On Fri, May 15, 2020 at 10:21 AM Ansgar Esztermann-Kirchner <aeszter@mpibpc.mpg.de> wrote:
Hello List,
I'm just wondering how you deal with GPG keys when using config management. In my case, that's CFEngine, but I guess the issue would be quite similar with Puppet, Chef, or whatever you happen to be using.
I can add required repositories simply by copying the .repo to /etc/zypp/repos.d. I can then install any packages via zypper, but only after the appropriate public key has been installed. Right now, I do this in a semi-manual way: The .repo and the packages are handled by CFEngine, but I need to call zypper ref once per machine and repository in order to import the key.
This is feasible (but not elegant) because machines are installed with a fairly complete set of repositories from an image, and "extra" repositories typically are required only on a handful of clients.
A solution I'd prefer woul look like this: -download the pubkey, once, on the policy server; -distribute it to the clients using CFEngine; -install away, again using CFE.
Is there any way to do that?
Keys are kept in RPM database. There is no way around running some command to import keys. You can use "rpm --import" as alternative to zypper. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org