fpm sho +* [`php::fpm::config`](#phpfpmconfig): Configure php-fpm service === Parameters [*config_file*] The path to the fpm config file [*user*] The user that runs php-fpm [*group* +* [`php::fpm::service`](#phpfpmservice): Manage fpm service === Parameters [*service_name*] name of the php-fpm service [*ensure*] 'ensure' value for the service [*enable*] +* [`php::global`](#phpglobal) +* [`php::globals`](#phpglobals) +* [`php::packages`](#phppackages): Install common PHP packages === Parameters [*ensure*] Specify which version of PHP packages to install [*names*] List of the names of +* [`php::params`](#phpparams): PHP params class +* [`php::pear`](#phppear): Install PEAR package manager === Parameters [*ensure*] The package ensure of PHP pear to install and run pear auto_discover [*package*] +* [`php::phpunit`](#phpphpunit): Install phpunit, PHP testing framework === Parameters [*source*] Holds URL to the phpunit source file [*path*] Holds path to the phpun +* [`php::phpunit::auto_update`](#phpphpunitauto_update): Install phpunit package manager === Parameters [*max_age*] Defines number of days after which phpunit should be updated [*source*] Hol +* [`php::repo`](#phprepo): Configure package repository +* [`php::repo::debian`](#phprepodebian): Configure debian apt repo === Parameters [*location*] Location of the apt repository [*release*] Release of the apt repository [*repo +* [`php::repo::redhat`](#phpreporedhat) +* [`php::repo::suse`](#phpreposuse): Configure suse repo === Parameters [*reponame*] Name of the Zypper repository [*baseurl*] Base URL of the Zypper repository +* [`php::repo::ubuntu`](#phprepoubuntu): Configure ubuntu ppa === Parameters [*version*] PHP version to manage (e.g. 5.6) + +### Defined types + +* [`php::apache_vhost`](#phpapache_vhost): Configures an apache vhost for php === Parameters [*vhost*] The vhost address [*docroot*] The vhost docroot [*port*] The vhost port +* [`php::config`](#phpconfig): Configure php.ini settings for a PHP SAPI === Parameters [*file*] The path to ini file [*config*] Nested hash of key => value to apply +* [`php::config::setting`](#phpconfigsetting): Configure php.ini settings === Parameters [*key*] The key of the value, like `ini_setting` [*file*] The path to ini file [*value*] +* [`php::extension`](#phpextension): Install a PHP extension package === Parameters [*ensure*] The ensure of the package to install Could be "present", "absent", "latest", +* [`php::extension::config`](#phpextensionconfig): Configure a PHP extension package === Parameters [*ensure*] The ensure of the package to install Could be "latest", "installed" or a pi +* [`php::extension::install`](#phpextensioninstall): Install a PHP extension package === Parameters [*ensure*] The ensure of the package to install Could be "latest", "installed" or a pinn +* [`php::fpm::pool`](#phpfpmpool): Configure fpm pools === Parameters See the official php-fpm documentation for parameters that are not documented here: http://php.net/manua + +### Functions + +* [`ensure_prefix`](#ensure_prefix): This function ensures a prefix for all elements in an array or the keys in a hash. *Examples:* ensure_prefix({'a' => 1, 'b' => 2, 'p.c' = +* [`to_hash_settings`](#to_hash_settings): This function converts a +{key => value}+ hash into a nested hash and can add an id to the outer key. The optional id string as second parame + +### Data types + +* [`Php::ComposerChannel`](#phpcomposerchannel) +* [`Php::Duration`](#phpduration): A duration in seconds are with an unit +* [`Php::InstallOptions`](#phpinstalloptions) +* [`Php::Provider`](#phpprovider) +* [`Php::Sapi`](#phpsapi) + +## Classes + +### <a name="php"></a>`php` + +Base class with global configuration parameters that pulls in all +enabled components. + +=== Parameters + +[*ensure*] + Specify which version of PHP packages to install, defaults to 'present'. + Please note that 'absent' to remove packages is not supported! + +[*manage_repos*] + Include repository (dotdeb, ppa, etc.) to install recent PHP from + +[*fpm*] + Install and configure php-fpm + +[*fpm_service_enable*] + Enable/disable FPM service + +[*fpm_service_ensure*] + Ensure FPM service is either 'running' or 'stopped' + +[*fpm_service_name*] + This is the name of the php-fpm service. It defaults to reasonable OS + defaults but can be different in case of using php7.0/other OS/custom fpm service + +[*fpm_service_provider*] + This is the name of the service provider, in case there is a non + OS default service provider used to start FPM. + Defaults to 'undef', pick system defaults. + +[*fpm_pools*] + Hash of php::fpm::pool resources that will be created. Defaults + to a single php::fpm::pool named www with default parameters. + +[*fpm_global_pool_settings*] + Hash of defaults params php::fpm::pool resources that will be created. + Defaults to empty hash. + +[*fpm_inifile*] + Path to php.ini for fpm + +[*fpm_package*] + Name of fpm package to install + +[*fpm_user*] + The user that php-fpm should run as + +[*fpm_group*] + The group that php-fpm should run as + +[*dev*] + Install php header files, needed to install pecl modules + +[*composer*] + Install and auto-update composer + +[*pear*] + Install PEAR + +[*phpunit*] + Install phpunit + +[*apache_config*] + Manage apache's mod_php configuration + +[*proxy_type*] + proxy server type (none|http|https|ftp) + +[*proxy_server*] + specify a proxy server, with port number if needed. ie: https://example.com:8080. + +[*extensions*] + Install PHP extensions, this is overwritten by hiera hash `php::extensions` + +[*package_prefix*] + This is the prefix for constructing names of php packages. This defaults + to a sensible default depending on your operating system, like 'php-' or + 'php5-'. + +[*config_root_ini*] + This is the path to the config .ini files of the extensions. This defaults + to a sensible default depending on your operating system, like + '/etc/php5/mods-available' or '/etc/php5/conf.d'. + +[*config_root_inifile*] + The path to the global php.ini file. This defaults to a sensible default + depending on your operating system. + +[*ext_tool_enable*] + Absolute path to php tool for enabling extensions in debian/ubuntu systems. + This defaults to '/usr/sbin/php5enmod'. + +[*ext_tool_query*] + Absolute path to php tool for querying information about extensions in + debian/ubuntu systems. This defaults to '/usr/sbin/php5query'. + +[*ext_tool_enabled*] + Enable or disable the use of php tools on debian based systems + debian/ubuntu systems. This defaults to 'true'. + +[*log_owner*] + The php-fpm log owner + +[*log_group*] + The group owning php-fpm logs + +[*embedded*] + Enable embedded SAPI + +[*pear_ensure*] + The package ensure of PHP pear to install and run pear auto_discover + +[*settings*] + PHP configuration parameters in php.ini files as a hash. For example, + 'Date/date.timezone' => 'Australia/Melbourne' sets data.timezone + to 'Australia/Melbourne' under [Date] section, and + 'PHP/memory_limit' => '256M' sets memory_limit to 256M. + +[*cli_settings*] + Additional hash of PHP configuration parameters for PHP CLI. When a + setting key already exists in $settings, the value provided from the + $cli_settings parameter overrides the value from $settings parameter. + For example, 'PHP/memory_limit' => '1000M' sets memory_limit to 1000M + for the PHP cli ini file, regardless of the values from $settings. + +[*pool_purge*] + Whether to purge pool config files not created + by this module + +[*reload_fpm_on_config_changes*] + by default, we reload the service on changes. + But certain options, like socket owner, will only be applied during a restart. + If set to false, a restart will be executed instead of a reload. + This default will be changed in a future release. + +#### Parameters + +The following parameters are available in the `php` class: + +* [`ensure`](#ensure) +* [`manage_repos`](#manage_repos) +* [`fpm`](#fpm) +* [`fpm_service_enable`](#fpm_service_enable) +* [`fpm_service_ensure`](#fpm_service_ensure) +* [`fpm_service_name`](#fpm_service_name) +* [`fpm_service_provider`](#fpm_service_provider) +* [`fpm_pools`](#fpm_pools) +* [`fpm_global_pool_settings`](#fpm_global_pool_settings) +* [`fpm_inifile`](#fpm_inifile) +* [`fpm_package`](#fpm_package) +* [`fpm_user`](#fpm_user) +* [`fpm_group`](#fpm_group) +* [`embedded`](#embedded) +* [`dev`](#dev) +* [`composer`](#composer) +* [`pear`](#pear) +* [`pear_ensure`](#pear_ensure) +* [`phpunit`](#phpunit) +* [`apache_config`](#apache_config) +* [`proxy_type`](#proxy_type) +* [`proxy_server`](#proxy_server) +* [`extensions`](#extensions) +* [`settings`](#settings) +* [`cli_settings`](#cli_settings) +* [`package_prefix`](#package_prefix) +* [`config_root_ini`](#config_root_ini) +* [`config_root_inifile`](#config_root_inifile) +* [`ext_tool_enable`](#ext_tool_enable) +* [`ext_tool_query`](#ext_tool_query) +* [`ext_tool_enabled`](#ext_tool_enabled) +* [`log_owner`](#log_owner) +* [`log_group`](#log_group) +* [`pool_purge`](#pool_purge) +* [`reload_fpm_on_config_changes`](#reload_fpm_on_config_changes) + +##### <a name="ensure"></a>`ensure` + +Data type: `String` + + + +Default value: `$php::params::ensure` + +##### <a name="manage_repos"></a>`manage_repos` + +Data type: `Boolean` + + + +Default value: `$php::params::manage_repos` + +##### <a name="fpm"></a>`fpm` + +Data type: `Boolean` + + + +Default value: ``true`` + +##### <a name="fpm_service_enable"></a>`fpm_service_enable` + +Data type: `Boolean` + + + +Default value: `$php::params::fpm_service_enable` + +##### <a name="fpm_service_ensure"></a>`fpm_service_ensure` + +Data type: `Enum['running', 'stopped']` + + + +Default value: `$php::params::fpm_service_ensure` + +##### <a name="fpm_service_name"></a>`fpm_service_name` + +Data type: `String[1]` + + + +Default value: `$php::params::fpm_service_name` + +##### <a name="fpm_service_provider"></a>`fpm_service_provider` + +Data type: `Optional[String[1]]` + + + +Default value: ``undef`` + +##### <a name="fpm_pools"></a>`fpm_pools` + +Data type: `Hash` + + + +Default value: `$php::params::fpm_pools` + +##### <a name="fpm_global_pool_settings"></a>`fpm_global_pool_settings` + +Data type: `Hash` + + + +Default value: `{}` + +##### <a name="fpm_inifile"></a>`fpm_inifile` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$php::params::fpm_inifile` + +##### <a name="fpm_package"></a>`fpm_package` + +Data type: `Optional[String[1]]` + + + +Default value: ``undef`` + +##### <a name="fpm_user"></a>`fpm_user` + +Data type: `String[1]` + + + +Default value: `$php::params::fpm_user` + +##### <a name="fpm_group"></a>`fpm_group` + +Data type: `String[1]` + + + +Default value: `$php::params::fpm_group` + +##### <a name="embedded"></a>`embedded` + +Data type: `Boolean` + + + +Default value: ``false`` + +##### <a name="dev"></a>`dev` + +Data type: `Boolean` + + + +Default value: ``true`` + +##### <a name="composer"></a>`composer` + +Data type: `Boolean` + + + +Default value: ``true`` + +##### <a name="pear"></a>`pear` + +Data type: `Boolean` + + + +Default value: ``true`` + +##### <a name="pear_ensure"></a>`pear_ensure` + +Data type: `String` + + + +Default value: `$php::params::pear_ensure` + +##### <a name="phpunit"></a>`phpunit` + +Data type: `Boolean` + + + +Default value: ``false`` + +##### <a name="apache_config"></a>`apache_config` + +Data type: `Boolean` + + + +Default value: ``false`` + +##### <a name="proxy_type"></a>`proxy_type` + +Data type: `Optional[String[1]]` + + + +Default value: ``undef`` + +##### <a name="proxy_server"></a>`proxy_server` + +Data type: `Optional[String[1]]` + + + +Default value: ``undef`` + +##### <a name="extensions"></a>`extensions` + +Data type: `Hash` + + + +Default value: `{}` + +##### <a name="settings"></a>`settings` + +Data type: `Hash` + + + +Default value: `{}` + +##### <a name="cli_settings"></a>`cli_settings` + +Data type: `Hash` + + + +Default value: `{}` + +##### <a name="package_prefix"></a>`package_prefix` + +Data type: `Optional[String[1]]` + + + +Default value: `$php::params::package_prefix` + +##### <a name="config_root_ini"></a>`config_root_ini` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$php::params::config_root_ini` + +##### <a name="config_root_inifile"></a>`config_root_inifile` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$php::params::config_root_inifile` + +##### <a name="ext_tool_enable"></a>`ext_tool_enable` + +Data type: `Optional[Stdlib::Absolutepath]` + + + +Default value: `$php::params::ext_tool_enable` + +##### <a name="ext_tool_query"></a>`ext_tool_query` + +Data type: `Optional[Stdlib::Absolutepath]` + + + +Default value: `$php::params::ext_tool_query` + +##### <a name="ext_tool_enabled"></a>`ext_tool_enabled` + +Data type: `Boolean` + + + +Default value: `$php::params::ext_tool_enabled` + +##### <a name="log_owner"></a>`log_owner` + +Data type: `String` + + + +Default value: `$php::params::fpm_user` + +##### <a name="log_group"></a>`log_group` + +Data type: `String` + + + +Default value: `$php::params::fpm_group` + +##### <a name="pool_purge"></a>`pool_purge` + +Data type: `Boolean` + + + +Default value: `$php::params::pool_purge` + +##### <a name="reload_fpm_on_config_changes"></a>`reload_fpm_on_config_changes` + +Data type: `Boolean` + + + +Default value: ``true`` + +### <a name="phpapache_config"></a>`php::apache_config` + +Install and configure php apache settings + +=== Parameters + +[*inifile*] + The path to the ini php-apache ini file + +[*settings*] + Hash with nested hash of key => value to set in inifile + +#### Parameters + +The following parameters are available in the `php::apache_config` class: + +* [`inifile`](#inifile) +* [`settings`](#settings) + +##### <a name="inifile"></a>`inifile` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$php::params::apache_inifile` + +##### <a name="settings"></a>`settings` + +Data type: `Hash` + + + +Default value: `{}` + +### <a name="phpcli"></a>`php::cli` + +Install and configure php CLI + +=== Parameters + +[*inifile*] + The path to the ini php5-cli ini file + +[*settings*] + Hash with nested hash of key => value to set in inifile + +#### Parameters + +The following parameters are available in the `php::cli` class: + +* [`inifile`](#inifile) +* [`settings`](#settings) + +##### <a name="inifile"></a>`inifile` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$php::params::cli_inifile` + +##### <a name="settings"></a>`settings` + +Data type: `Hash` + + + +Default value: `{}` + +### <a name="phpcomposer"></a>`php::composer` + +Install composer package manager + +=== Parameters + +[*source*] + Holds URL to the Composer source file + +[*path*] + Holds path to the Composer executable + +[*channel*] + Holds the Update channel (stable|preview|snapshot|1|2) + +[*proxy_type*] + proxy server type (none|http|https|ftp) + +[*proxy_server*] + specify a proxy server, with port number if needed. ie: https://example.com:8080. + +[*auto_update*] + Defines if composer should be auto updated + +[*max_age*] + Defines the time in days after which an auto-update gets executed + +[*root_group*] + UNIX group of the root user + +#### Parameters + +The following parameters are available in the `php::composer` class: + +* [`source`](#source) +* [`path`](#path) +* [`proxy_type`](#proxy_type) +* [`proxy_server`](#proxy_server) +* [`channel`](#channel) +* [`auto_update`](#auto_update) +* [`max_age`](#max_age) +* [`root_group`](#root_group) + +##### <a name="source"></a>`source` + +Data type: `String` + + + +Default value: `$php::params::composer_source` + +##### <a name="path"></a>`path` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$php::params::composer_path` + +##### <a name="proxy_type"></a>`proxy_type` + +Data type: `Optional[String[1]]` + + + +Default value: ``undef`` + +##### <a name="proxy_server"></a>`proxy_server` + +Data type: `Optional[String[1]]` + + + +Default value: ``undef`` + +##### <a name="channel"></a>`channel` + +Data type: `Php::ComposerChannel` + + + +Default value: `'stable'` + +##### <a name="auto_update"></a>`auto_update` + +Data type: `Boolean` + + + +Default value: ``true`` + +##### <a name="max_age"></a>`max_age` + +Data type: `Integer` + + + +Default value: `$php::params::composer_max_age` + +##### <a name="root_group"></a>`root_group` + +Data type: `Variant[Integer, String]` + + + +Default value: `$php::params::root_group` + +### <a name="phpcomposerauto_update"></a>`php::composer::auto_update` + +Install composer package manager + +=== Parameters + +[*max_age*] + Defines number of days after which Composer should be updated + +[*source*] + Holds URL to the Composer source file + +[*path*] + Holds path to the Composer executable + +[*channel*] + Holds the Update channel (stable|preview|snapshot|1|2) + +[*proxy_type*] + proxy server type (none|http|https|ftp) + +[*proxy_server*] + specify a proxy server, with port number if needed. ie: https://example.com:8080. + + +=== Examples + + include php::composer::auto_update + class { "php::composer::auto_update": + "max_age" => 90 + } + +#### Parameters + +The following parameters are available in the `php::composer::auto_update` class: + +* [`max_age`](#max_age) +* [`source`](#source) +* [`path`](#path) +* [`channel`](#channel) +* [`proxy_type`](#proxy_type) +* [`proxy_server`](#proxy_server) + +##### <a name="max_age"></a>`max_age` + +Data type: `Integer[1]` + + + +##### <a name="source"></a>`source` + +Data type: `String[1]` + + + +##### <a name="path"></a>`path` + +Data type: `Stdlib::Absolutepath` + + + +##### <a name="channel"></a>`channel` + +Data type: `Php::ComposerChannel` + + + +Default value: `'stable'` + +##### <a name="proxy_type"></a>`proxy_type` + +Data type: `Optional[String[1]]` + + + +Default value: ``undef`` + +##### <a name="proxy_server"></a>`proxy_server` + +Data type: `Optional[String[1]]` + + + +Default value: ``undef`` + +### <a name="phpdev"></a>`php::dev` + +Install the development package with headers for PHP + +=== Parameters + +[*ensure*] + The PHP ensure of PHP dev to install + +[*package*] + The package name for the PHP development files + +#### Parameters + +The following parameters are available in the `php::dev` class: + +* [`ensure`](#ensure) +* [`package`](#package) +* [`manage_repos`](#manage_repos) + +##### <a name="ensure"></a>`ensure` + +Data type: `String` + + + +Default value: `$php::ensure` + +##### <a name="package"></a>`package` + +Data type: `String` + + + +Default value: `"${php::package_prefix}${php::params::dev_package_suffix}"` + +##### <a name="manage_repos"></a>`manage_repos` + +Data type: `Boolean` + + + +Default value: `$php::manage_repos` + +### <a name="phpembedded"></a>`php::embedded` + +Install and configure php embedded SAPI + +=== Parameters + +[*inifile*] + The path to the ini php5-embeded ini file + +[*settings*] + Hash with nested hash of key => value to set in inifile + +[*package*] + Specify which package to install + +[*ensure*] + Specify which version of the package to install + +#### Parameters + +The following parameters are available in the `php::embedded` class: + +* [`ensure`](#ensure) +* [`package`](#package) +* [`inifile`](#inifile) +* [`settings`](#settings) + +##### <a name="ensure"></a>`ensure` + +Data type: `String` + + + +Default value: `$php::ensure` + +##### <a name="package"></a>`package` + +Data type: `String` + + + +Default value: `"${php::package_prefix}${php::params::embedded_package_suffix}"` + +##### <a name="inifile"></a>`inifile` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$php::params::embedded_inifile` + +##### <a name="settings"></a>`settings` + +Data type: `Hash` + + + +Default value: `{}` + +### <a name="phpfpm"></a>`php::fpm` + +Install and configure mod_php for fpm + +=== Parameters + +[*user*] + The user that php-fpm should run as + +[*group*] + The group that php-fpm should run as + +[*service_enable*] + Enable/disable FPM service + +[*service_ensure*] + Ensure FPM service is either 'running' or 'stopped' + +[*service_name*] + This is the name of the php-fpm service. It defaults to reasonable OS + defaults but can be different in case of using php7.0/other OS/custom fpm service + +[*service_provider*] + This is the name of the service provider, in case there is a non + OS default service provider used to start FPM. + Defaults to 'undef', pick system defaults. + +[*pools*] + Hash of php::fpm::pool resources that will be created. Defaults + to a single php::fpm::pool named www with default parameters. + +[*log_owner*] + The php-fpm log owner + +[*log_group*] + The group owning php-fpm logs + +[*package*] + Specify which package to install + +[*ensure*] + Specify which version of the package to install + +[*inifile*] + Path to php.ini for fpm + +[*settings*] + fpm settings hash + +[*global_pool_settings*] + Hash of defaults params php::fpm::pool resources that will be created. + Defaults is empty hash. + +[*pool_purge*] + Whether to purge pool config files not created + by this module + +[*reload_fpm_on_config_changes*] + by default, we reload the service on changes. + But certain options, like socket owner, will only be applied during a restart. + If set to false, a restart will be executed instead of a reload. + This default will be changed in a future release. + +#### Parameters + +The following parameters are available in the `php::fpm` class: + +* [`ensure`](#ensure) +* [`user`](#user) +* [`group`](#group) +* [`service_ensure`](#service_ensure) +* [`service_enable`](#service_enable) +* [`service_name`](#service_name) +* [`service_provider`](#service_provider) +* [`package`](#package) +* [`inifile`](#inifile) +* [`settings`](#settings) +* [`global_pool_settings`](#global_pool_settings) +* [`pools`](#pools) +* [`log_owner`](#log_owner) +* [`log_group`](#log_group) +* [`pool_purge`](#pool_purge) +* [`reload_fpm_on_config_changes`](#reload_fpm_on_config_changes) + +##### <a name="ensure"></a>`ensure` + +Data type: `Optional[String]` + + + +Default value: `$php::ensure` + +##### <a name="user"></a>`user` + +Data type: `String[1]` + + + +Default value: `$php::fpm_user` + +##### <a name="group"></a>`group` + +Data type: `String[1]` + + + +Default value: `$php::fpm_group` + +##### <a name="service_ensure"></a>`service_ensure` + +Data type: `Enum['running', 'stopped']` + + + +Default value: `$php::fpm_service_ensure` + +##### <a name="service_enable"></a>`service_enable` + +Data type: `Boolean` + + + +Default value: `$php::fpm_service_enable` + +##### <a name="service_name"></a>`service_name` + +Data type: `String[1]` + + + +Default value: `$php::fpm_service_name` + +##### <a name="service_provider"></a>`service_provider` + +Data type: `Optional[String[1]]` + + + +Default value: `$php::fpm_service_provider` + +##### <a name="package"></a>`package` + +Data type: `String` + + + +Default value: `$php::real_fpm_package` + +##### <a name="inifile"></a>`inifile` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$php::fpm_inifile` + +##### <a name="settings"></a>`settings` + +Data type: `Hash` + + + +Default value: `$php::real_settings` + +##### <a name="global_pool_settings"></a>`global_pool_settings` + +Data type: `Hash` + + + +Default value: `$php::real_fpm_global_pool_settings` + +##### <a name="pools"></a>`pools` + +Data type: `Hash` + + + +Default value: `$php::real_fpm_pools` + +##### <a name="log_owner"></a>`log_owner` + +Data type: `String[1]` + + + +Default value: `$php::log_owner` + +##### <a name="log_group"></a>`log_group` + +Data type: `String[1]` + + + +Default value: `$php::log_group` + +##### <a name="pool_purge"></a>`pool_purge` + +Data type: `Boolean` + + + +Default value: `$php::pool_purge` + +##### <a name="reload_fpm_on_config_changes"></a>`reload_fpm_on_config_changes` + +Data type: `Boolean` + + + +Default value: `$php::reload_fpm_on_config_changes` + +### <a name="phpfpmconfig"></a>`php::fpm::config` + +Configure php-fpm service + +=== Parameters + +[*config_file*] + The path to the fpm config file + +[*user*] + The user that runs php-fpm + +[*group*] + The group that runs php-fpm + +[*inifile*] + The path to ini file + +[*settings*] + Nested hash of key => value to apply to php.ini + +[*pool_base_dir*] + The folder that contains the php-fpm pool configs + +[*pool_purge*] + Whether to purge pool config files not created + by this module + +[*error_log*] + Path to error log file. If it's set to "syslog", log is + sent to syslogd instead of being written in a local file. + +[*log_level*] + The php-fpm log level + +[*emergency_restart_threshold*] + The php-fpm emergency_restart_threshold + +[*emergency_restart_interval*] + The php-fpm emergency_restart_interval + +[*process_control_timeout*] + The php-fpm process_control_timeout + +[*process_max*] + The maximum number of processes FPM will fork. + +[*rlimit_files*] + Set open file descriptor rlimit for the master process. + +[*systemd_interval*] + The interval between health report notification to systemd + +[*log_owner*] + The php-fpm log owner + +[*log_group*] + The group owning php-fpm logs + +[*log_dir_mode*] + The octal mode of the directory + +[*syslog_facility*] + Used to specify what type of program is logging the message + +[*syslog_ident*] + Prepended to every message + +[*root_group*] + UNIX group of the root user + +[*pid_file*] + Path to fpm pid file + +#### Parameters + +The following parameters are available in the `php::fpm::config` class: + +* [`config_file`](#config_file) +* [`user`](#user) +* [`group`](#group) +* [`inifile`](#inifile) +* [`pid_file`](#pid_file) +* [`settings`](#settings) +* [`pool_base_dir`](#pool_base_dir) +* [`pool_purge`](#pool_purge) +* [`error_log`](#error_log) +* [`log_level`](#log_level) +* [`emergency_restart_threshold`](#emergency_restart_threshold) +* [`emergency_restart_interval`](#emergency_restart_interval) +* [`process_control_timeout`](#process_control_timeout) +* [`process_max`](#process_max) +* [`rlimit_files`](#rlimit_files) +* [`systemd_interval`](#systemd_interval) +* [`log_owner`](#log_owner) +* [`log_group`](#log_group) +* [`log_dir_mode`](#log_dir_mode) +* [`root_group`](#root_group) +* [`syslog_facility`](#syslog_facility) +* [`syslog_ident`](#syslog_ident) + +##### <a name="config_file"></a>`config_file` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$php::params::fpm_config_file` + +##### <a name="user"></a>`user` + +Data type: `String` + + + +Default value: `$php::params::fpm_user` + +##### <a name="group"></a>`group` + +Data type: `String` + + + +Default value: `$php::params::fpm_group` + +##### <a name="inifile"></a>`inifile` + +Data type: `String` + + + +Default value: `$php::params::fpm_inifile` + +##### <a name="pid_file"></a>`pid_file` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$php::params::fpm_pid_file` + +##### <a name="settings"></a>`settings` + +Data type: `Hash` + + + +Default value: `{}` + +##### <a name="pool_base_dir"></a>`pool_base_dir` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$php::params::fpm_pool_dir` + +##### <a name="pool_purge"></a>`pool_purge` + +Data type: `Boolean` + + + +Default value: ``false`` + +##### <a name="error_log"></a>`error_log` + +Data type: `String` + + + +Default value: `$php::params::fpm_error_log` + +##### <a name="log_level"></a>`log_level` + +Data type: `String` + + + +Default value: `'notice'` + +##### <a name="emergency_restart_threshold"></a>`emergency_restart_threshold` + +Data type: `Integer` + + + +Default value: `0` + +##### <a name="emergency_restart_interval"></a>`emergency_restart_interval` + +Data type: `Php::Duration` + + + +Default value: `0` + +##### <a name="process_control_timeout"></a>`process_control_timeout` + +Data type: `Php::Duration` + + + +Default value: `0` + +##### <a name="process_max"></a>`process_max` + +Data type: `Integer` + + + +Default value: `0` + +##### <a name="rlimit_files"></a>`rlimit_files` + +Data type: `Optional[Integer[1]]` + + + +Default value: ``undef`` + +##### <a name="systemd_interval"></a>`systemd_interval` + +Data type: `Optional[Php::Duration]` + + + +Default value: ``undef`` + +##### <a name="log_owner"></a>`log_owner` + +Data type: `String` + + + +Default value: `$php::params::fpm_user` + +##### <a name="log_group"></a>`log_group` + +Data type: `String` + + + +Default value: `$php::params::fpm_group` + +##### <a name="log_dir_mode"></a>`log_dir_mode` + +Data type: `Pattern[/^\d+$/]` + + + +Default value: `'0770'` + +##### <a name="root_group"></a>`root_group` + +Data type: `String[1]` + + + +Default value: `$php::params::root_group` + +##### <a name="syslog_facility"></a>`syslog_facility` + +Data type: `String` + + + +Default value: `'daemon'` + +##### <a name="syslog_ident"></a>`syslog_ident` + +Data type: `String` + + + +Default value: `'php-fpm'` + +### <a name="phpfpmservice"></a>`php::fpm::service` + +Manage fpm service + +=== Parameters + +[*service_name*] + name of the php-fpm service + +[*ensure*] + 'ensure' value for the service + +[*enable*] + Defines if the service is enabled + +[*provider*] + Defines if the service provider to use + +[*reload_fpm_on_config_changes*] + by default, we reload the service on changes. + But certain options, like socket owner, will only be applied during a restart. + If set to false, a restart will be executed instead of a reload. + This default will be changed in a future release. + +#### Parameters + +The following parameters are available in the `php::fpm::service` class: + +* [`service_name`](#service_name) +* [`ensure`](#ensure) +* [`enable`](#enable) +* [`provider`](#provider) +* [`reload_fpm_on_config_changes`](#reload_fpm_on_config_changes) + +##### <a name="service_name"></a>`service_name` + +Data type: `String[1]` + + + +Default value: `$php::fpm::service_name` + +##### <a name="ensure"></a>`ensure` + +Data type: `Enum['running', 'stopped']` + + + +Default value: `$php::fpm::service_ensure` + +##### <a name="enable"></a>`enable` + +Data type: `Boolean` + + + +Default value: `$php::fpm::service_enable` + +##### <a name="provider"></a>`provider` + +Data type: `Optional[String[1]]` + + + +Default value: `$php::fpm::service_provider` + +##### <a name="reload_fpm_on_config_changes"></a>`reload_fpm_on_config_changes` + +Data type: `Boolean` + + + +Default value: `$php::fpm::reload_fpm_on_config_changes` + +### <a name="phpglobal"></a>`php::global` + +The php::global class. + +#### Parameters + +The following parameters are available in the `php::global` class: + +* [`inifile`](#inifile) +* [`settings`](#settings) + +##### <a name="inifile"></a>`inifile` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$php::config_root_inifile` + +##### <a name="settings"></a>`settings` + +Data type: `Hash` + + + +Default value: `{}` + +### <a name="phpglobals"></a>`php::globals` + +The php::globals class. + +#### Parameters + +The following parameters are available in the `php::globals` class: + +* [`php_version`](#php_version) +* [`config_root`](#config_root) +* [`fpm_pid_file`](#fpm_pid_file) +* [`rhscl_mode`](#rhscl_mode) + +##### <a name="php_version"></a>`php_version` + +Data type: `Optional[Pattern[/^(rh-)?(php)?[578](\.)?[0-9]/]]` + + + +Default value: ``undef`` + +##### <a name="config_root"></a>`config_root` + +Data type: `Optional[Stdlib::Absolutepath]` + + + +Default value: ``undef`` + +##### <a name="fpm_pid_file"></a>`fpm_pid_file` + +Data type: `Optional[Stdlib::Absolutepath]` + + + +Default value: ``undef`` + +##### <a name="rhscl_mode"></a>`rhscl_mode` + +Data type: `Optional[Enum['rhscl', 'remi']]` + + + +Default value: ``undef`` + +### <a name="phppackages"></a>`php::packages` + +Install common PHP packages + +=== Parameters + +[*ensure*] + Specify which version of PHP packages to install + +[*names*] + List of the names of the package to install + +[*names_to_prefix*] + List of packages names that should be prefixed with the common + package prefix `$php::package_prefix` + +#### Parameters + +The following parameters are available in the `php::packages` class: + +* [`ensure`](#ensure) +* [`manage_repos`](#manage_repos) +* [`names_to_prefix`](#names_to_prefix) +* [`names`](#names) + +##### <a name="ensure"></a>`ensure` + +Data type: `String` + + + +Default value: `$php::ensure` + +##### <a name="manage_repos"></a>`manage_repos` + +Data type: `Boolean` + + + +Default value: `$php::manage_repos` + +##### <a name="names_to_prefix"></a>`names_to_prefix` + +Data type: `Array` + + + +Default value: `prefix($php::params::common_package_suffixes, $php::package_prefix)` + +##### <a name="names"></a>`names` + +Data type: `Array` + + + +Default value: `$php::params::common_package_names` + +### <a name="phpparams"></a>`php::params` + +PHP params class + +### <a name="phppear"></a>`php::pear` + +Install PEAR package manager + +=== Parameters + +[*ensure*] + The package ensure of PHP pear to install and run pear auto_discover + +[*package*] + The package name for PHP pear + +#### Parameters + +The following parameters are available in the `php::pear` class: + +* [`ensure`](#ensure) +* [`package`](#package) +* [`manage_repos`](#manage_repos) + +##### <a name="ensure"></a>`ensure` + +Data type: `String` + + + +Default value: `$php::pear_ensure` + +##### <a name="package"></a>`package` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="manage_repos"></a>`manage_repos` + +Data type: `Boolean` + + + +Default value: `$php::manage_repos` + +### <a name="phpphpunit"></a>`php::phpunit` + +Install phpunit, PHP testing framework + +=== Parameters + +[*source*] + Holds URL to the phpunit source file + +[*path*] + Holds path to the phpunit executable + +[*auto_update*] + Defines if phpunit should be auto updated + +[*max_age*] + Defines the time in days after which an auto-update gets executed + +#### Parameters + +The following parameters are available in the `php::phpunit` class: + +* [`source`](#source) +* [`path`](#path) +* [`root_group`](#root_group) +* [`auto_update`](#auto_update) +* [`max_age`](#max_age) + +##### <a name="source"></a>`source` + +Data type: `String` + + + +Default value: `$php::params::phpunit_source` + +##### <a name="path"></a>`path` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$php::params::phpunit_path` + +##### <a name="root_group"></a>`root_group` + +Data type: `String[1]` + + + +Default value: `$php::params::root_group` + +##### <a name="auto_update"></a>`auto_update` + +Data type: `Boolean` + + + +Default value: ``true`` + +##### <a name="max_age"></a>`max_age` + +Data type: `Integer` + + + +Default value: `$php::params::phpunit_max_age` + +### <a name="phpphpunitauto_update"></a>`php::phpunit::auto_update` + +Install phpunit package manager + +=== Parameters + +[*max_age*] + Defines number of days after which phpunit should be updated + +[*source*] + Holds URL to the phpunit source file + +[*path*] + Holds path to the phpunit executable + +#### Parameters + +The following parameters are available in the `php::phpunit::auto_update` class: + +* [`max_age`](#max_age) +* [`source`](#source) +* [`path`](#path) + +##### <a name="max_age"></a>`max_age` + +Data type: `Integer[1]` + + + +##### <a name="source"></a>`source` + +Data type: `String[1]` + + + +##### <a name="path"></a>`path` + +Data type: `Stdlib::Absolutepath` + + + +### <a name="phprepo"></a>`php::repo` + +Configure package repository + +### <a name="phprepodebian"></a>`php::repo::debian` + +Configure debian apt repo + +=== Parameters + +[*location*] + Location of the apt repository + +[*release*] + Release of the apt repository + +[*repos*] + Apt repository names + +[*include_src*] + Add source source repository + +[*key*] + Public key in apt::key format + +[*dotdeb*] + Enable special dotdeb handling + +[*sury*] + Enable special sury handling + +#### Parameters + +The following parameters are available in the `php::repo::debian` class: + +* [`location`](#location) +* [`release`](#release) +* [`repos`](#repos) +* [`include_src`](#include_src) +* [`key`](#key) +* [`dotdeb`](#dotdeb) +* [`sury`](#sury) + +##### <a name="location"></a>`location` + +Data type: `String[1]` + + + +Default value: `'https://packages.dotdeb.org'` + +##### <a name="release"></a>`release` + +Data type: `String[1]` + + + +Default value: `'wheezy-php56'` + +##### <a name="repos"></a>`repos` + +Data type: `String[1]` + + + +Default value: `'all'` + +##### <a name="include_src"></a>`include_src` + +Data type: `Boolean` + + + +Default value: ``false`` + +##### <a name="key"></a>`key` + +Data type: `Hash` + + + +Default value: `{ + 'id' => '6572BBEF1B5FF28B28B706837E3F070089DF5277', + 'source' => 'http://www.dotdeb.org/dotdeb.gpg', + }` + +##### <a name="dotdeb"></a>`dotdeb` + +Data type: `Boolean` + + + +Default value: ``true`` + +##### <a name="sury"></a>`sury` + +Data type: `Boolean` + + + +Default value: ``true`` + +### <a name="phpreporedhat"></a>`php::repo::redhat` + +The php::repo::redhat class. + +#### Parameters + +The following parameters are available in the `php::repo::redhat` class: + +* [`yum_repo`](#yum_repo) + +##### <a name="yum_repo"></a>`yum_repo` + +Data type: `String[1]` + + + +Default value: `'remi_php56'` + +### <a name="phpreposuse"></a>`php::repo::suse` + +Configure suse repo + +=== Parameters + +[*reponame*] + Name of the Zypper repository + +[*baseurl*] + Base URL of the Zypper repository + +#### Parameters + +The following parameters are available in the `php::repo::suse` class: + +* [`reponame`](#reponame) +* [`baseurl`](#baseurl) + +##### <a name="reponame"></a>`reponame` + +Data type: `String[1]` + + + +Default value: `'mayflower-php56'` + +##### <a name="baseurl"></a>`baseurl` + +Data type: `String[1]` + + + +Default value: `'http://download.opensuse.org/repositories/home:/mayflower:/php5.6_based/SLE_11_SP3/'` + +### <a name="phprepoubuntu"></a>`php::repo::ubuntu` + +Configure ubuntu ppa + +=== Parameters + +[*version*] + PHP version to manage (e.g. 5.6) + +#### Parameters + +The following parameters are available in the `php::repo::ubuntu` class: + +* [`version`](#version) + +##### <a name="version"></a>`version` + +Data type: `Pattern[/^\d\.\d/]` + + + +Default value: `'5.6'` + +## Defined types + +### <a name="phpapache_vhost"></a>`php::apache_vhost` + +Configures an apache vhost for php + +=== Parameters + +[*vhost*] + The vhost address + +[*docroot*] + The vhost docroot + +[*port*] + The vhost port + +[*default_vhost*] + defines if vhost is the default vhost + +[*fastcgi_socket*] + address of the fastcgi socket + +#### Parameters + +The following parameters are available in the `php::apache_vhost` defined type: + +* [`vhost`](#vhost) +* [`docroot`](#docroot) +* [`port`](#port) +* [`default_vhost`](#default_vhost) +* [`fastcgi_socket`](#fastcgi_socket) + +##### <a name="vhost"></a>`vhost` + +Data type: `String[1]` + + + +Default value: `'example.com'` + +##### <a name="docroot"></a>`docroot` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `'/var/www'` + +##### <a name="port"></a>`port` + +Data type: `Integer[1]` + + + +Default value: `80` + +##### <a name="default_vhost"></a>`default_vhost` + +Data type: `Boolean` + + + +Default value: ``true`` + +##### <a name="fastcgi_socket"></a>`fastcgi_socket` + +Data type: `String[1]` + + + +Default value: `'fcgi://127.0.0.1:9000/$1'` + +### <a name="phpconfig"></a>`php::config` + +Configure php.ini settings for a PHP SAPI + +=== Parameters + +[*file*] + The path to ini file + +[*config*] + Nested hash of key => value to apply to php.ini + +=== Examples + + php::config { '$unique-name': + file => '$full_path_to_ini_file' + config => { + {'Date/date.timezone' => 'Europe/Berlin'} + } + } + +#### Parameters + +The following parameters are available in the `php::config` defined type: + +* [`file`](#file) +* [`config`](#config) + +##### <a name="file"></a>`file` + +Data type: `Stdlib::Absolutepath` + + + +##### <a name="config"></a>`config` + +Data type: `Hash` + + + +### <a name="phpconfigsetting"></a>`php::config::setting` + +Configure php.ini settings + +=== Parameters + +[*key*] + The key of the value, like `ini_setting` + +[*file*] + The path to ini file + +[*value*] + The value to set + +=== Examples + + php::config::setting { 'Date/date.timezone': + file => '$full_path_to_ini_file' + value => 'Europe/Berlin' + } + +#### Parameters + +The following parameters are available in the `php::config::setting` defined type: + +* [`key`](#key) +* [`value`](#value) +* [`file`](#file) + +##### <a name="key"></a>`key` + +Data type: `String[1]` + + + +##### <a name="value"></a>`value` + +Data type: `Variant[Integer, String]` + + + +##### <a name="file"></a>`file` + +Data type: `Stdlib::Absolutepath` + + + +### <a name="phpextension"></a>`php::extension` + +Install a PHP extension package + +=== Parameters + +[*ensure*] + The ensure of the package to install + Could be "present", "absent", "latest", "installed" or a pinned version + +[*package_prefix*] + Prefix to prepend to the package name for the package provider + +[*package_name*] + Full package name for the package provider (e.g. php7.2-xml for + simlexml extension) + +[*provider*] + The provider used to install the package + Could be "pecl", "apt", "dpkg" or any other OS package provider + If set to "none", no package will be installed + +[*source*] + The source to install the extension from. Possible values + depend on the *provider* used + +[*so_name*] + The DSO name of the package (e.g. opcache for zendopcache) + +[*ini_prefix*] + An optional filename prefix for the settings file of the extension + +[*php_api_version*] + This parameter is used to build the full path to the extension + directory for zend_extension in PHP < 5.5 (e.g. 20100525) + +[*header_packages*] + System packages dependencies to install for extensions (e.g. for + memcached libmemcached-dev on Debian) + +[*compiler_packages*] + System packages dependencies to install for compiling extensions + (e.g. build-essential on Debian) + +[*zend*] + Boolean parameter, whether to load extension as zend_extension. + Defaults to false. + +[*settings*] + Hash of parameters for the specific extension, which will be written to the extensions config file by + php::extension::config or a hash of mutliple settings files, each with parameters + (multifile_settings must be true) + (f.ex. {p => '..'} or {'bz2' => {..}, {'math' => {...