Open teankie opened 1 year ago
I can confirm this issue on an up2date Ubuntu 22.04.1 LTS, using postgresql-common 246.pgdg22.04.
One could read a few more details on the change here: https://www.postgresql.org/message-id/Y25%2BRkZxiZKBOKio%40msg.df7cb.de
My temporary workaround/fix was to update upstream.sls:
--- upstream.sls 2022-11-14 17:02:32.779693190 +0100
+++ upstream.sls.orig 2022-11-14 16:57:29.287919474 +0100
@@ -22,8 +22,8 @@
pkg.installed:
- pkgs: {{ postgres.pkgs_deps | json }}
+# Add upstream repository for your distro
{% if grains.os_family == 'Debian' %}
- {% if salt['pkg.version_cmp'](postgres.version, '15') >= 0 %}
postgresql-repo-keyring:
pkg.installed:
- sources:
@@ -31,7 +31,6 @@
- require_in:
- pkgrepo: postgresql-repo
{%- endif %}
- {%- endif %}
postgresql-repo:
pkgrepo.managed:
The solution from [technikerk] is not the correct one because is use the postgresql version and the postgresql-common version. So we made a change for postgresql-common version.
--- a/postgres/upstream.sls
+++ b/postgres/upstream.sls
@@ -1,6 +1,8 @@
{%- from tpldir + "/map.jinja" import postgres with context -%}
{%- from tpldir + "/macros.jinja" import format_kwargs with context -%}
+{% set pg_common_version = salt['pkg.version']('postgresql-common') %}
+
{%- if 'pkg_repo' in postgres -%}
{%- if postgres.use_upstream_repo == true -%}
@@ -24,6 +26,7 @@ postgresql-pkg-deps:
# Add upstream repository for your distro
{% if grains.os_family == 'Debian' %}
+ {% if salt['pkg.version_cmp'](pg_common_version, '246') <= 0 %}
postgresql-repo-keyring:
pkg.installed:
- sources:
@@ -31,6 +34,7 @@ postgresql-repo-keyring:
- require_in:
- pkgrepo: postgresql-repo
{%- endif %}
+ {%- endif %}
postgresql-repo:
pkgrepo.managed:
We will make a merge request for this.
@teankie Thanks for your improvment of my quick workaround and your better contribution! I wasn't trying to sell it as a solution. ;)
Now, I was wondering, if one now does a fresh installation of a modern postgresql (no pgdg repo configured yet), wouldn't the repo setup fail because /usr/share/postgresql-common/pgdg/...gpg/asc
is still missing? Should we rather install postgresql-common
(needs postgresql-client-common
) manually? But sounds wrong to me, so perhaps the better option would be just fetch/import the key for Debian on our own?
According to https://download.postgresql.org/pub/repos/apt/README the key could be obtained from https://www.postgresql.org/media/keys/ACCC4CF8.asc. That doesn't convince me in terms of trust/authenticity of the repo's content, but well..
update the package lists, and start installing packages: wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
Also one could think about copying /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh
to this formula (, perhaps adopting it a bit) and using it?
I will test the upstream.sls version of your pull request with a fresh installation, to see if my assumption is even valid, or if everything works. :)
Now, I was wondering, if one now does a fresh installation of a modern postgresql (no pgdg repo configured yet), wouldn't the repo setup fail because
/usr/share/postgresql-common/pgdg/...gpg/asc
is still missing? (...) I will test the upstream.sls version of your pull request with a fresh installation, to see if my assumption is even valid, or if everything works. :)
OK, nevermind. It works perfectly (including from my top.sls: postgres.client
, postgres.upstream
, postgres.server
, postgres.manage
) as postgresql-repo-keyring would still install pgdg-keyring
before postgresql-common
is available on the system.
----------
ID: postgresql-pkg-deps
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 14:41:47.786339
Duration: 6.085 ms
Changes:
----------
ID: postgresql-repo-keyring
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: pgdg-keyring
Started: 14:41:47.792503
Duration: 791.498 ms
Changes:
----------
pgdg-keyring:
----------
new:
2018.2
old:
----------
ID: postgresql-repo
Function: pkgrepo.managed
Name: deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.gpg] http://apt.postgresql.org/pub/repos/apt jammy-pgdg main
Result: True
Comment: Configured package repo 'deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.gpg] http://apt.postgresql.org/pub/repos/apt jammy-pgdg main'
Started: 14:41:48.588176
Duration: 2367.789 ms
Changes:
----------
repo:
deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.gpg] http://apt.postgresql.org/pub/repos/apt jammy-pgdg main
(...)
----------
ID: postgresql-server
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: postgresql-15
Started: 14:41:56.172275
Duration: 13954.955 ms
Changes:
----------
(...)
pgdg-keyring:
----------
new:
old:
2018.2
postgresql-15:
----------
new:
15.1-1.pgdg22.04+1
old:
postgresql-common:
----------
new:
246.pgdg22.04+1
old:
(...)
The change from https://github.com/saltstack-formulas/postgres-formula/issues/327#issuecomment-1314952920 helped. Thanks!
Hey - we also experience this. Can we merge please? :)
Your setup
Formula commit hash / release tag
Versions reports (master & minion)
Pillar / config used
Bug details
Describe the bug
Last friday there is a new version of postgresql-common (246.pgdg18.04+1) which includes pgdg-keyring. So it will remove the package pgdg-keyring. This will break the formula.
Steps to reproduce the bug
sall-call state.sls postgres dpkg -l | grep postgres sall-call state.sls postgres
Expected behaviour
Option to disable postgres.postgresql-repo-keyring
Attempts to fix the bug
Troubleshooting repo:
Additional context