iggy/aptly.patch

## aptly.patch
diff --git a/aptly/aptly_config.sls b/aptly/aptly_config.sls
index 28b053c..b8bc69c 100644
--- a/aptly/aptly_config.sls
+++ b/aptly/aptly_config.sls
@@ -33,7 +33,7 @@ aptly_conf:
     - require:
       - file: aptly_homedir

-{% if {{ salt['pillar.get']('aptly:secure') %}
+{% if salt['pillar.get']('aptly:secure') %}
 aptly_gpg_key_dir:
   file:
     - directory
@@ -44,11 +44,16 @@ aptly_gpg_key_dir:
     - require:
       - file: aptly_homedir

+{% set gpgprivfile = '{}/.gnupg/secret.gpg'.format(salt['pillar.get']('aptly:homedir', '/var/lib/aptly')) %}
+# goes in a different path so it's fetchable by the pkgrepo module
+{% set gpgpubfile = '{}/public.gpg'.format(salt['pillar.get']('aptly:rootdir', '/var/lib/aptly/.aptly')) %}
+{% set gpgid = salt['pillar.get']('aptly:gpg_keypair_id', '') %}
+
 gpg_priv_key:
   file:
     - managed
-    - name: {{ salt['pillar.get']('aptly:homedir', '/var/lib/aptly') }}/.gnupg/secret.gpg
-    - source: salt://aptly/files/secret.gpg
+    - name: {{ gpgprivfile }}
+    - contents_pillar: aptly:gpg_priv_key
     - user: aptly
     - group: aptly
     - mode: 700
@@ -58,8 +63,8 @@ gpg_priv_key:
 gpg_pub_key:
   file:
     - managed
-    - name: {{ salt['pillar.get']('aptly:homedir', '/var/lib/aptly') }}/.aptly/public.gpg
-    - source: salt://aptly/files/public.gpg
+    - name: {{ gpgpubfile }}
+    - contents_pillar: aptly:gpg_pub_key
     - user: aptly
     - group: aptly
     - mode: 755
@@ -69,18 +74,18 @@ gpg_pub_key:
 import_gpg_pub_key:
   cmd:
     - run
-    - name: gpg --import {{ salt['pillar.get']('aptly:pub_key', '') }}
+    - name: gpg --import {{ gpgpubfile }}
     - user: aptly
-    - unless: '{{ salt['pillar.get']('aptly:pub_key', '') }}' in gpg --list-keys
+    - unless: gpg --list-keys | grep '{{ gpgid }}'
     - require:
       - file: aptly_gpg_key_dir

 import_gpg_priv_key:
   cmd:
     - run
-    - name: gpg --allow-secret-key-import --import {{ salt['pillar.get']('aptly:priv_key', '') }}
+    - name: gpg --allow-secret-key-import --import {{ gpgprivfile }}
     - user: aptly
-    - unless: '{{ salt['pillar.get']('aptly:pub_key', ) }}' in gpg --list-keys
+    - unless: gpg --list-secret-keys | grep '{{ gpgid }}'
     - require:
       - file: aptly_gpg_key_dir
 {% endif %}
diff --git a/aptly/create_trusty_repos.sls b/aptly/create_trusty_repos.sls
index 2f16a86..8a97d26 100644
--- a/aptly/create_trusty_repos.sls
+++ b/aptly/create_trusty_repos.sls
@@ -4,29 +4,22 @@ include:
   - aptly
   - aptly.aptly_config

-create_edge_trusty_repo:
-  cmd:
-    - run
-    - name: aptly repo create -distribution="trusty-edge" {{ salt['pillar.get']('aptly:organization', 'company' }}-edge-trusty
-    - unless: aptly repo show {{ salt['pillar.get']('aptly:organization', 'company' }}-edge-trusty
+{% for repo, opts in salt['pillar.get']('aptly:repos').items() %}
+create-{{ repo }}-repo:
+  cmd.run:
+    - name: aptly repo create -distribution="{{ opts['distribution'] }}" -comment="{{ opts['comment'] }}" {{ repo }}
+    - unless: aptly repo show {{ repo }}
     - user: aptly
     - require:
       - sls: aptly.aptly_config

