saltstack/salt-bootstrap
1
0
Fork 0
mirror of https://github.com/saltstack/salt-bootstrap.git synced 2025-04-16 09:40:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1139 from vutny/fix-1137

Browse source 
Fix #1137: import GPG key through an HTTP(S) proxy
This commit is contained in:
Nicole Thomas 2017-09-07 10:58:20 -04:00 committed by GitHub
commit f24508bc3e
1 changed files with 49 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

90
bootstrap-salt.sh
View file

@ -710,10 +710,24 @@ else
SETUP_PY_INSTALL_ARGS=""
fi
# Handle the insecure flags
if [ "$_INSECURE_DL" -eq $BS_TRUE ]; then
_CURL_ARGS="${_CURL_ARGS} --insecure"
_FETCH_ARGS="${_FETCH_ARGS} --no-verify-peer"
_GPG_ARGS="${_GPG_ARGS} --keyserver-options no-check-cert"
_WGET_ARGS="${_WGET_ARGS} --no-check-certificate"
else
_GPG_ARGS="${_GPG_ARGS} --keyserver-options ca-cert-file=/etc/ssl/certs/ca-certificates.crt"
fi
# Export the http_proxy configuration to our current environment
if [ "${_HTTP_PROXY}" != "" ]; then
export http_proxy="$_HTTP_PROXY"
export https_proxy="$_HTTP_PROXY"
export http_proxy="${_HTTP_PROXY}"
export https_proxy="${_HTTP_PROXY}"
# Using "deprecated" option here, but that appears the only way to make it work.
# See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818802
# and https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1625848
_GPG_ARGS="${_GPG_ARGS},http-proxy=${_HTTP_PROXY}"
fi
# Work around for 'Docker + salt-bootstrap failure' https://github.com/saltstack/salt-bootstrap/issues/394
@ -738,16 +752,6 @@ if [ -d "${_VIRTUALENV_DIR}" ]; then
fi
# Handle the insecure flags
if [ "$_INSECURE_DL" -eq $BS_TRUE ]; then
_CURL_ARGS="${_CURL_ARGS} --insecure"
_FETCH_ARGS="${_FETCH_ARGS} --no-verify-peer"
_GPG_ARGS="${_GPG_ARGS} --keyserver-options no-check-cert"
_WGET_ARGS="${_WGET_ARGS} --no-check-certificate"
else
_GPG_ARGS="${_GPG_ARGS} --keyserver-options ca-cert-file=/etc/ssl/certs/ca-certificates.crt"
fi
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: __fetch_url
# DESCRIPTION: Retrieves a URL and writes it to a given path
@ -1731,18 +1735,6 @@ if ([ "${DISTRO_NAME_L}" != "ubuntu" ] && [ $_PIP_ALL -eq $BS_TRUE ]); then
exit 1
fi
# Starting from Debian 9 and Ubuntu 16.10, gnupg-curl has been renamed to gnupg1-curl.
GNUPG_CURL="gnupg-curl"
if [ "$DISTRO_NAME_L" = "debian" ]; then
if [ "$DISTRO_MAJOR_VERSION" -gt 8 ]; then
GNUPG_CURL="gnupg1-curl"
fi
elif [ "$DISTRO_NAME_L" = "ubuntu" ]; then
if [ "${DISTRO_VERSION}" = "16.10" ] || [ "$DISTRO_MAJOR_VERSION" -gt 16 ]; then
GNUPG_CURL="gnupg1-curl"
fi
fi
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: __function_defined
@ -1788,8 +1780,6 @@ __apt_get_upgrade_noinput() {
__apt_key_fetch() {
url=$1
__apt_get_install_noinput ${GNUPG_CURL} || return 1
# shellcheck disable=SC2086
apt-key adv ${_GPG_ARGS} --fetch-keys "$url"; return $?
} # ---------- end of function __apt_key_fetch ----------
@ -2541,7 +2531,6 @@ __enable_universe_repository() {
