Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prepare pkg keys rotation #365

Merged
merged 3 commits into from
Nov 15, 2016
Merged

Prepare pkg keys rotation #365

merged 3 commits into from
Nov 15, 2016

Commits on Oct 5, 2016

  1. [apt][repository] Trust new apt key 

    Ease transition to new apt key that will sign our repo in the future.

This ensures that the cookbook installs the new key. When we switch to
using the new key to sign the `Release` file of the apt repo, this will
make sure that the new key is trusted.

After the switch, we should make this new key the main key in the
`apt_repository` resource and remove this `execute` resource.
Optionally, we could make the cookbook delete the old key.
    @olivielpeau
    olivielpeau committed Oct 5, 2016
    Configuration menu
    Copy the full SHA
    547fde2 View commit details
    Browse the repository at this point in the history

  2. [yum][repository] Import new RPM key 

    Ease transition to new RPM key that will sign our RPM packages in the
future.

This will install the new key. The location of the key is defined in
an attribute for users that host the keys internally. The signature of
the downloaded key is checked to make sure that the key is legitimate.

Once packages start being signed with the new key, we should make the
cookbook set the correct `gpgkey` on the `yum_repository` resource
depending on the version of the Agent that needs installing.
Optionally, we could make the cookbook delete the other key.
    @olivielpeau
    olivielpeau committed Oct 5, 2016
    Configuration menu
    Copy the full SHA
    4a5c870 View commit details
    Browse the repository at this point in the history

  3. [ci] Set Ohai log level to :warn 

    Otherwise `rake spec` can be spammed by debug-level log messages
    @olivielpeau
    olivielpeau committed Oct 5, 2016
    Configuration menu
    Copy the full SHA
    028aa79 View commit details
    Browse the repository at this point in the history