Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update APT GPG Key and ensure apt::source is before package #175

Merged
merged 1 commit into from
Jan 21, 2025
Merged

Update APT GPG Key and ensure apt::source is before package #175

merged 1 commit into from
Jan 21, 2025

Conversation

yakatz
Copy link
Member

@yakatz yakatz commented Jan 20, 2025

Pull Request (PR) description

apt update has been failing for a while because the old key expired and the repo is now signed with a new key.

It isn't possible to keep the key updated by downloading from the repository every time puppet runs - the only way to do that is to have the key in puppet itself so it can make sure it is up-to-date.

@yakatz yakatz force-pushed the new_gpg_key branch 5 times, most recently from a03d163 to b1b0cbb Compare January 21, 2025 05:28
@yakatz
Copy link
Member Author

yakatz commented Jan 21, 2025

This will have to be a major version bump

kenyon
kenyon reviewed Jan 21, 2025
View reviewed changes
Copy link
Member

@kenyon kenyon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You could get rid of the file resource for lldpd.asc here, and instead let apt::source handle it by passing a key hash with a content parameter.

@jay7x
Copy link
Member

jay7x commented Jan 21, 2025

Some time ago I kinda "fixed" the same in puppet-caddy: https://github.com/voxpupuli/puppet-caddy/blob/91efe40e888e8f191611eaa3274c9dcdc35004b2/manifests/install/repo.pp#L23

@yakatz
Copy link
Member Author

yakatz commented Jan 21, 2025

You could get rid of the file resource for lldpd.asc here, and instead let apt::source handle it by passing a key hash with a content parameter.

apt::key is deprecated in favor of shipping the key (using this approach or apt::keyring)

jhoblitt
jhoblitt requested changes Jan 21, 2025
View reviewed changes
manifests/init.pp Outdated Show resolved Hide resolved
@kenyon
Copy link
Member

kenyon commented Jan 21, 2025

You could get rid of the file resource for lldpd.asc here, and instead let apt::source handle it by passing a key hash with a content parameter.

apt::key is deprecated in favor of shipping the key (using this approach or apt::keyring)

I know, I'm suggesting this: https://github.com/puppetlabs/puppetlabs-apt/blob/5e34dcb822ae64c81e9aa8f10e048f4ddd59d525/manifests/source.pp#L207

@yakatz yakatz requested a review from jhoblitt January 21, 2025 22:14
@yakatz yakatz mentioned this pull request Jan 21, 2025
Merged
@yakatz
APT repo has new GPG key
11fa2cf 
Also ensure apt:ssource comes before package installation
@yakatz yakatz requested a review from kenyon January 21, 2025 22:22
@yakatz yakatz mentioned this pull request Jan 21, 2025
Merged
@yakatz yakatz merged commit c95f252 into voxpupuli:master Jan 21, 2025
22 checks passed
@yakatz yakatz deleted the new_gpg_key branch January 21, 2025 22:26
@yakatz yakatz changed the title APT repo has new GPG key and we should control it directly Update APT GPG Key and ensure apt::source is before package Jan 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kenyon kenyon kenyon approved these changes

@bastelfreak bastelfreak Awaiting requested review from bastelfreak

@jhoblitt jhoblitt Awaiting requested review from jhoblitt

Assignees
No one assigned
Labels
backwards-incompatible
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@yakatz @jay7x @kenyon @jhoblitt