-create_test_trusty_repo:
-  cmd:
-    - run
-    - name: aptly repo create -distribution="trusty-test" {{ salt['pillar.get']('aptly:organization', 'company' }}-test-trusty
-    - unless: aptly repo show {{ salt['pillar.get']('aptly:organization', 'company' }}-test-trusty
+  {% if opts['pkgdir'] %}
+add-{{ repo }}-pkgs:
+  cmd.run:
+    - name: aptly repo add {{ repo }} {{ opts['pkgdir'] }}
     - user: aptly
     - require:
-      - sls: aptly.aptly_config
+      - cmd: create-{{ repo }}-repo
+  {% endif %}

-create_prod_trusty_repo:
-  cmd:
-    - run
-    - name: aptly repo create -distribution="trusty-prod" {{ salt['pillar.get']('aptly:organization', 'company' }}-prod-trusty
-    - unless: aptly repo show {{ salt['pillar.get']('aptly:organization', 'company' }}-prod-trusty
-    - user: aptly
-    - require:
-      - sls: aptly.aptly_config
+{% endfor %}
\ No newline at end of file
diff --git a/aptly/files/aptly.jinja b/aptly/files/aptly.jinja
index f030ed5..ca855fc 100644
--- a/aptly/files/aptly.jinja
+++ b/aptly/files/aptly.jinja
@@ -1,5 +1,5 @@
 server {
-        root /var/lib/aptly/.aptly/public;
+        root {{ salt['pillar.get']('aptly:rootdir') }}/public;
         server_name {{ salt['pillar.get']('aptly:server_name') }};

         location / {
diff --git a/aptly/init.sls b/aptly/init.sls
index 6c95c92..037f999 100644
--- a/aptly/init.sls
+++ b/aptly/init.sls
@@ -16,6 +16,10 @@ aptly:
     - name: aptly
     - refresh: True

+# dependency for publishing
+bzip2:
+  pkg.installed
+
 aptly_user:
   user:
     - present
diff --git a/aptly/publish_trusty_repos.sls b/aptly/publish_trusty_repos.sls
index ee8f40c..3a0baed 100644
--- a/aptly/publish_trusty_repos.sls
+++ b/aptly/publish_trusty_repos.sls
@@ -1,23 +1,13 @@
 include:
   - aptly.create_trusty_repos

-publish_edge:
-  cmd:
-    - run
-    - name: aptly publish repo {{ salt['pillar.get']('aptly:organization', 'company' }}-edge-trusty
-    - user: aptly
-    - unless: aptly publish update trusty-edge
-
-publish_test:
-  cmd:
-    - run
-    - name: aptly publish repo {{ salt['pillar.get']('aptly:organization', 'company' }}-test-trusty
-    - user: aptly
-    - unless: aptly publish update trusty-test
+{% set gpgid = salt['pillar.get']('aptly:gpg_keypair_id', '') %}
+{% set gpgpassphrase = salt['pillar.get']('aptly:gpg_passphrase', '') %}

-publish_prod:
-  cmd:
-    - run
-    - name: aptly publish repo {{ salt['pillar.get']('aptly:organization', 'company' }}-prod-trusty
+{% for repo, opts in salt['pillar.get']('aptly:repos').items() %}
+publish-{{ repo }}-repo:
+  cmd.run:
+    - name: aptly publish repo -gpg-key='{{ gpgid }}' -passphrase='{{ gpgpassphrase }}' {{ repo }}
     - user: aptly
-    - unless: aptly publish update trusty-prod
+    - unless: aptly publish update -gpg-key='{{ gpgid }}' -passphrase='{{ gpgpassphrase }}' {{ opts['distribution'] }}
+{% endfor %}
\ No newline at end of file

## pillar
aptly:
  homedir: /var/lib/aptly
  rootdir: /var/lib/aptly/repo
  organization: "OnCenter Software"
  repos:
    OnCenter01:
      distribution: wheezy
      comment: "OnCenter Software Repo"
      pkgdir: /srv/dist/dist/repo
  secure: True
  gpg_keypair_id: 00000000
  gpg_passphrase: 'my voice is my passport'
  gpg_pub_key: |
      -----BEGIN PGP PUBLIC KEY BLOCK-----
      Version: GnuPG v1.4.12 (GNU/Linux)

      ....
      -----END PGP PUBLIC KEY BLOCK-----
  gpg_priv_key: |
      -----BEGIN PGP PRIVATE KEY BLOCK-----
      Version: GnuPG v1.4.12 (GNU/Linux)

