diff --git a/salt/osfamilymap.yaml b/salt/osfamilymap.yaml index acf02b1..b78b24b 100644 --- a/salt/osfamilymap.yaml +++ b/salt/osfamilymap.yaml @@ -25,8 +25,10 @@ Debian: - pkgrepo: 'deb {{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ osfamily_lower }}/{{ osmajorrelease }}/amd64/{{ salt_release }} {{ oscodename }} main' + pkgrepo: 'deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] {{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ osfamily_lower }}/{{ osmajorrelease }}/amd64/{{ salt_release }} {{ oscodename }} main' key_url: '{{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ osfamily_lower }}/{{ osmajorrelease }}/amd64/{{ salt_release }}/SALTSTACK-GPG-KEY.pub' + pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ osfamily_lower }}/{{ osmajorrelease }}/amd64/{{ salt_release }}/salt-archive-keyring.gpg' + pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 libgit2: libgit2-22 pyinotify: python-pyinotify gitfs: diff --git a/salt/osmap.yaml b/salt/osmap.yaml index 5abc7a5..b50bf01 100644 --- a/salt/osmap.yaml +++ b/salt/osmap.yaml @@ -25,7 +25,9 @@ Amazon: key_url: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/amazon/2/$basearch/{{ salt_release }}/SALTSTACK-GPG-KEY.pub' Ubuntu: - pkgrepo: 'deb {{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }} {{ oscodename }} main' + pkgrepo: 'deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] {{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }} {{ oscodename }} main' + pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }}/salt-archive-keyring.gpg' + pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 key_url: '{{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }}/SALTSTACK-GPG-KEY.pub' pygit2: python-pygit2 gitfs: diff --git a/salt/pkgrepo/debian/absent.sls b/salt/pkgrepo/debian/absent.sls index 5cd26cc..5a04489 100644 --- a/salt/pkgrepo/debian/absent.sls +++ b/salt/pkgrepo/debian/absent.sls @@ -6,8 +6,8 @@ salt-pkgrepo-clean-saltstack-debian: pkgrepo.absent: - name: {{ salt_settings.pkgrepo }} file.absent: - - name: /etc/apt/sources.list.d/saltstack.list + - name: /etc/apt/sources.list.d/salt.list salt-pkgrepo-clean-saltstack-debian-apt-key: file.absent: - - name: /etc/apt/trusted.gpg.d/saltstack.gpg + - name: /usr/share/keyrings/salt-archive-keyring.gpg diff --git a/salt/pkgrepo/debian/clean.sls b/salt/pkgrepo/debian/clean.sls index 5cd26cc..5a04489 100644 --- a/salt/pkgrepo/debian/clean.sls +++ b/salt/pkgrepo/debian/clean.sls @@ -6,8 +6,8 @@ salt-pkgrepo-clean-saltstack-debian: pkgrepo.absent: - name: {{ salt_settings.pkgrepo }} file.absent: - - name: /etc/apt/sources.list.d/saltstack.list + - name: /etc/apt/sources.list.d/salt.list salt-pkgrepo-clean-saltstack-debian-apt-key: file.absent: - - name: /etc/apt/trusted.gpg.d/saltstack.gpg + - name: /usr/share/keyrings/salt-archive-keyring.gpg diff --git a/salt/pkgrepo/debian/install.sls b/salt/pkgrepo/debian/install.sls index 780bfd0..0a936ff 100644 --- a/salt/pkgrepo/debian/install.sls +++ b/salt/pkgrepo/debian/install.sls @@ -2,13 +2,27 @@ # vim: ft=sls {% from "salt/map.jinja" import salt_settings with context %} +salt-pkgrepo-install-saltstack-debian-keyring: + file.managed: + - name: /usr/share/keyrings/salt-archive-keyring.gpg + - source: {{ salt_settings.pkgrepo_keyring }} + - source_hash: {{ salt_settings.pkgrepo_keyring_hash }} + - require_in: + - pkgrepo: salt-pkgrepo-install-saltstack-debian + +salt-pkgrepo-install-saltstack-debian-remove-old-repo-file: + file.absent: + - name: /etc/apt/sources.list.d/saltstack.list + - require_in: + - pkgrepo: salt-pkgrepo-install-saltstack-debian + salt-pkgrepo-install-saltstack-debian: pkgrepo.managed: - humanname: SaltStack Debian Repo - name: {{ salt_settings.pkgrepo }} - - file: /etc/apt/sources.list.d/saltstack.list + - file: /etc/apt/sources.list.d/salt.list - key_url: {{ salt_settings.key_url }} - clean_file: True - # Order: 1 because we can't put a require_in on "pkg: salt-{master,minion}" + # Order: 3 because we can't put a require_in on "pkg: salt-{master,minion}" # because we don't know if they are used. - - order: 1 + - order: 3 diff --git a/test/integration/v3000-py2/files/_mapdata/ubuntu-18.yaml b/test/integration/v3000-py2/files/_mapdata/ubuntu-18.yaml index 30fc509..b16a827 100644 --- a/test/integration/v3000-py2/files/_mapdata/ubuntu-18.yaml +++ b/test/integration/v3000-py2/files/_mapdata/ubuntu-18.yaml @@ -86,7 +86,10 @@ values: state: running parallel: true pin_version: false - pkgrepo: deb https://repo.saltproject.io/apt/ubuntu/18.04/amd64/3000 bionic main + pkgrepo: deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] + https://repo.saltproject.io/apt/ubuntu/18.04/amd64/3000 bionic main + pkgrepo_keyring: https://repo.saltproject.io/apt/ubuntu/18.04/amd64/3000/salt-archive-keyring.gpg + pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 py_ver: '' pygit2: python-pygit2 pyinotify: python-pyinotify diff --git a/test/integration/v3000-py3/files/_mapdata/debian-10.yaml b/test/integration/v3000-py3/files/_mapdata/debian-10.yaml index 8961215..bcb9522 100644 --- a/test/integration/v3000-py3/files/_mapdata/debian-10.yaml +++ b/test/integration/v3000-py3/files/_mapdata/debian-10.yaml @@ -86,7 +86,10 @@ values: state: running parallel: true pin_version: false - pkgrepo: deb https://repo.saltproject.io/py3/debian/10/amd64/3000 buster main + pkgrepo: deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] + https://repo.saltproject.io/py3/debian/10/amd64/3000 buster main + pkgrepo_keyring: https://repo.saltproject.io/py3/debian/10/amd64/3000/salt-archive-keyring.gpg + pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 py_ver: py3 pyinotify: python-pyinotify python_dulwich: python-dulwich diff --git a/test/integration/v3000-py3/files/_mapdata/debian-9.yaml b/test/integration/v3000-py3/files/_mapdata/debian-9.yaml index 90fdcc5..0e25024 100644 --- a/test/integration/v3000-py3/files/_mapdata/debian-9.yaml +++ b/test/integration/v3000-py3/files/_mapdata/debian-9.yaml @@ -86,7 +86,10 @@ values: state: running parallel: true pin_version: false - pkgrepo: deb https://repo.saltproject.io/py3/debian/9/amd64/3000 stretch main + pkgrepo: deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] + https://repo.saltproject.io/py3/debian/9/amd64/3000 stretch main + pkgrepo_keyring: https://repo.saltproject.io/py3/debian/9/amd64/3000/salt-archive-keyring.gpg + pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 py_ver: py3 pyinotify: python-pyinotify python_dulwich: python-dulwich diff --git a/test/integration/v3000-py3/files/_mapdata/ubuntu-18.yaml b/test/integration/v3000-py3/files/_mapdata/ubuntu-18.yaml index 0ae3787..02729ac 100644 --- a/test/integration/v3000-py3/files/_mapdata/ubuntu-18.yaml +++ b/test/integration/v3000-py3/files/_mapdata/ubuntu-18.yaml @@ -86,7 +86,10 @@ values: state: running parallel: true pin_version: false - pkgrepo: deb https://repo.saltproject.io/py3/ubuntu/18.04/amd64/3000 bionic main + pkgrepo: deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] + https://repo.saltproject.io/py3/ubuntu/18.04/amd64/3000 bionic main + pkgrepo_keyring: https://repo.saltproject.io/py3/ubuntu/18.04/amd64/3000/salt-archive-keyring.gpg + pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 py_ver: py3 pygit2: python-pygit2 pyinotify: python-pyinotify diff --git a/test/integration/v3001-py3/files/_mapdata/debian-10.yaml b/test/integration/v3001-py3/files/_mapdata/debian-10.yaml index e90da68..ce73428 100644 --- a/test/integration/v3001-py3/files/_mapdata/debian-10.yaml +++ b/test/integration/v3001-py3/files/_mapdata/debian-10.yaml @@ -86,7 +86,10 @@ values: state: running parallel: true pin_version: false - pkgrepo: deb https://repo.saltproject.io/py3/debian/10/amd64/3001 buster main + pkgrepo: deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] + https://repo.saltproject.io/py3/debian/10/amd64/3001 buster main + pkgrepo_keyring: https://repo.saltproject.io/py3/debian/10/amd64/3001/salt-archive-keyring.gpg + pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 py_ver: py3 pyinotify: python-pyinotify python_dulwich: python-dulwich diff --git a/test/integration/v3001-py3/files/_mapdata/debian-9.yaml b/test/integration/v3001-py3/files/_mapdata/debian-9.yaml index bd69e95..0b801d6 100644 --- a/test/integration/v3001-py3/files/_mapdata/debian-9.yaml +++ b/test/integration/v3001-py3/files/_mapdata/debian-9.yaml @@ -86,7 +86,10 @@ values: state: running parallel: true pin_version: false - pkgrepo: deb https://repo.saltproject.io/py3/debian/9/amd64/3001 stretch main + pkgrepo: deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] + https://repo.saltproject.io/py3/debian/9/amd64/3001 stretch main + pkgrepo_keyring: https://repo.saltproject.io/py3/debian/9/amd64/3001/salt-archive-keyring.gpg + pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 py_ver: py3 pyinotify: python-pyinotify python_dulwich: python-dulwich diff --git a/test/integration/v3001-py3/files/_mapdata/ubuntu-18.yaml b/test/integration/v3001-py3/files/_mapdata/ubuntu-18.yaml index 606dcc5..f782872 100644 --- a/test/integration/v3001-py3/files/_mapdata/ubuntu-18.yaml +++ b/test/integration/v3001-py3/files/_mapdata/ubuntu-18.yaml @@ -48,8 +48,8 @@ values: ext_pillar: - cmd_yaml: cat /etc/salt/yaml - stack: - - /path/to/stack1.cfg - - /path/to/stack2.cfg + - /path/to/stack1.cfg + - /path/to/stack2.cfg - reclass: inventory_base_uri: /etc/reclass file_roots: @@ -86,7 +86,10 @@ values: state: running parallel: true pin_version: false - pkgrepo: deb https://repo.saltproject.io/py3/ubuntu/18.04/amd64/3001 bionic main + pkgrepo: deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] + https://repo.saltproject.io/py3/ubuntu/18.04/amd64/3001 bionic main + pkgrepo_keyring: https://repo.saltproject.io/py3/ubuntu/18.04/amd64/3001/salt-archive-keyring.gpg + pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 py_ver: py3 pygit2: python-pygit2 pyinotify: python-pyinotify diff --git a/test/integration/v3001-py3/files/_mapdata/ubuntu-20.yaml b/test/integration/v3001-py3/files/_mapdata/ubuntu-20.yaml index 8c57f33..bda1f69 100644 --- a/test/integration/v3001-py3/files/_mapdata/ubuntu-20.yaml +++ b/test/integration/v3001-py3/files/_mapdata/ubuntu-20.yaml @@ -86,7 +86,10 @@ values: state: running parallel: true pin_version: false - pkgrepo: deb https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3001 focal main + pkgrepo: deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] + https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3001 focal main + pkgrepo_keyring: https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3001/salt-archive-keyring.gpg + pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 py_ver: py3 pygit2: python-pygit2 pyinotify: python-pyinotify diff --git a/test/integration/v3002-py3/files/_mapdata/debian-10.yaml b/test/integration/v3002-py3/files/_mapdata/debian-10.yaml index ff253aa..f28b3ef 100644 --- a/test/integration/v3002-py3/files/_mapdata/debian-10.yaml +++ b/test/integration/v3002-py3/files/_mapdata/debian-10.yaml @@ -86,7 +86,10 @@ values: state: running parallel: true pin_version: false - pkgrepo: deb https://repo.saltproject.io/py3/debian/10/amd64/3002 buster main + pkgrepo: deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] + https://repo.saltproject.io/py3/debian/10/amd64/3002 buster main + pkgrepo_keyring: https://repo.saltproject.io/py3/debian/10/amd64/3002/salt-archive-keyring.gpg + pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 py_ver: py3 pyinotify: python-pyinotify python_dulwich: python-dulwich diff --git a/test/integration/v3002-py3/files/_mapdata/debian-9.yaml b/test/integration/v3002-py3/files/_mapdata/debian-9.yaml index 3491909..070428e 100644 --- a/test/integration/v3002-py3/files/_mapdata/debian-9.yaml +++ b/test/integration/v3002-py3/files/_mapdata/debian-9.yaml @@ -86,7 +86,10 @@ values: state: running parallel: true pin_version: false - pkgrepo: deb https://repo.saltproject.io/py3/debian/9/amd64/3002 stretch main + pkgrepo: deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] + https://repo.saltproject.io/py3/debian/9/amd64/3002 stretch main + pkgrepo_keyring: https://repo.saltproject.io/py3/debian/9/amd64/3002/salt-archive-keyring.gpg + pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 py_ver: py3 pyinotify: python-pyinotify python_dulwich: python-dulwich diff --git a/test/integration/v3002-py3/files/_mapdata/ubuntu-18.yaml b/test/integration/v3002-py3/files/_mapdata/ubuntu-18.yaml index 0c5672c..cf21ff5 100644 --- a/test/integration/v3002-py3/files/_mapdata/ubuntu-18.yaml +++ b/test/integration/v3002-py3/files/_mapdata/ubuntu-18.yaml @@ -86,7 +86,10 @@ values: state: running parallel: true pin_version: false - pkgrepo: deb https://repo.saltproject.io/py3/ubuntu/18.04/amd64/3002 bionic main + pkgrepo: deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] + https://repo.saltproject.io/py3/ubuntu/18.04/amd64/3002 