From 9ec928c2ec402d5368a8ecb0ee9ad204ada366af Mon Sep 17 00:00:00 2001 From: Clark Boylan Date: Thu, 14 Mar 2019 14:32:13 -0700 Subject: [PATCH] Vendor the vhd-util PPA's gpg key We do this because the ubuntu keyservers haven't been super reliable recently, but also because it makes this a bit more secure as we control the entire pubkey material and avoid potential for id collisions. Change-Id: I38988905a46d250857f8509394c2c3b7ae3c2707 --- files/openstack-ci-core-ppa-key.pubkey | 28 ++++++++++++++++++++++++++ manifests/init.pp | 13 ++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 files/openstack-ci-core-ppa-key.pubkey diff --git a/files/openstack-ci-core-ppa-key.pubkey b/files/openstack-ci-core-ppa-key.pubkey new file mode 100644 index 0000000..95775ae --- /dev/null +++ b/files/openstack-ci-core-ppa-key.pubkey @@ -0,0 +1,28 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: SKS 1.1.6 +Comment: Hostname: keyserver.ubuntu.com + +mQINBFUZtK8BEADGaOXCZ/ypqcNEU5Y3rospyaJDhi9PiLndRXz6KxZEoDljmaLzQBMiJ3/l +nNflwcv07sBdQDqBjNClFdDbvP4ttIZsQzWYQya/uHzM3rNxbh2bw24Tz0n/+PwZ10NrGFIo +Xl9rU79tXe7XTJDifYvEXtpwnNcgo6/j3FJ9l7q9jQO4SwbK4dxKRLnwxPLsOtspvSp6J0PC +9j6TiPYTrQ8dp8mj05GFF7oK6ZlQAJ3lgYG/QaWA9rXF1bOMw7E/arMI4+WYQOhx+JHkCitk +ai000MdNRVykrvJD/r9pb6NSzyAIrs/hDYvRjD/+7d2pd47R0CLTQJjsT9JNDlZqpU7i6+47 +zAB9uYTVJFprNF7/BuQ84fK/o81ePwutt+gfGzhKvbjUNLUC6WxFzojZEDbixz0TUOgvjUsK +4VGoDyxLw1YLebjs5YdGROB19+771sx6leMZpdQhiTaXWlQrTyjbiS7f71Hx2Eng4hpyrySz +HbBrLzXqXjiMazxt1yp5qq3VEBBgb6iW1ejDihkew1dnx+IJbUJ+OCs8Exntdta9B5+gg557 +Q6egbxQBK3RZ/c+8JHR1ROZ63COQXtAyfTsWwyxcfm7OI0YkNkJ2gNkeMl3spKw4VbGgaC0W +BGKsdhVd9TfvtssBItS5/bgnIob/3aOFyCmNH33SGCjYDeopPQARAQABtCNMYXVuY2hwYWQg +UFBBIGZvciBPcGVuU3RhY2sgQ0kgQ29yZYkCOAQTAQIAIgUCVRm0rwIbAwYLCQgHAwIGFQgC +CQoLBBYCAwECHgECF4AACgkQFbbOfAGNBfUyCA/+OJEojrft6vxgh3iVDlDan1NavVm4D7F1 +mgfRlFwd9BC3trUkaLrNAqHXTi0fWtLeCqD3k0UAekA+0e58AL5EjeGyCadn9TT7oWlaXgiP +r9OHCaVV/z8DnalQny31PQhfweNOVyOMKh/o7BFaLc3i5KCU+qb/gAcCRC7tLI8Saxf2Czbo +A6tECr8CHxX9xHlnpspbcw5aAnEfpqd6BTagkkMjJ/+tDhC4pv9USwH3lbBjRlU93miuqoqt +ooMd++yyAKYd9c8ClRuI33rIAdoAmFfwwqk2prb9fF0BTxvfGdENZ+isOjvYTjzz0cYdBDrx +fZtl7ruYceC54/6Nt9aKX0ADJBJuiIcNjqgaNCjdBP/p7aCIJzh10GKeDIzitCrK/ikMWcsz +aqYtctBVQvRxGfF2MSAy/VJny0OhiQI6XVc6eK/9Iu9ZeEAC6GoQRIlarwYit+TGhqgYBKYT +jWwVlKUZAz7GCIF+wx+NTkUTWVQTnDzTFeBVbzGx3WHQhCqFNayXtKHrdImKfVpQjZZBVo42 +HzKqfGt/kNDM6IKhIuMlqlCUimVZpc3tawb+d8QTTS0IjLrW7dpFfRaZRk82AjQOp96WJL9L +oDvcEIfKg7RKmcGPBJ2qaquj+PA6yAZL5pX70jigBqjtJ0PZGm7jELb8bB70SVSGsvwHmEz0 +pSs= +=cc1L +-----END PGP PUBLIC KEY BLOCK----- diff --git a/manifests/init.pp b/manifests/init.pp index 57c6cab..390952e 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -22,8 +22,21 @@ class diskimage_builder ( include ::pip if $support_vhd { + file { '/root/openstack-ci-core-ppa-key.pubkey': + ensure => present, + owner => 'root', + group => 'root', + mode => '0644', + source => 'puppet:///modules/diskimage_builder/openstack-ci-core-ppa-key.pubkey', + } include ::apt + apt::key { 'openstack-ci-core-ppa-key': + id => '15B6CE7C018D05F5', + source => '/root/openstack-ci-core-ppa-key.pubkey', + require => File['/root/openstack-ci-core-ppa-key.pubkey'], + } apt::ppa { 'ppa:openstack-ci-core/vhd-util': + require => Apt::Key['openstack-ci-core-ppa-key'], } package { 'vhd-util': ensure => present,