Installation of package_config/CLASS.gpg
Diego Zuccato
diego.zuccato at unibo.it
Tue Aug 22 09:57:31 CEST 2023
I placed 'em under
/srv/salt/_files/etc/apt/keyrings/<repo>-archive-keyring.gpg and
repositories have
deb [signed-by=/etc/apt/keyrings/<repo>-archive-keyring.gpg arch=amd64]
https://...
gluster.sls uses:
-8<--
create-keyrings-dir:
file.directory:
- name: /etc/apt/keyrings/
- user: root
- group: root
- mode: 755
add-gluster-key:
file.managed:
- name: /etc/apt/keyrings/gluster-archive-keyring.gpg
- source: salt://_files/etc/apt/keyrings/gluster{{
salt['pillar.get']('gluster_version','') }}-archive-keyring.gpg
add-gluster-repo:
file.managed:
- name: /etc/apt/sources.list.d/gluster.list
- source: salt://_files/etc/apt/sources.list.d/gluster{{
salt['pillar.get']('gluster_version','') }}-{{ grains['oscodename'] }}.list
-8<--
(actually create-keydirs-dir is in a separate sls that gets included by
all sls files that need to add keyrings, but it's just a detail).
Diego
Il 22/08/2023 09:46, Thomas Lange ha scritto:
> I would suggest you are using a hook with an fcopy command to put
> those files to some other locations.
>
>>>>>> On Tue, 18 Jul 2023 21:36:04 +1200, Andrew Ruthven <andrew at etc.gen.nz> said:
>
> > Hey,
> > I see that FAI since 5.8.7 will install package_config/CLASS.gpg
> > into /etc/apt/trusted.gpg.d/ . Apt will then trust all the keyrings in
> > /etc/apt/trusted.gpg.d . This isn't really ideal, and I'd prefer to use
> > Signed-By to specify which GPG keyring to trust for our various additional
> > repositories.
>
> > How about having task_repository check for another file, say
> > package_config/CLASS.gpg_dest that'd allow us to specify where to copy
> > package_config/CLASS.gpg to?
>
--
Diego Zuccato
DIFA - Dip. di Fisica e Astronomia
Servizi Informatici
Alma Mater Studiorum - Università di Bologna
V.le Berti-Pichat 6/2 - 40127 Bologna - Italy
tel.: +39 051 20 95786
More information about the linux-fai
mailing list