diff options
author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2012-03-21 16:40:52 -0400 |
---|---|---|
committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2012-03-21 16:40:52 -0400 |
commit | 1b7462de5d95b8d195866c1bafb9fb8b6957334e (patch) | |
tree | 627f01b490d61033aec107721f61332ea6db0770 | |
parent | fb556e7675e1c13f8d3fbdce0aeb0d3e30ff9123 (diff) | |
download | bcfg2-1b7462de5d95b8d195866c1bafb9fb8b6957334e.tar.gz bcfg2-1b7462de5d95b8d195866c1bafb9fb8b6957334e.tar.bz2 bcfg2-1b7462de5d95b8d195866c1bafb9fb8b6957334e.zip |
fixed automatic handling of GPGKeys
-rw-r--r-- | doc/server/plugins/generators/packages.txt | 8 | ||||
-rw-r--r-- | src/lib/Server/Plugins/Packages/Yum.py | 64 |
2 files changed, 46 insertions, 26 deletions
diff --git a/doc/server/plugins/generators/packages.txt b/doc/server/plugins/generators/packages.txt index 93b5308be..276b73093 100644 --- a/doc/server/plugins/generators/packages.txt +++ b/doc/server/plugins/generators/packages.txt @@ -158,9 +158,11 @@ Handling GPG Keys .. versionadded:: 1.2.0 -Packages can automatically handle GPG signing keys for Yum and Pulp -repositories. Simply specify the URL to the GPG key(s) for a -repository in ``sources.xml``:: +If you have yum libraries installed, Packages can automatically handle +GPG signing keys for Yum and Pulp repositories. (You do not need to +use the native yum resolver; if yum libraries are available, GPG +signing keys can be handled automatically.) Simply specify the URL to +the GPG key(s) for a repository in ``sources.xml``:: <Source type="yum" rawurl="http://mirror.example.com/centos6-x86_64/RPMS.os"> diff --git a/src/lib/Server/Plugins/Packages/Yum.py b/src/lib/Server/Plugins/Packages/Yum.py index 1937dbf83..e13b28251 100644 --- a/src/lib/Server/Plugins/Packages/Yum.py +++ b/src/lib/Server/Plugins/Packages/Yum.py @@ -197,8 +197,21 @@ class YumCollection(Collection): needkeys.add(key) if len(needkeys): - keypkg = lxml.etree.Element('BoundPackage', name="gpg-pubkey", - type=self.ptype, origin='Packages') + if has_yum: + # this must be be has_yum, not use_yum, because + # regardless of whether the user wants to use the yum + # resolver we want to include gpg key data + keypkg = lxml.etree.Element('BoundPackage', name="gpg-pubkey", + type=self.ptype, origin='Packages') + else: + self.logger.warning("GPGKeys were specified for yum sources in " + "sources.xml, but no yum libraries were " + "found") + self.logger.warning("GPG key version/release data cannot be " + "determined automatically") + self.logger.warning("Install yum libraries, or manage GPG keys " + "manually") + keypkg = None for key in needkeys: # figure out the path of the key on the client @@ -219,7 +232,8 @@ class YumCollection(Collection): # hook to add version/release info if possible self._add_gpg_instances(keypkg, kdata, localkey, remotekey) independent.append(keypath) - independent.append(keypkg) + if keypkg is not None: + independent.append(keypkg) # see if there are any pulp sources to handle has_pulp_sources = False @@ -274,20 +288,25 @@ class YumCollection(Collection): def _add_gpg_instances(self, keyentry, keydata, localkey, remotekey): """ add gpg keys to the specification to ensure they get installed """ - if self.use_yum: - try: - kinfo = yum.misc.getgpgkeyinfo(keydata) - version = yum.misc.keyIdToRPMVer(kinfo['keyid']) - release = yum.misc.keyIdToRPMVer(kinfo['timestamp']) - - lxml.etree.SubElement(keyentry, 'Instance', - version=version, - release=release, - simplefile=remotekey) - except ValueError: - err = sys.exc_info()[1] - self.logger.error("Packages: Could not read GPG key %s: %s" % - (localkey, err)) + # this must be be has_yum, not use_yum, because regardless of + # whether the user wants to use the yum resolver we want to + # include gpg key data + if not has_yum: + return + + try: + kinfo = yum.misc.getgpgkeyinfo(keydata) + version = yum.misc.keyIdToRPMVer(kinfo['keyid']) + release = yum.misc.keyIdToRPMVer(kinfo['timestamp']) + + lxml.etree.SubElement(keyentry, 'Instance', + version=version, + release=release, + simplefile=remotekey) + except ValueError: + err = sys.exc_info()[1] + self.logger.error("Packages: Could not read GPG key %s: %s" % + (localkey, err)) def is_package(self, package): if not self.use_yum: @@ -436,19 +455,18 @@ class YumSource(Source): repoapi = RepositoryAPI() try: self.repo = repoapi.repository(self.pulp_id) - self.gpgkeys = ["%s/%s" % (PULPCONFIG.cds['keyurl'], key) + self.gpgkeys = [os.path.join(PULPCONFIG.cds['keyurl'], key) for key in repoapi.listkeys(self.pulp_id)] except server.ServerRequestError: err = sys.exc_info()[1] if err[0] == 401: msg = "Packages: Error authenticating to Pulp: %s" % err[1] elif err[0] == 404: - msg = "Packages: Pulp repo id %s not found: %s" % (self.pulp_id, - err[1]) + msg = "Packages: Pulp repo id %s not found: %s" % \ + (self.pulp_id, err[1]) else: - msg = "Packages: Error %d fetching pulp repo %s: %s" % (err[0], - self.pulp_id, - err[1]) + msg = "Packages: Error %d fetching pulp repo %s: %s" % \ + (err[0], self.pulp_id, err[1]) raise SourceInitError(msg) except socket.error: err = sys.exc_info()[1] |