      ....
      -----END PGP PRIVATE KEY BLOCK-----
	diff --git a/aptly/aptly_config.sls b/aptly/aptly_config.sls
	index 28b053c..b8bc69c 100644
	--- a/aptly/aptly_config.sls
	+++ b/aptly/aptly_config.sls
	@@ -33,7 +33,7 @@ aptly_conf:
	- require:
	- file: aptly_homedir

	-{% if {{ salt['pillar.get']('aptly:secure') %}
	+{% if salt['pillar.get']('aptly:secure') %}
	aptly_gpg_key_dir:
	file:
	- directory
	@@ -44,11 +44,16 @@ aptly_gpg_key_dir:
	- require:
	- file: aptly_homedir

	+{% set gpgprivfile = '{}/.gnupg/secret.gpg'.format(salt['pillar.get']('aptly:homedir', '/var/lib/aptly')) %}
	+# goes in a different path so it's fetchable by the pkgrepo module
	+{% set gpgpubfile = '{}/public.gpg'.format(salt['pillar.get']('aptly:rootdir', '/var/lib/aptly/.aptly')) %}
	+{% set gpgid = salt['pillar.get']('aptly:gpg_keypair_id', '') %}
	+
	gpg_priv_key:
	file:
	- managed
	- - name: {{ salt['pillar.get']('aptly:homedir', '/var/lib/aptly') }}/.gnupg/secret.gpg
	- - source: salt://aptly/files/secret.gpg
	+ - name: {{ gpgprivfile }}
	+ - contents_pillar: aptly:gpg_priv_key
	- user: aptly
	- group: aptly
	- mode: 700
	@@ -58,8 +63,8 @@ gpg_priv_key:
	gpg_pub_key:
	file:
	- managed
	- - name: {{ salt['pillar.get']('aptly:homedir', '/var/lib/aptly') }}/.aptly/public.gpg
	- - source: salt://aptly/files/public.gpg
	+ - name: {{ gpgpubfile }}
	+ - contents_pillar: aptly:gpg_pub_key
	- user: aptly
	- group: aptly
	- mode: 755
	@@ -69,18 +74,18 @@ gpg_pub_key:
	import_gpg_pub_key:
	cmd:
	- run
	- - name: gpg --import {{ salt['pillar.get']('aptly:pub_key', '') }}
	+ - name: gpg --import {{ gpgpubfile }}
	- user: aptly
	- - unless: '{{ salt['pillar.get']('aptly:pub_key', '') }}' in gpg --list-keys
	+ - unless: gpg --list-keys \| grep '{{ gpgid }}'
	- require:
	- file: aptly_gpg_key_dir

	import_gpg_priv_key:
	cmd:
	- run
	- - name: gpg --allow-secret-key-import --import {{ salt['pillar.get']('aptly:priv_key', '') }}
	+ - name: gpg --allow-secret-key-import --import {{ gpgprivfile }}
	- user: aptly
	- - unless: '{{ salt['pillar.get']('aptly:pub_key', ) }}' in gpg --list-keys
	+ - unless: gpg --list-secret-keys \| grep '{{ gpgid }}'
	- require:
	- file: aptly_gpg_key_dir
	{% endif %}
	diff --git a/aptly/create_trusty_repos.sls b/aptly/create_trusty_repos.sls
	index 2f16a86..8a97d26 100644
	--- a/aptly/create_trusty_repos.sls
	+++ b/aptly/create_trusty_repos.sls
	@@ -4,29 +4,22 @@ include:
	- aptly
	- aptly.aptly_config

	-create_edge_trusty_repo:
	- cmd:
	- - run
	- - name: aptly repo create -distribution="trusty-edge" {{ salt['pillar.get']('aptly:organization', 'company' }}-edge-trusty
	- - unless: aptly repo show {{ salt['pillar.get']('aptly:organization', 'company' }}-edge-trusty
	+{% for repo, opts in salt['pillar.get']('aptly:repos').items() %}
	+create-{{ repo }}-repo:
	+ cmd.run:
	+ - name: aptly repo create -distribution="{{ opts['distribution'] }}" -comment="{{ opts['comment'] }}" {{ repo }}
	+ - unless: aptly repo show {{ repo }}
	- user: aptly
	- require:
	- sls: aptly.aptly_config

