repo:
url_base: 'http://apt.arvados.org'
file: /etc/apt/sources.list.d/arvados.list
- repo_keyring: /usr/share/keyrings/arvados-archive-keyring.gpg
+ keyring_file: /usr/share/keyrings/arvados-archive-keyring.gpg
+ keyring_source: 'http://apt.arvados.org/keyring.gpg'
+ keyring_source_hash: 53c2c84849ada21e383f55af0753adb321cc941e7efab94483e3a1703fcc66f1
RedHat:
repo:
{#- Get the `tplroot` from `tpldir` #}
{%- set tplroot = tpldir.split('/')[0] %}
{%- from tplroot ~ "/map.jinja" import arvados with context %}
-{%- from tplroot ~ "/libtofs.jinja" import files_switch with context %}
{%- if arvados.use_upstream_repo %}
{%- if grains.get('os_family') == 'Debian' %}
arvados-repo-install-pkgrepo-keyring-managed:
file.managed:
- - name: {{ arvados.repo.repo_keyring }}
- - source: {{ files_switch(['arvados-archive-keyring.gpg'],
- lookup='arvados-repo-install-pkgrepo-keyring-managed'
- )
- }}
+ - name: {{ arvados.repo.keyring_file }}
+ - source:
+ - {{ arvados.repo.keyring_source }}
+ - source_hash: sha256={{ arvados.repo.keyring_source_hash }}
- require_in:
- pkgrepo: arvados-repo-install-pkgrepo-managed
pkgrepo.managed:
- humanname: {{ arvados.repo.humanname }}
- name: >-
- deb [signed-by={{ arvados.repo.repo_keyring }} arch=amd64]
+ deb [signed-by={{ arvados.repo.keyring_file }} arch=amd64]
{{ arvados.repo.url_base }}/{{ distro }} {{ release }} main
- file: {{ arvados.repo.file }}
+++ /dev/null
-.. _readme_apt_keyrings:
-
-apt repositories' keyrings
-==========================
-
-Debian family of OSes deprecated the use of `apt-key` to manage repositories' keys
-in favor of using `keyring files` which contain a binary OpenPGP format of the key
-(also known as "GPG key public ring")
-
-As arvados don't provide such key files, we created it pulling the
-official key from its site and install the resulting file.
-
-See https://doc.arvados.org/main/install/packages.html#debian for details
-
-.. code-block:: bash
-
- $ curl -fsSL https://apt.arvados.org/pubkey.gpg | \
- gpg --dearmor --output arvados-archive-keyring.gpg