Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Custom Repo Fixes #434

Merged
merged 7 commits into from
Nov 13, 2024
Merged

Conversation

adamperlin
Copy link
Contributor

@adamperlin adamperlin commented Nov 13, 2024

What this PR does / why we need it:

This PR adds a few fixes for the custom repos feature.

  1. Adds code to fill defaults in the extra_repos section of the spec.
  2. Adds a permissions field to the http source. This allows us to fill in the permissions by default if they are on an http source that is nested under a key. It is important that fetched gpg keys have the proper permissions, otherwise apt cannot import them properly. Assuming that they do have proper permissions, apt can handle both .asc and .gpg keys just fine. This makes the explicit de-armor step unnecessary and means we no longer need gpg as a dependency in the jammy worker images.
  3. Adds armored and de-armored key test variants to the custom repo tests to ensure everything is working properly.

Which issue(s) this PR fixes (optional, using fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when the PR gets merged):
Fixes #425

Special notes for your reviewer:

@adamperlin adamperlin requested a review from a team as a code owner November 13, 2024 18:57
@cpuguy83
Copy link
Member

So this is no longer dearmoring keys at all?

@adamperlin
Copy link
Contributor Author

So this is no longer dearmoring keys at all?

Yes. It should not be needed as long as the file extension on the keys is correct.

@cpuguy83
Copy link
Member

There may be something in the docs about this, can you update that?

…es. This way

we can fill in permissions by default if they are on an http source that is nested under a key,
and let apt handle the key based on its format (though the file extension still must be correct).

Remove worker parameter for GetRepoKeys as dearmoring is no longer needed
Update http source docs now that digest verification and file permissions are supported options
@adamperlin adamperlin force-pushed the adamperlin/custom-repo-fixes branch from b8468d9 to 22330ce Compare November 13, 2024 20:09
@adamperlin
Copy link
Contributor Author

Docs are now updated

@cpuguy83 cpuguy83 merged commit 363d043 into Azure:main Nov 13, 2024
10 checks passed
@adamperlin adamperlin deleted the adamperlin/custom-repo-fixes branch November 13, 2024 20:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Fill defaults for sources in the extra_repos section of the spec
2 participants