[prev in list] [next in list] [prev in thread] [next in thread]
List: qubes-users
Subject: Re: [qubes-users] keyserver in template with saltstack unreachable
From: unman <unman () thirdeyesecurity ! org>
Date: 2021-12-04 13:50:40
Message-ID: YatyMDtmykpY9NoY () thirdeyesecurity ! org
[Download RAW message or body]
On Sat, Dec 04, 2021 at 12:13:49PM +0000, liked2@gmx.de wrote:
> Hi,
>
> I'm using in my saltstack formulas creating of repositories in a debian template \
> e.g.
> add-repo:
> pkgrepo.managed:
> - name: deb http://repository.spotify.com stable non-free
> - file: /etc/apt/sources.list.d/spotify-client.list
> - humanname: spotify
> - keyid: 5E3C45D7B312C643
> - keyserver: keys.openpgpg.org
> - gpgkey: https://download.spotify.com/debian/pubkey_5E3C45D7B312C643.gpg
> - gpgcheck: 1
>
> Unfortunately, I get this error after execution:
> ID: add-repo
> Function: pkgrepo.managed
> Name: deb http://repository.spotify.com stable non-free
> Result: False
> Comment: Failed to configure repo 'deb [trusted=yes] http://repository.spotify.com \
> stable non-free': Error: key retrieval failed: Executing: \
> /tmp/apt-key-gpghome.xyY44SvGz1/gpg.1.sh --batch --keyserver keys.openpgpg.org \
> --logger-fd 1 --recv-keys 5E3C45D7B312C643
> gpg: keyserver receive failed: Network is unreachable
>
> Any ideas how to fix that? Is that connected that templates are using a proxy for \
> outbound connections which salt is not able to use for retrieving keys? Btw. none \
> of the options works: keyid + keyserver nor gpgkey. I just added both of the in the \
> salt snipped.
> Thanks! P.
>
It is connected - you can find the solution online for using gpg behind
a proxy.
I have a note on this at http://github.com/unman/notes/ - that's a way
to get keys in to the template. Run that and keep the key retrieval out
of the salt state. Its workable.
--
You received this message because you are subscribed to the Google Groups \
"qubes-users" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-users+unsubscribe@googlegroups.com. To view this \
discussion on the web visit \
https://groups.google.com/d/msgid/qubes-users/YatyMDtmykpY9NoY%40thirdeyesecurity.org.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic