From 5958690fb528b515a503e69b2e93306e077cc9bd Mon Sep 17 00:00:00 2001 From: Sean Molenaar Date: Fri, 19 May 2023 09:11:15 +0200 Subject: [PATCH 1/2] repositories: fix keys and archs --- salt/defaults.yaml | 2 +- salt/osfamilymap.yaml | 9 +++++---- salt/osfingermap.yaml | 4 ++-- salt/osmap.yaml | 11 ++++++----- 4 files changed, 14 insertions(+), 12 deletions(-) diff --git a/salt/defaults.yaml b/salt/defaults.yaml index 2b84eec3e..dd02856b8 100644 --- a/salt/defaults.yaml +++ b/salt/defaults.yaml @@ -4,7 +4,7 @@ salt: version: '' pin_version: false - py_ver: '' ## py2 is default + py_ver: 'py3' ## py3 is default rootuser: root rootgroup: root install_packages: true diff --git a/salt/osfamilymap.yaml b/salt/osfamilymap.yaml index e2e48a640..e2c723679 100644 --- a/salt/osfamilymap.yaml +++ b/salt/osfamilymap.yaml @@ -4,6 +4,7 @@ {%- set py_ver_repr = salt['pillar.get']('salt:py_ver', '') %} +{%- set repoarch = 'amd64' if salt['grains.get']('osarch', '') == 'x86_64' else 'arm64' %} {%- set osrelease = salt['grains.get']('osrelease', '') %} {%- set salt_release = salt['pillar.get']('salt:release', 'latest') %} {%- if salt_release.split('.')|length >= 3 %} @@ -13,7 +14,7 @@ {%- set osmajorrelease = salt['grains.get']('osmajorrelease', osrelease)|string %} {%- set oscodename = salt['grains.get']('oscodename') %} {%- set opensuse_repo_suffix = 'Leap_' ~ osrelease if salt['grains.get']('osfinger', '') == 'Leap-15' else 'Tumbleweed' %} -{%- set salt_repo = salt['pillar.get']('salt:repo', 'https://repo.saltproject.io') %} +{%- set salt_repo = salt['pillar.get']('salt:repo', 'https://repo.saltproject.io/salt') %} #from template-formula {%- if grains.os_family == 'MacOS' %} @@ -25,7 +26,7 @@ Debian: - pkgrepo: 'deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] {{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ osfamily_lower }}/{{ osmajorrelease }}/amd64/{{ salt_release }} {{ oscodename }} main' + pkgrepo: 'deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch={{ repoarch }}] {{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ osfamily_lower }}/{{ osmajorrelease }}/{{ repoarch }}/{{ salt_release }} {{ oscodename }} main' pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ osfamily_lower }}/{{ osmajorrelease }}/amd64/{{ salt_release }}/salt-archive-keyring.gpg' pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 libgit2: libgit2-22 @@ -43,8 +44,8 @@ Debian: RedHat: pkgrepo_name: saltstack pkgrepo_humanname: SaltStack repo for RHEL/CentOS $releasever - pkgrepo: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/redhat/$releasever/$basearch/{{ salt_release }}' - key_url: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/redhat/$releasever/$basearch/{{ salt_release }}/SALTSTACK-GPG-KEY.pub' + pkgrepo: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/redhat/$releasever/$basearch/{{ salt_release }}' + key_url: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/redhat/$releasever/$basearch/{{ salt_release }}/SALT-PROJECT-GPG-PUBKEY-{{ "today" | strftime("%Y") }}.pub' pygit2: python-pygit2 python_git: GitPython gitfs: diff --git a/salt/osfingermap.yaml b/salt/osfingermap.yaml index d92030d1b..995624b08 100644 --- a/salt/osfingermap.yaml +++ b/salt/osfingermap.yaml @@ -14,5 +14,5 @@ Oracle Linux Server-7: pkgrepo_humanname: SaltStack repo for RHEL/CentOS {{ osmajorrelease }} - pkgrepo: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/redhat/{{ osmajorrelease }}/$basearch/{{ salt_release }}' - key_url: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/redhat/{{ osmajorrelease }}/$basearch/{{ salt_release }}/SALTSTACK-GPG-KEY.pub' + pkgrepo: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/redhat/{{ osmajorrelease }}/$basearch/{{ salt_release }}' + key_url: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/redhat/{{ osmajorrelease }}/$basearch/{{ salt_release }}/SALT-PROJECT-GPG-PUBKEY-{{ "today" | strftime("%Y") }}.pub' diff --git a/salt/osmap.yaml b/salt/osmap.yaml index c55372822..321a0c7c7 100644 --- a/salt/osmap.yaml +++ b/salt/osmap.yaml @@ -4,6 +4,7 @@ {%- set py_ver_repr = salt['pillar.get']('salt:py_ver', '') %} +{%- set repoarch = 'amd64' if salt['grains.get']('osarch', '') == 'x86_64' else 'arm64' %} {%- set osrelease = salt['grains.get']('osrelease', '') %} {%- set salt_release = salt['pillar.get']('salt:release', 'latest') %} {%- if salt_release.split('.')|length >= 3 %} @@ -22,13 +23,13 @@ Amazon: pkgrepo_name: saltstack-amzn-repo pkgrepo_humanname: SaltStack repo for Amazon Linux 2 pkgrepo: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/amazon/2/$basearch/{{ salt_release }}' - key_url: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/amazon/2/$basearch/{{ salt_release }}/SALTSTACK-GPG-KEY.pub' + key_url: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/amazon/2/$basearch/{{ salt_release }}/SALT-PROJECT-GPG-PUBKEY-{{ "today" | strftime("%Y") }}.pub' Ubuntu: - pkgrepo: 'deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] {{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }} {{ oscodename }} main' - pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }}/salt-archive-keyring.gpg' + pkgrepo: 'deb [signed-by=/usr/share/keyrings/SALT-PROJECT-GPG-PUBKEY-{{ "today" | strftime("%Y") }}.gpg arch={{ repoarch }}] {{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/{{ repoarch }}/{{ salt_release }} {{ oscodename }} main' + pkgrepo_keyring: '{{ salt_repo }}/{% if oscodename == "jammy" %}salt/{% endif %}{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }}/SALT-PROJECT-GPG-PUBKEY-{{ "today" | strftime("%Y") }}.gpg' pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 - key_url: '{{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }}/SALTSTACK-GPG-KEY.pub' + key_url: '{{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }}/SALT-PROJECT-GPG-PUBKEY-{{ "today" | strftime("%Y") }}.gpg' pygit2: python-pygit2 gitfs: pygit2: @@ -39,7 +40,7 @@ Ubuntu: Raspbian: pkgrepo: 'deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=armhf] {{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ os_family_lower }}/{{ osmajorrelease }}/armhf/{{ salt_release }} {{ oscodename }} main' - pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ os_family_lower }}/{{ osmajorrelease }}/armhf/{{ salt_release }}/salt-archive-keyring.gpg' + pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ os_family_lower }}/{{ osmajorrelease }}/armhf/{{ salt_release }}/SALT-PROJECT-GPG-PUBKEY-{{ "today" | strftime("%Y") }}.gpg' SmartOS: salt_master: salt From 5fd67ea24b25ac8c6755edc8367dc75730fe6b9f Mon Sep 17 00:00:00 2001 From: Sean Molenaar Date: Wed, 14 Jun 2023 12:55:26 +0200 Subject: [PATCH 2/2] Fix key names --- salt/osfamilymap.yaml | 2 +- salt/osfingermap.yaml | 2 +- salt/osmap.yaml | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/salt/osfamilymap.yaml b/salt/osfamilymap.yaml index e2c723679..c734b1f3c 100644 --- a/salt/osfamilymap.yaml +++ b/salt/osfamilymap.yaml @@ -45,7 +45,7 @@ RedHat: pkgrepo_name: saltstack pkgrepo_humanname: SaltStack repo for