saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Adjust to the 2023 Salt Project GPG key.

Browse source 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
This commit is contained in:
Pedro Algarvio 2023-02-03 05:54:31 +00:00 committed by Pedro Algarvio
parent 01bcb6a6e0
commit 0dfa4bc901
6 changed files with 103 additions and 163 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
.github/workflows/build-deb-repo.yml vendored
View file

@ -40,39 +40,30 @@ jobs:
- distro: debian
version: "10"
arch: x86_64
key-id: 0E08A149DE57BFBE
- distro: debian
version: "10"
arch: aarch64
key-id: 0E08A149DE57BFBE
- distro: debian
version: "11"
arch: x86_64
key-id: 0E08A149DE57BFBE
- distro: debian
version: "11"
arch: aarch64
key-id: 0E08A149DE57BFBE
- distro: ubuntu
version: "18.04"
arch: x86_64
key-id: 0E08A149DE57BFBE
- distro: ubuntu
version: "20.04"
arch: x86_64
key-id: 0E08A149DE57BFBE
- distro: ubuntu
version: "20.04"
arch: aarch64
key-id: 0E08A149DE57BFBE
- distro: ubuntu
version: "22.04"
arch: x86_64
key-id: 0E08A149DE57BFBE
- distro: ubuntu
version: "22.04"
arch: aarch64
key-id: 0E08A149DE57BFBE
steps:
- uses: actions/checkout@v3
@ -102,41 +93,40 @@ jobs:
pinentry-mode loopback
EOF
- name: Get Secrets
env:
SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
run: |
SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys \
--query SecretString --output text | jq .default_key -r \
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import -
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys \
--query SecretString --output text| jq .default_passphrase -r \
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"
- name: Create Repository Path
run: |
mkdir -p artifacts/pkgs/repo
- name: Download `salt-archive-keyring.gpg`
- name: Download `SALT-PROJECT-GPG-PUBKEY-2023.gpg`
env:
SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
run: |
SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/salt-archive-keyring-gpg-file \
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/saltstack-gpg-key3-file \
--query SecretString --output text| jq .base64 -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o ~/salt-archive-keyring.gpg -d -
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o ~/SALT-PROJECT-GPG-PUBKEY-2023.gpg -d -
rm "${SECRETS_KEY_FILE}"
- name: Create Repository Path
run: |
mkdir -p artifacts/pkgs/repo
- name: Create Repository
run: |
tools pkg-repo deb --key-id=${{ matrix.key-id }} --distro-arch=${{ matrix.arch }} \
tools pkg-repo deb --key-id=64CBBC8173D76B3F --distro-arch=${{ matrix.arch }} \
${{ inputs.nightly-build && '--nightly-build' || '' }} --salt-version=${{ inputs.salt-version }} \
${{ inputs.rc-build && '--rc-build' || '' }} --distro=${{ matrix.distro }} --distro-version=${{ matrix.version }} \
--incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo

30
.github/workflows/build-macos-repo.yml vendored
View file

@ -32,12 +32,6 @@ jobs:
- self-hosted
- linux
- repo-${{ inputs.environment }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
key-id:
- "0E08A149DE57BFBE"
steps:
- uses: actions/checkout@v3
@ -68,34 +62,34 @@ jobs:
run: |
SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys \
--query SecretString --output text | jq .default_key -r \
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import -
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys \
--query SecretString --output text| jq .default_passphrase -r \
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"
- name: Create Repository Path
run: |
mkdir -p artifacts/pkgs/repo
- name: Download `salt-archive-keyring.gpg`
- name: Download `SALT-PROJECT-GPG-PUBKEY-2023.gpg`
env:
SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
run: |
SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/salt-archive-keyring-gpg-file \
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/saltstack-gpg-key3-file \
--query SecretString --output text| jq .base64 -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o ~/salt-archive-keyring.gpg -d -
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o ~/SALT-PROJECT-GPG-PUBKEY-2023.gpg -d -
rm "${SECRETS_KEY_FILE}"
- name: Create Repository Path
run: |
mkdir -p artifacts/pkgs/repo
- name: Create Repository
run: |
tools pkg-repo macos --key-id=${{ matrix.key-id }} \
tools pkg-repo macos --key-id=64CBBC8173D76B3F \
${{ inputs.nightly-build && '--nightly-build' || '' }} --salt-version=${{ inputs.salt-version }} \
${{ inputs.rc-build && '--rc-build' || '' }} --incoming=artifacts/pkgs/incoming \
--repo-path=artifacts/pkgs/repo