}}) + +[*multifile_settings*] + Set this to true if you specify multiple setting files in *settings*. This must be used when the PHP package + distribution bundles extensions in a single package (like 'common' bundles extensions 'bz2', ...) and each of + the extension comes with a separate settings file. + +[*settings_prefix*] + Boolean/String parameter, whether to prefix all setting keys with + the extension name or specified name. Defaults to false. + +[*sapi*] + String parameter, whether to specify ALL sapi or a specific sapi. + Defaults to ALL. + +[*responsefile*] + File containing answers for interactive extension setup. Supported + *providers*: pear, pecl. + +[*install_options*] + Array of String or Hash options to pass to the provider. + +#### Parameters + +The following parameters are available in the `php::extension` defined type: + +* [`ensure`](#ensure) +* [`provider`](#provider) +* [`source`](#source) +* [`so_name`](#so_name) +* [`ini_prefix`](#ini_prefix) +* [`php_api_version`](#php_api_version) +* [`package_prefix`](#package_prefix) +* [`package_name`](#package_name) +* [`zend`](#zend) +* [`settings`](#settings) +* [`multifile_settings`](#multifile_settings) +* [`sapi`](#sapi) +* [`settings_prefix`](#settings_prefix) +* [`responsefile`](#responsefile) +* [`header_packages`](#header_packages) +* [`compiler_packages`](#compiler_packages) +* [`install_options`](#install_options) + +##### <a name="ensure"></a>`ensure` + +Data type: `String` + + + +Default value: `$php::ensure` + +##### <a name="provider"></a>`provider` + +Data type: `Optional[Php::Provider]` + + + +Default value: ``undef`` + +##### <a name="source"></a>`source` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="so_name"></a>`so_name` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="ini_prefix"></a>`ini_prefix` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="php_api_version"></a>`php_api_version` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="package_prefix"></a>`package_prefix` + +Data type: `String` + + + +Default value: `$php::package_prefix` + +##### <a name="package_name"></a>`package_name` + +Data type: `Optional[String[1]]` + + + +Default value: ``undef`` + +##### <a name="zend"></a>`zend` + +Data type: `Boolean` + + + +Default value: ``false`` + +##### <a name="settings"></a>`settings` + +Data type: `Variant[Hash, Hash[String, Hash]]` + + + +Default value: `{}` + +##### <a name="multifile_settings"></a>`multifile_settings` + +Data type: `Boolean` + + + +Default value: ``false`` + +##### <a name="sapi"></a>`sapi` + +Data type: `Php::Sapi` + + + +Default value: `'ALL'` + +##### <a name="settings_prefix"></a>`settings_prefix` + +Data type: `Variant[Boolean, String]` + + + +Default value: ``false`` + +##### <a name="responsefile"></a>`responsefile` + +Data type: `Optional[Stdlib::AbsolutePath]` + + + +Default value: ``undef`` + +##### <a name="header_packages"></a>`header_packages` + +Data type: `Variant[String, Array[String]]` + + + +Default value: `[]` + +##### <a name="compiler_packages"></a>`compiler_packages` + +Data type: `Variant[String, Array[String]]` + + + +Default value: `$php::params::compiler_packages` + +##### <a name="install_options"></a>`install_options` + +Data type: `Php::InstallOptions` + + + +Default value: ``undef`` + +### <a name="phpextensionconfig"></a>`php::extension::config` + +Configure a PHP extension package + +=== Parameters + +[*ensure*] + The ensure of the package to install + Could be "latest", "installed" or a pinned version + +[*provider*] + The provider used to install the package + Could be "pecl", "apt", "dpkg" or any other OS package provider + If set to "none", no package will be installed + +[*so_name*] + The DSO name of the package (e.g. opcache for zendopcache) + +[*ini_prefix*] + An optional filename prefix for the settings file of the extension + +[*php_api_version*] + This parameter is used to build the full path to the extension + directory for zend_extension in PHP < 5.5 (e.g. 20100525) + +[*header_packages*] + System packages dependencies to install for extensions (e.g. for + memcached libmemcached-dev on Debian) + +[*compiler_packages*] + System packages dependencies to install for compiling extensions + (e.g. build-essential on Debian) + +[*zend*] + Boolean parameter, whether to load extension as zend_extension. + Defaults to false. + +[*settings*] + Nested hash of global config parameters for php.ini + +[*settings_prefix*] + Boolean/String parameter, whether to prefix all setting keys with + the extension name or specified name. Defaults to false. + +[*sapi*] + String parameter, whether to specify ALL sapi or a specific sapi. + Defaults to ALL. + +#### Parameters + +The following parameters are available in the `php::extension::config` defined type: + +* [`ensure`](#ensure) +* [`provider`](#provider) +* [`so_name`](#so_name) +* [`ini_prefix`](#ini_prefix) +* [`php_api_version`](#php_api_version) +* [`zend`](#zend) +* [`settings`](#settings) +* [`settings_prefix`](#settings_prefix) +* [`sapi`](#sapi) + +##### <a name="ensure"></a>`ensure` + +Data type: `String` + + + +Default value: `'installed'` + +##### <a name="provider"></a>`provider` + +Data type: `Optional[Php::Provider]` + + + +Default value: ``undef`` + +##### <a name="so_name"></a>`so_name` + +Data type: `Optional[String]` + + + +Default value: `downcase($name)` + +##### <a name="ini_prefix"></a>`ini_prefix` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="php_api_version"></a>`php_api_version` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="zend"></a>`zend` + +Data type: `Boolean` + + + +Default value: ``false`` + +##### <a name="settings"></a>`settings` + +Data type: `Hash` + + + +Default value: `{}` + +##### <a name="settings_prefix"></a>`settings_prefix` + +Data type: `Variant[Boolean, String]` + + + +Default value: ``false`` + +##### <a name="sapi"></a>`sapi` + +Data type: `Php::Sapi` + + + +Default value: `'ALL'` + +### <a name="phpextensioninstall"></a>`php::extension::install` + +Install a PHP extension package + +=== Parameters + +[*ensure*] + The ensure of the package to install + Could be "latest", "installed" or a pinned version + +[*package_prefix*] + Prefix to prepend to the package name for the package provider + +[*package_name*] + Full package name for the package provider (e.g. php7.2-xml for + simlexml extension) + +[*provider*] + The provider used to install the package + Could be "pecl", "apt", "dpkg" or any other OS package provider + If set to "none", no package will be installed + +[*source*] + The source to install the extension from. Possible values + depend on the *provider* used + +[*header_packages*] + System packages dependencies to install for extensions (e.g. for + memcached libmemcached-dev on Debian) + +[*compiler_packages*] + System packages dependencies to install for compiling extensions + (e.g. build-essential on Debian) + +[*responsefile*] + File containing answers for interactive extension setup. Supported + *providers*: pear, pecl. + +[*install_options*] + Array of String or Hash options to pass to the provider. + +#### Parameters + +The following parameters are available in the `php::extension::install` defined type: + +* [`ensure`](#ensure) +* [`provider`](#provider) +* [`source`](#source) +* [`package_prefix`](#package_prefix) +* [`package_name`](#package_name) +* [`responsefile`](#responsefile) +* [`header_packages`](#header_packages) +* [`compiler_packages`](#compiler_packages) +* [`install_options`](#install_options) + +##### <a name="ensure"></a>`ensure` + +Data type: `String` + + + +Default value: `'installed'` + +##### <a name="provider"></a>`provider` + +Data type: `Optional[Php::Provider]` + + + +Default value: ``undef`` + +##### <a name="source"></a>`source` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +##### <a name="package_prefix"></a>`package_prefix` + +Data type: `String` + + + +Default value: `$php::package_prefix` + +##### <a name="package_name"></a>`package_name` + +Data type: `Optional[String[1]]` + + + +Default value: ``undef`` + +##### <a name="responsefile"></a>`responsefile` + +Data type: `Optional[Stdlib::AbsolutePath]` + + + +Default value: ``undef`` + +##### <a name="header_packages"></a>`header_packages` + +Data type: `Variant[String, Array[String]]` + + + +Default value: `[]` + +##### <a name="compiler_packages"></a>`compiler_packages` + +Data type: `Variant[String, Array[String]]` + + + +Default value: `$php::params::compiler_packages` + +##### <a name="install_options"></a>`install_options` + +Data type: `Php::InstallOptions` + + + +Default value: ``undef`` + +### <a name="phpfpmpool"></a>`php::fpm::pool` + +Configure fpm pools + +=== Parameters + +See the official php-fpm documentation for parameters that are not +documented here: http://php.net/manual/en/install.fpm.configuration.php. + +[*ensure*] + Remove pool if set to `'absent'`, add otherwise + +[*listen*] + On what socket to listen for FastCGI connections, i.e. + `'127.0.0.1:9000'' or `'/var/run/php5-fpm.sock'` + +[*listen_backlog*] + +[*listen_allowed_clients*] + +[*listen_owner*] + Set owner of the Unix socket + +[*listen_group*] + Set the group of the Unix socket + +[*listen_mode*] + +[*user*] + The user that php-fpm should run as + +[*group*] + The group that php-fpm should run as + +[*apparmor_hat*] + The Apparmor hat to use + +[*pm*] + +[*pm_max_children*] + +[*pm_start_servers*] + +[*pm_min_spare_servers*] + +[*pm_max_spare_servers*] + +[*pm_max_requests*] + +[*pm_process_idle_timeout*] + +[*pm_status_path*] + +[*ping_path*] + +[*ping_response*] + +[*access_log*] + The path to the file to write access log requests to + +[*access_log_format*] + The format to save the access log entries as + +[*request_terminate_timeout*] + +[*request_slowlog_timeout*] + +[*security_limit_extensions*] + +[*slowlog*] + +[*template*] + The template to use for the pool + +[*rlimit_files*] + +[*rlimit_core*] + +[*chroot*] + +[*chdir*] + +[*catch_workers_output*] + +[*include*] + Other configuration files to include on this pool + +[*env*] + List of environment variables that are passed to the php-fpm from the + outside and will be available to php scripts in this pool + +[*env_value*] + Hash of environment variables and values as strings to use in php + scripts in this pool + +[*clear_env*] + Whether the environment should be cleared. + +[*options*] + An optional hash for any other data. + +[*php_value*] + Hash of php_value directives + +[*php_flag*] + Hash of php_flag directives + +[*php_admin_value*] + Hash of php_admin_value directives + +[*php_admin_flag*] + Hash of php_admin_flag directives + +[*php_directives*] + List of custom directives that are appended to the pool config + +[*root_group*] + UNIX group of the root user + +[*base_dir*] + The folder that contains the php-fpm pool configs. This defaults to a + sensible default depending on your operating system, like + '/etc/php5/fpm/pool.d' or '/etc/php-fpm.d' + +#### Parameters + +The following parameters are available in the `php::fpm::pool` defined type: + +* [`ensure`](#ensure) +* [`listen`](#listen) +* [`listen_backlog`](#listen_backlog) +* [`listen_allowed_clients`](#listen_allowed_clients) +* [`listen_owner`](#listen_owner) +* [`listen_group`](#listen_group) +* [`listen_mode`](#listen_mode) +* [`user`](#user) +* [`group`](#group) +* [`apparmor_hat`](#apparmor_hat) +* [`pm`](#pm) +* [`pm_max_children`](#pm_max_children) +* [`pm_start_servers`](#pm_start_servers) +* [`pm_min_spare_servers`](#pm_min_spare_servers) +* [`pm_max_spare_servers`](#pm_max_spare_servers) +* [`pm_max_requests`](#pm_max_requests) +* [`pm_process_idle_timeout`](#pm_process_idle_timeout) +* [`pm_status_path`](#pm_status_path) +* [`ping_path`](#ping_path) +* [`ping_response`](#ping_response) +* [`access_log`](#access_log) +* [`access_log_format`](#access_log_format) +* [`request_terminate_timeout`](#request_terminate_timeout) +* [`request_slowlog_timeout`](#request_slowlog_timeout) +* [`security_limit_extensions`](#security_limit_extensions) +* [`slowlog`](#slowlog) +* [`template`](#template) +* [`rlimit_files`](#rlimit_files) +* [`rlimit_core`](#rlimit_core) +* [`chroot`](#chroot) +* [`chdir`](#chdir) +* [`catch_workers_output`](#catch_workers_output) +* [`include`](#include) +* [`env`](#env) +* [`env_value`](#env_value) +* [`clear_env`](#clear_env) +* [`options`](#options) +* [`php_value`](#php_value) +* [`php_flag`](#php_flag) +* [`php_admin_value`](#php_admin_value) +* [`php_admin_flag`](#php_admin_flag) +* [`php_directives`](#php_directives) +* [`root_group`](#root_group) +* [`base_dir`](#base_dir) + +##### <a name="ensure"></a>`ensure` + +Data type: `Enum['present', 'absent']` + + + +Default value: `'present'` + +##### <a name="listen"></a>`listen` + +Data type: `String[1]` + + + +Default value: `'127.0.0.1:9000'` + +##### <a name="listen_backlog"></a>`listen_backlog` + +Data type: `Integer[-1]` + + + +Default value: `-` + +##### <a name="listen_allowed_clients"></a>`listen_allowed_clients` + +Data type: `Optional[String[1]]` + + + +Default value: ``undef`` + +##### <a name="listen_owner"></a>`listen_owner` + +Data type: `Optional[String[1]]` + + + +Default value: ``undef`` + +##### <a name="listen_group"></a>`listen_group` + +Data type: `Optional[String[1]]` + + + +Default value: ``undef`` + +##### <a name="listen_mode"></a>`listen_mode` + +Data type: `Optional[Stdlib::Filemode]` + + + +Default value: ``undef`` + +##### <a name="user"></a>`user` + +Data type: `String[1]` + + + +Default value: `$php::fpm::config::user` + +##### <a name="group"></a>`group` + +Data type: `String[1]` + + + +Default value: `$php::fpm::config::group` + +##### <a name="apparmor_hat"></a>`apparmor_hat` + +Data type: `Optional[String[1]]` + + + +Default value: ``undef`` + +##### <a name="pm"></a>`pm` + +Data type: `String[1]` + + + +Default value: `'dynamic'` + +##### <a name="pm_max_children"></a>`pm_max_children` + +Data type: `Integer[1]` + + + +Default value: `50` + +##### <a name="pm_start_servers"></a>`pm_start_servers` + +Data type: `Integer[0]` + + + +Default value: `5` + +##### <a name="pm_min_spare_servers"></a>`pm_min_spare_servers` + +Data type: `Integer[0]` + + + +Default value: `5` + +##### <a name="pm_max_spare_servers"></a>`pm_max_spare_servers` + +Data type: `Integer[0]` + + + +Default value: `35` + +##### <a name="pm_max_requests"></a>`pm_max_requests` + +Data type: `Integer[0]` + + + +Default value: `0` + +##### <a name="pm_process_idle_timeout"></a>`pm_process_idle_timeout` + +Data type: `Php::Duration` + + + +Default value: `'10s'` + +##### <a name="pm_status_path"></a>`pm_status_path` + +Data type: `Optional[Stdlib::Absolutepath]` + + + +Default value: ``undef`` + +##### <a name="ping_path"></a>`ping_path` + +Data type: `Optional[Stdlib::Absolutepath]` + + + +Default value: ``undef`` + +##### <a name="ping_response"></a>`ping_response` + +Data type: `String[1]` + + + +Default value: `'pong'` + +##### <a name="access_log"></a>`access_log` + +Data type: `Optional[Stdlib::Absolutepath]` + + + +Default value: ``undef`` + +##### <a name="access_log_format"></a>`access_log_format` + +Data type: `String[1]` + + + +Default value: `'"%R - %u %t \"%m %r\" %s"'` + +##### <a name="request_terminate_timeout"></a>`request_terminate_timeout` + +Data type: `Php::Duration` + + + +Default value: `0` + +##### <a name="request_slowlog_timeout"></a>`request_slowlog_timeout` + +Data type: `Php::Duration` + + + +Default value: `0` + +##### <a name="security_limit_extensions"></a>`security_limit_extensions` + +Data type: `Array[String[1]]` + + + +Default value: `[]` + +##### <a name="slowlog"></a>`slowlog` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `"/var/log/php-fpm/${name}-slow.log"` + +##### <a name="template"></a>`template` + +Data type: `String[1]` + + + +Default value: `'php/fpm/pool.conf.erb'` + +##### <a name="rlimit_files"></a>`rlimit_files` + +Data type: `Optional[Integer]` + + + +Default value: ``undef`` + +##### <a name="rlimit_core"></a>`rlimit_core` + +Data type: `Optional[Integer]` + + + +Default value: ``undef`` + +##### <a name="chroot"></a>`chroot` + +Data type: `Optional[Stdlib::Absolutepath]` + + + +Default value: ``undef`` + +##### <a name="chdir"></a>`chdir` + +Data type: `Optional[Stdlib::Absolutepath]` + + + +Default value: ``undef`` + +##### <a name="catch_workers_output"></a>`catch_workers_output` + +Data type: `Enum['yes', 'no']` + + + +Default value: `'no'` + +##### <a name="include"></a>`include` + +Data type: `Optional[String[1]]` + + + +Default value: ``undef`` + +##### <a name="env"></a>`env` + +Data type: `Array[String[1]]` + + + +Default value: `[]` + +##### <a name="env_value"></a>`env_value` + +Data type: `Hash` + + + +Default value: `{}` + +##### <a name="clear_env"></a>`clear_env` + +Data type: `Boolean` + + + +Default value: ``true`` + +##### <a name="options"></a>`options` + +Data type: `Hash` + + + +Default value: `{}` + +##### <a name="php_value"></a>`php_value` + +Data type: `Hash` + + + +Default value: `{}` + +##### <a name="php_flag"></a>`php_flag` + +Data type: `Hash` + + + +Default value: `{}` + +##### <a name="php_admin_value"></a>`php_admin_value` + +Data type: `Hash` + + + +Default value: `{}` + +##### <a name="php_admin_flag"></a>`php_admin_flag` + +Data type: `Hash` + + + +Default value: `{}` + +##### <a name="php_directives"></a>`php_directives` + +Data type: `Array[String[1]]` + + + +Default value: `[]` + +##### <a name="root_group"></a>`root_group` + +Data type: `String[1]` + + + +Default value: `$php::params::root_group` + +##### <a name="base_dir"></a>`base_dir` + +Data type: `Optional[Stdlib::Absolutepath]` + + + +Default value: ``undef`` + +## Functions + +### <a name="ensure_prefix"></a>`ensure_prefix` + +Type: Ruby 3.x API + +This function ensures a prefix for all elements in an array or the keys in a hash. + +*Examples:* + + ensure_prefix({'a' => 1, 'b' => 2, 'p.c' => 3}, 'p.') + +Will return: + { + 'p.a' => 1, + 'p.b' => 2, + 'p.c' => 3, + } + + ensure_prefix(['a', 'p.b', 'c'], 'p.') + +Will return: + ['p.a', 'p.b', 'p.c'] + +#### `ensure_prefix()` + +This function ensures a prefix for all elements in an array or the keys in a hash. + +*Examples:* + + ensure_prefix({'a' => 1, 'b' => 2, 'p.c' => 3}, 'p.') + +Will return: + { + 'p.a' => 1, + 'p.b' => 2, + 'p.c' => 3, + } + + ensure_prefix(['a', 'p.b', 'c'], 'p.') + +Will return: + ['p.a', 'p.b', 'p.c'] + +Returns: `Any` + +### <a name="to_hash_settings"></a>`to_hash_settings` + +Type: Ruby 3.x API + +This function converts a +{key => value}+ hash into a nested hash and can add an id to the outer key. +The optional id string as second parameter is prepended to the resource name. + +*Examples:* + + to_hash_settings({'a' => 1, 'b' => 2}) + +Would return: + { + 'a' => {'key' => 'a', 'value' => 1}, + 'b' => {'key' => 'b', 'value' => 2} + } + +and: + + to_hash_settings({'a' => 1, 'b' => 2}, 'foo') + +Would return: + { + 'foo: a' => {'key' => 'a', 'value' => 1}, + 'foo: b' => {'key' => 'b', 'value' => 2} + } + +#### `to_hash_settings()` + +This function converts a +{key => value}+ hash into a nested hash and can add an id to the outer key. +The optional id string as second parameter is prepended to the resource name. + +*Examples:* + + to_hash_settings({'a' => 1, 'b' => 2}) + +Would return: + { + 'a' => {'key' => 'a', 'value' => 1}, + 'b' => {'key' => 'b', 'value' => 2} + } + +and: + + to_hash_settings({'a' => 1, 'b' => 2}, 'foo') + +Would return: + { + 'foo: a' => {'key' => 'a', 'value' => 1}, + 'foo: b' => {'key' => 'b', 'value' => 2} + } + +Returns: `Any` + +## Data types + +### <a name="phpcomposerchannel"></a>`Php::ComposerChannel` + +The Php::ComposerChannel data type. + +Alias of + +```puppet +Enum['stable', 'preview', 'snapshot', '1', '2'] +``` + +### <a name="phpduration"></a>`Php::Duration` + +A duration in seconds are with an unit + +Alias of + +```puppet +Variant[Integer[0], Pattern[/^\d+[smhd]?$/]] +``` + +### <a name="phpinstalloptions"></a>`Php::InstallOptions` + +The Php::InstallOptions data type. + +Alias of + +```puppet +Optional[Array[ + Variant[ + String, + Hash[String, String] + ] + ]] +``` + +### <a name="phpprovider"></a>`Php::Provider` + +The Php::Provider data type. + +Alias of + +```puppet +Enum['none', 'pecl', 'pear', 'dpkg', 'apt', 'yum', 'rpm', 'dnf', 'up2date', 'zypper', 'rug', 'freebsd', 'pkgng', 'ports', 'portupgrade'] +``` + +### <a name="phpsapi"></a>`Php::Sapi` + +The Php::Sapi data type. + +Alias of + +```puppet +Enum['ALL', 'cli', 'fpm', 'apache2'] +``` +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/data/default.yaml Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,6 @@ +--- + +lookup_options: + php::fpm::pools: + merge: first +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/hiera.yaml Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,6 @@ +--- +version: 5 +hierarchy: + - name: default.yaml + paths: + - 'default.yaml'
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/lib/facter/phpversion.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,10 @@ +Facter.add(:phpversion) do + setcode do + output = Facter::Util::Resolution.exec('php -v') + + unless output.nil? + output.split("\n").first.split(' '). + select { |x| x =~ %r{^(?:(\d+)\.)(?:(\d+)\.)?(\*|\d+)} }.first + end + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/lib/puppet/parser/functions/ensure_prefix.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,57 @@ + +module Puppet::Parser::Functions + newfunction(:ensure_prefix, type: :rvalue, doc: <<-EOS + This function ensures a prefix for all elements in an array or the keys in a hash. + + *Examples:* + + ensure_prefix({'a' => 1, 'b' => 2, 'p.c' => 3}, 'p.') + + Will return: + { + 'p.a' => 1, + 'p.b' => 2, + 'p.c' => 3, + } + + ensure_prefix(['a', 'p.b', 'c'], 'p.') + + Will return: + ['p.a', 'p.b', 'p.c'] +EOS + ) do |arguments| + if arguments.size < 2 + raise(Puppet::ParseError, 'ensure_prefix(): Wrong number of arguments ' \ + "given (#{arguments.size} for 2)") + end + + enumerable = arguments[0] + + unless enumerable.is_a?(Array) || enumerable.is_a?(Hash) + raise Puppet::ParseError, "ensure_prefix(): expected first argument to be an Array or a Hash, got #{enumerable.inspect}" + end + + prefix = arguments[1] if arguments[1] + + if prefix + unless prefix.is_a?(String) + raise Puppet::ParseError, "ensure_prefix(): expected second argument to be a String, got #{prefix.inspect}" + end + end + + result = if enumerable.is_a?(Array) + # Turn everything into string same as join would do ... + enumerable.map do |i| + i = i.to_s + prefix && !i.start_with?(prefix) ? prefix + i : i + end + else + Hash[enumerable.map do |k, v| + k = k.to_s + [prefix && !k.start_with?(prefix) ? prefix + k : k, v] + end] + end + + return result + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/lib/puppet/parser/functions/to_hash_settings.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,37 @@ + +module Puppet::Parser::Functions + newfunction(:to_hash_settings, type: :rvalue, doc: <<-EOS + This function converts a +{key => value}+ hash into a nested hash and can add an id to the outer key. + The optional id string as second parameter is prepended to the resource name. + + *Examples:* + + to_hash_settings({'a' => 1, 'b' => 2}) + + Would return: + { + 'a' => {'key' => 'a', 'value' => 1}, + 'b' => {'key' => 'b', 'value' => 2} + } + + and: + + to_hash_settings({'a' => 1, 'b' => 2}, 'foo') + + Would return: + { + 'foo: a' => {'key' => 'a', 'value' => 1}, + 'foo: b' => {'key' => 'b', 'value' => 2} + } +EOS + ) do |arguments| + hash, id = arguments + id = (id.nil? ? '' : "#{id}: ") + + raise(Puppet::ParseError, 'to_hash_settings(): Requires hash to work with') unless hash.is_a?(Hash) + + return hash.each_with_object({}) do |kv, acc| + acc[id + kv[0]] = { 'key' => kv[0], 'value' => kv[1] } + end + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/lib/puppet/provider/package/pear.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,109 @@ +require 'puppet/provider/package' + +Puppet::Type.type(:package).provide :pear, parent: Puppet::Provider::Package do + desc 'Package management via `pear`.' + + has_feature :versionable + has_feature :upgradeable + has_feature :install_options + + commands pear: 'pear' + + ENV['TERM'] = 'dumb' # remove colors + + def self.pearlist(only = nil) + channel = nil + + packages = pear('list', '-a').split("\n").map do |line| + # current channel + %r{INSTALLED PACKAGES, CHANNEL (.*):}i.match(line) { |m| channel = m[1].downcase } + + # parse one package + pearsplit(line, channel) + end.compact + + return packages unless only + + packages.find do |pkg| + pkg[:name].casecmp(only[:name].downcase).zero? + end + end + + def self.pearsplit(desc, channel) + desc.strip! + + case desc + when '' then nil + when %r{^installed}i then nil + when %r{no packages installed}i then nil + when %r{^=} then nil + when %r{^package}i then nil + when %r{^(\S+)\s+(\S+)\s+(\S+)\s*$} then + name = Regexp.last_match(1) + version = Regexp.last_match(2) + state = Regexp.last_match(3) + + { + name: name, + vendor: channel, + ensure: state == 'stable' ? version : state, + provider: self.name + } + else + Puppet.warning format('Could not match %s', desc) + nil + end + end + + def self.instances + pearlist.map do |hash| + new(hash) + end + end + + def install(useversion = true) + command = ['-D', 'auto_discover=1', 'upgrade'] + + if @resource[:install_options] + command += join_options(@resource[:install_options]) + else + command << '--alldeps' + end + + pear_pkg = @resource[:source] || @resource[:name] + if !