[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-users
Subject:    Re: [qubes-users] keyserver in template with saltstack unreachable
From:       unman <unman () thirdeyesecurity ! org>
Date:       2021-12-04 13:50:40
Message-ID: YatyMDtmykpY9NoY () thirdeyesecurity ! org
[Download RAW message or body]

On Sat, Dec 04, 2021 at 12:13:49PM +0000, liked2@gmx.de wrote:
> Hi,
> 
> I'm using in my saltstack formulas creating of repositories in a debian template \
> e.g. 
> add-repo:
> pkgrepo.managed:
> - name: deb http://repository.spotify.com stable non-free
> - file: /etc/apt/sources.list.d/spotify-client.list
> - humanname: spotify
> - keyid: 5E3C45D7B312C643
> - keyserver: keys.openpgpg.org
> - gpgkey: https://download.spotify.com/debian/pubkey_5E3C45D7B312C643.gpg
> - gpgcheck: 1
> 
> Unfortunately, I get this error after execution:
> ID: add-repo
> Function: pkgrepo.managed
> Name: deb http://repository.spotify.com stable non-free
> Result: False
> Comment: Failed to configure repo 'deb [trusted=yes] http://repository.spotify.com \
> stable non-free': Error: key retrieval failed: Executing: \
> /tmp/apt-key-gpghome.xyY44SvGz1/gpg.1.sh --batch --keyserver keys.openpgpg.org \
>                 --logger-fd 1 --recv-keys 5E3C45D7B312C643
> gpg: keyserver receive failed: Network is unreachable
> 
> Any ideas how to fix that? Is that connected that templates are using a proxy for \
> outbound connections which salt is not able to use for retrieving keys? Btw. none \
> of the options works: keyid + keyserver nor gpgkey. I just added both of the in the \
> salt snipped. 
> Thanks! P.
> 

It is connected - you can find the solution online for using gpg behind
a proxy.
I have a note on this at http://github.com/unman/notes/ - that's a way
to get keys in to the template. Run that and keep the key retrieval out
of the salt state. Its workable.

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-users" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-users+unsubscribe@googlegroups.com. To view this \
discussion on the web visit \
https://groups.google.com/d/msgid/qubes-users/YatyMDtmykpY9NoY%40thirdeyesecurity.org.



[prev in list] [next in list] [prev in thread] [next in thread]