This website requires JavaScript.
Explore
Help
Sign In
ungleich-public
/
cdist
Watch
7
Star
4
Fork
You've already forked cdist
10
Code
Issues
57
Pull Requests
17
Projects
Releases
Wiki
Activity
0b05a8f5f7
cdist
/
cdist
/
conf
/
type
/
__apt_key
/
parameter
/
optional
7 lines
40 B
Plaintext
Raw
Normal View
History
Unescape
Escape
[__apt_key*] Deprecate __apt_key_uri and improve __apt_key Previously this type was falling back to using the deprecated apt-key(8) by checking for existence of files/directories on the controller host in gencode-remote. Adding `--use-deprecated-apt-key` as an explicit boolean serves two purposes: 1. It prevents fallbacks that might end up doing the wrong thing (as was the case) 2. It allows for a simple way to remove keys from the keyring that were previously added with apt-key(8) to /etc/apt/trusted.gpg This parameter is added marked as deprecated as is only intended use is to migrate to directory-based keyrings as recommended by Debian for a few releases. It will be removed when Debian 11 stops being supported. During the review process of this merge request, it was noted that the state of PGP Key Servers is somewhat suboptimal, that the examples encouraged bad practise (it is trivial to produce collisions for short key IDs), and that this use does not require the Web of Trust, but instead only the public key that is signing the repository. That is why this also adds `--source` as an argument allowing for in-type or in-manifest provision of such public keys by the type/manifest maintainer and the use of Key Servers is still supported, but discouraged.
2021-05-10 10:08:22 +00:00
keydir
import __apt_* types from private repo Signed-off-by: Steven Armstrong <steven@icarus.ethz.ch>
2014-02-04 11:24:10 +00:00
keyid
keyserver
[__apt_key*] Deprecate __apt_key_uri and improve __apt_key Previously this type was falling back to using the deprecated apt-key(8) by checking for existence of files/directories on the controller host in gencode-remote. Adding `--use-deprecated-apt-key` as an explicit boolean serves two purposes: 1. It prevents fallbacks that might end up doing the wrong thing (as was the case) 2. It allows for a simple way to remove keys from the keyring that were previously added with apt-key(8) to /etc/apt/trusted.gpg This parameter is added marked as deprecated as is only intended use is to migrate to directory-based keyrings as recommended by Debian for a few releases. It will be removed when Debian 11 stops being supported. During the review process of this merge request, it was noted that the state of PGP Key Servers is somewhat suboptimal, that the examples encouraged bad practise (it is trivial to produce collisions for short key IDs), and that this use does not require the Web of Trust, but instead only the public key that is signing the repository. That is why this also adds `--source` as an argument allowing for in-type or in-manifest provision of such public keys by the type/manifest maintainer and the use of Key Servers is still supported, but discouraged.
2021-05-10 10:08:22 +00:00
source
state
Use gpg key, fallback to deprecated apt-key Fixes #762
2019-05-25 13:58:39 +00:00
uri