@resource[:ensure].is_a?(Symbol) && useversion + command << '-f' + pear_pkg << "-#{@resource[:ensure]}" + end + command << pear_pkg + + if @resource[:responsefile] + Puppet::Util::Execution.execute( + [command(:pear)] + command, + stdinfile: @resource[:responsefile] + ) + else + pear(*command) + end + end + + def latest + target = @resource[:source] || @resource[:name] + pear('remote-info', target).lines.find do |set| + set =~ %r{^Latest} + end.split[1] + end + + def query + self.class.pearlist(@resource) + end + + def uninstall + output = pear 'uninstall', @resource[:name] + raise Puppet::Error, output unless output =~ %r{^uninstall ok} + end + + def update + install(false) + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/lib/puppet/provider/package/pecl.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,38 @@ +require 'puppet/provider/package' + +Puppet::Type.type(:package).provide :pecl, parent: :pear do + desc 'Package management via `pecl`.' + + has_feature :versionable + has_feature :upgradeable + has_feature :install_options + + commands pear: 'pear' + + def self.instances + pear_packages = super + + pear_packages.select do |pkg| + pkg.properties[:vendor] == 'pecl.php.net' + end + end + + def convert_to_pear + @resource[:source] = "pecl.php.net/#{@resource[:name]}" + end + + def install(useversion = true) + convert_to_pear + super(useversion) + end + + def latest + convert_to_pear + super + end + + def uninstall + convert_to_pear + super + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/apache_config.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,23 @@ +# Install and configure php apache settings +# +# === Parameters +# +# [*inifile*] +# The path to the ini php-apache ini file +# +# [*settings*] +# Hash with nested hash of key => value to set in inifile +# +class php::apache_config ( + Stdlib::Absolutepath $inifile = $php::params::apache_inifile, + Hash $settings = {} +) inherits php::params { + assert_private() + + $real_settings = lookup('php::apache::settings', Hash, { 'strategy' => 'deep', 'merge_hash_arrays' => true }, $settings) + + php::config { 'apache': + file => $inifile, + config => $real_settings, + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/apache_vhost.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,34 @@ +# Configures an apache vhost for php +# +# === Parameters +# +# [*vhost*] +# The vhost address +# +# [*docroot*] +# The vhost docroot +# +# [*port*] +# The vhost port +# +# [*default_vhost*] +# defines if vhost is the default vhost +# +# [*fastcgi_socket*] +# address of the fastcgi socket +# +define php::apache_vhost ( + String[1] $vhost = 'example.com', + Stdlib::Absolutepath $docroot = '/var/www', + Integer[1] $port = 80, + Boolean $default_vhost = true, + String[1] $fastcgi_socket = 'fcgi://127.0.0.1:9000/$1' +) { + ::apache::vhost { $vhost: + docroot => $docroot, + default_vhost => $default_vhost, + port => $port, + override => 'all', + custom_fragment => "ProxyPassMatch ^/(.*\\.php(/.*)?)$ ${fastcgi_socket}", + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/cli.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,44 @@ +# Install and configure php CLI +# +# === Parameters +# +# [*inifile*] +# The path to the ini php5-cli ini file +# +# [*settings*] +# Hash with nested hash of key => value to set in inifile +# +class php::cli ( + Stdlib::Absolutepath $inifile = $php::params::cli_inifile, + Hash $settings = {} +) inherits php::params { + assert_private() + + if $php::globals::rhscl_mode { + # stupid fixes for scl + file { '/usr/bin/pear': + ensure => 'link', + target => "${$php::params::php_bin_dir}/pear", + } + + file { '/usr/bin/pecl': + ensure => 'link', + target => "${$php::params::php_bin_dir}/pecl", + } + + file { '/usr/bin/php': + ensure => 'link', + target => "${$php::params::php_bin_dir}/php", + } + } + + $real_settings = lookup('php::cli::settings', Hash, { 'strategy' => 'deep', 'merge_hash_arrays' => true }, $settings) + + if $inifile != $php::params::config_root_inifile { + # only create a cli specific inifile if the filenames are different + ::php::config { 'cli': + file => $inifile, + config => $real_settings, + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/composer.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,63 @@ +# Install composer package manager +# +# === Parameters +# +# [*source*] +# Holds URL to the Composer source file +# +# [*path*] +# Holds path to the Composer executable +# +# [*channel*] +# Holds the Update channel (stable|preview|snapshot|1|2) +# +# [*proxy_type*] +# proxy server type (none|http|https|ftp) +# +# [*proxy_server*] +# specify a proxy server, with port number if needed. ie: https://example.com:8080. +# +# [*auto_update*] +# Defines if composer should be auto updated +# +# [*max_age*] +# Defines the time in days after which an auto-update gets executed +# +# [*root_group*] +# UNIX group of the root user +# +class php::composer ( + String $source = $php::params::composer_source, + Stdlib::Absolutepath $path = $php::params::composer_path, + Optional[String[1]] $proxy_type = undef, + Optional[String[1]] $proxy_server = undef, + Php::ComposerChannel $channel = 'stable', + Boolean $auto_update = true, + Integer $max_age = $php::params::composer_max_age, + Variant[Integer, String] $root_group = $php::params::root_group, +) inherits php::params { + assert_private() + + archive { 'download composer': + path => $path, + source => $source, + proxy_type => $proxy_type, + proxy_server => $proxy_server, + } + -> file { $path: + mode => '0555', + owner => root, + group => $root_group, + } + + if $auto_update { + class { 'php::composer::auto_update': + max_age => $max_age, + source => $source, + path => $path, + channel => $channel, + proxy_type => $proxy_type, + proxy_server => $proxy_server, + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/composer/auto_update.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,55 @@ +# Install composer package manager +# +# === Parameters +# +# [*max_age*] +# Defines number of days after which Composer should be updated +# +# [*source*] +# Holds URL to the Composer source file +# +# [*path*] +# Holds path to the Composer executable +# +# [*channel*] +# Holds the Update channel (stable|preview|snapshot|1|2) +# +# [*proxy_type*] +# proxy server type (none|http|https|ftp) +# +# [*proxy_server*] +# specify a proxy server, with port number if needed. ie: https://example.com:8080. +# +# +# === Examples +# +# include php::composer::auto_update +# class { "php::composer::auto_update": +# "max_age" => 90 +# } +# +class php::composer::auto_update ( + Integer[1] $max_age, + String[1] $source, + Stdlib::Absolutepath $path, + Php::ComposerChannel $channel = 'stable', + Optional[String[1]] $proxy_type = undef, + Optional[String[1]] $proxy_server = undef, +) { + assert_private() + + if $proxy_type and $proxy_server { + $env = ['HOME=/root', "${proxy_type}_proxy=${proxy_server}"] + } else { + $env = ['HOME=/root'] + } + + exec { 'update composer': + # touch binary when an update is attempted to update its mtime for idempotency when no update is available + command => "${path} --no-interaction --quiet self-update --${channel}; touch ${path}", + environment => $env, + onlyif => "test `find '${path}' -mtime +${max_age}`", + path => ['/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/', '/usr/local/bin', '/usr/local/sbin'], + require => [File[$path], Class['php::cli']], + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/config.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,29 @@ +# Configure php.ini settings for a PHP SAPI +# +# === Parameters +# +# [*file*] +# The path to ini file +# +# [*config*] +# Nested hash of key => value to apply to php.ini +# +# === Examples +# +# php::config { '$unique-name': +# file => '$full_path_to_ini_file' +# config => { +# {'Date/date.timezone' => 'Europe/Berlin'} +# } +# } +# +define php::config ( + Stdlib::Absolutepath $file, + Hash $config +) { + if $caller_module_name != $module_name { + warning('php::config is private') + } + + create_resources(::php::config::setting, to_hash_settings($config, $file),{ file => $file }) +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/config/setting.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,50 @@ +# Configure php.ini settings +# +# === Parameters +# +# [*key*] +# The key of the value, like `ini_setting` +# +# [*file*] +# The path to ini file +# +# [*value*] +# The value to set +# +# === Examples +# +# php::config::setting { 'Date/date.timezone': +# file => '$full_path_to_ini_file' +# value => 'Europe/Berlin' +# } +# +define php::config::setting ( + String[1] $key, + Variant[Integer, String] $value, + Stdlib::Absolutepath $file, +) { + assert_private() + + $split_name = split($key, '/') + if count($split_name) == 1 { + $section = '' # lint:ignore:empty_string_assignment + $setting = $split_name[0] + } else { + $section = $split_name[0] + $setting = $split_name[1] + } + + if $value == undef { + $ensure = 'absent' + } else { + $ensure = 'present' + } + + ini_setting { $name: + ensure => $ensure, + value => $value, + path => $file, + section => $section, + setting => $setting, + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/dev.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,42 @@ +# Install the development package with headers for PHP +# +# === Parameters +# +# [*ensure*] +# The PHP ensure of PHP dev to install +# +# [*package*] +# The package name for the PHP development files +# +class php::dev ( + String $ensure = $php::ensure, + String $package = "${php::package_prefix}${php::params::dev_package_suffix}", + Boolean $manage_repos = $php::manage_repos, +) inherits php::params { + assert_private() + + # On FreeBSD there is no 'devel' package. + $real_package = $facts['os']['family'] ? { + 'FreeBSD' => [], + default => $package, + } + + if $facts['os']['family'] == 'Debian' { + # we can set the dependency only if we manage repos + $require = $manage_repos ? { + true => Class['apt::update'], + false => undef, + } + } else { + $require = undef + } + + # Default PHP come with xml module and no seperate package for it + if $facts['os']['name'] == 'Ubuntu' { + ensure_packages(["${php::package_prefix}xml"], { ensure => present, require => $require, }) + } + package { $real_package: + ensure => $ensure, + require => Class['php::packages'], + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/embedded.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,47 @@ +# Install and configure php embedded SAPI +# +# === Parameters +# +# [*inifile*] +# The path to the ini php5-embeded ini file +# +# [*settings*] +# Hash with nested hash of key => value to set in inifile +# +# [*package*] +# Specify which package to install +# +# [*ensure*] +# Specify which version of the package to install +# +class php::embedded ( + String $ensure = $php::ensure, + String $package = "${php::package_prefix}${php::params::embedded_package_suffix}", + Stdlib::Absolutepath $inifile = $php::params::embedded_inifile, + Hash $settings = {}, +) inherits php::params { + assert_private() + + $real_settings = lookup( + 'php::embedded::settings', + Hash, { + 'strategy' => 'deep', + 'merge_hash_arrays' => true + }, + $settings + ) + + $real_package = $facts['os']['family'] ? { + 'Debian' => "lib${package}", + default => $package, + } + + package { $real_package: + ensure => $ensure, + require => Class['php::packages'], + } + -> php::config { 'embedded': + file => $inifile, + config => $real_settings, + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/extension.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,142 @@ +# Install a PHP extension package +# +# === Parameters +# +# [*ensure*] +# The ensure of the package to install +# Could be "present", "absent", "latest", "installed" or a pinned version +# +# [*package_prefix*] +# Prefix to prepend to the package name for the package provider +# +# [*package_name*] +# Full package name for the package provider (e.g. php7.2-xml for +# simlexml extension) +# +# [*provider*] +# The provider used to install the package +# Could be "pecl", "apt", "dpkg" or any other OS package provider +# If set to "none", no package will be installed +# +# [*source*] +# The source to install the extension from. Possible values +# depend on the *provider* used +# +# [*so_name*] +# The DSO name of the package (e.g. opcache for zendopcache) +# +# [*ini_prefix*] +# An optional filename prefix for the settings file of the extension +# +# [*php_api_version*] +# This parameter is used to build the full path to the extension +# directory for zend_extension in PHP < 5.5 (e.g. 20100525) +# +# [*header_packages*] +# System packages dependencies to install for extensions (e.g. for +# memcached libmemcached-dev on Debian) +# +# [*compiler_packages*] +# System packages dependencies to install for compiling extensions +# (e.g. build-essential on Debian) +# +# [*zend*] +# Boolean parameter, whether to load extension as zend_extension. +# Defaults to false. +# +# [*settings*] +# Hash of parameters for the specific extension, which will be written to the extensions config file by +# php::extension::config or a hash of mutliple settings files, each with parameters +# (multifile_settings must be true) +# (f.ex. {p => '..'} or {'bz2' => {..}, {'math' => {...}}) +# +# [*multifile_settings*] +# Set this to true if you specify multiple setting files in *settings*. This must be used when the PHP package +# distribution bundles extensions in a single package (like 'common' bundles extensions 'bz2', ...) and each of +# the extension comes with a separate settings file. +# +# [*settings_prefix*] +# Boolean/String parameter, whether to prefix all setting keys with +# the extension name or specified name. Defaults to false. +# +# [*sapi*] +# String parameter, whether to specify ALL sapi or a specific sapi. +# Defaults to ALL. +# +# [*responsefile*] +# File containing answers for interactive extension setup. Supported +# *providers*: pear, pecl. +# +# [*install_options*] +# Array of String or Hash options to pass to the provider. +# +define php::extension ( + String $ensure = $php::ensure, + Optional[Php::Provider] $provider = undef, + Optional[String] $source = undef, + Optional[String] $so_name = undef, + Optional[String] $ini_prefix = undef, + Optional[String] $php_api_version = undef, + String $package_prefix = $php::package_prefix, + Optional[String[1]] $package_name = undef, + Boolean $zend = false, + Variant[Hash, Hash[String, Hash]] $settings = {}, + Boolean $multifile_settings = false, + Php::Sapi $sapi = 'ALL', + Variant[Boolean, String] $settings_prefix = false, + Optional[Stdlib::AbsolutePath] $responsefile = undef, + Variant[String, Array[String]] $header_packages = [], + Variant[String, Array[String]] $compiler_packages = $php::params::compiler_packages, + Php::InstallOptions $install_options = undef, +) { + if ! defined(Class['php']) { + warning('php::extension is private') + } + + php::extension::install { $title: + ensure => $ensure, + provider => $provider, + source => $source, + responsefile => $responsefile, + package_prefix => $package_prefix, + package_name => $package_name, + header_packages => $header_packages, + compiler_packages => $compiler_packages, + install_options => $install_options, + } + + # PEAR packages don't require any further configuration, they just need to "be there". + if $provider != 'pear' { + $_settings = $multifile_settings ? { + true => $settings, + false => { downcase($title) => $settings } # emulate a hash if no multifile settings + } + + $_settings.each |$settings_name, $settings_hash| { + if $so_name { + $so_name = $multifile_settings ? { + true => downcase($settings_name), + false => pick(downcase($so_name), downcase($name), downcase($settings_name)), + } + } else { + $so_name = $multifile_settings ? { + true => downcase($settings_name), + false => pick(downcase($name), downcase($settings_name)), + } + } + + php::extension::config { $settings_name: + ensure => $ensure, + provider => $provider, + so_name => $so_name, + ini_prefix => $ini_prefix, + php_api_version => $php_api_version, + zend => $zend, + settings => $settings_hash, + settings_prefix => $settings_prefix, + sapi => $sapi, + subscribe => Php::Extension::Install[$title], + } + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/extension/config.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,134 @@ +# Configure a PHP extension package +# +# === Parameters +# +# [*ensure*] +# The ensure of the package to install +# Could be "latest", "installed" or a pinned version +# +# [*provider*] +# The provider used to install the package +# Could be "pecl", "apt", "dpkg" or any other OS package provider +# If set to "none", no package will be installed +# +# [*so_name*] +# The DSO name of the package (e.g. opcache for zendopcache) +# +# [*ini_prefix*] +# An optional filename prefix for the settings file of the extension +# +# [*php_api_version*] +# This parameter is used to build the full path to the extension +# directory for zend_extension in PHP < 5.5 (e.g. 20100525) +# +# [*header_packages*] +# System packages dependencies to install for extensions (e.g. for +# memcached libmemcached-dev on Debian) +# +# [*compiler_packages*] +# System packages dependencies to install for compiling extensions +# (e.g. build-essential on Debian) +# +# [*zend*] +# Boolean parameter, whether to load extension as zend_extension. +# Defaults to false. +# +# [*settings*] +# Nested hash of global config parameters for php.ini +# +# [*settings_prefix*] +# Boolean/String parameter, whether to prefix all setting keys with +# the extension name or specified name. Defaults to false. +# +# [*sapi*] +# String parameter, whether to specify ALL sapi or a specific sapi. +# Defaults to ALL. +# +define php::extension::config ( + String $ensure = 'installed', + Optional[Php::Provider] $provider = undef, + Optional[String] $so_name = downcase($name), + Optional[String] $ini_prefix = undef, + Optional[String] $php_api_version = undef, + Boolean $zend = false, + Hash $settings = {}, + Variant[Boolean, String] $settings_prefix = false, + Php::Sapi $sapi = 'ALL', +) { + if ! defined(Class['php']) { + warning('php::extension::config is private') + } + + if $zend == true { + $extension_key = 'zend_extension' + $module_path = $php_api_version? { + undef => undef, + default => "/usr/lib/php5/${php_api_version}/", + } + } else { + $extension_key = 'extension' + $module_path = undef + } + + $ini_name = downcase($so_name) + + # Ensure "<extension>." prefix is present in setting keys if requested + $full_settings = $settings_prefix ? { + true => ensure_prefix($settings, "${so_name}."), + false => $settings, + String => ensure_prefix($settings, "${settings_prefix}."), + } + + if $provider != 'pear' { + $final_settings = deep_merge( { "${extension_key}" => "${module_path}${so_name}.so" }, $full_settings) + } else { + $final_settings = $full_settings + } + + if $facts['os']['name'] == 'Ubuntu' and $zend != true and $name == 'mysql' { + # Do not manage the .ini file if it's mysql. PHP 7.0+ do not have + # mysql.so. If mysql.ini exists and version is 7.0+, then remove it. + $real_ensure = 'absent' + } else { + $real_ensure = $ensure + } + + $config_root_ini = pick_default($php::config_root_ini, $php::params::config_root_ini) + if $real_ensure != 'absent' { + ::php::config { $title: + file => "${config_root_ini}/${ini_prefix}${ini_name}.ini", + config => $final_settings, + } + + # Ubuntu/Debian systems use the mods-available folder. We need to enable + # settings files ourselves with php5enmod command. + $ext_tool_enable = pick_default($php::ext_tool_enable, $php::params::ext_tool_enable) + $ext_tool_query = pick_default($php::ext_tool_query, $php::params::ext_tool_query) + $ext_tool_enabled = pick_default($php::ext_tool_enabled, $php::params::ext_tool_enabled) + + if $facts['os']['family'] == 'Debian' and $ext_tool_enabled { + $cmd = "${ext_tool_enable} -s ${sapi} ${so_name}" + $execname = "ext_tool_enable_${so_name}" + + $_sapi = $sapi ? { + 'ALL' => 'cli', + default => $sapi, + } + if has_key($final_settings, $extension_key) and $final_settings[$extension_key] { + exec { $execname: + command => $cmd, + onlyif => "${ext_tool_query} -s ${_sapi} -m ${so_name} | /bin/grep 'No module matches ${so_name}'", + require => ::Php::Config[$title], + } + + if $php::fpm { + Package[$php::fpm::package] ~> Exec[$execname] + } + } + } + } else { + file { "${config_root_ini}/${ini_prefix}${ini_name}.ini": + ensure => 'absent', + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/extension/install.