Browse Source
Fix, system.repo don't use curl if not needed
- fixed pkgrepo.manage to use/prefer key_url for salt >= 2017.7 - updated syntax for key verificatoin - fix, avoid curl for salt:// schema (as in #156) Change-Id: I1b50c287a4030a9cefa1b819017d59cc5fb1c197fix-curl-behind-proxy2
Petr Michalec
6 years ago
1 changed files with 13 additions and 4 deletions
+ 13
- 4
linux/system/repo.sls
View File
| cmd.run: | cmd.run: | ||||
| - name: | | - name: | | ||||
| echo "{{ repo.key | indent(12) }}" | apt-key add - | echo "{{ repo.key | indent(12) }}" | apt-key add - | ||||
| - unless: | | |||||
| apt-key finger --with-colons | grep -qF $(echo "{{ repo.key| indent(12) }}" | gpg --with-fingerprint --with-colons | grep -E '^fpr') | |||||
| - require_in: | - require_in: | ||||
| {%- if repo.get('default', False) %} | {%- if repo.get('default', False) %} | ||||
| - file: default_repo_list | - file: default_repo_list | ||||
| - pkgrepo: linux_repo_{{ name }} | - pkgrepo: linux_repo_{{ name }} | ||||
| {% endif %} | {% endif %} | ||||
| {%- elif repo.key_url|default(False) %} | |||||
| {# key_url fetch by curl when salt <2017.7, higher version of salt has fixed bug for using a proxy_host/port specified at minion.conf #} | |||||
| {# | |||||
| NOTE: curl/cmd.run usage to fetch gpg key has limited functionality behind proxy. Environments with salt >= 2017.7 should use | |||||
| key_url specified at pkgrepo.manage state (which uses properly configured http_host at minion.conf). Older versions of | |||||
| salt require to have proxy set at ENV and curl way to fetch gpg key here can have a sense for backward compatibility. | |||||
| Be aware that as of salt 2018.3 no_proxy option is not implemented at all. | |||||
| #} | |||||
| {%- elif repo.key_url|default(False) and grains['saltversioninfo'] < [2017, 7] and not repo.key_url.startswith('salt://') %} | |||||
| linux_repo_{{ name }}_key: | linux_repo_{{ name }}_key: | ||||
| cmd.run: | cmd.run: | ||||
| - name: "curl -sL {{ repo.key_url }} | apt-key add -" | - name: "curl -sL {{ repo.key_url }} | apt-key add -" | ||||
| - unless: "apt-key finger --with-colons | grep -qF $(curl -sL {{ repo.key_url }} | gpg --with-fingerprint --with-colons | grep -E '^fpr')" | |||||
| - require_in: | - require_in: | ||||
| {%- if repo.get('default', False) %} | {%- if repo.get('default', False) %} | ||||
| - file: default_repo_list | - file: default_repo_list | ||||
| {%- if repo.key_server is defined %} | {%- if repo.key_server is defined %} | ||||
| - keyserver: {{ repo.key_server }} | - keyserver: {{ repo.key_server }} | ||||
| {%- endif %} | {%- endif %} | ||||
| {%- if repo.key_url is defined and (grains['saltversioninfo'] >= [2017, 7] or repo.key_url.startswith('salt://')) %} | |||||
| - key_url: {{ repo.key_url }} | |||||
| {%- endif %} | |||||
| - consolidate: {{ repo.get('consolidate', False) }} | - consolidate: {{ repo.get('consolidate', False) }} | ||||
| - clean_file: {{ repo.get('clean_file', False) }} | - clean_file: {{ repo.get('clean_file', False) }} | ||||
| - refresh_db: {{ repo.get('refresh_db', True) }} | - refresh_db: {{ repo.get('refresh_db', True) }} |
Loading…