search

sous-chefs / packagecloud

Development repository for the packagecloud cookbook
https://supermarket.chef.io/cookbooks/packagecloud
Apache License 2.0
17 stars 48 forks source link

Packagecloud apt key rotation not applied #58

Open robbat2 opened 5 years ago

robbat2 commented 5 years ago

The packagecloud_repo repo only pulls the GPG key during deployment; and does not detect in any way that the key might have been rotated.

To properly solve this, the resource needs to keep the downloaded key, and be able to compare it back against the server copy for updates.

damacus commented 1 year ago

This would stop the cookbook from being idempotent, as it would change every run. Or at least download the key every run. If you can think of a way of implementing this, we're happy to receive a PR for this 👍🏼

robbat2 commented 1 year ago

Wow, dead ticket resurrect here.

Do you consider remote_file resource properties use_conditional_get / use_etag / use_last_modified to be sufficiently idempotent?

To use it, you'd have to wire up gpg_url to produce a file that stays on disk after it's imported into the keyring.

damacus commented 1 year ago

hah yeah, wading through lost repositories now we've adopted them!

I haven't considered that yet. Are you still using the cookbook? If so, do you fancy giving that a go?