bionic main + pkgrepo_keyring: https://repo.saltproject.io/py3/ubuntu/18.04/amd64/3002/salt-archive-keyring.gpg + pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 py_ver: py3 pygit2: python-pygit2 pyinotify: python-pyinotify diff --git a/test/integration/v3002-py3/files/_mapdata/ubuntu-20.yaml b/test/integration/v3002-py3/files/_mapdata/ubuntu-20.yaml index 15d3b76..7a92bad 100644 --- a/test/integration/v3002-py3/files/_mapdata/ubuntu-20.yaml +++ b/test/integration/v3002-py3/files/_mapdata/ubuntu-20.yaml @@ -86,7 +86,10 @@ values: state: running parallel: true pin_version: false - pkgrepo: deb https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3002 focal main + pkgrepo: deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] + https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3002 focal main + pkgrepo_keyring: https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3002/salt-archive-keyring.gpg + pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 py_ver: py3 pygit2: python-pygit2 pyinotify: python-pyinotify diff --git a/test/integration/v3003-py3/files/_mapdata/debian-10.yaml b/test/integration/v3003-py3/files/_mapdata/debian-10.yaml index 59b87ff..17e36b6 100644 --- a/test/integration/v3003-py3/files/_mapdata/debian-10.yaml +++ b/test/integration/v3003-py3/files/_mapdata/debian-10.yaml @@ -86,7 +86,10 @@ values: state: running parallel: true pin_version: false - pkgrepo: deb https://repo.saltproject.io/py3/debian/10/amd64/3003 buster main + pkgrepo: deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] + https://repo.saltproject.io/py3/debian/10/amd64/3003 buster main + pkgrepo_keyring: https://repo.saltproject.io/py3/debian/10/amd64/3003/salt-archive-keyring.gpg + pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 py_ver: py3 pyinotify: python-pyinotify python_dulwich: python-dulwich diff --git a/test/integration/v3003-py3/files/_mapdata/debian-9.yaml b/test/integration/v3003-py3/files/_mapdata/debian-9.yaml index 5857760..acf4962 100644 --- a/test/integration/v3003-py3/files/_mapdata/debian-9.yaml +++ b/test/integration/v3003-py3/files/_mapdata/debian-9.yaml @@ -86,7 +86,10 @@ values: state: running parallel: true pin_version: false - pkgrepo: deb https://repo.saltproject.io/py3/debian/9/amd64/3003 stretch main + pkgrepo: deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] + https://repo.saltproject.io/py3/debian/9/amd64/3003 stretch main + pkgrepo_keyring: https://repo.saltproject.io/py3/debian/9/amd64/3003/salt-archive-keyring.gpg + pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 py_ver: py3 pyinotify: python-pyinotify python_dulwich: python-dulwich diff --git a/test/integration/v3003-py3/files/_mapdata/ubuntu-18.yaml b/test/integration/v3003-py3/files/_mapdata/ubuntu-18.yaml index 8dc4437..743b9df 100644 --- a/test/integration/v3003-py3/files/_mapdata/ubuntu-18.yaml +++ b/test/integration/v3003-py3/files/_mapdata/ubuntu-18.yaml @@ -86,7 +86,10 @@ values: state: running parallel: true pin_version: false - pkgrepo: deb https://repo.saltproject.io/py3/ubuntu/18.04/amd64/3003 bionic main + pkgrepo: deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] + https://repo.saltproject.io/py3/ubuntu/18.04/amd64/3003 bionic main + pkgrepo_keyring: https://repo.saltproject.io/py3/ubuntu/18.04/amd64/3003/salt-archive-keyring.gpg + pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 py_ver: py3 pygit2: python-pygit2 pyinotify: python-pyinotify diff --git a/test/integration/v3003-py3/files/_mapdata/ubuntu-20.yaml b/test/integration/v3003-py3/files/_mapdata/ubuntu-20.yaml index 7c58efa..bec78e2 100644 --- a/test/integration/v3003-py3/files/_mapdata/ubuntu-20.yaml +++ b/test/integration/v3003-py3/files/_mapdata/ubuntu-20.yaml @@ -86,7 +86,10 @@ values: state: running parallel: true pin_version: false - pkgrepo: deb https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3003 focal main + pkgrepo: deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] + https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3003 focal main + pkgrepo_keyring: https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3003/salt-archive-keyring.gpg + pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 py_ver: py3 pygit2: python-pygit2 pyinotify: python-pyinotify