From d66f4e978abb3a42eae954f329265960014adec2 Mon Sep 17 00:00:00 2001 From: Jacob Coffee Date: Fri, 1 Aug 2025 10:37:01 -0500 Subject: [PATCH] fix: update to prevent NO_PUBKEY 64CBBC8173D76B3F --- dockerfiles/Dockerfile.focal | 4 ++-- dockerfiles/Dockerfile.jammy | 4 ++-- dockerfiles/Dockerfile.noble | 4 ++-- docs/guides/migration-recipe.md | 4 ++-- salt/base/salt.sls | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/dockerfiles/Dockerfile.focal b/dockerfiles/Dockerfile.focal index 35227f95..06afa9ae 100644 --- a/dockerfiles/Dockerfile.focal +++ b/dockerfiles/Dockerfile.focal @@ -48,8 +48,8 @@ RUN /usr/sbin/sshd # Setup Salt Common RUN mkdir -p /etc/apt/keyrings -RUN wget --quiet -O /etc/apt/keyrings/salt-archive-keyring-2024.pgp https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public -RUN echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2024.pgp arch=$(dpkg --print-architecture)] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" > /etc/apt/sources.list.d/salt.list +RUN wget --quiet -O /etc/apt/keyrings/salt-archive-keyring.pgp https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public +RUN echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring.pgp arch=$(dpkg --print-architecture)] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" > /etc/apt/sources.list.d/salt.list # Pin to Salt 3006 LTS RUN printf "Package: salt-*\nPin: version 3006.*\nPin-Priority: 1001\n" > /etc/apt/preferences.d/salt-pin-1001 diff --git a/dockerfiles/Dockerfile.jammy b/dockerfiles/Dockerfile.jammy index 119f1474..344f738b 100644 --- a/dockerfiles/Dockerfile.jammy +++ b/dockerfiles/Dockerfile.jammy @@ -48,8 +48,8 @@ RUN /usr/sbin/sshd # Setup Salt Common RUN mkdir -p /etc/apt/keyrings -RUN wget --quiet -O /etc/apt/keyrings/salt-archive-keyring-2024.pgp https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public -RUN echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2024.pgp arch=$(dpkg --print-architecture)] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" > /etc/apt/sources.list.d/salt.list +RUN wget --quiet -O /etc/apt/keyrings/salt-archive-keyring.pgp https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public +RUN echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring.pgp arch=$(dpkg --print-architecture)] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" > /etc/apt/sources.list.d/salt.list # Pin to Salt 3006 LTS RUN printf "Package: salt-*\nPin: version 3006.*\nPin-Priority: 1001\n" > /etc/apt/preferences.d/salt-pin-1001 diff --git a/dockerfiles/Dockerfile.noble b/dockerfiles/Dockerfile.noble index 8700fb74..c7e988db 100644 --- a/dockerfiles/Dockerfile.noble +++ b/dockerfiles/Dockerfile.noble @@ -48,8 +48,8 @@ RUN /usr/sbin/sshd # Setup Salt Common RUN mkdir -p /etc/apt/keyrings -RUN wget --quiet -O /etc/apt/keyrings/salt-archive-keyring-2024.pgp https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public -RUN echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2024.pgp arch=$(dpkg --print-architecture)] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" > /etc/apt/sources.list.d/salt.list +RUN wget --quiet -O /etc/apt/keyrings/salt-archive-keyring.pgp https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public +RUN echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring.pgp arch=$(dpkg --print-architecture)] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" > /etc/apt/sources.list.d/salt.list # Pin to Salt 3006 LTS RUN printf "Package: salt-*\nPin: version 3006.*\nPin-Priority: 1001\n" > /etc/apt/preferences.d/salt-pin-1001 diff --git a/docs/guides/migration-recipe.md b/docs/guides/migration-recipe.md index 5f8befad..cd8f6ee6 100644 --- a/docs/guides/migration-recipe.md +++ b/docs/guides/migration-recipe.md @@ -99,9 +99,9 @@ index 68387c9..7a8ace1 100644 CODENAME=$(cat /etc/os-release | grep VERSION_CODENAME | cut -d '=' -f 2) echo "Adding the SaltStack repository key for $UBUNTU_VERSION $CODENAME ($ARCH)..." - sudo curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2024.gpg https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public + sudo curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring.pgp https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public echo "Adding the SaltStack repository for $UBUNTU_VERSION $CODENAME ($ARCH)..." - echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2024.gpg arch=$ARCH] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" | sudo tee /etc/apt/sources.list.d/salt.list + echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring.pgp arch=$ARCH] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" | sudo tee /etc/apt/sources.list.d/salt.list echo "Pinning Salt to v3006.*" RUN printf "Package: salt-*\nPin: version 3006.*\nPin-Priority: 1001\n" > /etc/apt/preferences.d/salt-pin-1001 ``` diff --git a/salt/base/salt.sls b/salt/base/salt.sls index 2915045e..36b67093 100644 --- a/salt/base/salt.sls +++ b/salt/base/salt.sls @@ -47,7 +47,7 @@ salt-pin-config: salt-repo-key: file.managed: - - name: /etc/apt/keyrings/salt-archive-keyring-2024.pgp + - name: /etc/apt/keyrings/salt-archive-keyring.pgp - source: https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public - mode: '0644' - skip_verify: True @@ -55,7 +55,7 @@ salt-repo-key: salt-repo: pkgrepo.managed: - - name: deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2024.pgp arch={{ grains["osarch"] }}] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main + - name: deb [signed-by=/etc/apt/keyrings/salt-archive-keyring.pgp arch={{ grains["osarch"] }}] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main - aptkey: False - file: /etc/apt/sources.list.d/salt.list - require: