yum: Multiple enhancements
* Add support for specifying path for X.509 CA file so Yum validates HTTPS connections to repository. * Add support for disabling package's GPG signature validation. * Add support for validating repository's metadata using GPG signature. * Add define for using repositories from packagecloud.io. * Add repository for Basho's Riak using packagecloud.io.
This commit is contained in:
Ossi Herrala
Ossi Herrala
parent
1661e89691
commit
6c56b0dc3b
3 changed files with 130 additions and 5 deletions
64
yum/files/keys/packagecloud.io.key
Normal file
64
yum/files/keys/packagecloud.io.key
Normal file
|
|
@ -0,0 +1,64 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v1.4.11 (GNU/Linux)
|
||||
|
||||
mQINBFLUbogBEADceEoxBDoE6QM5xV/13qiELbFIkQgy/eEi3UesXmJblFdU7wcD
|
||||
LOW3NuOIx/dgbZljeMEerj6N1cR7r7X5sVoFVEZiK4RLkC3Cpdns0d90ud2f3VyK
|
||||
K7PXRBstdLm3JlW9OWZoe4VSADSMGWm1mIhT601qLKKAuWJoBIhnKY/RhA/RBXt7
|
||||
z22g4ta9bT67PlliTo1a8y6DhUA7gd+5TsVHaxDRrzc3mKObdyS5LOT/gf8Ti2tY
|
||||
BY5MBbQ8NUGExls4dXKlieePhKutFbde7sq3n5sdp1Ndoran1u0LsWnaSDx11R3x
|
||||
iYfXJ6xGukAc6pYlUD1yYjU4oRGhD2fPyuewqhHNUVwqupTBQtEGULrtdwK04kgI
|
||||
H93ssGRsLqUKe88uZeeBczVuupv8ZLd1YcQ29AfJHe6nsevsgjF+eajYlzsvC8BN
|
||||
q3nOvvedcuI6BW4WWFjraH06GNTyMAZi0HibTg65guZXpLcpPW9hTzXMoUrZz8Mv
|
||||
J9yUBcFPKuFOLDpRP6uaIbxJsYqiituoltl0vgS/vJcpIVVRwSaqPHa6S63dmKm2
|
||||
6gq18v4l05mVcInPn+ciHtcSlZgQkCsRTSvfUrK+7nzyWtNQMGKstAZ7AHCoA8Pb
|
||||
c3i7wyOtnTgfPFHVpHg3JHsPXKk9/71YogtoNFoETMFeKL1K+O+GMQddYQARAQAB
|
||||
tDdwYWNrYWdlY2xvdWQgb3BzIChwcm9kdWN0aW9uIGtleSkgPG9wc0BwYWNrYWdl
|
||||
Y2xvdWQuaW8+iQI+BBMBAgAoBQJS1G6IAhsvBQkJZgGABgsJCAcDAgYVCAIJCgsE
|
||||
FgIDAQIeAQIXgAAKCRDC5zQk1ZCXq13KD/wNzAi6rEzRyx6NH61Hc19s2QAgcU1p
|
||||
1mX1Tw0fU7CThx1nr8JrG63465c9dzUpVzNTYvMsUSBJwbb1phahCMNGbJpZRQ5b
|
||||
vW/i3azmk/EHKL7wgMV8wu1atu6crrxGoDEfWUa4aIwbxZGkoxDZKZeKaLxz2ZCh
|
||||
uKzjvkGUk4PUoOxxPn9XeFmJQ68ys4Z0CgIGfx2i64apqfsjVEdWEEBLoxHFIPy7
|
||||
FgFafRL0bgsquwPkb5q/dihIzJEZ2EMOGwXuUaKI/UAhgRIUGizuW7ECEjX4FG92
|
||||
8RsizHBjYL5Gl7DMt1KcPFe/YU/AdWEirs9pLQUr9eyGZN7HYJ03Aiy8R5aMBoeY
|
||||
sfxjifkbWCpbN+SEATaB8YY6Zy2LK/5TiUYNUYb/VHP//ZEv0+uPgkoro6gWVkvG
|
||||
DdXqH2d9svwfrQKfGSEQYXlLytZKvQSDLAqclSANs/y5HDjUxgtWKdsL3xNPCmff
|
||||
jpyiqS4pvoTiUwS4FwBsIR2sBDToIEHDvTNk1imeSmxCUgDxFzWkmB70FBmwz7zs
|
||||
9FzuoegrAxXonVit0+f3CxquN7tS0mHaWrZfhHxEIt65edkIz1wETOch3LIg6RaF
|
||||
wsXgrZCNTB/zjKGAFEzxOSBkjhyJCY2g74QNObKgTSeGNFqG0ZBHe2/JQ33UxrDt
|
||||
peKvCYTbjuWlyrkCDQRS1G6IARAArtNBXq+CNU9DR2YCi759fLR9F62Ec/QLWY3c
|
||||
/D26OqjTgjxAzGKbu1aLzphP8tq1GDCbWQ2BMMZI+L0Ed502u6kC0fzvbppRRXrV
|
||||
axBrwxY9XhnzvkXXzwNwnBalkrJ5Yk0lN8ocwCuUJohms7V14nEDyHgAB8yqCEWz
|
||||
Qm/SIZw35N/insTXshcdiUGeyufo85SFhCUqZ1x1TkSC/FyDG+BCwArfj8Qwdab3
|
||||
UlUEkF6czTjwWIO+5vYuR8bsCGYKCSrGRh5nxw0tuGXWXWFlBMSZP6mFcCDRQDGc
|
||||
KOuGTjiWzLJcgsEcBoIX4WpHJYgl6ovex7HkfQsWPYL5V1FIHMlw34ALx4aQDH0d
|
||||
PJpC+FxynrfTfsIzPnmm2huXPGGYul/TmOp00CsJEcKOjqcrYOgraYkCGVXbd4ri
|
||||
6Pf7wJNiJ8V1iKTzQIrNpqGDk306Fww1VsYBLOnrSxNPYOOu1s8c8c9N5qbEbOCt
|
||||
QdFf5pfuqsr5nJ0G4mhjQ/eLtDA4E7GPrdtUoceOkYKcQFt/yqnL1Sj9Ojeht3EN
|
||||
PyVSgE8NiWxNIEM0YxPyJEPQawejT66JUnTjzLfGaDUxHfseRcyMMTbTrZ0fLJSR
|
||||
aIH1AubPxhiYy+IcWOVMyLiUwjBBpKMStej2XILEpIJXP6Pn96KjMcB1grd0J2vM
|
||||
w2Kg3E8AEQEAAYkERAQYAQIADwUCUtRuiAIbLgUJCWYBgAIpCRDC5zQk1ZCXq8Fd
|
||||
IAQZAQIABgUCUtRuiAAKCRA3u+4/etlbPwI5D/4idr7VHQpou6c/YLnK1lmz3hEi
|
||||
kdxUxjC4ymOyeODsGRlaxXfjvjOCdocMzuCY3C+ZfNFKOTtVY4fV5Pd82MuY1H8l
|
||||
nuzqLxT6UwpIwo+yEv6xSK0mqm2FhT0JSQ7E7MnoHqsU0aikHegyEucGIFzew6BJ
|
||||
UD2xBu/qmVP/YEPUzhW4g8uD+oRMxdAHXqvtThvFySY/rakLQRMRVwYdTFHrvu3z
|
||||
HP+6hpZt25llJb3DiO+dTsv+ptLmlUr5JXLSSw2DfLxQa0kD5PGWpFPVJcxraS2p
|
||||
NDK9KTi2nr1ZqDxeKjDBT6zZOs9+4JQ9fepn1S26AmHWHhyzvpjKxVm4sOilKysi
|
||||
84CYluNrlEnidNf9wQa3NlLmtvxXQfm1py5tlwL5rE+ek1fwleaKXRcNNmm+T+vD
|
||||
dIw+JcHy8a53nK1JEfBqEuY6IqEPKDke0wDIsDLSwI1OgtQoe7Cm1PBujfJu4rYQ
|
||||
E+wwgWILTAgIy8WZXAloTcwVMtgfSsgHia++LqKfLDZ3JuwpaUAHAtguPy0QddvF
|
||||
I4R7eFDVwHT0sS3AsG0HAOCY/1FRe8cAw/+9Vp0oDtOvBWAXycnCbdQeHvwh2+Uj
|
||||
2u2f7K3CDMoevcBl4L5fkFkYTkmixCDy5nst1VM5nINueUIkUAJJbOGpd6yFdif7
|
||||
mQR0JWcPLudb+fwusJ4UEACYWhPa8Gxa7eYopRsydlcdEzwpmo6E+V8GIdLFRFFp
|
||||
KHQEzbSW5coxzU6oOiPbTurCZorIMHTA9cpAZoMUGKaSt19UKIMvSqtcDayhgf4c
|
||||
Z2ay1z0fdJ2PuLeNnWeiGyfq78q6wqSaJq/h6JdAiwXplFd3gqJZTrFZz7A6Q6Pd
|
||||
7B+9PZ/DUdEO3JeZlHJDfRmfU2XPoyPUoq79+whP5Tl3WwHUv7Fg357kRSdzKv9D
|
||||
bgmhqRHlgVeKn9pwN4cpVBN+idzwPefQksSKH4lBDvVr/9j+V9mmrOx7QmQ5LCc/
|
||||
1on+L0dqo6suoajADhKy+lDQbzs2mVb4CLpPKncDup/9iJbjiR17DDFMwgyCoy5O
|
||||
HJICQ5lckNNgkHTS6Xiogkt28YfK4P3S0GaZgIrhKQ7AmO3O+hB12Zr+olpeyhGB
|
||||
OpBD80URntdEcenvfnXBY/BsuAVbTGXiBzrlBEyQxg656jUeqAdXg+nzCvP0yJlB
|
||||
UOjEcwyhK/U2nw9nGyaR3u0a9r24LgijGpdGabIeJm6O9vuuqFHHGI72pWUEs355
|
||||
lt8q1pAoJUv8NehQmlaR0h5wcwhEtwM6fiSIUTnuJnyHT053GjsUD7ef5fY1KEFm
|
||||
aZeW04kRtFDOPinz0faE8hvsxzsVgkKye1c2vkXKdOXvA3x+pZzlTHtcgMOhjKQA
|
||||
sA==
|
||||
=H60S
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
|
|
@ -199,8 +199,16 @@ class yum::exclude {
|
|||
# $descr:
|
||||
# Repository description. Defaults to $name.
|
||||
# $gpgkey:
|
||||
# Location where GPG signing key can be found. If not set
|
||||
# GPG check will be disabled.
|
||||
# Location where GPG signing key can be found.
|
||||
# $gpgcheck:
|
||||
# Perform GPG signature check for packages. Enabled by default
|
||||
# if $gpgkey is set.
|
||||
# $repocheck:
|
||||