30
.github/workflows/build-onedir-repo.yml vendored
View file

@ -32,12 +32,6 @@ jobs:
- self-hosted
- linux
- repo-${{ inputs.environment }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
key-id:
- "0E08A149DE57BFBE"
steps:
- uses: actions/checkout@v3
@ -110,34 +104,34 @@ jobs:
run: |
SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys \
--query SecretString --output text | jq .default_key -r \
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import -
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys \
--query SecretString --output text| jq .default_passphrase -r \
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"
- name: Create Repository Path
run: |
mkdir -p artifacts/pkgs/repo
- name: Download `salt-archive-keyring.gpg`
- name: Download `SALT-PROJECT-GPG-PUBKEY-2023.gpg`
env:
SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
run: |
SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/salt-archive-keyring-gpg-file \
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/saltstack-gpg-key3-file \
--query SecretString --output text| jq .base64 -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o ~/salt-archive-keyring.gpg -d -
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o ~/SALT-PROJECT-GPG-PUBKEY-2023.gpg -d -
rm "${SECRETS_KEY_FILE}"
- name: Create Repository Path
run: |
mkdir -p artifacts/pkgs/repo
- name: Create Repository
run: |
tools pkg-repo onedir --key-id=${{ matrix.key-id }} \
tools pkg-repo onedir --key-id=64CBBC8173D76B3F \
${{ inputs.nightly-build && '--nightly-build' || '' }} --salt-version=${{ inputs.salt-version }} \
${{ inputs.rc-build && '--rc-build' || '' }} --incoming=artifacts/pkgs/incoming \
--repo-path=artifacts/pkgs/repo

55
.github/workflows/build-rpm-repo.yml vendored
View file

@ -40,19 +40,15 @@ jobs:
- distro: amazon
version: "2"
arch: x86_64
key-id: 0E08A149DE57BFBE
- distro: redhat
version: "7"
arch: x86_64
key-id: 0E08A149DE57BFBE
- distro: redhat
version: "8"
arch: x86_64
key-id: 0E08A149DE57BFBE
- distro: redhat
version: "9"
arch: x86_64
key-id: 37A710479D30D7B6
steps:
- uses: actions/checkout@v3
@ -83,70 +79,39 @@ jobs:
EOF
- name: Get Secrets
if: ${{ matrix.key-id == '0E08A149DE57BFBE' }}
env:
SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
run: |
SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys \
--query SecretString --output text | jq .default_key -r \
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import -
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys \
--query SecretString --output text| jq .default_passphrase -r \
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"
- name: Get Secrets
if: ${{ matrix.key-id == '37A710479D30D7B6' }}
- name: Download `SALT-PROJECT-GPG-PUBKEY-2023.gpg`
env:
SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
run: |
SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256 \
--query SecretString --output text | jq .default_key -r \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import -
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256 \
--query SecretString --output text| jq .default_passphrase -r \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/saltstack-gpg-key3-file \
--query SecretString --output text| jq .base64 -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o ~/SALT-PROJECT-GPG-PUBKEY-2023.gpg -d -
rm "${SECRETS_KEY_FILE}"
- name: Create Repository Path
run: |
mkdir -p artifacts/pkgs/repo
- name: Download `salt-archive-keyring.gpg`
if: ${{ matrix.key-id == '0E08A149DE57BFBE' }}
env:
SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
run: |
SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/saltstack-gpg-key-file \
--query SecretString --output text| jq .base64 -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o ~/SALTSTACK-GPG-KEY.pub -d -
rm "${SECRETS_KEY_FILE}"
- name: Download `salt-archive-keyring.gpg`
if: ${{ matrix.key-id == '37A710479D30D7B6' }}
env:
SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
run: |
SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/saltstack-gpg-key2-file \
--query SecretString --output text| jq .base64 -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o ~/SALTSTACK-GPG-KEY2.pub -d -
rm "${SECRETS_KEY_FILE}"
- name: Create Repository
run: |
tools pkg-repo rpm --key-id=${{ matrix.key-id }} --distro-arch=${{ matrix.arch }} \
tools pkg-repo rpm --key-id=64CBBC8173D76B3F --distro-arch=${{ matrix.arch }} \
${{ inputs.nightly-build && '--nightly-build' || '' }} --salt-version=${{ inputs.salt-version }} \
${{ inputs.rc-build && '--rc-build' || '' }} --distro=${{ matrix.distro }} \
--distro-version=${{ matrix.version }} \

