Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

repositories: fix keys and archs #548

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion salt/defaults.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
salt:
version: ''
pin_version: false
py_ver: '' ## py2 is default
py_ver: 'py3' ## py3 is default
rootuser: root
rootgroup: root
install_packages: true
Expand Down
9 changes: 5 additions & 4 deletions salt/osfamilymap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

{%- set py_ver_repr = salt['pillar.get']('salt:py_ver', '') %}

{%- set repoarch = 'amd64' if salt['grains.get']('osarch', '') == 'x86_64' else 'arm64' %}
{%- set osrelease = salt['grains.get']('osrelease', '') %}
{%- set salt_release = salt['pillar.get']('salt:release', 'latest') %}
{%- if salt_release.split('.')|length >= 3 %}
Expand All @@ -13,7 +14,7 @@
{%- set osmajorrelease = salt['grains.get']('osmajorrelease', osrelease)|string %}
{%- set oscodename = salt['grains.get']('oscodename') %}
{%- set opensuse_repo_suffix = 'Leap_' ~ osrelease if salt['grains.get']('osfinger', '') == 'Leap-15' else 'Tumbleweed' %}
{%- set salt_repo = salt['pillar.get']('salt:repo', 'https://repo.saltproject.io') %}
{%- set salt_repo = salt['pillar.get']('salt:repo', 'https://repo.saltproject.io/salt') %}

#from template-formula
{%- if grains.os_family == 'MacOS' %}
Expand All @@ -25,7 +26,7 @@


Debian:
pkgrepo: 'deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] {{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ osfamily_lower }}/{{ osmajorrelease }}/amd64/{{ salt_release }} {{ oscodename }} main'
pkgrepo: 'deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch={{ repoarch }}] {{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ osfamily_lower }}/{{ osmajorrelease }}/{{ repoarch }}/{{ salt_release }} {{ oscodename }} main'
pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ osfamily_lower }}/{{ osmajorrelease }}/amd64/{{ salt_release }}/salt-archive-keyring.gpg'
pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47
libgit2: libgit2-22
Expand All @@ -43,8 +44,8 @@ Debian:
RedHat:
pkgrepo_name: saltstack
pkgrepo_humanname: SaltStack repo for RHEL/CentOS $releasever
pkgrepo: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/redhat/$releasever/$basearch/{{ salt_release }}'
key_url: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/redhat/$releasever/$basearch/{{ salt_release }}/SALTSTACK-GPG-KEY.pub'
pkgrepo: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/redhat/$releasever/$basearch/{{ salt_release }}'
key_url: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/redhat/$releasever/$basearch/{{ salt_release }}/SALT-PROJECT-GPG-PUBKEY-2023.pub'
pygit2: python-pygit2
python_git: GitPython
gitfs:
Expand Down
4 changes: 2 additions & 2 deletions salt/osfingermap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,5 +14,5 @@

Oracle Linux Server-7:
pkgrepo_humanname: SaltStack repo for RHEL/CentOS {{ osmajorrelease }}
pkgrepo: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/redhat/{{ osmajorrelease }}/$basearch/{{ salt_release }}'
key_url: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/redhat/{{ osmajorrelease }}/$basearch/{{ salt_release }}/SALTSTACK-GPG-KEY.pub'
pkgrepo: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/redhat/{{ osmajorrelease }}/$basearch/{{ salt_release }}'
key_url: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/redhat/{{ osmajorrelease }}/$basearch/{{ salt_release }}/SALT-PROJECT-GPG-PUBKEY-2023.pub'
11 changes: 6 additions & 5 deletions salt/osmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

{%- set py_ver_repr = salt['pillar.get']('salt:py_ver', '') %}

{%- set repoarch = 'amd64' if salt['grains.get']('osarch', '') == 'x86_64' else 'arm64' %}
{%- set osrelease = salt['grains.get']('osrelease', '') %}
{%- set salt_release = salt['pillar.get']('salt:release', 'latest') %}
{%- if salt_release.split('.')|length >= 3 %}
Expand All @@ -22,13 +23,13 @@ Amazon:
pkgrepo_name: saltstack-amzn-repo
pkgrepo_humanname: SaltStack repo for Amazon Linux 2
pkgrepo: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/amazon/2/$basearch/{{ salt_release }}'
sticky-note marked this conversation as resolved.
Show resolved Hide resolved
key_url: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/amazon/2/$basearch/{{ salt_release }}/SALTSTACK-GPG-KEY.pub'
key_url: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/amazon/2/$basearch/{{ salt_release }}/SALT-PROJECT-GPG-PUBKEY-2023.pub'
sticky-note marked this conversation as resolved.
Show resolved Hide resolved

Ubuntu:
pkgrepo: 'deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] {{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }} {{ oscodename }} main'
pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }}/salt-archive-keyring.gpg'
pkgrepo: 'deb [signed-by=/usr/share/keyrings/SALT-PROJECT-GPG-PUBKEY-2023.gpg arch={{ repoarch }}] {{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/{{ repoarch }}/{{ salt_release }} {{ oscodename }} main'
sticky-note marked this conversation as resolved.
Show resolved Hide resolved
pkgrepo_keyring: '{{ salt_repo }}/{% if oscodename == "jammy" %}salt/{% endif %}{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }}/SALT-PROJECT-GPG-PUBKEY-2023.gpg'
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think this can be modified to support more versions. This would limit 3006 not being installed on 18.04 and 20.04. Would we want an if loop here based off of salt version being installed?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we keep logic of oscodenames + salt versions, it adds a lot of uneeded temporary complexity because we need to apply this logic also for key naming.
I think that poeople relying on old repository can pin version of this formula to 1.x.x while waiting to update their salt ecosystem.
Proposed a PR here -> #561

pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47
key_url: '{{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }}/SALTSTACK-GPG-KEY.pub'
key_url: '{{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }}/SALT-PROJECT-GPG-PUBKEY-{{ "today" | strftime("%Y") }}.gpg'
sticky-note marked this conversation as resolved.
Show resolved Hide resolved
pygit2: python-pygit2
gitfs:
pygit2:
Expand All @@ -39,7 +40,7 @@ Ubuntu:

Raspbian:
pkgrepo: 'deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=armhf] {{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ os_family_lower }}/{{ osmajorrelease }}/armhf/{{ salt_release }} {{ oscodename }} main'
pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ os_family_lower }}/{{ osmajorrelease }}/armhf/{{ salt_release }}/salt-archive-keyring.gpg'
pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ os_family_lower }}/{{ osmajorrelease }}/armhf/{{ salt_release }}/SALT-PROJECT-GPG-PUBKEY-2023.gpg'

SmartOS:
salt_master: salt
Expand Down