How to add repo key to distrobuilder config

nobody · April 12, 2021, 5:07pm

Hi there!
Just want to add 1 package to lxc centos 7 template. I took a conf where define

packages:
  manager: yum
  update: true
  cleanup: true
  sets:
  - packages:
	- puppet-agent
	action: install

  repositories:
  - name: puppet5.repo
	url: |-
	  [puppet5]
	  name=Puppet 5 Repository el 7 - $basearch
	  baseurl=http://yum.puppetlabs.com/puppet5/el/7/$basearch
	  gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppet5-release
	  file:///etc/pki/rpm-gpg/RPM-GPG-KEY-2025-04-06-puppet5-release
	  enabled=1
	  gpgcheck=1

	  [puppet5-source]
	  name=Puppet 5 Repository el 7 - Source
	  baseurl=http://yum.puppetlabs.com/puppet5/el/7/SRPMS
	  gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppet5-release
	  file:///etc/pki/rpm-gpg/RPM-GPG-KEY-2025-04-06-puppet5-release
	  failovermethod=priority
	  enabled=0
	  gpgcheck=1
	releases:
	- 7
	architectures:
	- x86_64

but how i should set gpgkeys file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppet5-release and file:///etc/pki/rpm-gpg/RPM-GPG-KEY-2025-04-06-puppet5-release ?

tomp · April 13, 2021, 8:22am

Is this something you can help with @monstermunchkin?

monstermunchkin · April 13, 2021, 8:54am

You should be able to use the post-unpack action for that:

actions:
- trigger: post-unpack
  action: |-
    #!/bin/sh
    cat <<-EOF > /etc/pki/rpm-gpg/RPM-GPG-KEY-puppet5-release
    -----BEGIN PGP PUBLIC KEY BLOCK-----
    ...
    -----END PGP PUBLIC KEY BLOCK-----
    EOF

Unfortunately, there’s no prettier way of doing this. A key field for the repositories might be something worth adding in the future.

Alternatively, you could just set gpgcheck=0 which will ignore the key.

nobody · April 13, 2021, 9:22am

Yeah, i was close trying to use trigger: pre-packages, but there is no such trigger So i was thinkin right direction thanx guys, u are the best!

nobody · April 15, 2021, 10:46am

Hey @monstermunchkin , can u advice me one more time?
Is there any method to set somehow /etc/resolv.conf ? I have tried post-packages , post-unpack and any other triggers, also - path: /etc/resolv.conf with generator: dump - but in any case the /etc/resolv.conf is empty

monstermunchkin · April 15, 2021, 11:21am

Would you mind posting your full yaml file?

nobody · April 15, 2021, 11:39am

Yep, ofc!

wget https://gist.githubusercontent.com/iglov/7588e2eb86cdc596dbbdce5076cd3aa4/raw/b5f9491850f49b447f35b65850f876588e1c982f/centos.yaml
distrobuilder build-lxc centos.yaml -o image.architecture=x86_64 -o image.release=7
lxc-create -n test-1 -t local -- --metadata meta.tar.xz --fstree rootfs.tar.xz
lxc-start test-1
lxc-attach test-1

after build, in container will be correct /her.conf /her2.conf but empty /etc/resolv.conf

monstermunchkin · April 15, 2021, 1:05pm

That’s because we bind-mount the host’s /etc/resolv.conf into the chroot when building an image. Thereby any change to it while building will be ignored. The easiest would be to just edit the file manually.

nobody · April 15, 2021, 1:41pm

Bad news 4 me Anyway thaks 4 ur time @monstermunchkin !
i’ll try to find another way to do that, 4 ex. maybe with pack-lxc or change unpack script (/usr/share/lxc/templates/lxc-local), or at least with lxc hooks.
Anyway thank you, i appreciate that!

monstermunchkin · April 16, 2021, 11:35am

Using pack-lxc won’t solve the problem as we do the same thing there.