# Perform GPG signature check for repository metadata.
|
||||
# $sslcacert:
|
||||
# Path to the file containing the certificates of the
|
||||
# certificate authorities yum should use to verify TLS
|
||||
# connections.
|
||||
# $priority:
|
||||
# Optional priority for this repository.
|
||||
#
|
||||
|
|
@ -212,7 +220,17 @@ class yum::exclude {
|
|||
# gpgkey => "http://tmz.fedorapeople.org/repo/RPM-GPG-KEY-tmz",
|
||||
# }
|
||||
#
|
||||
define yum::repo($ensure="present", $baseurl="", $mirrorlist="", $descr="", $gpgkey="", $priority="") {
|
||||
define yum::repo(
|
||||
$ensure="present",
|
||||
$baseurl="",
|
||||
$mirrorlist="",
|
||||
$descr="",
|
||||
$gpgkey="",
|
||||
$gpgcheck=true,
|
||||
$repocheck=false,
|
||||
$sslcacert="",
|
||||
$priority=""
|
||||
) {
|
||||
|
||||
tag("bootstrap")
|
||||
|
||||
|
|
@ -271,6 +289,30 @@ define yum::repo($ensure="present", $baseurl="", $mirrorlist="", $descr="", $gpg
|
|||
}
|
||||
|
||||
|
||||
# packagecloud.io repositories
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# $name:
|
||||
# Repository path under packagecloud.io. For example
|
||||
# "basho/riak".
|
||||
#
|
||||
define yum::repo::packagecloud() {
|
||||
|
||||
$filename = regsubst($name, '\/', '_')
|
||||
|
||||
yum::repo { $filename:
|
||||
descr => "$name repository from packagecloud.io",
|
||||
baseurl => "https://packagecloud.io/$name/el/\$releasever/\$basearch",
|
||||
gpgkey => "puppet:///modules/yum/keys/packagecloud.io.key",
|
||||
gpgcheck => false,
|
||||
repocheck => true,
|
||||
sslcacert => "/etc/pki/tls/certs/ca-bundle.crt",
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
# Add Adobe repository
|
||||
#
|
||||
class yum::repo::adobe {
|
||||
|
|
@ -676,3 +718,12 @@ class yum::repo::mod_spdy {
|
|||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
# Add Basho's riak repository
|
||||
#
|
||||
class yum::repo::riak {
|
||||
|
||||
yum::repo::packagecloud { "basho/riak": }
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,12 +6,22 @@ baseurl=<%= @baseurl %>
|
|||
<% else -%>
|
||||
mirrorlist=<%= @mirrorlist %>
|
||||
<% end -%>
|
||||
<% if @gpgkey_real != '' -%>
|
||||
gpgcheck=1
|
||||
<% if @gpgkey_real != '' && gpgcheck != false -%>
|
||||
gpgkey=<%= @gpgkey_real %>
|
||||
gpgcheck=1
|
||||
<% elsif @gpgkey_real != '' -%>
|
||||
gpgkey=<%= @gpgkey_real %>
|
||||
gpgcheck=0
|
||||
<% else -%>
|
||||
gpgcheck=0
|
||||
<% end -%>
|
||||
<% if @repocheck != false -%>
|
||||
repo_gpgcheck=1
|
||||
<% end -%>
|
||||
<% if @sslcacert != '' -%>
|
||||
sslverify=1
|
||||
sslcacert=<%= @sslcacert %>
|
||||
<% end -%>
|
||||
<% if @priority != '' -%>
|
||||
priority=<%= @priority %>
|
||||
<% end -%>
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue