salt icon indicating copy to clipboard operation
salt copied to clipboard
verified publisher icon saltstack

[Feature Request] pkgrepo should accept multiple key IDs for yum

Open kjkeane opened this issue 6 years ago • 9 comments

Description of Issue/Question

Repositories like the Saltstack repository require multiple keys to install packages required by the salt-minion, salt-master and other Saltstack packages.

Setup

pkgrepo-saltstack.sls

saltstack_pkgrepo:
  pkgrepo.managed:
    - name: saltstack
    - humanname: Saltstack Latest Release Channel for RHEL/CentOS $releasever
    - baseurl: https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
    - failovermethod: priority
    - enabled: 1
    - gpgcheck: 1
    - gpgkey: 
      - https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub
      - https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/base/RPM-GPG-KEY-CentOS-{{ grains['osmajorrelease'] }}

Output

/etc/yum.repos.d/saltstack.repo

[saltstack]
name=Saltstack Latest Release Channel for RHEL/CentOS $releasever
failovermethod=priority
gpgcheck=1
gpgkey=[u'https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub', u'https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/base/RPM-GPG-KEY-CentOS-7']
enabled=1
baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest

Steps to Reproduce Issue

(Include debug logs if possible and relevant.)

Versions Report

(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)

salt-master

Salt Version:
           Salt: 2018.3.3
 
Dependency Versions:
           cffi: 1.6.0
       cherrypy: unknown
       dateutil: 1.5
      docker-py: Not Installed
          gitdb: Not Installed
      gitpython: Not Installed
          ioflo: Not Installed
         Jinja2: 2.7.2
        libgit2: 0.26.3
        libnacl: Not Installed
       M2Crypto: 0.28.2
           Mako: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.5.6
   mysql-python: Not Installed
      pycparser: 2.14
       pycrypto: 2.6.1
   pycryptodome: Not Installed
         pygit2: 0.26.4
         Python: 2.7.5 (default, Sep 12 2018, 05:31:16)
   python-gnupg: Not Installed
         PyYAML: 3.11
          PyZMQ: 15.3.0
           RAET: Not Installed
          smmap: Not Installed
        timelib: Not Installed
        Tornado: 4.2.1
            ZMQ: 4.1.4
 
System Versions:
           dist: redhat 7.6 Maipo
         locale: UTF-8
        machine: x86_64
        release: 3.10.0-957.1.3.el7.x86_64
         system: Linux
        version: Red Hat Enterprise Linux Server 7.6 Maipo

salt-minion

Salt Version:
           Salt: 2018.3.3
 
Dependency Versions:
           cffi: 1.6.0
       cherrypy: Not Installed
       dateutil: 1.5
      docker-py: Not Installed
          gitdb: Not Installed
      gitpython: Not Installed
          ioflo: Not Installed
         Jinja2: 2.7.2
        libgit2: Not Installed
        libnacl: Not Installed
       M2Crypto: 0.28.2
           Mako: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.5.6
   mysql-python: Not Installed
      pycparser: 2.14
       pycrypto: 2.6.1
   pycryptodome: 3.7.0
         pygit2: Not Installed
         Python: 2.7.5 (default, Sep 12 2018, 05:31:16)
   python-gnupg: Not Installed
         PyYAML: 3.11
          PyZMQ: 15.3.0
           RAET: Not Installed
          smmap: Not Installed
        timelib: Not Installed
        Tornado: 4.2.1
            ZMQ: 4.1.4
 
System Versions:
           dist: redhat 7.6 Maipo
         locale: UTF-8
        machine: x86_64
        release: 3.10.0-957.1.3.el7.x86_64
         system: Linux
        version: Red Hat Enterprise Linux Server 7.6 Maipo

kjkeane avatar Feb 04 '19 18:02 kjkeane

the salt repo should not require multiple gpg keys, but I did look and it seems multiple gpg keys are supported in yum config files so i'll approve this as a feature request to add multiple gpg key support

Ch3LL avatar Feb 05 '19 20:02 Ch3LL

This prometheus repo needs multiple key support too so looks like a needed feature.

noelmcloughlin avatar Jun 06 '19 19:06 noelmcloughlin

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

stale[bot] avatar Jan 08 '20 12:01 stale[bot]

Thank you for updating this issue. It is no longer marked as stale.

stale[bot] avatar Jan 09 '20 19:01 stale[bot]

I've found that the shibboleth repo generator (https://shibboleth.net/cgi-bin/sp_repo.cgi) has multiple gpgkey entries as well; this would definitely be a useful feature.

racooper avatar Oct 27 '20 22:10 racooper

MySQL Community repos are also now using multiple gpg keys. The fact that this has been open and not addressed for 3 years is rather frustrating.

racooper avatar Jan 18 '22 15:01 racooper

It's not quite as pretty as using multiple key values in a List, but if you just specify all the GPG keys you need, space-separated in the same gpgkey= line, yum figures things out just fine. 🤷

So, the OP's state could just be something like:

saltstack_pkgrepo:
  pkgrepo.managed:
    - name: saltstack
    - humanname: Saltstack Latest Release Channel for RHEL/CentOS $releasever
    - baseurl: https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
    - failovermethod: priority
    - enabled: 1
    - gpgcheck: 1
    - gpgkey: "https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/base/RPM-GPG-KEY-CentOS-{{ grains['osmajorrelease'] }}"

mdschmitt avatar Feb 28 '22 20:02 mdschmitt

Sorry, I have been busy, but this issue/request no longer required by my usage. This can be kept open if required, but I no longer have this need.

kjkeane avatar Nov 01 '22 13:11 kjkeane

Make that 5 years...

rterbush avatar Aug 22 '24 16:08 rterbush