From 83cc936c822f8a3da022df8230eea3f7691313b6 Mon Sep 17 00:00:00 2001 From: cronekorkn Date: Mon, 31 Jul 2023 21:12:15 +0200 Subject: [PATCH] apt key variables --- bundles/apt/items.py | 2 +- bundles/apt/metadata.py | 3 +-- groups/os/debian-11.py | 10 ---------- groups/os/debian-12.py | 2 -- groups/os/debian.py | 2 ++ libs/apt.py | 25 ++++++++++++++----------- 6 files changed, 18 insertions(+), 26 deletions(-) diff --git a/bundles/apt/items.py b/bundles/apt/items.py index ee0e1b5..9f34902 100644 --- a/bundles/apt/items.py +++ b/bundles/apt/items.py @@ -73,7 +73,7 @@ actions = { for name, config in node.metadata.get('apt/sources').items(): # place keyfile - keyfile_destination_path = config['options']['Signed-By'] + keyfile_destination_path = repo.libs.apt.format_variables(node, config['options']['Signed-By']) files[keyfile_destination_path] = { 'source': join(repo.path, 'data', 'apt', 'keys', basename(keyfile_destination_path)), 'content_type': 'binary', diff --git a/bundles/apt/metadata.py b/bundles/apt/metadata.py index c09ab76..830e47f 100644 --- a/bundles/apt/metadata.py +++ b/bundles/apt/metadata.py @@ -80,8 +80,7 @@ def signed_by(metadata): 'sources': { source_name: { 'options': { - #'Signed-By': 'XXXXXXXX', - 'Signed-By': '/etc/apt/keyrings/' + metadata.get(f'apt/sources/{source_name}/key') + '.' + repo.libs.apt.find_keyfile_extension(repo, metadata.get(f'apt/sources/{source_name}/key')), + 'Signed-By': '/etc/apt/keyrings/' + metadata.get(f'apt/sources/{source_name}/key') + '.' + repo.libs.apt.find_keyfile_extension(node, metadata.get(f'apt/sources/{source_name}/key')), }, } for source_name in metadata.get('apt/sources') diff --git a/groups/os/debian-11.py b/groups/os/debian-11.py index 6cd7198..81c8de7 100644 --- a/groups/os/debian-11.py +++ b/groups/os/debian-11.py @@ -3,16 +3,6 @@ 'debian', ], 'metadata': { - 'apt': { - 'sources': { - 'debian': { - 'key': 'debian-11', - }, - 'debian-security': { - 'key': 'debian-11-security', - }, - }, - }, 'php': { 'version': '7.4', }, diff --git a/groups/os/debian-12.py b/groups/os/debian-12.py index d6db85d..e749175 100644 --- a/groups/os/debian-12.py +++ b/groups/os/debian-12.py @@ -9,13 +9,11 @@ 'components': { 'non-free-firmware', }, - 'key': 'debian-12', }, 'debian-security': { 'components': { 'non-free-firmware', }, - 'key': 'debian-12-security', }, }, }, diff --git a/groups/os/debian.py b/groups/os/debian.py index 7061503..cbdc15e 100644 --- a/groups/os/debian.py +++ b/groups/os/debian.py @@ -24,6 +24,7 @@ 'contrib', 'non-free', }, + 'key': 'debian-{version}', }, 'debian-security': { 'url': 'https://security.debian.org/', @@ -35,6 +36,7 @@ 'contrib', 'non-free', }, + 'key': 'debian-{version}-security', }, }, 'packages': { diff --git a/libs/apt.py b/libs/apt.py index e7eab5d..f42ce0a 100644 --- a/libs/apt.py +++ b/libs/apt.py @@ -5,12 +5,21 @@ from glob import glob from os.path import join, basename, exists -def find_keyfile_extension(repo, key_name): +def format_variables(node, string): + return string.format( + codename=node.metadata.get('os_codename'), + version=node.os_version[0], + ) + + +def find_keyfile_extension(node, key_name): + formatted_key_name = format_variables(node, key_name) + for extension in ('asc', 'gpg'): - if exists(join(repo.path, 'data', 'apt', 'keys', f'{key_name}.{extension}')): + if exists(join(node.repo.path, 'data', 'apt', 'keys', f'{formatted_key_name}.{extension}')): return extension else: - raise Exception(f"no keyfile '{key_name}.(asc|gpg)' found") + raise Exception(f"no keyfile '{formatted_key_name}.(asc|gpg)' found") def render_apt_conf(section, depth=0): @@ -77,11 +86,5 @@ def render_source(node, source_name): f'{key}: ' + value ) - # render to string and replace version/codename - string = '\n'.join(lines).format( - codename=node.metadata.get('os_codename'), - version=node.os_version[0], # WIP crystal - ) + '\n' - - # return - return string + # render to string and format variables + return format_variables(node, '\n'.join(lines) + '\n')