Merge pull request #1042 from david22swan/GH-1038/main/check_valid_until

(GH-1038) add support for `check-valid-until` configuration

Author: LukasAud

REFERENCE.md

@@ -937,6 +937,7 @@ The following parameters are available in the `apt::source` defined type:
 * [`allow_unsigned`](#allow_unsigned)
 * [`notify_update`](#notify_update)
 * [`allow_insecure`](#allow_insecure)
+* [`check_valid_until`](#check_valid_until)
 
 ##### <a name="location"></a>`location`
 
@@ -1049,10 +1050,18 @@ Default value: ``true``
 
 Data type: `Boolean`
 
-
+Specifies whether to allow downloads from insecure repositories.
 
 Default value: ``false``
 
+##### <a name="check_valid_until"></a>`check_valid_until`
+
+Data type: `Boolean`
+
+Specifies whether to check if the package release date is valid. Defaults to `True`.
+
+Default value: ``true``
+
 ## Resource types
 
 ## Data types

manifests/source.pp

@@ -55,9 +55,15 @@
 # @param allow_unsigned
 #   Specifies whether to authenticate packages from this release, even if the Release file is not signed or the signature can't be checked.
 #
+# @param allow_insecure
+#   Specifies whether to allow downloads from insecure repositories.
+#
 # @param notify_update
 #   Specifies whether to trigger an `apt-get update` run.
 #
+# @param check_valid_until
+#   Specifies whether to check if the package release date is valid. Defaults to `True`.
+#
 define apt::source (
   Optional[String] $location                    = undef,
   String $comment                               = $name,
@@ -72,6 +78,7 @@
   Boolean $allow_unsigned                       = false,
   Boolean $allow_insecure                       = false,
   Boolean $notify_update                        = true,
+  Boolean $check_valid_until                    = true,
 ) {
   include ::apt
 
@@ -136,10 +143,11 @@
     'comment'          => $comment,
     'includes'         => $includes,
     'options'          => delete_undef_values( {
-        'arch'           => $architecture,
-        'trusted'        => $allow_unsigned ? { true => 'yes', false => undef },
-        'allow-insecure' => $allow_insecure ? { true => 'yes', false => undef },
-        'signed-by'      => $keyring,
+        'arch'              => $architecture,
+        'trusted'           => $allow_unsigned ? { true => 'yes', false => undef },
+        'allow-insecure'    => $allow_insecure ? { true => 'yes', false => undef },
+        'signed-by'         => $keyring,
+        'check-valid-until' => $check_valid_until? { true => undef, false => 'false' },
       },
     ),
     'location'         => $_location,

spec/defines/source_spec.rb

@@ -171,6 +171,32 @@
     }
   end
 
+  context 'with check_valid_until false' do
+    let :params do
+      {
+        location: 'hello.there',
+        check_valid_until: false,
+      }
+    end
+
+    it {
+      is_expected.to contain_apt__setting('list-my_source').with(ensure: 'present').with_content(%r{# my_source\ndeb \[check-valid-until=false\] hello.there stretch main\n})
+    }
+  end
+
+  context 'with check_valid_until true' do
+    let :params do
+      {
+        location: 'hello.there',
+        check_valid_until: true,
+      }
+    end
+
+    it {
+      is_expected.to contain_apt__setting('list-my_source').with(ensure: 'present').with_content(%r{# my_source\ndeb hello.there stretch main\n})
+    }
+  end
+
   context 'with keyring set' do
     let :params do
       {