From de4566a0f8801bb36f167f92f510f378f125d72e Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Tue, 28 Jul 2020 08:09:04 +0200 Subject: [PATCH] Update passenger rpm gpg key without this change, we see the following error since november 2019: ``` passenger/7/x86_64/ Retrieving key from https://packagecloud.io/phusion/passenger/gpgkey passenger/7/x86_64/ https://oss-binaries.phusionpassenger.com/yum/passenger/el/7/x86_64/repodata/repomd.xml: [Errno -1] repomd.xml signature could not be verified for passenger Trying other mirror. ``` Also, since passenger 6.0.5, phusion stopped shipping their own nginx packages in their repo for CentOS 7. Instead they rely on the nginx from epel. --- Gemfile | 2 +- manifests/package/redhat.pp | 7 ++++++- spec/acceptance/class_spec.rb | 7 ++++++- spec/classes/nginx_spec.rb | 2 +- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index ac4aad48c..94ea2b643 100644 --- a/Gemfile +++ b/Gemfile @@ -11,7 +11,7 @@ def location_for(place, fake_version = nil) end group :test do - gem 'voxpupuli-test', '>= 1.4.0', :require => false + gem 'voxpupuli-test', '< 2.0.0', :require => false gem 'coveralls', :require => false gem 'simplecov-console', :require => false gem 'rspec-puppet-facts', :require => false, :git => 'https://github.com/mcanevet/rspec-puppet-facts', :ref => '9541292d4fc35db3be1badace673c1108154b571' diff --git a/manifests/package/redhat.pp b/manifests/package/redhat.pp index 9790db02e..27f4fdb85 100644 --- a/manifests/package/redhat.pp +++ b/manifests/package/redhat.pp @@ -73,6 +73,11 @@ } 'passenger': { if ($facts['os']['name'] in ['RedHat', 'CentOS', 'VirtuozzoLinux']) and ($facts['os']['release']['major'] in ['6', '7']) { + # 2019-11: Passenger changed their gpg key from: `https://packagecloud.io/phusion/passenger/gpgkey` + # to: `https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt` + # Find the latest key by opening: https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo + + # Also note: Since 6.0.5 there are no nginx packages in the phusion EL7 repository, and nginx packages are expected to come from epel instead yumrepo { 'passenger': baseurl => "https://oss-binaries.phusionpassenger.com/yum/passenger/el/${facts['os']['release']['major']}/\$basearch", descr => 'passenger repo', @@ -80,7 +85,7 @@ gpgcheck => '0', repo_gpgcheck => '1', priority => '1', - gpgkey => 'https://packagecloud.io/phusion/passenger/gpgkey', + gpgkey => 'https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt', before => Package['nginx'], } diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index a255f177e..dcce17af7 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -5,7 +5,12 @@ when 'RedHat' pkg_cmd = 'yum info nginx | grep "^From repo"' pkg_remove_cmd = 'yum -y remove nginx nginx-filesystem passenger' - pkg_match = %r{passenger} + pkg_match = case fact('operatingsystemmajrelease') + when '7' # https://blog.phusion.nl/2020/05/29/passenger-6-0-5/ + %r{epel} + else + %r{passenger} + end when 'Debian' pkg_cmd = 'dpkg -s nginx | grep ^Maintainer' pkg_remove_cmd = 'apt-get -y purge nginx nginx-common' diff --git a/spec/classes/nginx_spec.rb b/spec/classes/nginx_spec.rb index c6cb0a18f..02478e1b6 100644 --- a/spec/classes/nginx_spec.rb +++ b/spec/classes/nginx_spec.rb @@ -103,7 +103,7 @@ 'baseurl' => "https://oss-binaries.phusionpassenger.com/yum/passenger/el/#{facts[:operatingsystemmajrelease]}/$basearch", 'gpgcheck' => '0', 'repo_gpgcheck' => '1', - 'gpgkey' => 'https://packagecloud.io/phusion/passenger/gpgkey' + 'gpgkey' => 'https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt' ) end it do