RHEL/CentOS $releasever pkgrepo: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/redhat/$releasever/$basearch/{{ salt_release }}' - key_url: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/redhat/$releasever/$basearch/{{ salt_release }}/SALT-PROJECT-GPG-PUBKEY-{{ "today" | strftime("%Y") }}.pub' + key_url: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/redhat/$releasever/$basearch/{{ salt_release }}/SALT-PROJECT-GPG-PUBKEY-2023.pub' pygit2: python-pygit2 python_git: GitPython gitfs: diff --git a/salt/osfingermap.yaml b/salt/osfingermap.yaml index 995624b08..3bf71e01e 100644 --- a/salt/osfingermap.yaml +++ b/salt/osfingermap.yaml @@ -15,4 +15,4 @@ Oracle Linux Server-7: pkgrepo_humanname: SaltStack repo for RHEL/CentOS {{ osmajorrelease }} pkgrepo: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/redhat/{{ osmajorrelease }}/$basearch/{{ salt_release }}' - key_url: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/redhat/{{ osmajorrelease }}/$basearch/{{ salt_release }}/SALT-PROJECT-GPG-PUBKEY-{{ "today" | strftime("%Y") }}.pub' + key_url: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/redhat/{{ osmajorrelease }}/$basearch/{{ salt_release }}/SALT-PROJECT-GPG-PUBKEY-2023.pub' diff --git a/salt/osmap.yaml b/salt/osmap.yaml index 321a0c7c7..e7aa78de8 100644 --- a/salt/osmap.yaml +++ b/salt/osmap.yaml @@ -23,11 +23,11 @@ Amazon: pkgrepo_name: saltstack-amzn-repo pkgrepo_humanname: SaltStack repo for Amazon Linux 2 pkgrepo: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/amazon/2/$basearch/{{ salt_release }}' - key_url: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/amazon/2/$basearch/{{ salt_release }}/SALT-PROJECT-GPG-PUBKEY-{{ "today" | strftime("%Y") }}.pub' + key_url: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/amazon/2/$basearch/{{ salt_release }}/SALT-PROJECT-GPG-PUBKEY-2023.pub' Ubuntu: - pkgrepo: 'deb [signed-by=/usr/share/keyrings/SALT-PROJECT-GPG-PUBKEY-{{ "today" | strftime("%Y") }}.gpg arch={{ repoarch }}] {{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/{{ repoarch }}/{{ salt_release }} {{ oscodename }} main' - pkgrepo_keyring: '{{ salt_repo }}/{% if oscodename == "jammy" %}salt/{% endif %}{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }}/SALT-PROJECT-GPG-PUBKEY-{{ "today" | strftime("%Y") }}.gpg' + pkgrepo: 'deb [signed-by=/usr/share/keyrings/SALT-PROJECT-GPG-PUBKEY-2023.gpg arch={{ repoarch }}] {{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/{{ repoarch }}/{{ salt_release }} {{ oscodename }} main' + pkgrepo_keyring: '{{ salt_repo }}/{% if oscodename == "jammy" %}salt/{% endif %}{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }}/SALT-PROJECT-GPG-PUBKEY-2023.gpg' pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 key_url: '{{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }}/SALT-PROJECT-GPG-PUBKEY-{{ "today" | strftime("%Y") }}.gpg' pygit2: python-pygit2 @@ -40,7 +40,7 @@ Ubuntu: Raspbian: pkgrepo: 'deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=armhf] {{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ os_family_lower }}/{{ osmajorrelease }}/armhf/{{ salt_release }} {{ oscodename }} main' - pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ os_family_lower }}/{{ osmajorrelease }}/armhf/{{ salt_release }}/SALT-PROJECT-GPG-PUBKEY-{{ "today" | strftime("%Y") }}.gpg' + pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ os_family_lower }}/{{ osmajorrelease }}/armhf/{{ salt_release }}/SALT-PROJECT-GPG-PUBKEY-2023.gpg' SmartOS: salt_master: salt