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,99 @@ +# Install a PHP extension package +# +# === Parameters +# +# [*ensure*] +# The ensure of the package to install +# Could be "latest", "installed" or a pinned version +# +# [*package_prefix*] +# Prefix to prepend to the package name for the package provider +# +# [*package_name*] +# Full package name for the package provider (e.g. php7.2-xml for +# simlexml extension) +# +# [*provider*] +# The provider used to install the package +# Could be "pecl", "apt", "dpkg" or any other OS package provider +# If set to "none", no package will be installed +# +# [*source*] +# The source to install the extension from. Possible values +# depend on the *provider* used +# +# [*header_packages*] +# System packages dependencies to install for extensions (e.g. for +# memcached libmemcached-dev on Debian) +# +# [*compiler_packages*] +# System packages dependencies to install for compiling extensions +# (e.g. build-essential on Debian) +# +# [*responsefile*] +# File containing answers for interactive extension setup. Supported +# *providers*: pear, pecl. +# +# [*install_options*] +# Array of String or Hash options to pass to the provider. +# +define php::extension::install ( + String $ensure = 'installed', + Optional[Php::Provider] $provider = undef, + Optional[String] $source = undef, + String $package_prefix = $php::package_prefix, + Optional[String[1]] $package_name = undef, + Optional[Stdlib::AbsolutePath] $responsefile = undef, + Variant[String, Array[String]] $header_packages = [], + Variant[String, Array[String]] $compiler_packages = $php::params::compiler_packages, + Php::InstallOptions $install_options = undef, +) { + if ! defined(Class['php']) { + warning('php::extension::install is private') + } + + case $provider { + /pecl|pear/: { + $real_package = $title + + unless empty($header_packages) { + ensure_resource('package', $header_packages) + Package[$header_packages] -> Package[$real_package] + } + unless empty($compiler_packages) { + ensure_resource('package', $compiler_packages) + Package[$compiler_packages] -> Package[$real_package] + } + + $package_require = [ + Class['php::pear'], + Class['php::dev'], + ] + } + + 'none' : { + debug("No package installed for php::extension: `${title}`.") + } + + default: { + $real_package = $package_name ? { + undef => "${package_prefix}${title}", + default => $package_name, + } + $package_require = undef + } + } + + unless $provider == 'none' { + if ! defined(Package[$real_package]) { + package { $real_package: + ensure => $ensure, + provider => $provider, + source => $source, + responsefile => $responsefile, + install_options => $install_options, + require => $package_require, + } + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/fpm.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,117 @@ +# Install and configure mod_php for fpm +# +# === Parameters +# +# [*user*] +# The user that php-fpm should run as +# +# [*group*] +# The group that php-fpm should run as +# +# [*service_enable*] +# Enable/disable FPM service +# +# [*service_ensure*] +# Ensure FPM service is either 'running' or 'stopped' +# +# [*service_name*] +# This is the name of the php-fpm service. It defaults to reasonable OS +# defaults but can be different in case of using php7.0/other OS/custom fpm service +# +# [*service_provider*] +# This is the name of the service provider, in case there is a non +# OS default service provider used to start FPM. +# Defaults to 'undef', pick system defaults. +# +# [*pools*] +# Hash of php::fpm::pool resources that will be created. Defaults +# to a single php::fpm::pool named www with default parameters. +# +# [*log_owner*] +# The php-fpm log owner +# +# [*log_group*] +# The group owning php-fpm logs +# +# [*package*] +# Specify which package to install +# +# [*ensure*] +# Specify which version of the package to install +# +# [*inifile*] +# Path to php.ini for fpm +# +# [*settings*] +# fpm settings hash +# +# [*global_pool_settings*] +# Hash of defaults params php::fpm::pool resources that will be created. +# Defaults is empty hash. +# +# [*pool_purge*] +# Whether to purge pool config files not created +# by this module +# +# [*reload_fpm_on_config_changes*] +# by default, we reload the service on changes. +# But certain options, like socket owner, will only be applied during a restart. +# If set to false, a restart will be executed instead of a reload. +# This default will be changed in a future release. +# +class php::fpm ( + Optional[String] $ensure = $php::ensure, + String[1] $user = $php::fpm_user, + String[1] $group = $php::fpm_group, + Enum['running', 'stopped'] $service_ensure = $php::fpm_service_ensure, + Boolean $service_enable = $php::fpm_service_enable, + String[1] $service_name = $php::fpm_service_name, + Optional[String[1]] $service_provider = $php::fpm_service_provider, + String $package = $php::real_fpm_package, + Stdlib::Absolutepath $inifile = $php::fpm_inifile, + Hash $settings = $php::real_settings, + Hash $global_pool_settings = $php::real_fpm_global_pool_settings, + Hash $pools = $php::real_fpm_pools, + String[1] $log_owner = $php::log_owner, + String[1] $log_group = $php::log_group, + Boolean $pool_purge = $php::pool_purge, + Boolean $reload_fpm_on_config_changes = $php::reload_fpm_on_config_changes, +) { + if ! defined(Class['php']) { + warning('php::fpm is private') + } + + $real_settings = $settings + + # On FreeBSD fpm is not a separate package, but included in the 'php' package. + # Implies that the option SET+=FPM was set when building the port. + $real_package = $facts['os']['family'] ? { + 'FreeBSD' => [], + default => $package, + } + + package { $real_package: + ensure => $ensure, + require => Class['php::packages'], + } + + class { 'php::fpm::config': + user => $user, + group => $group, + inifile => $inifile, + settings => $real_settings, + log_owner => $log_owner, + log_group => $log_group, + pool_purge => $pool_purge, + require => Package[$real_package], + } + + contain 'php::fpm::config' + contain 'php::fpm::service' + + Class['php::fpm::config'] ~> Class['php::fpm::service'] + + $real_global_pool_settings = $global_pool_settings + $real_pools = $pools + create_resources(::php::fpm::pool, $real_pools, $real_global_pool_settings) +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/fpm/config.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,145 @@ +# Configure php-fpm service +# +# === Parameters +# +# [*config_file*] +# The path to the fpm config file +# +# [*user*] +# The user that runs php-fpm +# +# [*group*] +# The group that runs php-fpm +# +# [*inifile*] +# The path to ini file +# +# [*settings*] +# Nested hash of key => value to apply to php.ini +# +# [*pool_base_dir*] +# The folder that contains the php-fpm pool configs +# +# [*pool_purge*] +# Whether to purge pool config files not created +# by this module +# +# [*error_log*] +# Path to error log file. If it's set to "syslog", log is +# sent to syslogd instead of being written in a local file. +# +# [*log_level*] +# The php-fpm log level +# +# [*emergency_restart_threshold*] +# The php-fpm emergency_restart_threshold +# +# [*emergency_restart_interval*] +# The php-fpm emergency_restart_interval +# +# [*process_control_timeout*] +# The php-fpm process_control_timeout +# +# [*process_max*] +# The maximum number of processes FPM will fork. +# +# [*rlimit_files*] +# Set open file descriptor rlimit for the master process. +# +# [*systemd_interval*] +# The interval between health report notification to systemd +# +# [*log_owner*] +# The php-fpm log owner +# +# [*log_group*] +# The group owning php-fpm logs +# +# [*log_dir_mode*] +# The octal mode of the directory +# +# [*syslog_facility*] +# Used to specify what type of program is logging the message +# +# [*syslog_ident*] +# Prepended to every message +# +# [*root_group*] +# UNIX group of the root user +# +# [*pid_file*] +# Path to fpm pid file +# +class php::fpm::config ( + Stdlib::Absolutepath $config_file = $php::params::fpm_config_file, + String $user = $php::params::fpm_user, + String $group = $php::params::fpm_group, + String $inifile = $php::params::fpm_inifile, + Stdlib::Absolutepath $pid_file = $php::params::fpm_pid_file, + Hash $settings = {}, + Stdlib::Absolutepath $pool_base_dir = $php::params::fpm_pool_dir, + Boolean $pool_purge = false, + String $error_log = $php::params::fpm_error_log, + String $log_level = 'notice', + Integer $emergency_restart_threshold = 0, + Php::Duration $emergency_restart_interval = 0, + Php::Duration $process_control_timeout = 0, + Integer $process_max = 0, + Optional[Integer[1]] $rlimit_files = undef, + Optional[Php::Duration] $systemd_interval = undef, + String $log_owner = $php::params::fpm_user, + String $log_group = $php::params::fpm_group, + Pattern[/^\d+$/] $log_dir_mode = '0770', + String[1] $root_group = $php::params::root_group, + String $syslog_facility = 'daemon', + String $syslog_ident = 'php-fpm', +) inherits php::params { + assert_private() + + file { $config_file: + ensure => file, + content => template('php/fpm/php-fpm.conf.erb'), + owner => 'root', + group => $root_group, + mode => '0644', + } + + ensure_resource('file', '/var/run/php-fpm', + { + ensure => directory, + owner => 'root', + group => $root_group, + mode => '0755', + } + ) + + ensure_resource('file', '/var/log/php-fpm/', + { + ensure => directory, + owner => 'root', + group => $root_group, + mode => $log_dir_mode, + } + ) + + file { $pool_base_dir: + ensure => directory, + owner => 'root', + group => $root_group, + mode => '0755', + } + + if $pool_purge { + File[$pool_base_dir] { + purge => true, + recurse => true, + } + } + + if $inifile != $php::params::config_root_inifile { + ::php::config { 'fpm': + file => $inifile, + config => $settings, + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/fpm/pool.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,206 @@ +# Configure fpm pools +# +# === Parameters +# +# See the official php-fpm documentation for parameters that are not +# documented here: http://php.net/manual/en/install.fpm.configuration.php. +# +# [*ensure*] +# Remove pool if set to `'absent'`, add otherwise +# +# [*listen*] +# On what socket to listen for FastCGI connections, i.e. +# `'127.0.0.1:9000'' or `'/var/run/php5-fpm.sock'` +# +# [*listen_backlog*] +# +# [*listen_allowed_clients*] +# +# [*listen_owner*] +# Set owner of the Unix socket +# +# [*listen_group*] +# Set the group of the Unix socket +# +# [*listen_mode*] +# +# [*user*] +# The user that php-fpm should run as +# +# [*group*] +# The group that php-fpm should run as +# +# [*apparmor_hat*] +# The Apparmor hat to use +# +# [*pm*] +# +# [*pm_max_children*] +# +# [*pm_start_servers*] +# +# [*pm_min_spare_servers*] +# +# [*pm_max_spare_servers*] +# +# [*pm_max_requests*] +# +# [*pm_process_idle_timeout*] +# +# [*pm_status_path*] +# +# [*ping_path*] +# +# [*ping_response*] +# +# [*access_log*] +# The path to the file to write access log requests to +# +# [*access_log_format*] +# The format to save the access log entries as +# +# [*request_terminate_timeout*] +# +# [*request_slowlog_timeout*] +# +# [*security_limit_extensions*] +# +# [*slowlog*] +# +# [*template*] +# The template to use for the pool +# +# [*rlimit_files*] +# +# [*rlimit_core*] +# +# [*chroot*] +# +# [*chdir*] +# +# [*catch_workers_output*] +# +# [*include*] +# Other configuration files to include on this pool +# +# [*env*] +# List of environment variables that are passed to the php-fpm from the +# outside and will be available to php scripts in this pool +# +# [*env_value*] +# Hash of environment variables and values as strings to use in php +# scripts in this pool +# +# [*clear_env*] +# Whether the environment should be cleared. +# +# [*options*] +# An optional hash for any other data. +# +# [*php_value*] +# Hash of php_value directives +# +# [*php_flag*] +# Hash of php_flag directives +# +# [*php_admin_value*] +# Hash of php_admin_value directives +# +# [*php_admin_flag*] +# Hash of php_admin_flag directives +# +# [*php_directives*] +# List of custom directives that are appended to the pool config +# +# [*root_group*] +# UNIX group of the root user +# +# [*base_dir*] +# The folder that contains the php-fpm pool configs. This defaults to a +# sensible default depending on your operating system, like +# '/etc/php5/fpm/pool.d' or '/etc/php-fpm.d' +# +define php::fpm::pool ( + Enum['present', 'absent'] $ensure = 'present', + String[1] $listen = '127.0.0.1:9000', + Integer[-1] $listen_backlog = -1, + Optional[String[1]] $listen_allowed_clients = undef, + Optional[String[1]] $listen_owner = undef, + Optional[String[1]] $listen_group = undef, + Optional[Stdlib::Filemode] $listen_mode = undef, + String[1] $user = $php::fpm::config::user, + String[1] $group = $php::fpm::config::group, + Optional[String[1]] $apparmor_hat = undef, + String[1] $pm = 'dynamic', + Integer[1] $pm_max_children = 50, + Integer[0] $pm_start_servers = 5, + Integer[0] $pm_min_spare_servers = 5, + Integer[0] $pm_max_spare_servers = 35, + Integer[0] $pm_max_requests = 0, + Php::Duration $pm_process_idle_timeout = '10s', + Optional[Stdlib::Absolutepath] $pm_status_path = undef, + Optional[Stdlib::Absolutepath] $ping_path = undef, + String[1] $ping_response = 'pong', + Optional[Stdlib::Absolutepath] $access_log = undef, + String[1] $access_log_format = '"%R - %u %t \"%m %r\" %s"', + Php::Duration $request_terminate_timeout = 0, + Php::Duration $request_slowlog_timeout = 0, + Array[String[1]] $security_limit_extensions = [], + Stdlib::Absolutepath $slowlog = "/var/log/php-fpm/${name}-slow.log", + String[1] $template = 'php/fpm/pool.conf.erb', + Optional[Integer] $rlimit_files = undef, + Optional[Integer] $rlimit_core = undef, + Optional[Stdlib::Absolutepath] $chroot = undef, + Optional[Stdlib::Absolutepath] $chdir = undef, + Enum['yes', 'no'] $catch_workers_output = 'no', + Optional[String[1]] $include = undef, + Array[String[1]] $env = [], + Hash $env_value = {}, + Boolean $clear_env = true, + Hash $options = {}, + Hash $php_value = {}, + Hash $php_flag = {}, + Hash $php_admin_value = {}, + Hash $php_admin_flag = {}, + Array[String[1]] $php_directives = [], + String[1] $root_group = $php::params::root_group, + Optional[Stdlib::Absolutepath] $base_dir = undef, +) { + # The base class must be included first because it is used by parameter defaults + if ! defined(Class['php']) { + warning('You must include the php base class before using any php defined resources') + } + + $pool = $title + + # Hack-ish to default to user for group too + $group_final = $group ? { + undef => $user, + default => $group + } + + # On FreeBSD fpm is not a separate package, but included in the 'php' package. + # Implies that the option SET+=FPM was set when building the port. + $real_package = $facts['os']['name'] ? { + 'FreeBSD' => [], + default => $php::fpm::package, + } + + $pool_base_dir = pick_default($base_dir, $php::fpm::config::pool_base_dir, $php::params::fpm_pool_dir) + if ($ensure == 'absent') { + file { "${pool_base_dir}/${pool}.conf": + ensure => absent, + notify => Class['php::fpm::service'], + } + } else { + file { "${pool_base_dir}/${pool}.conf": + ensure => file, + notify => Class['php::fpm::service'], + require => Package[$real_package], + content => template($template), + owner => root, + group => $root_group, + mode => '0640', + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/fpm/service.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,49 @@ +# Manage fpm service +# +# === Parameters +# +# [*service_name*] +# name of the php-fpm service +# +# [*ensure*] +# 'ensure' value for the service +# +# [*enable*] +# Defines if the service is enabled +# +# [*provider*] +# Defines if the service provider to use +# +# [*reload_fpm_on_config_changes*] +# by default, we reload the service on changes. +# But certain options, like socket owner, will only be applied during a restart. +# If set to false, a restart will be executed instead of a reload. +# This default will be changed in a future release. +# +class php::fpm::service ( + String[1] $service_name = $php::fpm::service_name, + Enum['running', 'stopped'] $ensure = $php::fpm::service_ensure, + Boolean $enable = $php::fpm::service_enable, + Optional[String[1]] $provider = $php::fpm::service_provider, + Boolean $reload_fpm_on_config_changes = $php::fpm::reload_fpm_on_config_changes, +) { + if ! defined(Class['php::fpm']) { + warning('php::fpm::service is private') + } + + if $reload_fpm_on_config_changes { + $restart = "service ${service_name} reload" + } else { + $restart = undef + } + service { $service_name: + ensure => $ensure, + enable => $enable, + provider => $provider, + hasrestart => true, + restart => $restart, + hasstatus => true, + } + + ::Php::Extension <| |> ~> Service[$service_name] +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/global.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,27 @@ +# Install and configure mod_php for fpm +# +# === Parameters +# +# [*inifile*] +# Absolute path to the global php.ini file. Defaults +# to the OS specific default location as defined in params. +# [*settings*] +# Hash of settings to apply to the global php.ini file. +# Defaults to OS specific defaults (i.e. add nothing) +# + +# +class php::global ( + Stdlib::Absolutepath $inifile = $php::config_root_inifile, + Hash $settings = {} +) inherits php { + assert_private() + + # No deep merging required since the settings we have are the global settings. + $real_settings = $settings + + php::config { 'global': + file => $inifile, + config => $real_settings, + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/globals.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,159 @@ +# PHP globals class +# +# === Parameters +# +# [*php_version*] +# The version of php. +# +# [*config_root*] +# The configuration root directory. +# +# [*fpm_pid_file*] +# Path to pid file for fpm +# +# [*rhscl_mode*] +# The mode specifies the specifics in paths for the various RedHat SCL environments so that the module is configured +# correctly on their pathnames. +# + +class php::globals ( + + Optional[Pattern[/^(rh-)?(php)?[578](\.)?[0-9]/]] $php_version = undef, + Optional[Stdlib::Absolutepath] $config_root = undef, + Optional[Stdlib::Absolutepath] $fpm_pid_file = undef, + Optional[Enum['rhscl', 'remi']] $rhscl_mode = undef, +) { + $default_php_version = $facts['os']['name'] ? { + 'Debian' => $facts['os']['release']['major'] ? { + '10' => '7.3', + '11' => '7.4', + default => fail("Unsupported Debian release: ${fact('os.release.major')}"), + }, + 'Ubuntu' => $facts['os']['release']['major'] ? { + '18.04' => '7.2', + '20.04' => '7.4', + default => fail("Unsupported Ubuntu release: ${fact('os.release.major')}"), + }, + default => '5.x', + } + + $globals_php_version = pick($php_version, $default_php_version) + + case $facts['os']['family'] { + 'Debian': { + if $facts['os']['name'] == 'Ubuntu' { + case $globals_php_version { + /^[578].[0-9]/: { + $default_config_root = "/etc/php/${globals_php_version}" + $default_fpm_pid_file = "/var/run/php/php${globals_php_version}-fpm.pid" + $fpm_error_log = "/var/log/php${globals_php_version}-fpm.log" + $fpm_service_name = "php${globals_php_version}-fpm" + $ext_tool_enable = "/usr/sbin/phpenmod -v ${globals_php_version}" + $ext_tool_query = "/usr/sbin/phpquery -v ${globals_php_version}" + $package_prefix = "php${globals_php_version}-" + } + default: { + # Default php installation from Ubuntu official repository use the following paths until 16.04 + # For PPA please use the $php_version to override it. + $default_config_root = '/etc/php5' + $default_fpm_pid_file = '/var/run/php5-fpm.pid' + $fpm_error_log = '/var/log/php5-fpm.log' + $fpm_service_name = 'php5-fpm' + $ext_tool_enable = '/usr/sbin/php5enmod' + $ext_tool_query = '/usr/sbin/php5query' + $package_prefix = 'php5-' + } + } + } else { + case $globals_php_version { + /^5\.6/, + /^7\.[0-9]/, + /^8\.[0-9]/: { + $default_config_root = "/etc/php/${globals_php_version}" + $default_fpm_pid_file = "/var/run/php/php${globals_php_version}-fpm.pid" + $fpm_error_log = "/var/log/php${globals_php_version}-fpm.log" + $fpm_service_name = "php${globals_php_version}-fpm" + $ext_tool_enable = "/usr/sbin/phpenmod -v ${globals_php_version}" + $ext_tool_query = "/usr/sbin/phpquery -v ${globals_php_version}" + $package_prefix = "php${globals_php_version}-" + } + default: { + $default_config_root = '/etc/php5' + $default_fpm_pid_file = '/var/run/php5-fpm.pid' + $fpm_error_log = '/var/log/php5-fpm.log' + $fpm_service_name = 'php5-fpm' + $ext_tool_enable = '/usr/sbin/php5enmod' + $ext_tool_query = '/usr/sbin/php5query' + $package_prefix = 'php5-' + } + } + } + } + 'Suse': { + case $globals_php_version { + /^7/: { + $default_config_root = '/etc/php7' + $package_prefix = 'php7-' + $default_fpm_pid_file = '/var/run/php7-fpm.pid' + $fpm_error_log = '/var/log/php7-fpm.log' + } + default: { + $default_config_root = '/etc/php5' + $package_prefix = 'php5-' + $default_fpm_pid_file = '/var/run/php5-fpm.pid' + $fpm_error_log = '/var/log/php5-fpm.log' + } + } + } + 'RedHat': { + case $rhscl_mode { + 'remi': { + $rhscl_root = "/opt/remi/${php_version}/root" + $default_config_root = "/etc/opt/remi/${php_version}" + $default_fpm_pid_file = '/var/run/php-fpm/php-fpm.pid' + $package_prefix = "${php_version}-php-" + $fpm_service_name = "${php_version}-php-fpm" + } + 'rhscl': { + $rhscl_root = "/opt/rh/${php_version}/root" + $default_config_root = "/etc/opt/rh/${php_version}" # rhscl registers contents by copy in /etc/opt/rh + $default_fpm_pid_file = "/var/opt/rh/${php_version}/run/php-fpm/php-fpm.pid" + $package_prefix = "${php_version}-php-" + $fpm_service_name = "${php_version}-php-fpm" + } + undef: { + $default_config_root = '/etc/php.d' + $default_fpm_pid_file = '/var/run/php-fpm/php-fpm.pid' + $fpm_service_name = undef + $package_prefix = undef + } + default: { + fail("Unsupported rhscl_mode '${rhscl_mode}'") + } + } + } + 'FreeBSD': { + case $globals_php_version { + /^(\d)\.(\d)$/: { + $package_prefix = "php${1}${2}-" + } + default: { + $package_prefix = 'php56-' + } + } + $default_config_root = '/usr/local/etc' + $default_fpm_pid_file = '/var/run/php-fpm.pid' + $fpm_service_name = undef + } + 'Archlinux': { + $default_config_root = '/etc/php' + $default_fpm_pid_file = '/run/php-fpm/php-fpm.pid' + } + default: { + fail("Unsupported osfamily: ${facts['os']['family']}") + } + } + + $globals_config_root = pick($config_root, $default_config_root) + $globals_fpm_pid_file = pick($fpm_pid_file, $default_fpm_pid_file) +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/init.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,252 @@ +# Base class with global configuration parameters that pulls in all +# enabled components. +# +# === Parameters +# +# [*ensure*] +# Specify which version of PHP packages to install, defaults to 'present'. +# Please note that 'absent' to remove packages is not supported! +# +# [*manage_repos*] +# Include repository (dotdeb, ppa, etc.) to install recent PHP from +# +# [*fpm*] +# Install and configure php-fpm +# +# [*fpm_service_enable*] +# Enable/disable FPM service +# +# [*fpm_service_ensure*] +# Ensure FPM service is either 'running' or 'stopped' +# +# [*fpm_service_name*] +# This is the name of the php-fpm service. It defaults to reasonable OS +# defaults but can be different in case of using php7.0/other OS/custom fpm service +# +# [*fpm_service_provider*] +# This is the name of the service provider, in case there is a non +# OS default service provider used to start FPM. +# Defaults to 'undef', pick system defaults. +# +# [*fpm_pools*] +# Hash of php::fpm::pool resources that will be created. Defaults +# to a single php::fpm::pool named www with default parameters. +# +# [*fpm_global_pool_settings*] +# Hash of defaults params php::fpm::pool resources that will be created. +# Defaults to empty hash. +# +# [*fpm_inifile*] +# Path to php.ini for fpm +# +# [*fpm_package*] +# Name of fpm package to install +# +# [*fpm_user*] +# The user that php-fpm should run as +# +# [*fpm_group*] +# The group that php-fpm should run as +# +# [*dev*] +# Install php header files, needed to install pecl modules +# +# [*composer*] +# Install and auto-update composer +# +# [*pear*] +# Install PEAR +# +# [*phpunit*] +# Install phpunit +# +# [*apache_config*] +# Manage apache's mod_php configuration +# +# [*proxy_type*] +# proxy server type (none|http|https|ftp) +# +# [*proxy_server*] +# specify a proxy server, with port number if needed. ie: https://example.com:8080. +# +# [*extensions*] +# Install PHP extensions, this is overwritten by hiera hash `php::extensions` +# +# [*package_prefix*] +# This is the prefix for constructing names of php packages. This defaults +# to a sensible default depending on your operating system, like 'php-' or +# 'php5-'. +# +# [*config_root_ini*] +# This is the path to the config .ini files of the extensions. This defaults +# to a sensible default depending on your operating system, like +# '/etc/php5/mods-available' or '/etc/php5/conf.d'. +# +# [*config_root_inifile*] +# The path to the global php.ini file. This defaults to a sensible default +# depending on your operating system. +# +# [*ext_tool_enable*] +# Absolute path to php tool for enabling extensions in debian/ubuntu systems. +# This defaults to '/usr/sbin/php5enmod'. +# +# [*ext_tool_query*] +# Absolute path to php tool for querying information about extensions in +# debian/ubuntu systems. This defaults to '/usr/sbin/php5query'. +# +# [*ext_tool_enabled*] +# Enable or disable the use of php tools on debian based systems +# debian/ubuntu systems. This defaults to 'true'. +# +# [*log_owner*] +# The php-fpm log owner +# +# [*log_group*] +# The group owning php-fpm logs +# +# [*embedded*] +# Enable embedded SAPI +# +# [*pear_ensure*] +# The package ensure of PHP pear to install and run pear auto_discover +# +# [*settings*] +# PHP configuration parameters in php.ini files as a hash. For example, +# 'Date/date.timezone' => 'Australia/Melbourne' sets data.timezone +# to 'Australia/Melbourne' under [Date] section, and +# 'PHP/memory_limit' => '256M' sets memory_limit to 256M. +# +# [*cli_settings*] +# Additional hash of PHP configuration parameters for PHP CLI. When a +# setting key already exists in $settings, the value provided from the +# $cli_settings parameter overrides the value from $settings parameter. +# For example, 'PHP/memory_limit' => '1000M' sets memory_limit to 1000M +# for the PHP cli ini file, regardless of the values from $settings. +# +# [*pool_purge*] +# Whether to purge pool config files not created +# by this module +# +# [*reload_fpm_on_config_changes*] +# by default, we reload the service on changes. +# But certain options, like socket owner, will only be applied during a restart. +# If set to false, a restart will be executed instead of a reload. +# This default will be changed in a future release. +# +class php ( + String $ensure = $php::params::ensure, + Boolean $manage_repos = $php::params::manage_repos, + Boolean $fpm = true, + Boolean $fpm_service_enable = $php::params::fpm_service_enable, + Enum['running', 'stopped'] $fpm_service_ensure = $php::params::fpm_service_ensure, + String[1] $fpm_service_name = $php::params::fpm_service_name, + Optional[String[1]] $fpm_service_provider = undef, + Hash $fpm_pools = $php::params::fpm_pools, + Hash $fpm_global_pool_settings = {}, + Stdlib::Absolutepath $fpm_inifile = $php::params::fpm_inifile, + Optional[String[1]] $fpm_package = undef, + String[1] $fpm_user = $php::params::fpm_user, + String[1] $fpm_group = $php::params::fpm_group, + Boolean $embedded = false, + Boolean $dev = true, + Boolean $composer = true, + Boolean $pear = true, + String $pear_ensure = $php::params::pear_ensure, + Boolean $phpunit = false, + Boolean $apache_config = false, + Optional[String[1]] $proxy_type = undef, + Optional[String[1]] $proxy_server = undef, + Hash $extensions = {}, + Hash $settings = {}, + Hash $cli_settings = {}, + Optional[String[1]] $package_prefix = $php::params::package_prefix, + Stdlib::Absolutepath $config_root_ini = $php::params::config_root_ini, + Stdlib::Absolutepath $config_root_inifile = $php::params::config_root_inifile, + Optional[Stdlib::Absolutepath] $ext_tool_enable = $php::params::ext_tool_enable, + Optional[Stdlib::Absolutepath] $ext_tool_query = $php::params::ext_tool_query, + Boolean $ext_tool_enabled = $php::params::ext_tool_enabled, + String $log_owner = $php::params::fpm_user, + String $log_group = $php::params::fpm_group, + Boolean $pool_purge = $php::params::pool_purge, + Boolean $reload_fpm_on_config_changes = true, +) inherits php::params { + $real_fpm_package = pick($fpm_package, "${package_prefix}${php::params::fpm_package_suffix}") + + $real_settings = $settings + $real_extensions = $extensions + $real_fpm_pools = $fpm_pools + $real_fpm_global_pool_settings = $fpm_global_pool_settings + + # Merge in additional or overridden settings for php::cli::settings. + $final_cli_settings = $real_settings + $cli_settings + + if $manage_repos { + contain php::repo + } + + class { 'php::packages': } + -> class { 'php::cli': + settings => $final_cli_settings, + } + contain php::packages + contain php::cli + + # Configure global PHP settings in php.ini + if $facts['os']['family'] != 'Debian' { + Class['php::packages'] + -> class { 'php::global': + settings => $real_settings, + } + contain php::global + } + + if $fpm { contain 'php::fpm' } + if $embedded { + if $facts['os']['family'] == 'RedHat' and $fpm { + # Both fpm and embeded SAPIs are using same php.ini + fail('Enabling both cli and embedded sapis is not currently supported') + } + + class { 'php::embedded': + settings => $real_settings, + } + contain php::embedded + } + if $dev { + contain php::dev + } + if $composer { + class { 'php::composer': + proxy_type => $proxy_type, + proxy_server => $proxy_server, + } + } + if $pear { + class { 'php::pear': + ensure => $pear_ensure, + } + } + if $phpunit { + contain php::phpunit + } + if $apache_config { + class { 'php::apache_config': + settings => $real_settings, + } + contain php::apache_config + } + + create_resources('php::extension', $real_extensions, { + require => Class['php::cli'], + }) + + # On FreeBSD purge the system-wide extensions.ini. It is going + # to be replaced with per-module configuration files. + if $facts['os']['family'] == 'FreeBSD' { + # Purge the system-wide extensions.ini + file { '/usr/local/etc/php/extensions.ini': + ensure => absent, + require => Class['php::packages'], + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/packages.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,37 @@ +# Install common PHP packages +# +# === Parameters +# +# [*ensure*] +# Specify which version of PHP packages to install +# +# [*names*] +# List of the names of the package to install +# +# [*names_to_prefix*] +# List of packages names that should be prefixed with the common +# package prefix `$php::package_prefix` +# +class php::packages ( + String $ensure = $php::ensure, + Boolean $manage_repos = $php::manage_repos, + Array $names_to_prefix = prefix($php::params::common_package_suffixes, $php::package_prefix), + Array $names = $php::params::common_package_names, +) inherits php::params { + assert_private() + + $real_names = union($names, $names_to_prefix) + if $facts['os']['family'] == 'Debian' { + if $manage_repos { + include apt + Class['apt::update'] -> Package[$real_names] + } + package { $real_names: + ensure => $ensure, + } + } else { + package { $real_names: + ensure => $ensure, + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/params.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,235 @@ +# PHP params class +# +class php::params inherits php::globals { + $ensure = 'present' + $fpm_service_enable = true + $fpm_service_ensure = 'running' + $composer_source = 'https://getcomposer.org/composer.phar' + $composer_path = '/usr/local/bin/composer' + $composer_max_age = 30 + $pear_ensure = 'present' + $pear_package_suffix = 'pear' + $phpunit_source = 'https://phar.phpunit.de/phpunit.phar' + $phpunit_path = '/usr/local/bin/phpunit' + $phpunit_max_age = 30 + $pool_purge = false + + $fpm_pools = { + 'www' => { + 'catch_workers_output' => 'no', + 'listen' => '127.0.0.1:9000', + 'listen_backlog' => -1, + 'pm' => 'dynamic', + 'pm_max_children' => 50, + 'pm_max_requests' => 0, + 'pm_max_spare_servers' => 35, + 'pm_min_spare_servers' => 5, + 'pm_start_servers' => 5, + 'request_terminate_timeout' => 0, + }, + } + + case $facts['os']['family'] { + 'Debian': { + $config_root = $php::globals::globals_config_root + $config_root_ini = "${config_root}/mods-available" + $config_root_inifile = "${config_root}/php.ini" + $common_package_names = [] + $common_package_suffixes = ['cli', 'common'] + $cli_inifile = "${config_root}/cli/php.ini" + $dev_package_suffix = 'dev' + $fpm_pid_file = $php::globals::globals_fpm_pid_file + $fpm_config_file = "${config_root}/fpm/php-fpm.conf" + $fpm_error_log = $php::globals::fpm_error_log + $fpm_inifile = "${config_root}/fpm/php.ini" + $fpm_package_suffix = 'fpm' + $fpm_pool_dir = "${config_root}/fpm/pool.d" + $fpm_service_name = $php::globals::fpm_service_name + $fpm_user = 'www-data' + $fpm_group = 'www-data' + $apache_inifile = "${config_root}/apache2/php.ini" + $embedded_package_suffix = 'embed' + $embedded_inifile = "${config_root}/embed/php.ini" + $package_prefix = $php::globals::package_prefix + $compiler_packages = 'build-essential' + $root_group = 'root' + $ext_tool_enable = $php::globals::ext_tool_enable + $ext_tool_query = $php::globals::ext_tool_query + $ext_tool_enabled = true + + case $facts['os']['name'] { + 'Debian': { + $manage_repos = false + } + + 'Ubuntu': { + $manage_repos = false + } + + default: { + $manage_repos = false + } + } + } + + 'Suse': { + if ($php::globals::php_version != undef) { + $php_version_major = regsubst($php::globals::php_version, '^(\d+)\.(\d+)$','\1') + } else { + $php_version_major = 5 + } + + $config_root = $php::globals::globals_config_root + $config_root_ini = "${config_root}/conf.d" + $config_root_inifile = "${config_root}/php.ini" + $common_package_names = ["php${php_version_major}"] + $common_package_suffixes = [] + $cli_inifile = "${config_root}/cli/php.ini" + $dev_package_suffix = 'devel' + $fpm_pid_file = $php::globals::globals_fpm_pid_file + $fpm_config_file = "${config_root}/fpm/php-fpm.conf" + $fpm_error_log = $php::globals::fpm_error_log + $fpm_inifile = "${config_root}/fpm/php.ini" + $fpm_package_suffix = 'fpm' + $fpm_pool_dir = "${config_root}/fpm/pool.d" + $fpm_service_name = 'php-fpm' + $fpm_user = 'wwwrun' + $fpm_group = 'www' + $embedded_package_suffix = 'embed' + $embedded_inifile = "${config_root}/embed/php.ini" + $package_prefix = $php::globals::package_prefix + $manage_repos = true + $root_group = 'root' + $ext_tool_enable = undef + $ext_tool_query = undef + $ext_tool_enabled = false + case $facts['os']['name'] { + 'SLES': { + $compiler_packages = [] + } + 'OpenSuSE': { + $compiler_packages = 'devel_basis' + } + default: { + fail("Unsupported operating system ${facts['os']['name']}") + } + } + } + 'RedHat': { + $config_root = $php::globals::globals_config_root + + case $php::globals::rhscl_mode { + 'remi': { + $config_root_ini = "${config_root}/php.d" + $config_root_inifile = "${config_root}/php.ini" + $cli_inifile = $config_root_inifile + $fpm_inifile = $config_root_inifile + $fpm_config_file = "${config_root}/php-fpm.conf" + $fpm_pool_dir = "${config_root}/php-fpm.d" + $php_bin_dir = "${php::globals::rhscl_root}/bin" + } + 'rhscl': { + $config_root_ini = "${config_root}/php.d" + $config_root_inifile = "${config_root}/php.ini" + $cli_inifile = "${config_root}/php-cli.ini" + $fpm_inifile = "${config_root}/php-fpm.ini" + $fpm_config_file = "${config_root}/php-fpm.conf" + $fpm_pool_dir = "${config_root}/php-fpm.d" + $php_bin_dir = "${php::globals::rhscl_root}/bin" + } + undef: { + # no rhscl + $config_root_ini = $config_root + $config_root_inifile = '/etc/php.ini' + $cli_inifile = '/etc/php-cli.ini' + $fpm_inifile = '/etc/php-fpm.ini' + $fpm_config_file = '/etc/php-fpm.conf' + $fpm_pool_dir = '/etc/php-fpm.d' + } + default: { + fail("Unsupported rhscl_mode '${php::globals::rhscl_mode}'") + } + } + + $apache_inifile = $config_root_inifile + $embedded_inifile = $config_root_inifile + $common_package_names = [] + $common_package_suffixes = ['cli', 'common'] + $dev_package_suffix = 'devel' + $fpm_pid_file = $php::globals::globals_fpm_pid_file + $fpm_error_log = '/var/log/php-fpm/error.log' + $fpm_package_suffix = 'fpm' + $fpm_service_name = pick($php::globals::fpm_service_name, 'php-fpm') + $fpm_user = 'apache' + $fpm_group = 'apache' + $embedded_package_suffix = 'embedded' + $package_prefix = pick($php::globals::package_prefix, 'php-') + $compiler_packages = ['gcc', 'gcc-c++', 'make'] + $manage_repos = false + $root_group = 'root' + $ext_tool_enable = undef + $ext_tool_query = undef + $ext_tool_enabled = false + } + 'FreeBSD': { + $config_root = $php::globals::globals_config_root + $config_root_ini = "${config_root}/php" + $config_root_inifile = "${config_root}/php.ini" + # No common packages, because the required PHP base package will be + # pulled in as a dependency. This preserves the ability to choose + # any available PHP version by setting the 'package_prefix' parameter. + $common_package_names = [] + $common_package_suffixes = ['extensions'] + $cli_inifile = "${config_root}/php-cli.ini" + $dev_package_suffix = undef + $fpm_pid_file = $php::globals::globals_fpm_pid_file + $fpm_config_file = "${config_root}/php-fpm.conf" + $fpm_error_log = '/var/log/php-fpm.log' + $fpm_inifile = "${config_root}/php-fpm.ini" + $fpm_package_suffix = undef + $fpm_pool_dir = "${config_root}/php-fpm.d" + $fpm_service_name = 'php-fpm' + $fpm_user = 'www' + $fpm_group = 'www' + $embedded_package_suffix = 'embed' + $embedded_inifile = "${config_root}/php-embed.ini" + $package_prefix = $php::globals::package_prefix + $compiler_packages = ['gcc'] + $manage_repos = false + $root_group = 'wheel' + $ext_tool_enable = undef + $ext_tool_query = undef + $ext_tool_enabled = false + } + 'Archlinux': { + $config_root_ini = '/etc/php/conf.d' + $config_root_inifile = '/etc/php/php.ini' + $common_package_names = [] + $common_package_suffixes = [] + $cli_inifile = '/etc/php/php.ini' + $dev_package_suffix = undef + $fpm_pid_file = '/run/php-fpm/php-fpm.pid' + $fpm_config_file = '/etc/php/php-fpm.conf' + $fpm_error_log = 'syslog' + $fpm_inifile = '/etc/php/php.ini' + $fpm_package_suffix = 'fpm' + $fpm_pool_dir = '/etc/php/php-fpm.d' + $fpm_service_name = 'php-fpm' + $fpm_user = 'root' + $fpm_group = 'root' + $apache_inifile = '/etc/php/php.ini' + $embedded_package_suffix = 'embedded' + $embedded_inifile = '/etc/php/php.ini' + $package_prefix = 'php-' + $compiler_packages = ['gcc', 'make'] + $manage_repos = false + $root_group = 'root' + $ext_tool_enable = undef + $ext_tool_query = undef + $ext_tool_enabled = false + } + default: { + fail("Unsupported osfamily: ${facts['os']['family']}") + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/pear.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,62 @@ +# Install PEAR package manager +# +# === Parameters +# +# [*ensure*] +# The package ensure of PHP pear to install and run pear auto_discover +# +# [*package*] +# The package name for PHP pear +# +class php::pear ( + String $ensure = $php::pear_ensure, + Optional[String] $package = undef, + Boolean $manage_repos = $php::manage_repos, +) inherits php::params { + assert_private() + + # Defaults for the pear package name + if $package { + $package_name = $package + } else { + if $facts['os']['name'] == 'Amazon' { + # On Amazon Linux the package name is also just 'php-pear'. + # This would normally not be problematic but if you specify a + # package_prefix other than 'php' then it will fail. + $package_name = "php-${php::params::pear_package_suffix}" + } + else { + case $facts['os']['family'] { + 'Debian': { + # Debian is a litte stupid: The pear package is called 'php-pear' + # even though others are called 'php5-fpm' or 'php5-dev' + $package_name = "php-${php::params::pear_package_suffix}" + } + default: { + # This is the default for all other architectures + $package_name = "${php::package_prefix}${php::params::pear_package_suffix}" + } + } + } + } + + # the apt module provides apt::update. apt is only included if we manage any repos + $require = $manage_repos ? { + true => Class['apt::update'], + false => undef, + } + # Default PHP come with xml module and no seperate package for it + if $facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['full'], '18.04') >= 0 { + ensure_packages(["${php::package_prefix}xml"], { ensure => present, require => $require, }) + + package { $package_name: + ensure => $ensure, + require => [$require,Class['php::cli'],Package["${php::package_prefix}xml"]], + } + } else { + package { $package_name: + ensure => $ensure, + require => Class['php::cli'], + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/phpunit.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,47 @@ +# Install phpunit, PHP testing framework +# +# === Parameters +# +# [*source*] +# Holds URL to the phpunit source file +# +# [*path*] +# Holds path to the phpunit executable +# +# [*auto_update*] +# Defines if phpunit should be auto updated +# +# [*max_age*] +# Defines the time in days after which an auto-update gets executed +# +class php::phpunit ( + String $source = $php::params::phpunit_source, + Stdlib::Absolutepath $path = $php::params::phpunit_path, + String[1] $root_group = $php::params::root_group, + Boolean $auto_update = true, + Integer $max_age = $php::params::phpunit_max_age, +) inherits php::params { + assert_private() + + ensure_packages(['wget']) + + exec { 'download phpunit': + command => "wget ${source} -O ${path}", + creates => $path, + path => ['/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/', '/usr/local/bin', '/usr/local/sbin'], + require => [Class['php::cli'],Package['wget']], + } + -> file { $path: + mode => '0555', + owner => root, + group => $root_group, + } + + if $auto_update { + class { 'php::phpunit::auto_update': + max_age => $max_age, + source => $source, + path => $path, + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/phpunit/auto_update.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,27 @@ +# Install phpunit package manager +# +# === Parameters +# +# [*max_age*] +# Defines number of days after which phpunit should be updated +# +# [*source*] +# Holds URL to the phpunit source file +# +# [*path*] +# Holds path to the phpunit executable +# +class php::phpunit::auto_update ( + Integer[1] $max_age, + String[1] $source, + Stdlib::Absolutepath $path, +) { + assert_private() + + exec { 'update phpunit': + command => "wget ${source} -O ${path}", + onlyif => "test `find '${path}' -mtime +${max_age}`", + path => ['/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/', '/usr/local/bin', '/usr/local/sbin'], + require => File[$path], + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/repo.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,32 @@ +# Configure package repository +# +class php::repo { + $msg_no_repo = "No repo available for ${facts['os']['family']}/${facts['os']['name']}" + + case $facts['os']['family'] { + 'Debian': { + # no contain here because apt does that already + case $facts['os']['name'] { + 'Debian': { + include php::repo::debian + } + 'Ubuntu': { + include php::repo::ubuntu + } + default: { + fail($msg_no_repo) + } + } + } + 'FreeBSD': {} + 'Suse': { + contain php::repo::suse + } + 'RedHat': { + contain 'php::repo::redhat' + } + default: { + fail($msg_no_repo) + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/repo/debian.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,67 @@ +# Configure debian apt repo +# +# === Parameters +# +# [*location*] +# Location of the apt repository +# +# [*release*] +# Release of the apt repository +# +# [*repos*] +# Apt repository names +# +# [*include_src*] +# Add source source repository +# +# [*key*] +# Public key in apt::key format +# +# [*dotdeb*] +# Enable special dotdeb handling +# +# [*sury*] +# Enable special sury handling +# +class php::repo::debian ( + String[1] $location = 'https://packages.dotdeb.org', + String[1] $release = 'wheezy-php56', + String[1] $repos = 'all', + Boolean $include_src = false, + Hash $key = { + 'id' => '6572BBEF1B5FF28B28B706837E3F070089DF5277', + 'source' => 'http://www.dotdeb.org/dotdeb.gpg', + }, + Boolean $dotdeb = true, + Boolean $sury = true, +) { + assert_private() + + include 'apt' + + apt::source { "source_php_${release}": + location => $location, + release => $release, + repos => $repos, + include => { + 'src' => $include_src, + 'deb' => true, + }, + key => $key, + } + + if ($sury and $php::globals::php_version in ['7.1','7.2']) { + apt::source { 'source_php_sury': + location => 'https://packages.sury.org/php/', + repos => 'main', + include => { + 'src' => $include_src, + 'deb' => true, + }, + key => { + id => '15058500A0235D97F5D10063B188E2B695BD4743', + source => 'https://packages.sury.org/php/apt.gpg', + }, + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/repo/redhat.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,34 @@ +# Configure a yum repo for RedHat-based systems +# +# === Parameters +# +# [*yum_repo*] +# Class name of the repo under ::yum::repo +# + +class php::repo::redhat ( + String[1] $yum_repo = 'remi_php56', +) { + $releasever = $facts['os']['name'] ? { + /(?i:Amazon)/ => '6', + default => '$releasever', # Yum var + } + + yumrepo { 'remi': + descr => 'Remi\'s RPM repository for Enterprise Linux $releasever - $basearch', + mirrorlist => "https://rpms.remirepo.net/enterprise/${releasever}/remi/mirror", + enabled => 1, + gpgcheck => 1, + gpgkey => 'https://rpms.remirepo.net/RPM-GPG-KEY-remi', + priority => 1, + } + + yumrepo { 'remi-php56': + descr => 'Remi\'s PHP 5.6 RPM repository for Enterprise Linux $releasever - $basearch', + mirrorlist => "https://rpms.remirepo.net/enterprise/${releasever}/php56/mirror", + enabled => 1, + gpgcheck => 1, + gpgkey => 'https://rpms.remirepo.net/RPM-GPG-KEY-remi', + priority => 1, + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/repo/suse.