Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warn when using insecure key_urls on apt based systems #63004

Merged
merged 3 commits into from
Nov 4, 2022
Merged

Warn when using insecure key_urls on apt based systems #63004

merged 3 commits into from
Nov 4, 2022

Conversation

MKLeb
Copy link
Contributor

@MKLeb MKLeb commented Nov 2, 2022

What does this PR do?

Warn when using insecure (http, not https) key_urls on apt based systems, and add a kwarg to control whether they are allowed or not. The kwarg will default to True until 3008, where it will transition to defaulting to false and logging a warning if set to True.

Also, indentaion in the documentation for pkgrepo.managed was fixed.

What issues does this PR fix or reference?

Fixes: #59786

Previous Behavior

A key_url starting with http: was handled like normal.

New Behavior

A new kwarg, allow_insecure_key, gates how we handle http: urls.

Merge requirements satisfied?

[NOTICE] Bug fixes or features added to Salt require tests.

Commits signed with GPG?

Yes

Warn when using insecure key_urls on apt based systems, and add a kwa…
acd826a 
…rg to control whether they are allowed or not
@MKLeb MKLeb requested a review from a team as a code owner November 2, 2022 21:29
@MKLeb MKLeb requested review from cmcmarrow and removed request for a team November 2, 2022 21:29
cmcmarrow
cmcmarrow previously approved these changes Nov 3, 2022
View reviewed changes
@cmcmarrow
Copy link
Contributor

Looks good, I restarted some tests for you.

@Ch3LL Ch3LL added the Sulfur v3006.0 release code name and version label Nov 3, 2022
@Ch3LL Ch3LL self-requested a review November 3, 2022 12:54
garethgreenaway
garethgreenaway previously approved these changes Nov 3, 2022
View reviewed changes
twangboy
twangboy previously approved these changes Nov 3, 2022
View reviewed changes
Ch3LL
Ch3LL suggested changes Nov 3, 2022
View reviewed changes
salt/states/pkgrepo.py Outdated Show resolved Hide resolved
@Ch3LL Ch3LL merged commit 3207bf4 into saltstack:master Nov 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cmcmarrow cmcmarrow cmcmarrow approved these changes

@Ch3LL Ch3LL Ch3LL approved these changes

@twangboy twangboy twangboy left review comments

@garethgreenaway garethgreenaway garethgreenaway left review comments

Assignees
No one assigned
Labels
Sulfur v3006.0 release code name and version
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[BUG] 3002.5 pkgrepo.managed accepts insecure key_url
5 participants
@MKLeb @cmcmarrow @garethgreenaway @Ch3LL @twangboy