Allow to specify GPG keyring and keyserver
diff --git a/aptly/map.jinja b/aptly/map.jinja
index 35b9d51..4e260c7 100644
--- a/aptly/map.jinja
+++ b/aptly/map.jinja
@@ -6,11 +6,23 @@
'root_dir': '/srv/aptly',
'secure': True,
'repo': {},
- 'gpg_keypair_id': '',
- 'gpg_passphrase': ''
+ 'gpg': {
+ 'keypair_id': '',
+ 'passphrase': '',
+ 'keyring': 'trustedkeys.gpg',
+ 'keyserver': 'keys.gnupg.net',
+ },
},
}, merge=salt['pillar.get']('aptly:server')) %}
+{# Backward compatibility #}
+{%- if server.gpg_keypair_id is defined %}
+{%- do server.update({'gpg': {'keypair_id': server.gpg_keypair_id}}) %}
+{%- endif %}
+{%- if server.gpg_passphrase is defined %}
+{%- do server.update({'gpg': {'passphrase': server.gpg_passphrase}}) %}
+{%- endif %}
+
{%- set publisher = salt['grains.filter_by']({
'default': {
'source': {
diff --git a/aptly/server/mirrors.sls b/aptly/server/mirrors.sls
index 70a2cbb..6e29e7a 100644
--- a/aptly/server/mirrors.sls
+++ b/aptly/server/mirrors.sls
@@ -32,18 +32,17 @@
{%- for mirror_name, mirror in server.mirror.iteritems() %}
-{%- for gpgkey in server.mirror[mirror_name].gpgkeys %}
+{%- for gpgkey in mirror.get('gpgkeys', []) %}
gpg_add_keys_{{ mirror_name }}_{{ gpgkey }}:
cmd.run:
- - name: gpg --no-tty --no-default-keyring --keyring trustedkeys.gpg --keyserver keys.gnupg.net --recv-keys {{ gpgkey }}
+ - name: gpg --no-tty --no-default-keyring --keyring {{ server.gpg.keyring }} --keyserver {{ mirror.keyserver|default(server.gpg.keyserver) }} --recv-keys {{ gpgkey }}
- user: aptly
- - unless: gpg --no-tty --no-default-keyring --keyring trustedkeys.gpg --list-public-keys {{gpgkey}}
+ - unless: gpg --no-tty --no-default-keyring --keyring {{ server.gpg.keyring }} --list-public-keys {{gpgkey}}
{%- endfor %}
-{%- if server.mirror[mirror_name].snapshots is defined %}
-{%- for snapshot in server.mirror[mirror_name].snapshots %}
+{%- for snapshot in mirror.get('snapshots', []) %}
aptly_addsnapshot_{{ mirror_name }}_{{ snapshot }}:
cmd.run:
@@ -54,8 +53,6 @@
- cmd: aptly_{{ mirror_name }}_update
{%- endfor %}
-{%- endif %}
-
aptly_{{ mirror_name }}_mirror:
cmd.run:
@@ -63,7 +60,7 @@
- user: aptly
- unless: aptly mirror show {{ mirror_name }}
-{%- if mirror.update is defined and mirror.update == True %}
+{%- if mirror.get('update', False) == True %}
aptly_{{ mirror_name }}_update:
cmd.run:
- name: aptly mirror update {{ mirror_name }}
@@ -72,7 +69,7 @@
- cmd: aptly_{{ mirror_name }}_mirror
{%- endif %}
-{%- if server.mirror[mirror_name].publish is defined %}
+{%- if mirror.publish is defined %}
aptly_publish_{{ server.mirror[mirror_name].publish }}_snapshot:
cmd.run:
- name: aptly publish snapshot -batch=true -gpg-key='{{ server.gpg_keypair_id }}' -passphrase='{{ server.gpg_passphrase }}' {{ server.mirror[mirror_name].publish }}
diff --git a/metadata/service/server/single.yml b/metadata/service/server/single.yml
index 7d6b642..3bd28e0 100644
--- a/metadata/service/server/single.yml
+++ b/metadata/service/server/single.yml
@@ -6,7 +6,8 @@
aptly:
server:
enabled: true
- gpg_passphrase: ${_param:aptly_gpg_passphrase}
+ gpg:
+ passphrase: ${_param:aptly_gpg_passphrase}
mirror_update:
enabled: true
hour: '*/12'