summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Goins <paul.goins@canonical.com>2021-05-18 17:02:51 +0000
committerGitHub <noreply@github.com>2021-05-18 12:02:51 -0500
commit1793b8b70ca2e3587c271155033ef943207136ae (patch)
tree119b896a67d8fc0be9bd1c505690c8da50cd3e13
parent21a0b12052691d6634d0848dfa353c12939945e9 (diff)
downloadvyos-cloud-init-1793b8b70ca2e3587c271155033ef943207136ae.tar.gz
vyos-cloud-init-1793b8b70ca2e3587c271155033ef943207136ae.zip
Added support for importing keys via primary/security mirror clauses (#882)
Presently, mirror keys cannot be associated with primary/security mirrors. Unfortunately, this prevents use of Landscape-managed package mirrors as the mirror key for the Landscape-hosted repository cannot be provided. This patch allows the same key-related fields usable on "sources" entries to be used on the "primary" and "security" entries as well. LP: #1925395
-rw-r--r--cloudinit/config/cc_apt_configure.py26
-rw-r--r--doc/examples/cloud-config-apt.txt6
-rw-r--r--tests/unittests/test_handler/test_handler_apt_source_v3.py23
3 files changed, 55 insertions, 0 deletions
diff --git a/cloudinit/config/cc_apt_configure.py b/cloudinit/config/cc_apt_configure.py
index bb8a1278..0c9c7925 100644
--- a/cloudinit/config/cc_apt_configure.py
+++ b/cloudinit/config/cc_apt_configure.py
@@ -57,6 +57,15 @@ mirror_property = {
},
'search_dns': {
'type': 'boolean',
+ },
+ 'keyid': {
+ 'type': 'string'
+ },
+ 'key': {
+ 'type': 'string'
+ },
+ 'keyserver': {
+ 'type': 'string'
}
}
}
@@ -228,6 +237,15 @@ schema = {
key, the search pattern will be
``<distro>-security-mirror``.
+ Each mirror may also specify a key to import via
+ any of the following optional keys:
+
+ - ``keyid``: a key to import via shortid or \
+ fingerprint.
+ - ``key``: a raw PGP key.
+ - ``keyserver``: alternate keyserver to pull \
+ ``keyid`` key from.
+
If no mirrors are specified, or all lookups fail,
then default mirrors defined in the datasource
are used. If none are present in the datasource
@@ -453,6 +471,7 @@ def apply_apt(cfg, cloud, target):
LOG.debug("Apt Mirror info: %s", mirrors)
if util.is_false(cfg.get('preserve_sources_list', False)):
+ add_mirror_keys(cfg, target)
generate_sources_list(cfg, release, mirrors, cloud)
rename_apt_lists(mirrors, target, arch)
@@ -660,6 +679,13 @@ def disable_suites(disabled, src, release):
return retsrc
+def add_mirror_keys(cfg, target):
+ """Adds any keys included in the primary/security mirror clauses"""
+ for key in ('primary', 'security'):
+ for mirror in cfg.get(key, []):
+ add_apt_key(mirror, target)
+
+
def generate_sources_list(cfg, release, mirrors, cloud):
"""generate_sources_list
create a source.list file based on a custom or default template
diff --git a/doc/examples/cloud-config-apt.txt b/doc/examples/cloud-config-apt.txt
index 004894b7..f4392326 100644
--- a/doc/examples/cloud-config-apt.txt
+++ b/doc/examples/cloud-config-apt.txt
@@ -138,6 +138,12 @@ apt:
# the first defining a valid mirror wins (in the order as defined here,
# not the order as listed in the config).
#
+ # Additionally, if the repository requires a custom signing key, it can be
+ # specified via the same fields as for custom sources:
+ # 'keyid': providing a key to import via shortid or fingerprint
+ # 'key': providing a raw PGP key
+ # 'keyserver': specify an alternate keyserver to pull keys from that
+ # were specified by keyid
- arches: [s390x, arm64]
# as above, allowing to have one config for different per arch mirrors
# security is optional, if not defined it is set to the same value as primary
diff --git a/tests/unittests/test_handler/test_handler_apt_source_v3.py b/tests/unittests/test_handler/test_handler_apt_source_v3.py
index ac847238..abb0a9b6 100644
--- a/tests/unittests/test_handler/test_handler_apt_source_v3.py
+++ b/tests/unittests/test_handler/test_handler_apt_source_v3.py
@@ -1009,6 +1009,29 @@ deb http://ubuntu.com/ubuntu/ xenial-proposed main""")
self.assertEqual(mirrors['SECURITY'],
smir)
+ def test_apt_v3_add_mirror_keys(self):
+ """test_apt_v3_add_mirror_keys - Test adding key for mirrors"""
+ arch = 'amd64'
+ cfg = {
+ 'primary': [
+ {'arches': [arch],
+ 'uri': 'http://test.ubuntu.com/',
+ 'key': 'fakekey_primary'}],
+ 'security': [
+ {'arches': [arch],
+ 'uri': 'http://testsec.ubuntu.com/',
+ 'key': 'fakekey_security'}]
+ }
+
+ with mock.patch.object(cc_apt_configure,
+ 'add_apt_key_raw') as mockadd:
+ cc_apt_configure.add_mirror_keys(cfg, TARGET)
+ calls = [
+ mock.call('fakekey_primary', TARGET),
+ mock.call('fakekey_security', TARGET),
+ ]
+ mockadd.assert_has_calls(calls, any_order=True)
+
class TestDebconfSelections(TestCase):