Notify gpg --import resources when key files change.
#96
Conversation
|
CI failure is exposing a failed GPG import so I must have missed something here. |
Okay I've figured out what's happening. There are two identically named execute resources, one for the Jenkins agent and one for the pulp user, and the Naively I think there are two ways out of this, moving the pulp user creation resoures above all gpg related file resources, or changing the pulp import and trust resources to target their own copy of the file on disk which is changed later in the recipe when the prerequisite resources have already converged. |
|
I think this will be revisit-able once pulp is removed. |
This patch improves configuration behavior when key contents change. When deploying changes to the public key, the keys on disk were updated but the gpg keyring did not import the new keys since existing keys were present. Now, changes to the file resources will trigger runs of the import execute resources which will provide the same behavior as before for a freshly provisioned host but will correctly re-import keys when those files change.
nuclearsandwich
force-pushed
the
update-gpg-imports-on-change
branch
from
99352b1
to
3eeb4db
Compare
|
This is now updated and ready for review with pulp removed. |
This patch improves configuration behavior when key contents change.
When deploying changes to the public key, the keys on disk were updated
but the gpg keyring did not import the new keys since existing keys were
present.
Now, changes to the file resources will trigger runs of the import
execute resources which will provide the same behavior as before for
a freshly provisioned host but will correctly re-import keys when those
files change.