Add GPG check to SUSE repository #709

mhashizume · 2024-03-18T21:33:58Z

This PR adds a GPG check to SUSE repos created by this module. This mirrors behavior already found in public release packages (see https://github.com/puppetlabs/puppetlabs-release/blob/main/source/yum.puppet.com/puppet-release.sles.template#L6) and the pe_repo module.

I tested this on SLES 12:

leaky-toolmaker:~ # /opt/puppetlabs/puppet/bin/puppet --version
7.28.0
leaky-toolmaker:~ # cat /etc/zypp/repos.d/pc_repo.repo
[pc_repo]
name = pc_repo
enabled = 1
gpgcheck = 1
autorefresh = 0
baseurl = http://yum.puppet.com/sles/12/PC1/x86_64?ssl_verify=no
type = rpm-md
leaky-toolmaker:~ # cat test.pp
class { '::puppet_agent':
  package_version => '7.29.1',
}
leaky-toolmaker:~ # /opt/puppetlabs/bin/puppet apply test.pp
Notice: Compiled catalog for leaky-toolmaker.delivery.puppetlabs.net in environment production in 0.15 seconds
Notice: /Stage[main]/Puppet_agent::Osfamily::Suse/File[/etc/pki/rpm-gpg/RPM-GPG-KEY-puppet-20250406]/ensure: defined content as '{sha256}4d5a9c73f97235eebe8c69f728aa2efcc8e1ee02282f972efdbbbd3a430be454'
Notice: /Stage[main]/Puppet_agent::Osfamily::Suse/File[/etc/pki/rpm-gpg/RPM-GPG-KEY-puppet]/ensure: defined content as '{sha256}7908698a5b6c4ff2d555edd1a6d594d1c2071481e1e1f7fd753274a1ab201675'
Notice: /Stage[main]/Puppet_agent::Osfamily::Suse/Exec[import-GPG-KEY-puppet]/returns: executed successfully
Notice: /Stage[main]/Puppet_agent::Osfamily::Suse/Ini_setting[zypper pc_repo name]/ensure: created
Notice: /Stage[main]/Puppet_agent::Osfamily::Suse/Ini_setting[zypper pc_repo enabled]/ensure: created
Notice: /Stage[main]/Puppet_agent::Osfamily::Suse/Ini_setting[zypper pc_repo gpgcheck]/ensure: created
Notice: /Stage[main]/Puppet_agent::Osfamily::Suse/Ini_setting[zypper pc_repo autorefresh]/ensure: created
Notice: /Stage[main]/Puppet_agent::Osfamily::Suse/Ini_setting[zypper pc_repo baseurl]/ensure: created
Notice: /Stage[main]/Puppet_agent::Osfamily::Suse/Ini_setting[zypper pc_repo type]/ensure: created
Notice: /Stage[main]/Puppet_agent::Osfamily::Suse/Exec[refresh-pc_repo]/returns: executed successfully
Notice: /Stage[main]/Puppet_agent::Install::Suse/Package[puppet-agent]/ensure: ensure changed '7.28.0-1.sles12' to '7.29.1'
Notice: Stopping run after puppet-agent upgrade. Run puppet agent -t or apply your manifest again to finish the transaction.
Notice: Applied catalog in 5.81 seconds

This commit enables GPG checking on SUSE Linux repositories.

joshcooper

Looks like rubocop has some issues, but otherwise

Add GPG check to SUSE repository

6394bad

This commit enables GPG checking on SUSE Linux repositories.

mhashizume added the bug Something isn't working label Mar 18, 2024

mhashizume requested review from bastelfreak and a team as code owners March 18, 2024 21:33

joshcooper approved these changes Mar 18, 2024

View reviewed changes

mhashizume force-pushed the PA-6180/main/sles-gpg branch from 978a7fd to 6394bad Compare March 18, 2024 22:24

mhashizume merged commit e545b3f into puppetlabs:main Mar 19, 2024
17 checks passed

mhashizume deleted the PA-6180/main/sles-gpg branch March 19, 2024 16:04

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add GPG check to SUSE repository #709

Add GPG check to SUSE repository #709

mhashizume commented Mar 18, 2024

joshcooper left a comment

Add GPG check to SUSE repository #709

Add GPG check to SUSE repository #709

Conversation

mhashizume commented Mar 18, 2024

joshcooper left a comment

Choose a reason for hiding this comment