From d79c22d3131d61e03d89acf293f04e7fac5b0ffc Mon Sep 17 00:00:00 2001
From: sticky-note <sticky.note@tutanota.com>
Date: Thu, 14 Nov 2024 01:25:54 +0000
Subject: [PATCH] feat(pkgrepo): impl new logic after migration to
 `packages.broadcom.com`

---
 docs/README.rst                 |  6 +++---
 pillar.example                  | 21 ++++++++++++---------
 salt/osfamilymap.yaml           | 24 +++++++++---------------
 salt/osfingermap.yaml           | 13 ++++---------
 salt/osmap.yaml                 | 28 ++++++++++------------------
 salt/pkgrepo/debian/absent.sls  |  2 +-
 salt/pkgrepo/debian/clean.sls   |  2 +-
 salt/pkgrepo/debian/install.sls |  2 +-
 salt/pkgrepo/redhat/install.sls |  3 ++-
 9 files changed, 43 insertions(+), 58 deletions(-)

diff --git a/docs/README.rst b/docs/README.rst
index 7e86882..a26f136 100644
--- a/docs/README.rst
+++ b/docs/README.rst
@@ -134,7 +134,7 @@ Git repositories under ``/srv/formulas`` and makes them available in the relevan
       'saltmain':
         - salt.formulas
         - salt.master
-    
+
 
 Pillar data can be used to customize all paths, URLs, etc. Here's a minimal pillar sample installing two formulas in the base environment:
 
@@ -203,8 +203,8 @@ salt-minion packages on MacOS will not be upgraded by default. To enable package
 ::
 
     install_packages: True
-    version: 2017.7.4
-    salt_minion_pkg_source: https://repo.saltproject.io/osx/salt-2017.7.4-py3-x86_64.pkg
+    version: 3006.9
+    salt_minion_pkg_source: https://packages.broadcom.com/artifactory/saltproject-generic/macos/3006.9/salt-3006.9-py3-x86_64.pkg
 
 install_packages must indicate that the installation of a package is desired. If so, version will be used to compare the version of the installed .pkg against the downloaded one. If version is not set and a salt.pkg is already installed the .pkg will not be installed again.
 
diff --git a/pillar.example b/pillar.example
index c2d0d0a..dd40882 100644
--- a/pillar.example
+++ b/pillar.example
@@ -22,7 +22,7 @@ salt:
   install_packages: true
 
   # Optional: set salt version (if install_packages is set to true)
-  version: 2017.7.2-1.el7
+  version: '3006.9'
 
   # Pin version provided under 'version' key by using apt-pinning
   # available only on Debian family OS-es
@@ -37,15 +37,18 @@ salt:
     salt_ssh: 'salt-ssh'
     pyinotify: 'python-pyinotify'  # the package to be installed for pyinotify
 
-  # Set which salt repository to use, default to https://repo.saltproject.io
-  # For older releases use https://archive.repo.saltproject.io
-  repo: 'https://archive.repo.saltproject.io'
+  # Set which salt repository to use
+  #   -> defaults to https://packages.broadcom.com/artifactory
+  repo: 'https://packages.broadcom.com/artifactory'
+  # yamllint disable rule:line-length
+  repo_key_url: 'https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public'
+  # yamllint enable rule:line-length
 
   # Set which release of SaltStack to use, default to 'latest'
   # To get the available releases:
-  # * http://repo.saltproject.io/yum/redhat/7/x86_64/
-  # * http://repo.saltproject.io/apt/debian/8/amd64/
-  release: '2018.3'
+  # * https://packages.broadcom.com/artifactory/saltproject-rpm/
+  # * https://packages.broadcom.com/artifactory/saltproject-deb
+  release: '3006'
 
