search

saltstack / salt

Software to automate the management and configuration of any infrastructure or application at scale. Install Salt from the Salt package repositories here:
https://docs.saltproject.io/salt/install-guide/en/latest/
Apache License 2.0
14.2k stars 5.48k forks source link

[Feature Request] pkgrepo should accept multiple key IDs for yum #51494

Open kjkeane opened 5 years ago

kjkeane commented 5 years ago

Description of Issue/Question

Repositories like the Saltstack repository require multiple keys to install packages required by the salt-minion, salt-master and other Saltstack packages.

Setup

pkgrepo-saltstack.sls

saltstack_pkgrepo:
  pkgrepo.managed:
    - name: saltstack
    - humanname: Saltstack Latest Release Channel for RHEL/CentOS $releasever
    - baseurl: https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
    - failovermethod: priority
    - enabled: 1
    - gpgcheck: 1
    - gpgkey: 
      - https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub
      - https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/base/RPM-GPG-KEY-CentOS-{{ grains['osmajorrelease'] }}

Output

/etc/yum.repos.d/saltstack.repo

[saltstack]
name=Saltstack Latest Release Channel for RHEL/CentOS $releasever
failovermethod=priority
gpgcheck=1
gpgkey=[u'https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub', u'https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/base/RPM-GPG-KEY-CentOS-7']
enabled=1
baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest

Steps to Reproduce Issue

(Include debug logs if possible and relevant.)

Versions Report

(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)

salt-master

Salt Version:
           Salt: 2018.3.3

Dependency Versions:
           cffi: 1.6.0
       cherrypy: unknown
       dateutil: 1.5
      docker-py: Not Installed
          gitdb: Not Installed
      gitpython: Not Installed
          ioflo: Not Installed
         Jinja2: 2.7.2
        libgit2: 0.26.3
        libnacl: Not Installed
       M2Crypto: 0.28.2
           Mako: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.5.6
   mysql-python: Not Installed
      pycparser: 2.14
       pycrypto: 2.6.1
   pycryptodome: Not Installed
         pygit2: 0.26.4
         Python: 2.7.5 (default, Sep 12 2018, 05:31:16)
   python-gnupg: Not Installed
         PyYAML: 3.11
          PyZMQ: 15.3.0
           RAET: Not Installed
          smmap: Not Installed
        timelib: Not Installed
        Tornado: 4.2.1
            ZMQ: 4.1.4

System Versions:
           dist: redhat 7.6 Maipo
         locale: UTF-8
        machine: x86_64
        release: 3.10.0-957.1.3.el7.x86_64
         system: Linux
        version: Red Hat Enterprise Linux Server 7.6 Maipo

salt-minion

Salt Version:
           Salt: 2018.3.3

Dependency Versions:
           cffi: 1.6.0
       cherrypy: Not Installed
       dateutil: 1.5
      docker-py: Not Installed
          gitdb: Not Installed
      gitpython: Not Installed
          ioflo: Not Installed
         Jinja2: 2.7.2
        libgit2: Not Installed
        libnacl: Not Installed
       M2Crypto: 0.28.2
           Mako: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.5.6
   mysql-python: Not Installed
      pycparser: 2.14
       pycrypto: 2.6.1
   pycryptodome: 3.7.0
         pygit2: Not Installed
         Python: 2.7.5 (default, Sep 12 2018, 05:31:16)
   python-gnupg: Not Installed
         PyYAML: 3.11
          PyZMQ: 15.3.0
           RAET: Not Installed
          smmap: Not Installed
        timelib: Not Installed
        Tornado: 4.2.1
            ZMQ: 4.1.4

System Versions:
           dist: redhat 7.6 Maipo
         locale: UTF-8
        machine: x86_64
        release: 3.10.0-957.1.3.el7.x86_64
         system: Linux
        version: Red Hat Enterprise Linux Server 7.6 Maipo
Ch3LL commented 5 years ago

the salt repo should not require multiple gpg keys, but I did look and it seems multiple gpg keys are supported in yum config files so i'll approve this as a feature request to add multiple gpg key support

noelmcloughlin commented 5 years ago

This prometheus repo needs multiple key support too so looks like a needed feature.

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

stale[bot] commented 4 years ago

Thank you for updating this issue. It is no longer marked as stale.

racooper commented 4 years ago

I've found that the shibboleth repo generator (https://shibboleth.net/cgi-bin/sp_repo.cgi) has multiple gpgkey entries as well; this would definitely be a useful feature.

racooper commented 2 years ago

MySQL Community repos are also now using multiple gpg keys. The fact that this has been open and not addressed for 3 years is rather frustrating.

mdschmitt commented 2 years ago

It's not quite as pretty as using multiple key values in a List, but if you just specify all the GPG keys you need, space-separated in the same gpgkey= line, yum figures things out just fine. 🤷

So, the OP's state could just be something like:

saltstack_pkgrepo:
  pkgrepo.managed:
    - name: saltstack
    - humanname: Saltstack Latest Release Channel for RHEL/CentOS $releasever
    - baseurl: https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
    - failovermethod: priority
    - enabled: 1
    - gpgcheck: 1
    - gpgkey: "https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/base/RPM-GPG-KEY-CentOS-{{ grains['osmajorrelease'] }}"
kjkeane commented 2 years ago

Sorry, I have been busy, but this issue/request no longer required by my usage. This can be kept open if required, but I no longer have this need.

rterbush commented 3 months ago

Make that 5 years...