feat(debian): use repository keyring instead of key_id

[javierbertoli]

PR progress checklist (to be filled in by reviewers)

• Changes to documentation are appropriate (or tick if not required)
• Changes to tests are appropriate (or tick if not required)
• Reviews completed

---

What type of PR is this?

Primary type

• [build] Changes related to the build system
• [chore] Changes to the build process or auxiliary tools and libraries such as documentation generation
• [ci] Changes to the continuous integration configuration
• [feat] A new feature
• [fix] A bug fix
• [perf] A code change that improves performance
• [refactor] A code change that neither fixes a bug nor adds a feature
• [revert] A change used to revert a previous commit
• [style] Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.)

Secondary type

• [docs] Documentation changes
• [test] Adding missing or correcting existing tests

Does this PR introduce a BREAKING CHANGE?

No.

Related issues and/or pull requests

Describe the changes you're proposing

Debian family is deprecating the use of GPG keys (managed through apt-key) in favor of keyrings.
This PR adds the repositorykeyring when installing from the official repository, and
rewrites the sources.list file accordingly.

Pillar / config required to test the proposed changes

Debug log showing how the proposed changes work

Documentation checklist

• Updated the README (e.g. Available states).
• Updated pillar.example.

Testing checklist

• Included in Kitchen (i.e. under state_top).
• Covered by new/existing tests (e.g. InSpec, Serverspec, etc.).
• Updated the relevant test pillar.

Additional context

[noelmcloughlin]

For suse you need key_url I think.
https://docs.saltproject.io/en/latest/ref/states/all/salt.states.pkgrepo.html

[javierbertoli]

For suse you need key_url I think. https://docs.saltproject.io/en/latest/ref/states/all/salt.states.pkgrepo.html

I checked the code before replacing it by gpgkey: these parameters are managed as kwargs by states/pkgrepo.py but are ignored in the final resulting config (no matter if named key_url or gpgkey):

With this state sls file generated by the formula:

       postgresql-repo:
         pkgrepo.managed:
           - baseurl: "https://download.postgresql.org/pub/repos/zypp/13/suse/sles-$releasever-$basearch"
           - gpgautoimport: True
           - gpgcheck: 1
           - gpgkey: "https://download.postgresql.org/pub/repos/zypp/13/suse/sles-$releasever-$basearch/repodata/repomd.xml.key"
           - humanname: "PostgreSQL 13 $releasever - $basearch"
           - name: "pgdg-sles-13"
           - require:
             - pkg: postgresql-pkg-deps

you get this /etc/zypp/repos.d/pgdg-sles-13.repo

[pgdg-sles-13]
enabled=1
autorefresh=0
baseurl=https://download.postgresql.org/pub/repos/zypp/13/suse/sles-$releasever-$basearch
gpgcheck=1

(notice that both humanname and gpgkey are not there). The same happens if the parameter is named key_url. I think that this saltstack issue might be related, but didn't go deep trying to debug it.

However, zypper shows the resulting repo config as

> zypper lr pgdg-sles-13
Alias          : pgdg-sles-13
Name           : pgdg-sles-13
URI            : https://download.postgresql.org/pub/repos/zypp/13/suse/sles-15.3-x86_64
Enabled        : Yes
GPG Check      : (r ) Yes
Priority       : 99 (default priority)
Autorefresh    : Off
Keep Packages  : Off
Type           : rpm-md
GPG Key URI    : 
Path Prefix    : 
Parent Service : 
Keywords       : ---
Repo Info Path : /etc/zypp/repos.d/pgdg-sles-13.repo
MD Cache Path  : /var/cache/zypp/raw/pgdg-sles-13

[myii]

Thanks, @javierbertoli -- merged.

[saltstack-formulas-travis]

🎉 This PR is included in version 0.44.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