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,25 @@ +# Configure suse repo +# +# === Parameters +# +# [*reponame*] +# Name of the Zypper repository +# +# [*baseurl*] +# Base URL of the Zypper repository +# +class php::repo::suse ( + String[1] $reponame = 'mayflower-php56', + String[1] $baseurl = 'http://download.opensuse.org/repositories/home:/mayflower:/php5.6_based/SLE_11_SP3/', +) { + zypprepo { $reponame: + baseurl => $baseurl, + enabled => 1, + autorefresh => 1, + } + ~> exec { 'zypprepo-accept-key': + command => 'zypper --gpg-auto-import-keys update -y', + path => '/usr/bin:/bin', + refreshonly => true, + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/manifests/repo/ubuntu.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,28 @@ +# Configure ubuntu ppa +# +# === Parameters +# +# [*version*] +# PHP version to manage (e.g. 5.6) +# +class php::repo::ubuntu ( + Pattern[/^\d\.\d/] $version = '5.6', +) { + if $facts['os']['name'] != 'Ubuntu' { + fail("class php::repo::ubuntu does not work on OS ${facts['os']['name']}") + } + include 'apt' + + if ($version == '5.5') { + fail('PHP 5.5 is no longer available for download') + } + + $version_repo = $version ? { + '5.4' => 'ondrej/php5-oldstable', + default => 'ondrej/php' + } + + ::apt::ppa { "ppa:${version_repo}": + package_manage => true, + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/metadata.json Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,85 @@ +{ + "name": "puppet-php", + "version": "8.0.2", + "author": "Vox Pupuli", + "summary": "Generic PHP module that supports many platforms", + "license": "MIT", + "source": "https://github.com/voxpupuli/puppet-php", + "project_page": "https://github.com/voxpupuli/puppet-php", + "issues_url": "https://github.com/voxpupuli/puppet-php/issues", + "description": "Puppet module that aims to manage PHP and extensions in a generic way on many platforms with sane defaults and easy configuration", + "dependencies": [ + { + "name": "puppetlabs/stdlib", + "version_requirement": ">= 4.16.0 < 9.0.0" + }, + { + "name": "puppetlabs/apt", + "version_requirement": ">= 4.4.0 < 9.0.0" + }, + { + "name": "puppetlabs/inifile", + "version_requirement": ">= 1.4.1 < 6.0.0" + }, + { + "name": "puppet/zypprepo", + "version_requirement": ">= 2.0.0 < 5.0.0" + }, + { + "name": "puppet/archive", + "version_requirement": ">= 1.0.0 < 8.0.0" + } + ], + "requirements": [ + { + "name": "puppet", + "version_requirement": ">= 6.1.0 < 8.0.0" + } + ], + "operatingsystem_support": [ + { + "operatingsystem": "Ubuntu", + "operatingsystemrelease": [ + "18.04", + "20.04" + ] + }, + { + "operatingsystem": "Debian", + "operatingsystemrelease": [ + "10", + "11" + ] + }, + { + "operatingsystem": "RedHat", + "operatingsystemrelease": [ + "7" + ] + }, + { + "operatingsystem": "CentOS", + "operatingsystemrelease": [ + "7" + ] + }, + { + "operatingsystem": "FreeBSD", + "operatingsystemrelease": [ + "11" + ] + }, + { + "operatingsystem": "SLES", + "operatingsystemrelease": [ + "11" + ] + }, + { + "operatingsystem": "OpenSUSE" + }, + { + "operatingsystem": "Archlinux" + } + ] +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/templates/fpm/php-fpm.conf.erb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,137 @@ +;;;;;;;;;;;;;;;;;;;;; +; FPM Configuration ; +;;;;;;;;;;;;;;;;;;;;; + +; All relative paths in this configuration file are relative to PHP's install +; prefix (/usr). This prefix can be dynamically changed by using the +; '-p' argument from the command line. + +; Include one or more files. If glob(3) exists, it is used to include a bunch of +; files from a glob(3) pattern. This directive can be used everywhere in the +; file. +; Relative path can also be used. They will be prefixed by: +; - the global prefix if it's been set (-p argument) +; - /usr otherwise +;include=/etc/php5/fpm/*.conf + +;;;;;;;;;;;;;;;;;; +; Global Options ; +;;;;;;;;;;;;;;;;;; + +[global] +; Pid file +; Note: the default prefix is /var +; Default Value: none +pid = <%= @pid_file %> + +; Error log file +; If it's set to "syslog", log is sent to syslogd instead of being written +; in a local file. +; Note: the default prefix is /var +; Default Value: log/php-fpm.log +error_log = <%= @error_log %> + +; syslog_facility is used to specify what type of program is logging the +; message. This lets syslogd specify that messages from different facilities +; will be handled differently. +; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) +; Default Value: daemon +syslog.facility = <%= @syslog_facility %> + +; syslog_ident is prepended to every message. If you have multiple FPM +; instances running on the same server, you can change the default value +; which must suit common needs. +; Default Value: php-fpm +syslog.ident = <%= @syslog_ident %> + +; Log level +; Possible Values: alert, error, warning, notice, debug +; Default Value: notice +log_level = <%= @log_level %> + +; If this number of child processes exit with SIGSEGV or SIGBUS within the time +; interval set by emergency_restart_interval then FPM will restart. A value +; of '0' means 'Off'. +; Default Value: 0 +emergency_restart_threshold = <%= @emergency_restart_threshold %> + +; Interval of time used by emergency_restart_interval to determine when +; a graceful restart will be initiated. This can be useful to work around +; accidental corruptions in an accelerator's shared memory. +; Available Units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +emergency_restart_interval = <%= @emergency_restart_interval %> + +; Time limit for child processes to wait for a reaction on signals from master. +; Available units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +process_control_timeout = <%= @process_control_timeout %> + +; The maximum number of processes FPM will fork. This has been design to control +; the global number of processes when using dynamic PM within a lot of pools. +; Use it with caution. +; Note: A value of 0 indicates no limit +; Default Value: 0 +process.max = <%= @process_max %> + +; Specify the nice(2) priority to apply to the master process (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool process will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. +; Default Value: yes +;daemonize = yes + +; Set open file descriptor rlimit for the master process. +; Default Value: system defined value +<% if @rlimit_files -%> +rlimit_files = <%= @rlimit_files %> +<% else -%> +;rlimit_files = 1024 +<% end -%> + +; Set max core size rlimit for the master process. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Specify the event mechanism FPM will use. The following is available: +; - select (any POSIX os) +; - poll (any POSIX os) +; - epoll (linux >= 2.5.44) +; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0) +; - /dev/poll (Solaris >= 7) +; - port (Solaris >= 10) +; Default Value: not set (auto detection) +;events.mechanism = epoll + +; When FPM is build with systemd integration, specify the interval, +; in second, between health report notification to systemd. +; Set to 0 to disable. +; Available Units: s(econds), m(inutes), h(ours) +; Default Unit: seconds +; Default value: 10 +<% if @systemd_interval -%> +systemd_interval = <%= @systemd_interval %> +<% else -%> +;systemd_interval = 10 +<% end -%> + +;;;;;;;;;;;;;;;;;;;; +; Pool Definitions ; +;;;;;;;;;;;;;;;;;;;; + +; Multiple pools of child processes may be started with different listening +; ports and different management options. The name of the pool will be +; used in logs and stats. There is no limitation on the number of pools which +; FPM can handle. Your system will tell you anyway :) + +; To configure the pools it is recommended to have one .conf file per +; pool in the following directory: +include=<%= @pool_base_dir %>/*.conf
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/templates/fpm/pool.conf.erb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,383 @@ +[<%= @pool %>] + +; The address on which to accept FastCGI requests. +listen = <%= @listen %> + +; Set listen(2) backlog. A value of '-1' means unlimited. +listen.backlog = <%= @listen_backlog %> + +; List of ipv4 addresses of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +<% if @listen_allowed_clients -%> +listen.allowed_clients = <%= @listen_allowed_clients %> +<% else -%> +;listen.allowed_clients = 127.0.0.1 +<% end -%> + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0666 +<% if @listen_owner -%> +listen.owner = <%= @listen_owner %> +<% else -%> +;listen.owner = nobody +<% end -%> +<% if @listen_group -%> +listen.group = <%= @listen_group %> +<% else -%> +;listen.group = nobody +<% end -%> +<% if @listen_mode -%> +listen.mode = <%= @listen_mode %> +<% else -%> +;listen.mode = 0660 +<% end -%> + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +; RPM: apache Choosed to be able to access some dir as httpd +user = <%= @user %> +; RPM: Keep a group allowed to write in log dir. +group = <%= @group_final %> +<% if @apparmor_hat -%> +; Apparmor hat to change to +apparmor_hat = <%= @apparmor_hat %> +<% end -%> + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives: +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = <%= @pm %> + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes to be created when pm is set to 'dynamic'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. +; Note: Used when pm is set to either 'static' or 'dynamic' +; Note: This value is mandatory. +pm.max_children = <%= @pm_max_children %> + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = <%= @pm_start_servers %> + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = <%= @pm_min_spare_servers %> + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = <%= @pm_max_spare_servers %> + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +pm.process_idle_timeout = <%= @pm_process_idle_timeout %> + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +pm.max_requests = <%= @pm_max_requests %> + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. By default, the status page shows the following +; information: +; accepted conn - the number of request accepted by the pool; +; pool - the name of the pool; +; process manager - static or dynamic; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes. +; The values of 'idle processes', 'active processes' and 'total processes' are +; updated each second. The value of 'accepted conn' is updated in real time. +; Example output: +; accepted conn: 12073 +; pool: www +; process manager: static +; idle processes: 35 +; active processes: 65 +; total processes: 100 +; By default the status page output is formatted as text/plain. Passing either +; 'html' or 'json' as a query string will return the corresponding output +; syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +<% if @pm_status_path -%> +pm.status_path = <%= @pm_status_path %> +<% else -%> +;pm.status_path = /status +<% end -%> + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +<% if @ping_path -%> +ping.path = <%= @ping_path %> +<% else -%> +;ping.path = /ping +<% end -%> + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +ping.response = <%= @ping_response %> + +; The access log file +; Default: not set +<% if @access_log -%> +access.log = <%= @access_log %> +<% end -%> + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: ouput header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +access.format = <%= @access_log_format %> + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = <%= @request_terminate_timeout %> + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_slowlog_timeout = <%= @request_slowlog_timeout %> + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +slowlog = <%= @slowlog %> + +; Set open file descriptor rlimit. +; Default Value: system defined value +<% if @rlimit_files -%> +rlimit_files = <%= @rlimit_files %> +<% else -%> +;rlimit_files = 1024 +<% end -%> + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +<% if @rlimit_core -%> +rlimit_core = <%= @rlimit_core %> +<% else -%> +;rlimit_core = 0 +<% end -%> + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +<% if @chroot -%> +chroot = <%= @chroot %> +<% else -%> +;chroot = +<% end -%> + +; Chdir to this directory at the start. This value must be an absolute path. +; Default Value: current directory or / when chroot +<% if @chdir -%> +chdir = <%= @chdir %> +<% else -%> +;chdir = /var/www +<% end -%> + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Default Value: no +catch_workers_output = <%= @catch_workers_output %> + +; Include one or more files. If glob(3) exists, it is used to include a bunch of +; files from a glob(3) pattern. This directive can be used everywhere in the +; file. +; Relative path can also be used. They will be prefixed by: +; - the global prefix if it's been set (-p arguement) +; - /usr otherwise +<% if @include -%> +include=<%= @include %> +<% else -%> +;include=/etc/php5/fpm/*.conf +<% end -%> + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp +<% if @clear_env -%> +<% @env.each do |var| -%> +env[<%= var %>] = $<%= var %> +<% end -%> +<% @env_value.sort_by {|key,value| key}.each do |key,value| -%> +<% if !value.empty? -%> +env[<%= key %>] = '<%= value %>' +<% end -%> +<% end -%> +<% else -%> +clear_env = no +<% end -%> + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/php-fpm/www-error.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M + +; +; Custom PHP values +; +<% @php_value.sort_by {|key,value| key}.each do |key,value| -%> +php_value[<%= key %>] = <%= value %> +<% end -%> + +; +; Custom PHP flags +; +<% @php_flag.sort_by {|key,flag| key}.each do |key,flag| -%> +php_flag[<%= key %>] = <%= flag %> +<% end -%> + +; +; Custom PHP admin values +; +<% @php_admin_value.sort_by {|key,value| key}.each do |key,value| -%> +php_admin_value[<%= key %>] = <%= value %> +<% end -%> + +; +; Custom PHP admin flags +; +<% @php_admin_flag.sort_by {|key,flag| key}.each do |key,flag| -%> +php_admin_flag[<%= key %>] = <%= flag %> +<% end -%> + +; +; Custom PHP directives +; +<% @php_directives.each do |line| -%> +<%= line.gsub "{", "%{" %> +<% end -%> + +<% unless @security_limit_extensions.empty? -%> +security.limit_extensions = <%= @security_limit_extensions.join(" ") %> +<% end -%>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/types/composerchannel.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,7 @@ +type Php::ComposerChannel = Enum[ + 'stable', + 'preview', + 'snapshot', + '1', + '2' # lint:ignore:trailing_comma +]
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/types/duration.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,6 @@ +# A duration in seconds are with an unit +type Php::Duration = Variant[ + Integer[0], + Pattern[/^\d+[smhd]?$/] +] +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/types/installoptions.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,8 @@ +type Php::InstallOptions = Optional[ + Array[ + Variant[ + String, + Hash[String, String] + ] + ] +]
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/types/provider.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,28 @@ +type Php::Provider = Enum[ + # do nothing + 'none', + + # php + 'pecl', + 'pear', + + # Debuntu + 'dpkg', + 'apt', + + # RHEL + 'yum', + 'rpm', + 'dnf', + 'up2date', + + # Suse + 'zypper', + 'rug', + + # FreeBSD + 'freebsd', + 'pkgng', + 'ports', + 'portupgrade' # lint:ignore:trailing_comma +]
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/php/types/sapi.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,6 @@ +type Php::Sapi = Enum[ + 'ALL', + 'cli', + 'fpm', + 'apache2' # lint:ignore:trailing_comma +]
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/zypprepo/CHANGELOG.md Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,142 @@ +# Changelog + +All notable changes to this project will be documented in this file. +Each new release typically also includes the latest modulesync defaults. +These should not affect the functionality of the module. + +## [v4.0.1](https://github.com/voxpupuli/puppet-zypprepo/tree/v4.0.1) (2021-08-26) + +[Full Changelog](https://github.com/voxpupuli/puppet-zypprepo/compare/v4.0.0...v4.0.1) + +**Merged pull requests:** + +- Allow stdlib 8.0.0 [\#65](https://github.com/voxpupuli/puppet-zypprepo/pull/65) ([smortex](https://github.com/smortex)) + +## [v4.0.0](https://github.com/voxpupuli/puppet-zypprepo/tree/v4.0.0) (2021-04-09) + +[Full Changelog](https://github.com/voxpupuli/puppet-zypprepo/compare/v3.1.0...v4.0.0) + +**Breaking changes:** + +- Drop EoL Puppet 5 support / Add Puppet 7 support [\#62](https://github.com/voxpupuli/puppet-zypprepo/pull/62) ([bastelfreak](https://github.com/bastelfreak)) + +**Implemented enhancements:** + +- puppetlabs/concat and puppetlabs/stdlib: Allow version 7 [\#61](https://github.com/voxpupuli/puppet-zypprepo/pull/61) ([bastelfreak](https://github.com/bastelfreak)) + +**Fixed bugs:** + +- Fix the value declaration of type [\#60](https://github.com/voxpupuli/puppet-zypprepo/pull/60) ([dadav](https://github.com/dadav)) + +**Closed issues:** + +- Repo doesnt actually gets enabled [\#59](https://github.com/voxpupuli/puppet-zypprepo/issues/59) +- Unable to manage path property [\#57](https://github.com/voxpupuli/puppet-zypprepo/issues/57) +- PDK and add tests [\#53](https://github.com/voxpupuli/puppet-zypprepo/issues/53) +- Errors when another zypper is running [\#12](https://github.com/voxpupuli/puppet-zypprepo/issues/12) + +**Merged pull requests:** + +- Allow changing of path property [\#58](https://github.com/voxpupuli/puppet-zypprepo/pull/58) ([tuxmea](https://github.com/tuxmea)) +- Add unit tests for zypprepo type/provider [\#55](https://github.com/voxpupuli/puppet-zypprepo/pull/55) ([tuxmea](https://github.com/tuxmea)) + +## [v3.1.0](https://github.com/voxpupuli/puppet-zypprepo/tree/v3.1.0) (2020-12-12) + +[Full Changelog](https://github.com/voxpupuli/puppet-zypprepo/compare/v3.0.0...v3.1.0) + +**Implemented enhancements:** + +- Migrate zypprepo from type only to type and provider [\#52](https://github.com/voxpupuli/puppet-zypprepo/pull/52) ([tuxmea](https://github.com/tuxmea)) +- Add repo\_gpgcheck and pkg\_gpgcheck options [\#48](https://github.com/voxpupuli/puppet-zypprepo/pull/48) ([mx-psi](https://github.com/mx-psi)) + +**Closed issues:** + +- Option to remove all repositories that are not managed by puppet [\#9](https://github.com/voxpupuli/puppet-zypprepo/issues/9) +- Ability to remove repo [\#5](https://github.com/voxpupuli/puppet-zypprepo/issues/5) + +## [v3.0.0](https://github.com/voxpupuli/puppet-zypprepo/tree/v3.0.0) (2020-04-07) + +[Full Changelog](https://github.com/voxpupuli/puppet-zypprepo/compare/v2.2.2...v3.0.0) + +**Breaking changes:** + +- modulesync 2.7.0 and drop puppet 4 [\#40](https://github.com/voxpupuli/puppet-zypprepo/pull/40) ([bastelfreak](https://github.com/bastelfreak)) + +**Implemented enhancements:** + +- Add versionlock support [\#44](https://github.com/voxpupuli/puppet-zypprepo/pull/44) ([msurato](https://github.com/msurato)) + +**Merged pull requests:** + +- Add support for SLES 15 [\#46](https://github.com/voxpupuli/puppet-zypprepo/pull/46) ([msurato](https://github.com/msurato)) + +## [v2.2.2](https://github.com/voxpupuli/puppet-zypprepo/tree/v2.2.2) (2018-10-14) + +[Full Changelog](https://github.com/voxpupuli/puppet-zypprepo/compare/v2.2.1...v2.2.2) + +**Merged pull requests:** + +- modulesync 2.2.0 and allow puppet 6.x [\#36](https://github.com/voxpupuli/puppet-zypprepo/pull/36) ([bastelfreak](https://github.com/bastelfreak)) +- Remove docker nodesets [\#32](https://github.com/voxpupuli/puppet-zypprepo/pull/32) ([bastelfreak](https://github.com/bastelfreak)) + +## [v2.2.1](https://github.com/voxpupuli/puppet-zypprepo/tree/v2.2.1) (2018-03-30) + +[Full Changelog](https://github.com/voxpupuli/puppet-zypprepo/compare/v2.2.0...v2.2.1) + +**Merged pull requests:** + +- bump puppet to latest supported version 4.10.0 [\#29](https://github.com/voxpupuli/puppet-zypprepo/pull/29) ([bastelfreak](https://github.com/bastelfreak)) + +## [v2.2.0](https://github.com/voxpupuli/puppet-zypprepo/tree/v2.2.0) (2017-11-02) + +[Full Changelog](https://github.com/voxpupuli/puppet-zypprepo/compare/v2.1.0...v2.2.0) + +**Implemented enhancements:** + +- NONE is a valid value for Zypp repositories [\#24](https://github.com/voxpupuli/puppet-zypprepo/pull/24) ([laserguy2020](https://github.com/laserguy2020)) + +**Closed issues:** + +- Remove PaxHeaders from distributed package [\#11](https://github.com/voxpupuli/puppet-zypprepo/issues/11) + +## [v2.1.0](https://github.com/voxpupuli/puppet-zypprepo/tree/v2.1.0) (2017-10-14) + +[Full Changelog](https://github.com/voxpupuli/puppet-zypprepo/compare/v2.0.0...v2.1.0) + +**Closed issues:** + +- deprecation warning [\#21](https://github.com/voxpupuli/puppet-zypprepo/issues/21) +- Request to migrate zypprepo to VoxPupuli [\#15](https://github.com/voxpupuli/puppet-zypprepo/issues/15) +- Versions [\#8](https://github.com/voxpupuli/puppet-zypprepo/issues/8) + +**Merged pull requests:** + +- Add LICENSE file and badge [\#19](https://github.com/voxpupuli/puppet-zypprepo/pull/19) ([alexjfisher](https://github.com/alexjfisher)) +- Remove Modulefile [\#18](https://github.com/voxpupuli/puppet-zypprepo/pull/18) ([alexjfisher](https://github.com/alexjfisher)) + +## [v2.0.0](https://github.com/voxpupuli/puppet-zypprepo/tree/v2.0.0) (2017-05-13) + +[Full Changelog](https://github.com/voxpupuli/puppet-zypprepo/compare/v1.0.2...v2.0.0) + +**Merged pull requests:** + +- Remove newtype warning in Puppet 4.8 [\#13](https://github.com/voxpupuli/puppet-zypprepo/pull/13) ([egoexpress](https://github.com/egoexpress)) +- update metadata.json [\#7](https://github.com/voxpupuli/puppet-zypprepo/pull/7) ([mmoll](https://github.com/mmoll)) + +## [v1.0.2](https://github.com/voxpupuli/puppet-zypprepo/tree/v1.0.2) (2015-01-21) + +[Full Changelog](https://github.com/voxpupuli/puppet-zypprepo/compare/79c943bba65ffc7e45208923becd90d14a653013...v1.0.2) + +**Closed issues:** + +- Update metadata.json [\#6](https://github.com/voxpupuli/puppet-zypprepo/issues/6) +- It Doesn't Run [\#3](https://github.com/voxpupuli/puppet-zypprepo/issues/3) + +**Merged pull requests:** + +- Update to README [\#2](https://github.com/voxpupuli/puppet-zypprepo/pull/2) ([benkevan](https://github.com/benkevan)) +- Zypper supports Yum Repos, added Support for them. [\#1](https://github.com/voxpupuli/puppet-zypprepo/pull/1) ([scottjab](https://github.com/scottjab)) + + + +\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/zypprepo/LICENSE Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/zypprepo/README.md Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,52 @@ +# puppet-zypprepo + +[![License](https://img.shields.io/github/license/voxpupuli/puppet-zypprepo.svg)](https://github.com/voxpupuli/puppet-zypprepo/blob/master/LICENSE) +[![Build Status](https://travis-ci.org/voxpupuli/puppet-zypprepo.svg?branch=master)](https://travis-ci.org/voxpupuli/puppet-zypprepo) +[![Puppet Forge](https://img.shields.io/puppetforge/v/puppet/zypprepo.svg)](https://forge.puppetlabs.com/puppet/zypprepo) +[![Puppet Forge - downloads](https://img.shields.io/puppetforge/dt/puppet/zypprepo.svg)](https://forge.puppetlabs.com/puppet/zypprepo) +[![Puppet Forge - endorsement](https://img.shields.io/puppetforge/e/puppet/zypprepo.svg)](https://forge.puppetlabs.com/puppet/zypprepo) +[![Puppet Forge - scores](https://img.shields.io/puppetforge/f/puppet/zypprepo.svg)](https://forge.puppetlabs.com/puppet/zypprepo) + +## Overview + +'zypprepo' - The client-side description of a zypper repository. + +## Usage + +**Version 3.1.0 introduced a rewrite of the zypprepo type and added a full functional provider based on `puppetlabs-yumrepo_core`. The type is now ensurable. To keep previous behavior, it defaults to present, which makes the ensure parameter optional** + +```puppet +zypprepo { 'openSUSE_12.1': + ensure => present, + baseurl => 'http://download.opensuse.org/distribution/12.1/repo/oss/suse/', + enabled => 1, + autorefresh => 1, + name => 'openSUSE_12.1', + gpgcheck => 1, + repo_gpgcheck => 1, + pkg_gpgcheck => 1, + priority => 98, + keeppackages => 1, + type => 'rpm-md', +} +``` + +### Lock a package with the *versionlock* plugin + +Locks explicitly specified packages from updates. Package name must be precisely specified in format *`NAME-VERSION-RELEASE.ARCH`*. Wild card in package name is allowed provided it does not span a field seperator. + +**PLEASE NOTE: Once you define a lock in code, all locks must be defined in code.