}
__install_saltstack_ubuntu_repository() {
# Workaround for latest non-LTS ubuntu
if [ "$DISTRO_VERSION" = "16.10" ] || [ "$DISTRO_MAJOR_VERSION" -gt 16 ]; then
echowarn "Non-LTS Ubuntu detected, but stable packages requested. Trying packages from latest LTS release. You may experience problems."
@ -2552,15 +2541,27 @@ __install_saltstack_ubuntu_repository() {
UBUNTU_CODENAME=$DISTRO_CODENAME
fi
# SaltStack's stable Ubuntu repository:
SALTSTACK_UBUNTU_URL="${HTTP_VAL}://${_REPO_URL}/apt/ubuntu/${UBUNTU_VERSION}/${__REPO_ARCH}/${STABLE_REV}"
echo "deb $SALTSTACK_UBUNTU_URL $UBUNTU_CODENAME main" > /etc/apt/sources.list.d/saltstack.list
__PACKAGES=''
# Install downloader backend for GPG keys fetching
if [ "$DISTRO_VERSION" = "16.10" ] || [ "$DISTRO_MAJOR_VERSION" -gt 16 ]; then
__PACKAGES="${__PACKAGES} gnupg2 dirmngr"
else
__PACKAGES="${__PACKAGES} gnupg-curl"
fi
# Make sure https transport is available
if [ "$HTTP_VAL" = "https" ] ; then
__apt_get_install_noinput apt-transport-https ca-certificates || return 1
__PACKAGES="${__PACKAGES} apt-transport-https ca-certificates"
fi
# shellcheck disable=SC2086,SC2090
__apt_get_install_noinput ${__PACKAGES} || return 1
# SaltStack's stable Ubuntu repository:
SALTSTACK_UBUNTU_URL="${HTTP_VAL}://${_REPO_URL}/apt/ubuntu/${UBUNTU_VERSION}/${__REPO_ARCH}/${STABLE_REV}"
echo "deb $SALTSTACK_UBUNTU_URL $UBUNTU_CODENAME main" > /etc/apt/sources.list.d/saltstack.list
__apt_key_fetch "$SALTSTACK_UBUNTU_URL/SALTSTACK-GPG-KEY.pub" || return 1
apt-get update
@ -2937,18 +2938,30 @@ __install_saltstack_debian_repository() {
DEBIAN_CODENAME="$DISTRO_CODENAME"
fi
__PACKAGES=''
# Install downloader backend for GPG keys fetching
if [ "$DISTRO_MAJOR_VERSION" -ge 9 ]; then
__PACKAGES="${__PACKAGES} gnupg2 dirmngr"
else
__PACKAGES="${__PACKAGES} gnupg-curl"
fi
# Make sure https transport is available
if [ "$HTTP_VAL" = "https" ] ; then
__PACKAGES="${__PACKAGES} apt-transport-https ca-certificates"
fi
# shellcheck disable=SC2086,SC2090
__apt_get_install_noinput ${__PACKAGES} || return 1
# amd64 is just a part of repository URI, 32-bit pkgs are hosted under the same location
SALTSTACK_DEBIAN_URL="${HTTP_VAL}://${_REPO_URL}/apt/debian/${DEBIAN_RELEASE}/${__REPO_ARCH}/${STABLE_REV}"
echo "deb $SALTSTACK_DEBIAN_URL $DEBIAN_CODENAME main" > "/etc/apt/sources.list.d/saltstack.list"
if [ "$HTTP_VAL" = "https" ] ; then
__apt_get_install_noinput apt-transport-https ca-certificates || return 1
fi
__apt_key_fetch "$SALTSTACK_DEBIAN_URL/SALTSTACK-GPG-KEY.pub" || return 1
apt-get update
}
install_debian_deps() {
@ -2977,11 +2990,6 @@ install_debian_deps() {
# YAML module is used for generating custom master/minion configs
__PACKAGES="${__PACKAGES} python-yaml"
# Debian 9 needs the dirmgr package in order to import the GPG key later
if [ "$DISTRO_MAJOR_VERSION" -ge 9 ]; then
__PACKAGES="${__PACKAGES} dirmngr"
fi
# shellcheck disable=SC2086
__apt_get_install_noinput ${__PACKAGES} || return 1