From bcccdbc8598e1c617fcd45f469b94ed8ed7236d2 Mon Sep 17 00:00:00 2001 From: Sergei Puzyrev Date: Wed, 29 Nov 2017 12:17:58 +0000 Subject: [PATCH 1/5] Fixed sources_list_dir cleaning --- apt/repositories.sls | 40 +++++++++++++++++++++++++++------------- 1 file changed, 27 insertions(+), 13 deletions(-) diff --git a/apt/repositories.sls b/apt/repositories.sls index 2e6eeb5..b4b140f 100644 --- a/apt/repositories.sls +++ b/apt/repositories.sls @@ -33,22 +33,36 @@ debian-archive-keyring: {%- set r_comps = args.comps|default(['main'])|join(' ') %} {%- set r_keyserver = args.keyserver if args.keyserver is defined else apt_map.default_keyserver %} + {%- if args.key_url is defined %} + {%- set key_body = salt['http.query'](args.key_url).get('body', '') %} + {%- set key_id = salt['cmd.run']('gpg --dry-run --with-colons', stdin=key_body).split(':')[4] %} + {%- if key_id not in salt['pkg.get_repo_keys']().keys() %} +apt_key {{ args.key_url }}: + module.run: + - name: pkg.add_repo_key + - text: | + {{ key_body|indent(8) }} + {%- endif %} + {%- elif args.keyid is defined %} + {%- if args.keyid not in salt['pkg.get_repo_keys']().keys() %} +apt_key {{ args.keyid }}: + module.run: + - name: pkg.add_repo_key + - keyserver: {{ r_keyserver }} + - keyid: {{ args.keyid }} + {%- endif %} + {%- endif %} + + {%- for type in args.type|d(['binary']) %} {%- set r_type = 'deb-src' if type == 'source' else 'deb' %} -{{ r_type }} {{ repo }}: - pkgrepo.managed: - - name: {{ r_type }} {{ r_arch }} {{ r_url }} {{ r_distro }} {{ r_comps }} - - file: {{ sources_list_dir }}/{{ repo }}-{{ type }}.list - {# You can use either keyid+keyserver or key_url. If both are provided - the latter will be used. #} - {% if args.key_url is defined %} - - key_url: {{ args.key_url }} - {% elif args.keyid is defined %} - - keyid: {{ args.keyid }} - - keyserver: {{ r_keyserver }} - {% endif %} - - clean_file: true +{{ sources_list_dir }}/{{ repo }}-{{ type }}.list: + file.managed: + - contents: | + {{ r_type }} {{ r_arch }} {{ r_url }} {{ r_distro }} {{ r_comps }} + - require_in: + - file: {{ sources_list_dir }} {%- endfor %} {% endfor %} From 96dd42d617b5b5a86e57108691205c2dfbe96f70 Mon Sep 17 00:00:00 2001 From: Sergei Puzyrev Date: Wed, 29 Nov 2017 13:30:54 +0000 Subject: [PATCH 2/5] Replaced gpg with apt-key and cmd.run with cmd.shell in repositories.sls --- apt/repositories.sls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apt/repositories.sls b/apt/repositories.sls index b4b140f..eed8e2a 100644 --- a/apt/repositories.sls +++ b/apt/repositories.sls @@ -35,8 +35,9 @@ debian-archive-keyring: {%- if args.key_url is defined %} {%- set key_body = salt['http.query'](args.key_url).get('body', '') %} - {%- set key_id = salt['cmd.run']('gpg --dry-run --with-colons', stdin=key_body).split(':')[4] %} + {%- set key_id = salt['cmd.shell']('apt-key adv --with-fingerprint --with-colons | grep pub', stdin=key_body).split(':')[4] %} {%- if key_id not in salt['pkg.get_repo_keys']().keys() %} + {{ key_id }} apt_key {{ args.key_url }}: module.run: - name: pkg.add_repo_key From c08ad23514c83e24c837e068ec0eea83e695368c Mon Sep 17 00:00:00 2001 From: Sergei Puzyrev Date: Wed, 29 Nov 2017 13:33:17 +0000 Subject: [PATCH 3/5] A little bugfix --- apt/repositories.sls | 1 - 1 file changed, 1 deletion(-) diff --git a/apt/repositories.sls b/apt/repositories.sls index eed8e2a..61b7ee9 100644 --- a/apt/repositories.sls +++ b/apt/repositories.sls @@ -37,7 +37,6 @@ debian-archive-keyring: {%- set key_body = salt['http.query'](args.key_url).get('body', '') %} {%- set key_id = salt['cmd.shell']('apt-key adv --with-fingerprint --with-colons | grep pub', stdin=key_body).split(':')[4] %} {%- if key_id not in salt['pkg.get_repo_keys']().keys() %} - {{ key_id }} apt_key {{ args.key_url }}: module.run: - name: pkg.add_repo_key From 427cb9af2c543c2e475a2f4c73d994c3124f850f Mon Sep 17 00:00:00 2001 From: Sergei Puzyrev Date: Wed, 29 Nov 2017 13:58:48 +0000 Subject: [PATCH 4/5] Added short keyid handling --- apt/repositories.sls | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/apt/repositories.sls b/apt/repositories.sls index 61b7ee9..e697943 100644 --- a/apt/repositories.sls +++ b/apt/repositories.sls @@ -44,7 +44,12 @@ apt_key {{ args.key_url }}: {{ key_body|indent(8) }} {%- endif %} {%- elif args.keyid is defined %} - {%- if args.keyid not in salt['pkg.get_repo_keys']().keys() %} + {%- set long_keys = salt['pkg.get_repo_keys']().keys() %} + {%- set short_keys = [] %} + {%- for long_key in long_keys %} + {%- do short_keys.append(long_key[-8:]) %} + {%- endfor %} + {%- if args.keyid not in long_keys and args.keyid not in short_keys %} apt_key {{ args.keyid }}: module.run: - name: pkg.add_repo_key From aefd4b7469754d0270ef271b278db13a3ec5e039 Mon Sep 17 00:00:00 2001 From: Sergei Puzyrev Date: Wed, 29 Nov 2017 14:37:57 +0000 Subject: [PATCH 5/5] Added handling when same key is using in different repos --- apt/repositories.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apt/repositories.sls b/apt/repositories.sls index e697943..4ae6119 100644 --- a/apt/repositories.sls +++ b/apt/repositories.sls @@ -37,7 +37,7 @@ debian-archive-keyring: {%- set key_body = salt['http.query'](args.key_url).get('body', '') %} {%- set key_id = salt['cmd.shell']('apt-key adv --with-fingerprint --with-colons | grep pub', stdin=key_body).split(':')[4] %} {%- if key_id not in salt['pkg.get_repo_keys']().keys() %} -apt_key {{ args.key_url }}: +apt_key {{ repo }} {{ args.key_url }}: module.run: - name: pkg.add_repo_key - text: | @@ -50,7 +50,7 @@ apt_key {{ args.key_url }}: {%- do short_keys.append(long_key[-8:]) %} {%- endfor %} {%- if args.keyid not in long_keys and args.keyid not in short_keys %} -apt_key {{ args.keyid }}: +apt_key {{ repo }} {{ args.keyid }}: module.run: - name: pkg.add_repo_key - keyserver: {{ r_keyserver }}