30
.github/workflows/build-windows-repo.yml vendored
View file

@ -32,12 +32,6 @@ jobs:
- self-hosted
- linux
- repo-${{ inputs.environment }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
key-id:
- "0E08A149DE57BFBE"
steps:
- uses: actions/checkout@v3
@ -74,34 +68,34 @@ jobs:
run: |
SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys \
--query SecretString --output text | jq .default_key -r \
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import -
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys \
--query SecretString --output text| jq .default_passphrase -r \
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"
- name: Create Repository Path
run: |
mkdir -p artifacts/pkgs/repo
- name: Download `salt-archive-keyring.gpg`
- name: Download `SALT-PROJECT-GPG-PUBKEY-2023.gpg`
env:
SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
run: |
SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/salt-archive-keyring-gpg-file \
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/saltstack-gpg-key3-file \
--query SecretString --output text| jq .base64 -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o ~/salt-archive-keyring.gpg -d -
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o ~/SALT-PROJECT-GPG-PUBKEY-2023.gpg -d -
rm "${SECRETS_KEY_FILE}"
- name: Create Repository Path
run: |
mkdir -p artifacts/pkgs/repo
- name: Create Repository
run: |
tools pkg-repo windows --key-id=${{ matrix.key-id }} \
tools pkg-repo windows --key-id=64CBBC8173D76B3F \
${{ inputs.nightly-build && '--nightly-build' || '' }} --salt-version=${{ inputs.salt-version }} \
${{ inputs.rc-build && '--rc-build' || '' }} --incoming=artifacts/pkgs/incoming \
--repo-path=artifacts/pkgs/repo