** + +```puppet +zypprepo::versionlock { 'bash-4.1.2-9.sles12.*': } +``` + +Use the following command to retrieve a properly-formated string: + +```sh +PACKAGE_NAME='bash' +rpm -q "$PACKAGE_NAME" --qf '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n' +``` + +This Puppet 'type' is a port of the 'yumrepo' type from 2.7 code base +and is licensed under the Apache-2.0.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/zypprepo/lib/puppet/provider/zypprepo/inifile.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,306 @@ +# Description of zypper repositories +require 'puppet/util/inifile' + +Puppet::Type.type(:zypprepo).provide(:inifile) do + desc <<-EOD + Manage zypper repo configurations by parsing zypper INI configuration files. + + ### Fetching instances + When fetching repo instances, directory entries in '/etc/zypp/repos.d', + and the directory optionally specified by the reposdir key in '/etc/zypp/zypp.conf' + will be checked. If a given directory does not exist it will be ignored. + In addition, all sections in '/etc/zypp/zypp.conf' aside from + 'main' will be created as sections. + + ### Storing instances + When creating a new repository, a new section will be added in the first + zypper repo directory that exists. The custom directory specified by the + '/etc/zypp/zypp.conf' reposdir property is checked first, followed by + '/etc/zypp/repos.d'. + EOD + + PROPERTIES = Puppet::Type.type(:zypprepo).validproperties + + # Retrieve all providers based on existing zypper repositories + # + # @api public + # @return [Array<Puppet::Provider>] providers generated from existing zypper + # repository definitions. + def self.instances + instances = [] + + virtual_inifile.each_section do |section| + # Ignore the 'main' section in zypp.conf since it's not a repository. + next if section.name == 'main' + + attributes_hash = { name: section.name, ensure: :present, provider: :zypprepo } + + section.entries.each do |key, value| + key = key.to_sym + if valid_property?(key) + attributes_hash[key] = value + elsif key == :name + attributes_hash[:descr] = value + end + end + instances << new(attributes_hash) + end + + instances + end + + # Match catalog type instances to provider instances. + # + # @api public + # @param resources [Array<Puppet::Type::Zypprepo>] Resources to prefetch. + # @return [void] + def self.prefetch(resources) + repos = instances + resources.each_key do |name| + provider = repos.find { |repo| repo.name == name } + resources[name].provider = provider if provider + end + end + + # + # @api private + # @param conf [String] Configuration file to look for directories in. + # @param dirs [Array<String>] Default locations for zypper repos. + # @return [Array<String>] All present directories that may contain zypper repo configs. + def self.reposdir(conf = '/etc/zypp/zypp.conf', dirs = ['/etc/zypp/repos.d']) + reposdir = find_conf_value('reposdir', conf) + # Use directories in reposdir if they are set instead of default + if reposdir + # Follow the code from the yumrepo provider + reposdir.strip! + reposdir.tr!("\n", ' ') + reposdir.tr!(',', ' ') + dirs = reposdir.split + end + dirs.select! { |dir| Puppet::FileSystem.exist?(dir) } + if dirs.empty? + Puppet.debug('No zypper directories were found on the local filesystem') + end + + dirs + end + + # Used for testing only + # @api private + def self.clear + @virtual = nil + end + + # Helper method to look up specific values in ini style files. + # + # @api private + # @param value [String] Value to look for in the configuration file. + # @param conf [String] Configuration file to check for value. + # @return [String] The value of a looked up key from the configuration file. + def self.find_conf_value(value, conf = '/etc/zypp/zypp.conf') + return unless Puppet::FileSystem.exist?(conf) + + file = Puppet::Util::IniConfig::PhysicalFile.new(conf) + file.read + main = file.get_section('main') + main ? main[value] : nil + end + + # Enumerate all files that may contain zypper repository configs. + # + # @api private + # @return [Array<String>] + def self.repofiles + files = [] + reposdir.each do |dir| + Dir.glob("#{dir}/*.repo").each do |file| + files << file + end + end + + files + end + + # Build a virtual inifile by reading in numerous .repo files into a single + # virtual file to ease manipulation. + # @api private + # @return [Puppet::Util::IniConfig::File] The virtual inifile representing + # multiple real files. + def self.virtual_inifile + unless @virtual + @virtual = Puppet::Util::IniConfig::File.new + repofiles.each do |file| + @virtual.read(file) if Puppet::FileSystem.file?(file) + end + end + @virtual + end + + # Is the given key a valid type property? + # + # @api private + # @param key [String] The property to look up. + # @return [Boolean] Returns true if the property is defined in the type. + def self.valid_property?(key) + PROPERTIES.include?(key) + end + + # Return an existing INI section or create a new section in the default location + # + # The default location is determined based on what zypper repo directories + # and files are present. If /etc/zypp/zypper.conf has a value for 'reposdir' then that + # is preferred. If no such INI property is found then the first default zypper + # repo directory that is present is used. + # + # @param name [String] Section name to lookup in the virtual inifile. + # @return [Puppet::Util::IniConfig] The IniConfig section + def self.section(name) + result = virtual_inifile[name] + # Create a new section if not found. + unless result + path = repo_path(name) + result = virtual_inifile.add_section(name, path) + end + result + end + + # Save all zypper repository files and force the mode to 0644 + # @api private + # @return [void] + def self.store(resource) + inifile = virtual_inifile + inifile.store + + target_mode = 0o644 + inifile.each_file do |file| + next unless Puppet::FileSystem.exist?(file) + current_mode = Puppet::FileSystem.stat(file).mode & 0o777 + next if current_mode == target_mode + resource.info format(_('changing mode of %{file} from %{current_mode} to %{target_mode}'), file: file, current_mode: format('%03o', current_mode), target_mode: format('%03o', target_mode)) + Puppet::FileSystem.chmod(target_mode, file) + end + end + + def self.repo_path(name) + dirs = reposdir + path = if dirs.empty? + # If no repo directories are present, default to using /etc/zypp/repos.d. + '/etc/zypp/repos.d' + else + # The ordering of reposdir is [defaults, custom], and we want to use + # the custom directory if present. + File.join(dirs.last, "#{name}.repo") + end + path + end + + # Create a new section for the given repository and set all the specified + # properties in the section. + # + # @api public + # @return [void] + def create + @property_hash[:ensure] = :present + + # Check to see if the file that would be created in the + # default location for the zypprepo already exists on disk. + # If it does, read it in to the virtual inifile + path = self.class.repo_path(name) + self.class.virtual_inifile.read(path) if Puppet::FileSystem.file?(path) + + # We fetch a list of properties from the type, then iterate + # over them, avoiding ensure. We're relying on .should to + # check if the property has been set and should be modified, + # and if so we set it in the virtual inifile. + PROPERTIES.each do |property| + next if property == :ensure + + value = @resource.should(property) + send("#{property}=", value) if value + end + end + + # Does the given repository already exist? + # + # @api public + # @return [Boolean] + def exists? + @property_hash[:ensure] == :present + end + + # Mark the given repository section for destruction. + # + # The actual removal of the section will be handled by {#flush} after the + # resource has been fully evaluated. + # + # @api public + # @return [void] + def destroy + # Flag file for deletion on flush. + current_section.destroy = true + + @property_hash.clear + end + + # Finalize the application of the given resource. + # + # @api public + # @return [void] + def flush + self.class.store(self) + end + + # Generate setters and getters for our INI properties. + PROPERTIES.each do |property| + # The ensure property uses #create, #exists, and #destroy we can't generate + # meaningful setters and getters for this + next if property == :ensure + + define_method(property) do + get_property(property) + end + + define_method("#{property}=") do |value| + set_property(property, value) + end + end + + # Map the zypprepo 'descr' type property to the 'name' INI property. + def descr + unless @property_hash.key?(:descr) + @property_hash[:descr] = current_section['name'] + end + value = @property_hash[:descr] + value.nil? ? :absent : value + end + + def descr=(value) + value = (value == :absent ? nil : value) + current_section['name'] = value + @property_hash[:descr] = value + end + + private + + def get_property(property) + unless @property_hash.key?(property) + @property_hash[property] = current_section[property.to_s] + end + value = @property_hash[property] + value.nil? ? :absent : value + end + + def set_property(property, value) + value = (value == :absent ? nil : value) + current_section[property.to_s] = value + @property_hash[property] = value + end + + def section(name) + self.class.section(name) + end + + def current_section + self.class.section(name) + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/zypprepo/lib/puppet/type/zypprepo.rb Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,156 @@ +# Description of zypper repositories +require 'uri' + +Puppet::Type.newtype(:zypprepo) do + @doc = "The client-side description of a zypper repository. Repository + configurations are found by parsing `/etc/zypp/zypp.conf` and + the files indicated by the `reposdir` option in that file + (see `zypper(8)` for details). + + Most parameters are identical to the ones documented + in the `zypper(8)` man page. + + Continuation lines that zypper supports (for the `baseurl`, for example) + are not supported. This type does not attempt to read or verify the + exinstence of files listed in the `include` attribute." + + ensurable + # Doc string for properties that can be made 'absent' + ABSENT_DOC = 'Set this to `absent` to remove it from the file completely.'.freeze + ZYPP_BOOLEAN = %r{^(true|false|0|1|no|yes)$} + ZYPP_BOOLEAN_DOC = 'Valid values are: false/0/no or true/1/yes.'.freeze + + munge_zypp_bool = proc do |val| + val.to_s == 'absent' ? :absent : val.to_s.capitalize + end + + VALID_SCHEMES = %w[file http https ftp cd].freeze + + newparam(:name, namevar: true) do + desc "The name of the repository. This corresponds to the + `repositoryid` parameter in `zypper(8)`." + end + + newproperty(:descr) do + desc "A human-readable description of the repository. + This corresponds to the name parameter in `zypper(8)`. + #{ABSENT_DOC}" + newvalues(%r{.*}, :absent) + end + + newproperty(:mirrorlist) do + desc "The URL that holds the list of mirrors for this repository. + #{ABSENT_DOC}" + newvalues(%r{.*}, :absent) + validate do |value| + next if value.to_s == 'absent' + parsed = URI.parse(value) + + unless VALID_SCHEMES.include?(parsed.scheme) + raise _('Must be a valid URL') + end + end + end + + newproperty(:baseurl) do + desc "The URL for this repository. #{ABSENT_DOC}" + newvalues(%r{.*}, :absent) + validate do |value| + next if value.to_s == 'absent' + + value.split(%r{\s+}).each do |uri| + parsed = URI.parse(uri) + + unless VALID_SCHEMES.include?(parsed.scheme) + raise _('Must be a valid URL') + end + end + end + end + + newproperty(:path) do + desc "The path relative to the baseurl. #{ABSENT_DOC}" + newvalues(%r{.*}, :absent) + end + + newproperty(:enabled) do + desc "Whether this repository is enabled. + #{ZYPP_BOOLEAN_DOC} + #{ABSENT_DOC}" + newvalues(ZYPP_BOOLEAN, :absent) + munge(&munge_zypp_bool) + end + + newproperty(:gpgcheck) do + desc "Whether to check the GPG signature from this repository + #{ZYPP_BOOLEAN_DOC} + #{ABSENT_DOC}" + newvalues(ZYPP_BOOLEAN, :absent) + munge(&munge_zypp_bool) + end + + newproperty(:repo_gpgcheck) do + desc "Whether to check the GPG signature on the repository metadata + #{ZYPP_BOOLEAN_DOC} + #{ABSENT_DOC}" + newvalues(ZYPP_BOOLEAN, :absent) + munge(&munge_zypp_bool) + end + + newproperty(:pkg_gpgcheck) do + desc "Whether to check the GPG signature on packages installed + #{ZYPP_BOOLEAN_DOC} + #{ABSENT_DOC}" + newvalues(ZYPP_BOOLEAN, :absent) + munge(&munge_zypp_bool) + end + + newproperty(:gpgkey) do + desc "The URL for the GPG key with which packages from this + repository are signed. #{ABSENT_DOC}" + + newvalues(%r{.*}, :absent) + validate do |value| + next if value.to_s == 'absent' + + value.split(%r{\s+}).each do |uri| + parsed = URI.parse(uri) + + unless VALID_SCHEMES.include?(parsed.scheme) + raise _('Must be a valid URL') + end + end + end + end + + newproperty(:priority) do + desc "Priority of this repository. Can be any integer value + (including negative). Requires that the `priorities` plugin + is installed and enabled. + #{ABSENT_DOC}" + + newvalues(%r{^-?\d+$}, :absent) + end + + newproperty(:autorefresh) do + desc "Enable autorefresh of the repository. + #{ZYPP_BOOLEAN_DOC} + #{ABSENT_DOC}" + newvalues(ZYPP_BOOLEAN, :absent) + munge(&munge_zypp_bool) + end + + newproperty(:keeppackages) do + desc "Enable RPM files caching + #{ZYPP_BOOLEAN_DOC} + #{ABSENT_DOC}" + newvalues(ZYPP_BOOLEAN, :absent) + munge(&munge_zypp_bool) + end + + newproperty(:type) do + desc "The type of software repository. Values can match + `yast2` or `rpm-md` or `plaindir` or `yum` or `NONE`. #{ABSENT_DOC}" + newvalues(%r{yast2|rpm-md|plaindir|yum|NONE}, :absent) + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/zypprepo/manifests/init.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,14 @@ +# Class: zypprepo +# +# This module manages zypprepo +# +# Parameters: +# +# Actions: +# +# Requires: +# +# Sample Usage: +# +# [Remember: No empty lines between comments and class definition] +class zypprepo {}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/zypprepo/manifests/plugin/versionlock.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,25 @@ +# Class: zypprepo::plugin::versionlock +# +# @summary This class sets the structure for the lock file +# +# @param path +# Absolute path to the Zypper locks file. Defaults /etc/zypp/locks. +# +# @example Sample usage: +# include zypprepo::plugin::versionlock +# +class zypprepo::plugin::versionlock ( + Stdlib::Absolutepath $path = '/etc/zypp/locks', +) { + concat { $path: + mode => '0644', + owner => 'root', + group => 'root', + } + + concat::fragment { 'versionlock_header': + target => $path, + content => '# File managed by puppet\n', + order => '01', + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/zypprepo/manifests/versionlock.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,30 @@ +# @summary Locks package from updates. +# +# @example Sample usage +# zypprepo::versionlock { 'bash-4.1.2-9.sles12.*': } +# +# @param ensure +# Specifies if versionlock should be `present` or `absent`. +# +# @note The resource title must use the format +# "%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}". This can be retrieved via +# the command `rpm -q --qf '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}'. +# Wildcards may be used within token slots, but must not cover seperators, +# e.g., 'b*sh-4.1.2-9.*' covers Bash version 4.1.2, revision 9 on all +# architectures. +# +define zypprepo::versionlock { + require zypprepo::plugin::versionlock + + assert_type(Zypprepo::VersionlockString, $name) |$_expected, $actual | { + fail("Package name must be formatted as %{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}, not \'${actual}\'. See Zypprepo::Versionlock documentation for details.") + } + + concat::fragment { "zypprepo-versionlock-${name}": + content => "\ntype: package\n\ +match_type: glob\n\ +case_sensitive: on\n\ +solvable_name: ${name}\n", + target => $zypprepo::plugin::versionlock::path, + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/zypprepo/metadata.json Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,46 @@ +{ + "name": "puppet-zypprepo", + "version": "4.0.1", + "source": "https://github.com/voxpupuli/puppet-zypprepo.git", + "author": "Vox Pupuli", + "license": "Apache-2.0", + "summary": "A Puppet description of a zypper repository", + "description": "zypprepo is a client-side description or type of a zypper repository for OpenSUSE/SuSE systems.", + "project_page": "https://github.com/voxpupuli/puppet-zypprepo", + "issues_url": "https://github.com/voxpupuli/puppet-zypprepo/issues", + "dependencies": [ + { + "name": "puppetlabs/stdlib", + "version_requirement": ">= 4.18.0 < 9.0.0" + }, + { + "name": "puppetlabs/concat", + "version_requirement": ">= 1.2.5 < 8.0.0" + } + ], + "requirements": [ + { + "name": "puppet", + "version_requirement": ">= 6.1.0 < 8.0.0" + } + ], + "operatingsystem_support": [ + { + "operatingsystem": "SLES", + "operatingsystemrelease": [ + "11", + "12", + "15" + ] + }, + { + "operatingsystem": "OpenSUSE", + "operatingsystemrelease": [ + "11", + "12", + "13", + "15" + ] + } + ] +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/zypprepo/types/versionlockstring.pp Mon Jan 03 17:09:39 2022 +0000 @@ -0,0 +1,40 @@ +# This type matches strings appropriate for use with zypprepo-versionlock. +# Its basic format, using the `rpm(8)` query string format, is +# `%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}`. As a Regex, it +# breaks down into five distinct parts, plus the seperators. +# +# # NAME: Any valid package name (see https://github.com/rpm-software-management/rpm/blob/master/doc/manual/spec) +# type Zypprepo::PackageName = Regexp[/[0-9a-zA-Z\._\+%\{\}\*-]+/] +# +# # VERSION: Any valid version string. The only limitation here, according to the RPM manual, is that it may not contain a dash (`-`). +# type Zypprepo::PackageVersion = Regexp[/[^-]+/] +# +# # RELEASE: Any valid release string. Only limitation is that it is not a dash (`-`) +# type Zypprepo::PackageRelease = Regexp[/[^-]+/] +# +# # ARCH: Matches a string such as `sles12.x86_64`. This is actuall two sub-expressions. See below. +# type Zypprepo::PackageArch = Regexp[/([0-9a-zZ-Z_\*]+)(?:\.(noarch|x86_64|i386|arm|ppc64|ppc64le|sparc64|ia64|alpha|ip|m68k|mips|mipsel|mk68k|mint|ppc|rs6000|s390|s390x|sh|sparc|xtensa|\*))?/] +# +# The `%{ARCH}` sub-expression is composed of two sub-expressions +# separated by a dot (`.`), where the second part is optional. The RPM +# specification calls the first field the `DistTag`, and the second the +# `BuildArch`. +# +# # DistTag: Any string consiting of only letters, numbers, or an underscore, e.g., `sles12` or `suse15`. +# type Zypprepo::PackageDistTag = Regexp[/[0-9a-zZ-Z_\*]+/] +# +# # BuildArch: Any string from the list at https://github.com/rpm-software-management/rpm/blob/master/rpmrc.in. Strings are roughly listed from most common to least common to improve performance. +# type Zypprepo::PackageBuildArch = Regexp[/noarch|x86_64|i386|arm|ppc64|ppc64le|sparc64|ia64|alpha|ip|m68k|mips|mipsel|mk68k|mint|ppc|rs6000|s390|s390x|sh|sparc|xtensa/] +# +# @note Each field may contain wildcard characters (`*`), but the +# wildcard characters may not span the fields, may not cover the +# seperators. This is an undocumented but tested limitation of +# yum-versionlock. +# +# @example A complete, well-formed string: `ash-4.1.2-9.sles12_2.x86_64' +# @example A well-formed string that has dropped the optional BuildArch sub-field: `bash-4.1.2-9.suse15` +# @example A well-formed string using wildcards: `*0:bash*-4.*-*.*` +# @example An invalid string (wildcard spans the VERSION and RELEASE fields): `0:bash-4.*-sles12.x86_64 +# @example An invlaid string (wildcard spans the VERSION, RELEASE, and ARCH fields): `0:bash-*` +# +type Zypprepo::VersionlockString = Pattern[/^([0-9a-zA-Z\._\+%\{\}\*-]+)-([^-]+)-([^-]+)\.(([0-9a-zZ-Z_\*]+)(?:\.(noarch|x86_64|i386|arm|ppc64|ppc64le|sparc64|ia64|alpha|ip|m68k|mips|mipsel|mk68k|mint|ppc|rs6000|s390|s390x|sh|sparc|xtensa|\*))?)$/]