I placed 'em under
/srv/salt/_files/etc/apt/keyrings/<repo>-archive-keyring.gpg and
repositories have
deb [signed-by=/etc/apt/keyrings/<repo>-archive-keyring.gpg arch=amd64]
https://...
gluster.sls uses:
-8<--
create-keyrings-dir:
file.directory:
- name: /etc/apt/keyrings/
- user: root
- group: root
- mode: 755
add-gluster-key:
file.managed:
- name: /etc/apt/keyrings/gluster-archive-keyring.gpg
- source: salt://_files/etc/apt/keyrings/gluster{{
salt['pillar.get']('gluster_version','') }}-archive-keyring.gpg
add-gluster-repo:
file.managed:
- name: /etc/apt/sources.list.d/gluster.list
- source: salt://_files/etc/apt/sources.list.d/gluster{{
salt['pillar.get']('gluster_version','') }}-{{ grains['oscodename'] }}.list
-8<--
(actually create-keydirs-dir is in a separate sls that gets included by
all sls files that need to add keyrings, but it's just a detail).
Diego
Il 22/08/2023 09:46, Thomas Lange ha scritto:
I would suggest you are using a hook with an fcopy command to put
those files to some other locations.
On Tue, 18 Jul 2023 21:36:04 +1200, Andrew Ruthven <and...@etc.gen.nz> said:
> Hey,
> I see that FAI since 5.8.7 will install package_config/CLASS.gpg
> into /etc/apt/trusted.gpg.d/ . Apt will then trust all the keyrings in
> /etc/apt/trusted.gpg.d . This isn't really ideal, and I'd prefer to use
> Signed-By to specify which GPG keyring to trust for our various
additional
> repositories.
> How about having task_repository check for another file, say
> package_config/CLASS.gpg_dest that'd allow us to specify where to copy
> package_config/CLASS.gpg to?
--
Diego Zuccato
DIFA - Dip. di Fisica e Astronomia
Servizi Informatici
Alma Mater Studiorum - Università di Bologna
V.le Berti-Pichat 6/2 - 40127 Bologna - Italy
tel.: +39 051 20 95786
