Update gpgkey for yum repos

[tequeter]

This updates the gpgkey line of the yum repositories as per Gitlab's install docs. At the moment, the master branch fails to install because of this.

The first three commits are PR #271, 227abb5 is the only relevant change here.

I'll rebase this PR if needed when #271 is updated.

[bastelfreak]

might be a good idea to add:

it { is_expected.to compile.with_all_deps }

[bastelfreak]

mhm, this should be rebased after #271 got merged?

[LongLiveCHIEF]

Gitlab's key is the same for both ce and ee, and they both point to the location that is currently in the data here. I've spoken with gitlab about this in their docs, they just haven't gotten around to updating it yet.

Opening an issue and issuing a fix based on my comment from your PR in #271 should solve both of these issues.

[LongLiveCHIEF]

related: #206

To confirm, you should note that the latest official release of this module works with both ce and ee using the currently specified values of the key.

The reason the install isn't working goes back to the issue you noted in your PR in #271

[tequeter]

Your version lacks https://packages.gitlab.com/gitlab/gitlab-ee/gpgkey/gitlab-gitlab-ee-3D645A26AB9FBD22.pub.gpg, which is required to install packages signed with 3CFCF9BAF27EAB47.

Thus, I respectfully disagree.

$ rpm -qp --qf '%{SIGPGP:pgpsig}\n' gitlab-ce-11.2.3-ce.0.el7.x86_64.rpm
RSA/SHA1, Tue Aug 28 19:00:11 2018, Key ID 3cfcf9baf27eab47

vs.

$ wget -q https://packages.gitlab.com/gitlab/gitlab-ee/gpgkey/gitlab-gitlab-ee-3D645A26AB9FBD22.pub.gpg
$ gpg --dearmor gitlab-gitlab-ee-3D645A26AB9FBD22.pub.gpg
$ gpg --no-default-keyring --keyring ./gitlab-gitlab-ee-3D645A26AB9FBD22.pub.gpg.gpg --list-sigs                                                                                            
./gitlab-gitlab-ee-3D645A26AB9FBD22.pub.gpg.gpg
-----------------------------------------------
pub   rsa4096 2017-08-01 [SC] [expires: 2019-08-01]
      DBEF89774DDB9EB37D9FC3A03CFCF9BAF27EAB47
uid           [ unknown] GitLab, Inc. <support@gitlab.com>
sig 3        3CFCF9BAF27EAB47 2017-08-01  GitLab, Inc. <support@gitlab.com>
sub   rsa4096 2017-08-01 [E] [expires: 2019-08-01]
sig          3CFCF9BAF27EAB47 2017-08-01  GitLab, Inc. <support@gitlab.com>

vs.

$ wget https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
$ gpg --dearmor gpgkey
$ gpg --no-default-keyring --keyring ./gpgkey.gpg --list-sigs 
./gpgkey.gpg
------------
pub   rsa4096 2015-04-17 [SC] [expires: 2020-04-15]
      1A4C919DB987D435939638B914219A96E15E78F4
uid           [ unknown] GitLab B.V. (package repository signing key) <packages@gitlab.com>
sig 3        14219A96E15E78F4 2015-04-17  GitLab B.V. (package repository signing key) <packages@gitlab.com>

However, URLs:

• https://packages.gitlab.com/gpg.key
• https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
• https://packages.gitlab.com/gitlab/gitlab-ee/gpgkey

do resolve to the same file, I just changed that part for consistency with the upstream repos definition.

[LongLiveCHIEF]

Ok. Let's put this in then. Can you isolate the changes in this PR to just the things required for the gpgkey? I'd like to accept this one before #271 (see comments in 271 and #273).

[tequeter]

There. I used the same URLs than in Gitlab's repos definition as that seems more future-proof, but feel free to revert to https://packages.gitlab.com/gpg.key and/or to hardcode -ce instead of per-edition URLs. No strong opinion, as long as we get 3CFCF9BAF27EAB47 in the mix.

Of course, the %{lookup('gitlab::edition')} I used are just placeholders, they'll need some kind of fix as discussed in #271.