Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(RE-9326) update_yum_repo should automatically overwrite repodata when updating #109

Merged
merged 1 commit into from
Sep 20, 2017

Conversation

mwaggett
Copy link
Contributor

This commit adds the --yes option to the gpg command so that the person shipping doesn't have to manually type 'yes' for overwriting. In order for this to work, I had to remove --use-agent, but it seems that the use of keychain makes that option irrelevant anyway.

@mwaggett
Copy link
Contributor Author

Tested by running pl:remote:update_yum_repo from a checkout of puppet-agent where I changed data_repo to point to my fork of build_data with the change.

@@ -58,7 +58,7 @@ yum_repo_command: |
sudo chown -R root:release "${repodir}/repodata" ;
sudo chmod -R g+w "${repodir}/repodata" ;
createrepo --checksum=sha --database --update "${repodir}" ;
gpg --use-agent --armor --detach-sign -u __GPG_KEY__ "${repodir}/repodata/repomd.xml" ;

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How come specifying --yes and --use-agent broke? I don't see anything in the documentation that suggests they wouldn't work together.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I honestly have no idea, but when I had them together, I got this error:

gpg: skipped "--yes": secret key not available
gpg: signing failed: secret key not available

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This led me to try removing --use-agent: IJHack/QtPass#92 (comment)

@mwaggett
Copy link
Contributor Author

According to https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Options.html, gpg automatically tries to use the agent unless you specify otherwise.

…n updating

This commit adds the `--yes` option to the gpg command so that the person
shipping doesn't have to manually type 'yes' for overwriting. In order for this
to work, I had to stop using tty.
@mwaggett
Copy link
Contributor Author

@demophoon I was able to get --yes and --use-agent to work together when I removed the setting of tty - https://www.gnupg.org/documentation/manpage.html says "Make sure that the TTY (terminal) is never used for any output. This option is needed in some cases because GnuPG sometimes prints warnings to the TTY if if --batch is used."

Copy link
Contributor

@shrug shrug left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's merge first thing in the morning

@puppetcla
Copy link

CLA signed by all contributors.

@underscorgan underscorgan merged commit e1feffd into puppetlabs:release Sep 20, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants