fedora-lorax-templates

Clone
Source Code
GIT

#30 Move the key from a fixed value to a variable to get from pungi config
Merged 5 years ago by mohanboddu. Opened 5 years ago by pbrobinson.
pbrobinson/fedora-lorax-templates keys  into  master

file modified
+2 -2 
@@ -10,13 +10,13 @@ 
 

  ##  - ostree_install_ref - the ref to use when creating the ISO  

  ##  - ostree_update_ref  - the ref to use for updates of an installed system
 

  

- <%page args="ostree_osname, ostree_install_repo, ostree_update_repo, ostree_install_ref, ostree_update_ref"/>
 

+ <%page args="ostree_osname, ostree_install_repo, ostree_update_repo, ostree_install_ref, ostree_update_ref, ostree_oskey"/>

nit: ostree_gpgkey seems like it would be more descriptive. 

  append usr/share/anaconda/interactive-defaults.ks "ostreesetup --nogpg --osname=${ostree_osname} --remote=${ostree_osname} --url=file:///ostree/repo --ref=${ostree_update_ref}"
 

  append usr/share/anaconda/interactive-defaults.ks "firewall --use-system-defaults"
 

  

  append usr/share/anaconda/interactive-defaults.ks "%post --erroronfail"
 

  append usr/share/anaconda/interactive-defaults.ks "rm -f /etc/ostree/remotes.d/${ostree_osname}.conf"
 

- append usr/share/anaconda/interactive-defaults.ks "ostree remote add --set=gpg-verify=true --set=gpgkeypath=/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-30-primary ${ostree_osname} '${ostree_update_repo}'"
 

+ append usr/share/anaconda/interactive-defaults.ks "ostree remote add --set=gpg-verify=true --set=gpgkeypath=/etc/pki/rpm-gpg/RPM-GPG-KEY-${ostree_oskey} ${ostree_osname} '${ostree_update_repo}'"

can we make the variable be the full path? with https://github.com/ostreedev/ostree/issues/773 we will be changing it soon to /etc/pki/rpm-gpg/ and it would be nice to do that just in the pungi config and not have to change it here as well. 

  append usr/share/anaconda/interactive-defaults.ks "cp /etc/skel/.bash* /root"
 

  append usr/share/anaconda/interactive-defaults.ks "%end"

The keys are the only thing that is release specific, by pasing they key
from the pungi config it means the version components are all contained
in the one config.

Signed-off-by: Peter Robinson pbrobinson@gmail.com

can we make the variable be the full path? with https://github.com/ostreedev/ostree/issues/773 we will be changing it soon to /etc/pki/rpm-gpg/ and it would be nice to do that just in the pungi config and not have to change it here as well.

Pull-Request has been merged by mohanboddu
5 years ago

nit: ostree_gpgkey seems like it would be more descriptive.

@dustymabe I explicitly went with the short form because I felt it was neater, and that was the bit that changed from release to release. I believe the config change for rolling keys would need a different change and in fact would ultimately negate the need for this at that point in time but it's not yet landed in Fedora.

I believe the config change for rolling keys would need a different change

What would the different change be?

and in fact would ultimately negate the need for this at that point in time but it's not yet landed in Fedora.

It might negate the need for this change once we do standardize but I feel like there will be a period of time where even though the upstream change has landed in fedora where we will want the option of having it be different for the different streams.

For example, the change should be in fedora in the next month and I was going to immediately switch over silverblue in rawhide to use it, but I think you would probably want control to allow iot to not switch to it just yet (for whatever reason).

Metadata
None
No Tags
Changes Summary 1
+2 -2
file changed
ostree-based-installer/lorax-configure-repo.tmpl
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.