   # MacOS has no package management.
   # Instead, we use file.managed to download an appropriate .pkg file and
@@ -57,8 +60,8 @@ salt:
   # NOTE: salt_minion_pkg_hash, if set, will be passed into file.managed's
   # source_hash, use URL or hash string
   # yamllint disable rule:line-length
-  salt_minion_pkg_source: 'https://repo.saltproject.io/osx/salt-2017.7.4-py3-x86_64.pkg'
-  salt_minion_pkg_hash: 'https://repo.saltproject.io/osx/salt-2017.7.4-py3-x86_64.pkg.md5'
+  salt_minion_pkg_source: 'https://packages.broadcom.com/artifactory/saltproject-generic/macos/3006.9/salt-3006.9-py3-x86_64.pkg'
+  salt_minion_pkg_hash: 'sha256=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
   # yamllint enable rule:line-length
 
   # tofs:
diff --git a/salt/osfamilymap.yaml b/salt/osfamilymap.yaml
index e2e48a6..531725c 100644
--- a/salt/osfamilymap.yaml
+++ b/salt/osfamilymap.yaml
@@ -5,15 +5,9 @@
 {%- set py_ver_repr = salt['pillar.get']('salt:py_ver', '') %}
 
 {%- set osrelease = salt['grains.get']('osrelease', '') %}
-{%- set salt_release = salt['pillar.get']('salt:release', 'latest') %}
-{%- if salt_release.split('.')|length >= 3 %}
-{%-   set salt_release = 'archive/' ~ salt_release %}
-{%- endif %}
-{%- set osfamily_lower =  salt['grains.get']('os_family')|lower %}
-{%- set osmajorrelease = salt['grains.get']('osmajorrelease', osrelease)|string %}
-{%- set oscodename = salt['grains.get']('oscodename') %}
 {%- set opensuse_repo_suffix = 'Leap_' ~ osrelease if salt['grains.get']('osfinger', '') == 'Leap-15' else 'Tumbleweed' %}
-{%- set salt_repo = salt['pillar.get']('salt:repo', 'https://repo.saltproject.io') %}
+{%- set salt_repo = salt['pillar.get']('salt:repo', 'https://packages.broadcom.com/artifactory') %}
+{%- set salt_repo_key_url = salt['pillar.get']('salt:repo_key_url', salt_repo ~ '/api/security/keypair/SaltProjectKey/public') %}
 
 #from template-formula
 {%- if grains.os_family == 'MacOS' %}
@@ -25,9 +19,9 @@
 
 
 Debian:
-  pkgrepo: 'deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] {{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ osfamily_lower }}/{{ osmajorrelease }}/amd64/{{ salt_release }} {{ oscodename }} main'
-  pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ osfamily_lower }}/{{ osmajorrelease }}/amd64/{{ salt_release }}/salt-archive-keyring.gpg'
-  pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47
+  pkgrepo: 'deb [signed-by=/etc/apt/keyrings/salt-archive-keyring.pgp arch=amd64] {{ salt_repo }}/saltproject-deb stable main'
+  pkgrepo_keyring: '{{ salt_repo_key_url }}'
+  pkgrepo_keyring_hash: sha256=36decef986477acb8ba2a1fc4041bcf9f22229ef6c939d0317c9e36a9d142b34
   libgit2: libgit2-22
   pyinotify: python-pyinotify
   gitfs:
@@ -41,10 +35,10 @@ Debian:
         install_from_source: false
 
 RedHat:
-  pkgrepo_name: saltstack
-  pkgrepo_humanname: SaltStack repo for RHEL/CentOS $releasever
-  pkgrepo: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/redhat/$releasever/$basearch/{{ salt_release }}'
-  key_url: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/redhat/$releasever/$basearch/{{ salt_release }}/SALTSTACK-GPG-KEY.pub'
+  pkgrepo_name: salt-repo-latest
+  pkgrepo_humanname: Salt Repo for Salt LATEST release
+  pkgrepo: '{{ salt_repo }}/saltproject-rpm/'
+  key_url: '{{ salt_repo_key_url }}'
   pygit2: python-pygit2
   python_git: GitPython
   gitfs:
diff --git a/salt/osfingermap.yaml b/salt/osfingermap.yaml
index d92030d..f37cecb 100644
--- a/salt/osfingermap.yaml
+++ b/salt/osfingermap.yaml
@@ -2,17 +2,12 @@
 # vim: ft=yaml
 ---
 
