feat(debian): use repository keyring instead of key_id

javierbertoli commented 2 years ago

PR progress checklist (to be filled in by reviewers)

[ ] Changes to documentation are appropriate (or tick if not required)
[ ] Changes to tests are appropriate (or tick if not required)
[ ] Reviews completed

What type of PR is this?

Primary type

[ ] [build] Changes related to the build system
[ ] [chore] Changes to the build process or auxiliary tools and libraries such as documentation generation
[ ] [ci] Changes to the continuous integration configuration
[X] [feat] A new feature
[ ] [fix] A bug fix
[ ] [perf] A code change that improves performance
[ ] [refactor] A code change that neither fixes a bug nor adds a feature
[ ] [revert] A change used to revert a previous commit
[ ] [style] Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.)

Secondary type

[ ] [docs] Documentation changes
[X] [test] Adding missing or correcting existing tests

Does this PR introduce a `BREAKING CHANGE`?

No.

Related issues and/or pull requests

Describe the changes you're proposing

Debian family is deprecating the use of GPG keys (managed through apt-key) in favor of keyrings. This PR adds the repositorykeyring when installing from the official repository, and rewrites the sources.list file accordingly.

Pillar / config required to test the proposed changes

Debug log showing how the proposed changes work

Documentation checklist

[ ] Updated the README (e.g. Available states).
[ ] Updated pillar.example.

Testing checklist

[ ] Included in Kitchen (i.e. under state_top).
[X] Covered by new/existing tests (e.g. InSpec, Serverspec, etc.).
[X] Updated the relevant test pillar.

Additional context

noelmcloughlin commented 2 years ago

For suse you need key_url I think. https://docs.saltproject.io/en/latest/ref/states/all/salt.states.pkgrepo.html

javierbertoli commented 2 years ago

For suse you need key_url I think. https://docs.saltproject.io/en/latest/ref/states/all/salt.states.pkgrepo.html

I checked the code before replacing it by gpgkey: these parameters are managed as kwargs by states/pkgrepo.py but are ignored in the final resulting config (no matter if named key_url or gpgkey):

With this state sls file generated by the formula:

       postgresql-repo:
         pkgrepo.managed:
           - baseurl: "https://download.postgresql.org/pub/repos/zypp/13/suse/sles-$releasever-$basearch"
           - gpgautoimport: True
           - gpgcheck: 1
           - gpgkey: "https://download.postgresql.org/pub/repos/zypp/13/suse/sles-$releasever-$basearch/repodata/repomd.xml.key"
           - humanname: "PostgreSQL 13 $releasever - $basearch"
           - name: "pgdg-sles-13"
           - require:
             - pkg: postgresql-pkg-deps

you get this /etc/zypp/repos.d/pgdg-sles-13.repo

[pgdg-sles-13]
enabled=1
autorefresh=0
baseurl=https://download.postgresql.org/pub/repos/zypp/13/suse/sles-$releasever-$basearch
gpgcheck=1

(notice that both humanname and gpgkey are not there). The same happens if the parameter is named key_url. I think that this saltstack issue might be related, but didn't go deep trying to debug it.

However, zypper shows the resulting repo config as

> zypper lr pgdg-sles-13
Alias          : pgdg-sles-13
Name           : pgdg-sles-13
URI            : https://download.postgresql.org/pub/repos/zypp/13/suse/sles-15.3-x86_64
Enabled        : Yes
GPG Check      : (r ) Yes
Priority       : 99 (default priority)
Autorefresh    : Off
Keep Packages  : Off
Type           : rpm-md
GPG Key URI    : 
Path Prefix    : 
Parent Service : 
Keywords       : ---
Repo Info Path : /etc/zypp/repos.d/pgdg-sles-13.repo
MD Cache Path  : /var/cache/zypp/raw/pgdg-sles-13

myii commented 2 years ago

Thanks, @javierbertoli -- merged.

saltstack-formulas-travis commented 2 years ago

:tada: This PR is included in version 0.44.0 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket:

saltstack-formulas / postgres-formula