From 324248e4574c190c0ac78bc16aef2bd7261c269c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javier=20B=C3=A9rtoli?= <javier@netmanagers.com.ar>
Date: Sat, 23 Apr 2016 11:18:25 -0300
Subject: [PATCH] Add repo's key management, documentation

---
 README.rst           |  9 +++++++++
 apt/repositories.sls | 24 ++++++++++--------------
 pillar.example       | 20 ++++++++++++--------
 3 files changed, 31 insertions(+), 22 deletions(-)

diff --git a/README.rst b/README.rst
index 61dcaa3..1d395a3 100644
--- a/README.rst
+++ b/README.rst
@@ -29,6 +29,15 @@ Runs ``apt-get update``.
 
 Runs ``apt-get upgrade``.
 
+``apt.repositories``
+---------------
+
+Allows you to configure and manage repositories from pillar. Check ``pillar.example``
+to see possible values. If used and no repositories are provided, sane default
+values from ``map.jinja`` are used.
+
+Check https://wiki.debian.org/SourcesList for an explanation about the resulting
+files structure.
 
 ``apt.ppa``
 -------------
diff --git a/apt/repositories.sls b/apt/repositories.sls
index 43744f0..a7fa038 100644
--- a/apt/repositories.sls
+++ b/apt/repositories.sls
@@ -31,26 +31,22 @@ debian-archive-keyring:
 {%- set r_url = args.url or default_url %}
 {%- set r_distro = args.distro or 'stable' %}
 {%- set r_comps = args.comps|default(['main'])|join(' ') %}
+{%- set r_keyserver = args.keyserver if args.keyserver is defined else apt_map.default_keyserver %}
 
-{%- if "binary" in args.type|d(["binary"]) %}
+  {%- for type in args.type|d(['binary']) %}
+  {%- set r_type = 'deb-src' if type == 'source' else 'deb' %}
 {{ repo }}:
   pkgrepo.managed:
-    - name: deb {{ r_arch }} {{ r_url }} {{ r_distro }} {{ r_comps }}
+    - name: {{ r_type }} {{ r_arch }} {{ r_url }} {{ r_distro }} {{ r_comps }}
     - file: {{ sources_list_dir }}/{{ repo }}.list
+    {# You can use either keyid+keyserver or key_url. If both are provided
+       the latter will be used. #}
     {% if args.key_url is defined %}
     - key_url: {{ args.key_url }}
+    {% elif args.keyid is defined %}
+    - keyid: {{ args.keyid }}
+    - keyserver: {{ r_keyserver }}
     {% endif %}
     - clean_file: true
-{% endif %}
-
-{%- if "source" in args.type|d(["binary"]) %}
-{{ repo }}:
-  pkgrepo.managed:
-    - name: deb-src {{ r_arch }} {{ r_url }} {{ r_distro }} {{ r_comps }}
-    - file: {{ sources_list_dir }}/{{ repo }}.list
-    {% if args.key_url is defined %}
-    - key_url: {{ args.key_url }}
-    {% endif %}
-    - clean_file: true
-{% endif %}
+  {%- endfor %}
 {% endfor %}
diff --git a/pillar.example b/pillar.example
index 32ae623..8319f05 100644
--- a/pillar.example
+++ b/pillar.example
@@ -29,15 +29,19 @@ apt:
       distro: stable/updates
       url: http://security.debian.org
       comps: [main, contrib, non-free]
-      keyring_package: debian-keyring
-    security-testing:
-      distro: testing/updates
-      url: http://security.debian.org
-      comps: [main, contrib, non-free]
-      keyring_package: debian-keyring
+      arch: [amd64, i386]
+      type: [binary, source]
     updates:
       distro: stable-updates
       url: http://httpredir.debian.org/debian/
       comps: [main, contrib, non-free]
-      keyring_package: debian-keyring
-
+    my-fancy-repo:
+      distro: whatever/is/needed/here
+      url: http://my.repo.url
+      type: [source]
+      key_url: http://my.repo.url/GPG-KEY-my.repo
+    perconap-repo:
+      distro: stable
+      url: http://repo.percona.com/apt
+      keyid: CD2EFD2A
+      keyserver: pool.sks-keyservers.net