-{%- set py_ver_repr = salt['pillar.get']('salt:py_ver', '') %}
-
 {%- set osrelease = salt['grains.get']('osrelease', '') %}
-{%- set salt_release = salt['pillar.get']('salt:release', 'latest') %}
-{%- if salt_release.split('.')|length >= 3 %}
-{%-   set salt_release = 'archive/' ~ salt_release %}
-{%- endif %}
 {%- set osmajorrelease = salt['grains.get']('osmajorrelease', osrelease)|string %}
-{%- set salt_repo = salt['pillar.get']('salt:repo', 'https://repo.saltproject.io') %}
+{%- set salt_repo = salt['pillar.get']('salt:repo', 'https://packages.broadcom.com/artifactory') %}
+{%- set salt_repo_key_url = salt['pillar.get']('salt:repo_key_url', salt_repo ~ '/api/security/keypair/SaltProjectKey/public') %}
 
 Oracle Linux Server-7:
   pkgrepo_humanname: SaltStack repo for RHEL/CentOS {{ osmajorrelease }}
-  pkgrepo: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/redhat/{{ osmajorrelease }}/$basearch/{{ salt_release }}'
-  key_url: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/redhat/{{ osmajorrelease }}/$basearch/{{ salt_release }}/SALTSTACK-GPG-KEY.pub'
+  pkgrepo: '{{ salt_repo }}/saltproject-rpm/'
+  key_url: '{{ salt_repo_key_url }}'
diff --git a/salt/osmap.yaml b/salt/osmap.yaml
index c553728..79f518f 100644
--- a/salt/osmap.yaml
+++ b/salt/osmap.yaml
@@ -4,16 +4,8 @@
 
 {%- set py_ver_repr = salt['pillar.get']('salt:py_ver', '') %}
 
-{%- set osrelease = salt['grains.get']('osrelease', '') %}
-{%- set salt_release = salt['pillar.get']('salt:release', 'latest') %}
-{%- if salt_release.split('.')|length >= 3 %}
-{%-   set salt_release = 'archive/' ~ salt_release %}
-{%- endif %}
-{%- set os_lower =  salt['grains.get']('os')|lower %}
-{%- set osmajorrelease = salt['grains.get']('osmajorrelease', osrelease)|string %}
-{%- set oscodename = salt['grains.get']('oscodename') %}
-{%- set os_family_lower =  salt['grains.get']('os_family')|lower %}
-{%- set salt_repo = salt['pillar.get']('salt:repo', 'https://repo.saltproject.io') %}
+{%- set salt_repo = salt['pillar.get']('salt:repo', 'https://packages.broadcom.com/artifactory') %}
+{%- set salt_repo_key_url = salt['pillar.get']('salt:repo_key_url', salt_repo ~ '/api/security/keypair/SaltProjectKey/public') %}
 
 Fedora:
   pygit2: python2-pygit2
@@ -21,14 +13,14 @@ Fedora:
 Amazon:
   pkgrepo_name: saltstack-amzn-repo
   pkgrepo_humanname: SaltStack repo for Amazon Linux 2
-  pkgrepo: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/amazon/2/$basearch/{{ salt_release }}'
-  key_url: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/amazon/2/$basearch/{{ salt_release }}/SALTSTACK-GPG-KEY.pub'
+  pkgrepo: '{{ salt_repo }}/saltproject-rpm/'
+  key_url: '{{ salt_repo_key_url }}'
 