	-create_test_trusty_repo:
	- cmd:
	- - run
	- - name: aptly repo create -distribution="trusty-test" {{ salt['pillar.get']('aptly:organization', 'company' }}-test-trusty
	- - unless: aptly repo show {{ salt['pillar.get']('aptly:organization', 'company' }}-test-trusty
	+ {% if opts['pkgdir'] %}
	+add-{{ repo }}-pkgs:
	+ cmd.run:
	+ - name: aptly repo add {{ repo }} {{ opts['pkgdir'] }}
	- user: aptly
	- require:
	- - sls: aptly.aptly_config
	+ - cmd: create-{{ repo }}-repo
	+ {% endif %}

	-create_prod_trusty_repo:
	- cmd:
	- - run
	- - name: aptly repo create -distribution="trusty-prod" {{ salt['pillar.get']('aptly:organization', 'company' }}-prod-trusty
	- - unless: aptly repo show {{ salt['pillar.get']('aptly:organization', 'company' }}-prod-trusty
	- - user: aptly
	- - require:
	- - sls: aptly.aptly_config
	+{% endfor %}
	\ No newline at end of file
	diff --git a/aptly/files/aptly.jinja b/aptly/files/aptly.jinja
	index f030ed5..ca855fc 100644
	--- a/aptly/files/aptly.jinja
	+++ b/aptly/files/aptly.jinja
	@@ -1,5 +1,5 @@
	server {
	- root /var/lib/aptly/.aptly/public;
	+ root {{ salt['pillar.get']('aptly:rootdir') }}/public;
	server_name {{ salt['pillar.get']('aptly:server_name') }};

	location / {
	diff --git a/aptly/init.sls b/aptly/init.sls
	index 6c95c92..037f999 100644
	--- a/aptly/init.sls
	+++ b/aptly/init.sls
	@@ -16,6 +16,10 @@ aptly:
	- name: aptly
	- refresh: True

	+# dependency for publishing
	+bzip2:
	+ pkg.installed
	+
	aptly_user:
	user:
	- present
	diff --git a/aptly/publish_trusty_repos.sls b/aptly/publish_trusty_repos.sls
	index ee8f40c..3a0baed 100644
	--- a/aptly/publish_trusty_repos.sls
	+++ b/aptly/publish_trusty_repos.sls
	@@ -1,23 +1,13 @@
	include:
	- aptly.create_trusty_repos

	-publish_edge:
	- cmd:
	- - run
	- - name: aptly publish repo {{ salt['pillar.get']('aptly:organization', 'company' }}-edge-trusty
	- - user: aptly
	- - unless: aptly publish update trusty-edge
	-
	-publish_test:
	- cmd:
	- - run
	- - name: aptly publish repo {{ salt['pillar.get']('aptly:organization', 'company' }}-test-trusty
	- - user: aptly
	- - unless: aptly publish update trusty-test
	+{% set gpgid = salt['pillar.get']('aptly:gpg_keypair_id', '') %}
	+{% set gpgpassphrase = salt['pillar.get']('aptly:gpg_passphrase', '') %}

	-publish_prod:
	- cmd:
	- - run
	- - name: aptly publish repo {{ salt['pillar.get']('aptly:organization', 'company' }}-prod-trusty
	+{% for repo, opts in salt['pillar.get']('aptly:repos').items() %}
	+publish-{{ repo }}-repo:
	+ cmd.run:
	+ - name: aptly publish repo -gpg-key='{{ gpgid }}' -passphrase='{{ gpgpassphrase }}' {{ repo }}
	- user: aptly
	- - unless: aptly publish update trusty-prod
	+ - unless: aptly publish update -gpg-key='{{ gpgid }}' -passphrase='{{ gpgpassphrase }}' {{ opts['distribution'] }}
	+{% endfor %}
	\ No newline at end of file
	aptly:
	homedir: /var/lib/aptly
	rootdir: /var/lib/aptly/repo
	organization: "OnCenter Software"
	repos:
	OnCenter01:
	distribution: wheezy
	comment: "OnCenter Software Repo"
	pkgdir: /srv/dist/dist/repo
	secure: True
	gpg_keypair_id: 00000000
	gpg_passphrase: 'my voice is my passport'
	gpg_pub_key: \|
	-----BEGIN PGP PUBLIC KEY BLOCK-----
	Version: GnuPG v1.4.12 (GNU/Linux)

	....
	-----END PGP PUBLIC KEY BLOCK-----
	gpg_priv_key: \|
	-----BEGIN PGP PRIVATE KEY BLOCK-----
	Version: GnuPG v1.4.12 (GNU/Linux)

	....
	-----END PGP PRIVATE KEY BLOCK-----