Bug: jessie apt keys must be in /etc/apt/trusted.gpg.d
authorkwadronaut <kwadronaut@leap.se>
Tue, 26 Sep 2017 08:54:27 +0000 (10:54 +0200)
committerkwadronaut <kwadronaut@leap.se>
Thu, 28 Sep 2017 20:32:37 +0000 (22:32 +0200)
For newer than jessie the 'old' code was enough. This bug didn't show up
because our testing images had the keys and sources lines already
included within /etc/apt…

solves #8862

puppet/modules/site_apt/manifests/leap_repo.pp

index 7c6c49c..08c3d0e 100644 (file)
@@ -4,10 +4,21 @@ class site_apt::leap_repo {
   $platform = hiera_hash('platform')
   $major_version = $platform['major_version']
 
-  if $::site_apt::apt_url_platform_basic =~ /.*experimental.*/ {
-    $archive_key = '/usr/share/keyrings/leap-experimental-archive.gpg'
-  } else {
-    $archive_key = '/usr/share/keyrings/leap-archive.gpg'
+  # on jessie, keys need to be in /etc/apt/...
+  # see https://0xacab.org/leap/platform/issues/8862
+  if ( $::operatingsystemmajrelease == '8' ) {
+    if $::site_apt::apt_url_platform_basic =~ /.*experimental.*/ {
+      $archive_key = 'CE433F407BAB443AFEA196C1837C1AD5367429D9'
+    } else {
+      $archive_key = '1E453B2CE87BEE2F7DFE99661E34A1828E207901'
+    }
+  }
+  if ( $::operatingsystemmajrelease != '8' ) {
+    if $::site_apt::apt_url_platform_basic =~ /.*experimental.*/ {
+      $archive_key = '/usr/share/keyrings/leap-experimental-archive.gpg'
+    } else {
+      $archive_key = '/usr/share/keyrings/leap-archive.gpg'
+    }
   }
 
   apt::sources_list { 'leap.list':