Require our gpg key to be present before importing others
diff --git a/aptly/server/init.sls b/aptly/server/init.sls
index 85bf252..07c2420 100644
--- a/aptly/server/init.sls
+++ b/aptly/server/init.sls
@@ -164,8 +164,8 @@
- user: aptly
- unless: gpg --no-tty{% if server.gpg.get('homedir', None) %} --homedir {{ server.gpg.homedir }}{% endif %} --list-keys | grep '{{ server.gpg.keypair_id }}'
- require:
- - file: aptly_gpg_key_dir
- file: gpg_pub_key
+ - cmd: import_gpg_priv_key
import_gpg_priv_key:
cmd.run:
diff --git a/aptly/server/mirrors.sls b/aptly/server/mirrors.sls
index 08a05ab..8378e62 100644
--- a/aptly/server/mirrors.sls
+++ b/aptly/server/mirrors.sls
@@ -48,6 +48,11 @@
- user: {{ server.user.name }}
- cwd: {{ server.home_dir }}
- unless: gpg --no-tty --no-default-keyring{% if server.gpg.get('keyring', None) %} --keyring {{ server.gpg.keyring }} {% endif %}{% if server.gpg.get('homedir', None) %} --homedir {{ server.gpg.homedir }} {% endif %}--list-public-keys {{gpgkey}}
+ {%- if server.secure %}
+ - require:
+ - cmd: import_gpg_priv_key
+ - cmd: import_gpg_pub_key
+ {%- endif %}
{%- endfor %}