 Ubuntu:
-  pkgrepo: 'deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] {{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }} {{ oscodename }} main'
-  pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }}/salt-archive-keyring.gpg'
-  pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47
-  key_url: '{{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }}/SALTSTACK-GPG-KEY.pub'
+  pkgrepo: 'deb [signed-by=/etc/apt/keyrings/salt-archive-keyring.pgp arch=amd64] {{ salt_repo }}/saltproject-deb stable main'
+  pkgrepo_keyring: '{{ salt_repo_key_url }}'
+  pkgrepo_keyring_hash: sha256=36decef986477acb8ba2a1fc4041bcf9f22229ef6c939d0317c9e36a9d142b34
+  key_url: '{{ salt_repo_key_url }}'
   pygit2: python-pygit2
   gitfs:
     pygit2:
@@ -38,8 +30,8 @@ Ubuntu:
         install_from_package: Null
 
 Raspbian:
-  pkgrepo: 'deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=armhf] {{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ os_family_lower }}/{{ osmajorrelease }}/armhf/{{ salt_release }} {{ oscodename }} main'
-  pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ os_family_lower }}/{{ osmajorrelease }}/armhf/{{ salt_release }}/salt-archive-keyring.gpg'
+  pkgrepo: 'deb [signed-by=/etc/apt/keyrings/salt-archive-keyring.pgp arch=armhf] {{ salt_repo }}/saltproject-deb stable main'
+  pkgrepo_keyring: '{{ salt_repo_key_url }}'
 
 SmartOS:
   salt_master: salt
diff --git a/salt/pkgrepo/debian/absent.sls b/salt/pkgrepo/debian/absent.sls
index 5a04489..6d32262 100644
--- a/salt/pkgrepo/debian/absent.sls
+++ b/salt/pkgrepo/debian/absent.sls
@@ -10,4 +10,4 @@ salt-pkgrepo-clean-saltstack-debian:
 
 salt-pkgrepo-clean-saltstack-debian-apt-key:
   file.absent:
-    - name: /usr/share/keyrings/salt-archive-keyring.gpg
+    - name: /etc/apt/keyrings/salt-archive-keyring.pgp
diff --git a/salt/pkgrepo/debian/clean.sls b/salt/pkgrepo/debian/clean.sls
index 5a04489..6d32262 100644
--- a/salt/pkgrepo/debian/clean.sls
+++ b/salt/pkgrepo/debian/clean.sls
@@ -10,4 +10,4 @@ salt-pkgrepo-clean-saltstack-debian:
 
 salt-pkgrepo-clean-saltstack-debian-apt-key:
   file.absent:
-    - name: /usr/share/keyrings/salt-archive-keyring.gpg
+    - name: /etc/apt/keyrings/salt-archive-keyring.pgp
diff --git a/salt/pkgrepo/debian/install.sls b/salt/pkgrepo/debian/install.sls
index 21ac37a..02b74c4 100644
--- a/salt/pkgrepo/debian/install.sls
+++ b/salt/pkgrepo/debian/install.sls
@@ -4,7 +4,7 @@
 
 salt-pkgrepo-install-saltstack-debian-keyring:
   file.managed:
-    - name: /usr/share/keyrings/salt-archive-keyring.gpg
+    - name: /etc/apt/keyrings/salt-archive-keyring.pgp
     - source: {{ salt_settings.pkgrepo_keyring }}
     - source_hash: {{ salt_settings.pkgrepo_keyring_hash }}
     - require_in:
diff --git a/salt/pkgrepo/redhat/install.sls b/salt/pkgrepo/redhat/install.sls
index 32b8d1a..d41e209 100644
--- a/salt/pkgrepo/redhat/install.sls
+++ b/salt/pkgrepo/redhat/install.sls
@@ -8,11 +8,12 @@ salt-pkgrepo-install-saltstack-redhat:
     - name: {{ salt_settings.pkgrepo_name }}
     - humanname: {{ salt_settings.pkgrepo_humanname }}
     - baseurl: {{ salt_settings.pkgrepo }}
+    - priority: 10
     - enabled: 1
+    - enabled_metadata: 1
     - gpgcheck: 1
     - gpgkey: {{ salt_settings.key_url }}
     {%- if grains['os']|lower in ['amazon'] %}
     - failovermethod: priority
-    - priority: 10
     {%- endif %}
 {%- endif %}