87
tools/pkgrepo.py
View file

@ -146,11 +146,11 @@ def debian(
label: str = distro_details["label"]
codename: str = distro_details["codename"]
salt_archive_keyring_gpg_file = (
pathlib.Path("~/salt-archive-keyring.gpg").expanduser().resolve()
salt_project_gpg_pub_key_file = (
pathlib.Path("~/SALT-PROJECT-GPG-PUBKEY-2023.gpg").expanduser().resolve()
)
if not salt_archive_keyring_gpg_file:
ctx.error(f"The file '{salt_archive_keyring_gpg_file}' does not exist.")
if not salt_project_gpg_pub_key_file:
ctx.error(f"The file '{salt_project_gpg_pub_key_file}' does not exist.")
ctx.exit(1)
ftp_archive_config_suite = ""
@ -190,10 +190,10 @@ def debian(
ctx.info(f"Writing {ftp_archive_config_file} ...")
ftp_archive_config_file.write_text(textwrap.dedent(ftp_archive_config))
ctx.info(f"Copying {salt_archive_keyring_gpg_file} to {create_repo_path} ...")
ctx.info(f"Copying {salt_project_gpg_pub_key_file} to {create_repo_path} ...")
shutil.copyfile(
salt_archive_keyring_gpg_file,
create_repo_path / salt_archive_keyring_gpg_file.name,
salt_project_gpg_pub_key_file,
create_repo_path / salt_project_gpg_pub_key_file.name,
)
pool_path = create_repo_path / "pool"
@ -370,16 +370,12 @@ def rpm(
ctx.info(f"The {distro_arch} arch is an alias for 'arm64'. Adjusting.")
distro_arch = "arm64"
if key_id == "0E08A149DE57BFBE":
saltstack_gpg_key_file = (
pathlib.Path("~/SALTSTACK-GPG-KEY.pub").expanduser().resolve()
)
else:
saltstack_gpg_key_file = (
pathlib.Path("~/SALTSTACK-GPG-KEY2.pub").expanduser().resolve()
)
if not saltstack_gpg_key_file.exists():
ctx.error(f"The file '{saltstack_gpg_key_file}' does not exist.")
salt_project_gpg_pub_key_file = (
pathlib.Path("~/SALT-PROJECT-GPG-PUBKEY-2023.gpg").expanduser().resolve()
)
if not salt_project_gpg_pub_key_file.exists():
ctx.error(f"The file '{salt_project_gpg_pub_key_file}' does not exist.")
ctx.exit(1)
ctx.info("Creating repository directory structure ...")
@ -392,10 +388,10 @@ def rpm(
create_repo_path = create_repo_path / datetime.utcnow().strftime("%Y-%m-%d")
create_repo_path.joinpath("SRPMS").mkdir(exist_ok=True, parents=True)
ctx.info(f"Copying {saltstack_gpg_key_file} to {create_repo_path} ...")
ctx.info(f"Copying {salt_project_gpg_pub_key_file} to {create_repo_path} ...")
shutil.copyfile(
saltstack_gpg_key_file,
create_repo_path / saltstack_gpg_key_file.name,
salt_project_gpg_pub_key_file,
create_repo_path / salt_project_gpg_pub_key_file.name,
)
for fpath in incoming.iterdir():
@ -407,7 +403,14 @@ def rpm(
shutil.copyfile(fpath, dpath)
if fpath.suffix == ".rpm":
ctx.info(f"Running 'rpmsign' on {dpath} ...")
ctx.run("rpmsign", "--key-id", key_id, "--addsign", str(dpath))
ctx.run(
"rpmsign",
"--key-id",
key_id,
"--addsign",
"--digest-algo=sha256",
str(dpath),
)
createrepo = shutil.which("createrepo")
if createrepo is None:
@ -545,11 +548,11 @@ def windows(
assert incoming is not None
assert repo_path is not None
assert key_id is not None
salt_archive_keyring_gpg_file = (
pathlib.Path("~/salt-archive-keyring.gpg").expanduser().resolve()
salt_project_gpg_pub_key_file = (
pathlib.Path("~/SALT-PROJECT-GPG-PUBKEY-2023.gpg").expanduser().resolve()
)
if not salt_archive_keyring_gpg_file:
ctx.error(f"The file '{salt_archive_keyring_gpg_file}' does not exist.")
if not salt_project_gpg_pub_key_file:
ctx.error(f"The file '{salt_project_gpg_pub_key_file}' does not exist.")
ctx.exit(1)
ctx.info("Creating repository directory structure ...")
@ -613,10 +616,10 @@ def windows(
ctx.info("GPG Signing '{fpath.relative_to(repo_path)}' ...")
ctx.run("gpg", "-u", key_id, "-o" f"{fpath}.asc", "-a", "-b", "-s", str(fpath))
ctx.info(f"Copying {salt_archive_keyring_gpg_file} to {create_repo_path} ...")
ctx.info(f"Copying {salt_project_gpg_pub_key_file} to {create_repo_path} ...")
shutil.copyfile(
salt_archive_keyring_gpg_file,
create_repo_path / salt_archive_keyring_gpg_file.name,
salt_project_gpg_pub_key_file,
create_repo_path / salt_project_gpg_pub_key_file.name,
)
repo_json["latest"] = repo_json[salt_version]
@ -676,11 +679,11 @@ def macos(
assert incoming is not None
assert repo_path is not None
assert key_id is not None
salt_archive_keyring_gpg_file = (
pathlib.Path("~/salt-archive-keyring.gpg").expanduser().resolve()
salt_project_gpg_pub_key_file = (
pathlib.Path("~/SALT-PROJECT-GPG-PUBKEY-2023.gpg").expanduser().resolve()
)
if not salt_archive_keyring_gpg_file:
ctx.error(f"The file '{salt_archive_keyring_gpg_file}' does not exist.")
if not salt_project_gpg_pub_key_file:
ctx.error(f"The file '{salt_project_gpg_pub_key_file}' does not exist.")
ctx.exit(1)
ctx.info("Creating repository directory structure ...")
@ -735,10 +738,10 @@ def macos(
ctx.info("GPG Signing '{fpath.relative_to(repo_path)}' ...")
ctx.run("gpg", "-u", key_id, "-o" f"{fpath}.asc", "-a", "-b", "-s", str(fpath))
ctx.info(f"Copying {salt_archive_keyring_gpg_file} to {create_repo_path} ...")
ctx.info(f"Copying {salt_project_gpg_pub_key_file} to {create_repo_path} ...")
shutil.copyfile(
salt_archive_keyring_gpg_file,
create_repo_path / salt_archive_keyring_gpg_file.name,
salt_project_gpg_pub_key_file,
create_repo_path / salt_project_gpg_pub_key_file.name,
)
repo_json["latest"] = repo_json[salt_version]
@ -798,11 +801,11 @@ def onedir(
assert incoming is not None
assert repo_path is not None
assert key_id is not None
salt_archive_keyring_gpg_file = (
pathlib.Path("~/salt-archive-keyring.gpg").expanduser().resolve()
salt_project_gpg_pub_key_file = (
pathlib.Path("~/SALT-PROJECT-GPG-PUBKEY-2023.gpg").expanduser().resolve()
)
if not salt_archive_keyring_gpg_file:
ctx.error(f"The file '{salt_archive_keyring_gpg_file}' does not exist.")
if not salt_project_gpg_pub_key_file:
ctx.error(f"The file '{salt_project_gpg_pub_key_file}' does not exist.")
ctx.exit(1)
ctx.info("Creating repository directory structure ...")
@ -869,10 +872,10 @@ def onedir(
ctx.info("GPG Signing '{fpath.relative_to(repo_path)}' ...")
ctx.run("gpg", "-u", key_id, "-o" f"{fpath}.asc", "-a", "-b", "-s", str(fpath))
ctx.info(f"Copying {salt_archive_keyring_gpg_file} to {create_repo_path} ...")
ctx.info(f"Copying {salt_project_gpg_pub_key_file} to {create_repo_path} ...")
shutil.copyfile(
salt_archive_keyring_gpg_file,
create_repo_path / salt_archive_keyring_gpg_file.name,
salt_project_gpg_pub_key_file,
create_repo_path / salt_project_gpg_pub_key_file.name,
)
repo_json["latest"] = repo_json[salt_version]