New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(SIMP-8582) Add params to override default gpgkey #242
Conversation
This patch introduces the new parameters `baseurl` and `gpgkey` to `simp::yum::repo::local_simp` and `simp::yum::repo::local_os_updates`. These parameters provide a way to completely override ther respective yumrepo settings, which makes it possible to host the packages' GPG key in a non-repo location, as CentOS 8 now requires. [SIMP-8582] #close [SIMP-8470] #close
# | ||
# @param gpgkey |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the documentation is confusing. Without delving into the code to see that gpgkeys are set for you, I do not see why is this parameter is needed when extra_gpgkey_urls could be used. Are intending to deprecate extra_gpgkey_urls? Also, why isn't gpgkey an array? It could be an array of Simplib::URI types.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@lnemsick-simp Would you prefer something like disable_defaults
or the like? That would make extra_gpgkey_urls
the only thing that works. Looking back at this, it's sort of confusing across the board but we needed some way to make things "just work".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@trevor-vaughan How about default_gpgkey_urls
as an Array[Simplib::URI]
. This would expose the parameter for what it really is and the documentation in the CHANGELOG could explain that. Then the user could override it. When they need to override it they are unlikely to set extra_gpgkey_urls
. But I do not see the need to make them mutually exclusive.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After re-reading the original, as well as all of this, I think that it makes sense to push the new gpgkey
parameter back into the code.
It looks like using servers
(with URLs as confusing as that is) combined with extra_gpgkeys
should give people everything that they need.
Changing servers
to default_gpgkeys
probably makes sense but is API breaking so we can figure out if we want to flip it with a compat option or just leave it for now.
As a note, if people need to get fancy, they can just disable ALL of this and use |
After posting that comment, I'm starting to wonder if we shouldn't push our default repos into Hiera so that it's more obvious and easier to change 🤔 |
Ok, I see why this is necessary now. Fine with this since it's largely internal but we should probably move this to pure Hiera at some point. |
REFERENCE.md needs to be regenerated for docs changes. |
This patch introduces the new parameters
baseurl
andgpgkey
tosimp::yum::repo::local_simp
andsimp::yum::repo::local_os_updates
.These parameters provide a way to completely override ther respective
yumrepo settings, which makes it possible to host the packages' GPG key
in a non-repo location, as CentOS 8 now requires.
SIMP-8582 #close
SIMP-8470 #close