From 97e1d1f07a2acc8e9b048412911d61695d7187b3 Mon Sep 17 00:00:00 2001 From: hk Date: Thu, 4 Nov 2021 15:26:42 +0100 Subject: [PATCH 1/2] fix: make it possible to not have key_url set Fixes #520 --- salt/pkgrepo/debian/install.sls | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/pkgrepo/debian/install.sls b/salt/pkgrepo/debian/install.sls index 0a936ff..21ac37a 100644 --- a/salt/pkgrepo/debian/install.sls +++ b/salt/pkgrepo/debian/install.sls @@ -21,7 +21,9 @@ salt-pkgrepo-install-saltstack-debian: - humanname: SaltStack Debian Repo - name: {{ salt_settings.pkgrepo }} - file: /etc/apt/sources.list.d/salt.list + {% if salt_settings.get('key_url') is not none %} - key_url: {{ salt_settings.key_url }} + {% endif %} - clean_file: True # Order: 3 because we can't put a require_in on "pkg: salt-{master,minion}" # because we don't know if they are used. From a932a8cc84d6a97d958aa0d6e6b1026bbbf5a745 Mon Sep 17 00:00:00 2001 From: hk Date: Thu, 4 Nov 2021 15:52:41 +0100 Subject: [PATCH 2/2] fix: update to modern defaults for Debian family Don't add key_url as it is deprecated and not needed when pkgrepo_keyring is set. This has been supported since stretch so make it the default. Also use py3 repo by default for Debian family as it is now the only option. Additionally, Raspbian has been updated to use signed-by by default. --- pillar.example | 2 +- salt/osfamilymap.yaml | 5 ++--- salt/osmap.yaml | 4 ++-- test/integration/v3001-py3/files/_mapdata/debian-10.yaml | 1 - test/integration/v3001-py3/files/_mapdata/debian-9.yaml | 1 - test/integration/v3002-py3/files/_mapdata/debian-10.yaml | 1 - test/integration/v3002-py3/files/_mapdata/debian-9.yaml | 1 - 7 files changed, 5 insertions(+), 10 deletions(-) diff --git a/pillar.example b/pillar.example index ab79860..c2d0d0a 100644 --- a/pillar.example +++ b/pillar.example @@ -14,7 +14,7 @@ salt: master_remove_config: true # Set this to 'py3' to install the Python 3 packages. - # If this is not set, the Python 2 packages will be installed by default. + # The default varies between OS versions. py_ver: 'py3' # Set this to false to not have the formula install packages (in the case you diff --git a/salt/osfamilymap.yaml b/salt/osfamilymap.yaml index b78b24b..6f03da8 100644 --- a/salt/osfamilymap.yaml +++ b/salt/osfamilymap.yaml @@ -25,9 +25,8 @@ Debian: - pkgrepo: 'deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] {{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ osfamily_lower }}/{{ osmajorrelease }}/amd64/{{ salt_release }} {{ oscodename }} main' - key_url: '{{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ osfamily_lower }}/{{ osmajorrelease }}/amd64/{{ salt_release }}/SALTSTACK-GPG-KEY.pub' - pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ osfamily_lower }}/{{ osmajorrelease }}/amd64/{{ salt_release }}/salt-archive-keyring.gpg' + pkgrepo: 'deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] {{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ osfamily_lower }}/{{ osmajorrelease }}/amd64/{{ salt_release }} {{ oscodename }} main' + pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ osfamily_lower }}/{{ osmajorrelease }}/amd64/{{ salt_release }}/salt-archive-keyring.gpg' pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 libgit2: libgit2-22 pyinotify: python-pyinotify diff --git a/salt/osmap.yaml b/salt/osmap.yaml index b50bf01..642b281 100644 --- a/salt/osmap.yaml +++ b/salt/osmap.yaml @@ -38,8 +38,8 @@ Ubuntu: install_from_package: Null Raspbian: - pkgrepo: 'deb {{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_family_lower }}/{{ osmajorrelease }}/armhf/{{ salt_release }} {{ oscodename }} main' - key_url: '{{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_family_lower }}/{{ osmajorrelease }}/armhf/{{ salt_release }}/SALTSTACK-GPG-KEY.pub' + pkgrepo: 'deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=armhf] {{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ os_family_lower }}/{{ osmajorrelease }}/armhf/{{ salt_release }} {{ oscodename }} main' + pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ os_family_lower }}/{{ osmajorrelease }}/armhf/{{ salt_release }}/salt-archive-keyring.gpg' SmartOS: salt_master: salt diff --git a/test/integration/v3001-py3/files/_mapdata/debian-10.yaml b/test/integration/v3001-py3/files/_mapdata/debian-10.yaml index ce73428..236b55f 100644 --- a/test/integration/v3001-py3/files/_mapdata/debian-10.yaml +++ b/test/integration/v3001-py3/files/_mapdata/debian-10.yaml @@ -42,7 +42,6 @@ values: version: 0.23.0 version: 0.22.1 install_packages: true - key_url: https://repo.saltproject.io/py3/debian/10/amd64/3001/SALTSTACK-GPG-KEY.pub libgit2: libgit2-22 master: ext_pillar: diff --git a/test/integration/v3001-py3/files/_mapdata/debian-9.yaml b/test/integration/v3001-py3/files/_mapdata/debian-9.yaml index 0b801d6..7af01f3 100644 --- a/test/integration/v3001-py3/files/_mapdata/debian-9.yaml +++ b/test/integration/v3001-py3/files/_mapdata/debian-9.yaml @@ -42,7 +42,6 @@ values: version: 0.23.0 version: 0.22.1 install_packages: true - key_url: https://repo.saltproject.io/py3/debian/9/amd64/3001/SALTSTACK-GPG-KEY.pub libgit2: libgit2-22 master: ext_pillar: diff --git a/test/integration/v3002-py3/files/_mapdata/debian-10.yaml b/test/integration/v3002-py3/files/_mapdata/debian-10.yaml index f28b3ef..51288c8 100644 --- a/test/integration/v3002-py3/files/_mapdata/debian-10.yaml +++ b/test/integration/v3002-py3/files/_mapdata/debian-10.yaml @@ -42,7 +42,6 @@ values: version: 0.23.0 version: 0.22.1 install_packages: true - key_url: https://repo.saltproject.io/py3/debian/10/amd64/3002/SALTSTACK-GPG-KEY.pub libgit2: libgit2-22 master: ext_pillar: diff --git a/test/integration/v3002-py3/files/_mapdata/debian-9.yaml b/test/integration/v3002-py3/files/_mapdata/debian-9.yaml index 070428e..073288e 100644 --- a/test/integration/v3002-py3/files/_mapdata/debian-9.yaml +++ b/test/integration/v3002-py3/files/_mapdata/debian-9.yaml @@ -42,7 +42,6 @@ values: version: 0.23.0 version: 0.22.1 install_packages: true - key_url: https://repo.saltproject.io/py3/debian/9/amd64/3002/SALTSTACK-GPG-KEY.pub libgit2: libgit2-22 master: ext_pillar: