salt.states.pkgbuild¶

The pkgbuild state is the front of Salt package building backend. It automatically builds DEB and RPM packages from specified sources

salt_2015.5.2:
  pkgbuild.built:
    - runas: thatch
    - results:
      - salt-2015.5.2-2.el7.centos.noarch.rpm
      - salt-api-2015.5.2-2.el7.centos.noarch.rpm
      - salt-cloud-2015.5.2-2.el7.centos.noarch.rpm
      - salt-master-2015.5.2-2.el7.centos.noarch.rpm
      - salt-minion-2015.5.2-2.el7.centos.noarch.rpm
      - salt-ssh-2015.5.2-2.el7.centos.noarch.rpm
      - salt-syndic-2015.5.2-2.el7.centos.noarch.rpm
    - dest_dir: /tmp/pkg
    - spec: salt://pkg/salt/spec/salt.spec
    - template: jinja
    - deps:
      - salt://pkg/salt/sources/required_dependency.rpm
    - tgt: epel-7-x86_64
    - sources:
      - salt://pkg/salt/sources/logrotate.salt
      - salt://pkg/salt/sources/README.fedora
      - salt://pkg/salt/sources/salt-2015.5.2.tar.gz
      - salt://pkg/salt/sources/salt-2015.5.2-tests.patch
      - salt://pkg/salt/sources/salt-api
      - salt://pkg/salt/sources/salt-api.service
      - salt://pkg/salt/sources/salt-master
      - salt://pkg/salt/sources/salt-master.service
      - salt://pkg/salt/sources/salt-minion
      - salt://pkg/salt/sources/salt-minion.service
      - salt://pkg/salt/sources/saltpkg.sls
      - salt://pkg/salt/sources/salt-syndic
      - salt://pkg/salt/sources/salt-syndic.service
      - salt://pkg/salt/sources/SaltTesting-2015.5.8.tar.gz
/tmp/pkg:
  pkgbuild.repo

salt.states.pkgbuild.built(name, runas, dest_dir, spec, sources, tgt, template=None, deps=None, env=None, results=None, force=False, saltenv='base', log_dir='/var/log/salt/pkgbuild')¶

Ensure that the named package is built and exists in the named directory

name

The name to track the build, the name value is otherwise unused

runas

The user to run the build process as

dest_dir

The directory on the minion to place the built package(s)

spec

The location of the spec file (used for rpms)

sources

The list of package sources

tgt

The target platform to run the build on

template

Run the spec file through a templating engine

Changed in version 2015.8.2: This argument is now optional, allowing for no templating engine to be used if none is desired.

deps

Packages required to ensure that the named package is built can be hosted on either the salt master server or on an HTTP or FTP server. Both HTTPS and HTTP are supported as well as downloading directly from Amazon S3 compatible URLs with both pre-configured and automatic IAM credentials

env

A dictionary of environment variables to be set prior to execution. Example:

- env:
    DEB_BUILD_OPTIONS: 'nocheck'

Warning

The above illustrates a common PyYAML pitfall, that yes, no, on, off, true, and false are all loaded as boolean True and False values, and must be enclosed in quotes to be used as strings. More info on this (and other) PyYAML idiosyncrasies can be found here.

results

The names of the expected rpms that will be built

forceFalse

If True, packages will be built even if they already exist in the dest_dir. This is useful when building a package for continuous or nightly package builds.

New in version 2015.8.2.

saltenv

The saltenv to use for files downloaded from the salt filesever

log_dir/var/log/salt/rpmbuild

Root directory for log files created from the build. Logs will be organized by package name, version, OS release, and CPU architecture under this directory.

New in version 2015.8.2.

salt.states.pkgbuild.repo(name, keyid=None, env=None, use_passphrase=False, gnupghome='/etc/salt/gpgkeys', runas='builder', timeout=15.0)¶

Make a package repository and optionally sign it and packages present

The name is directory to turn into a repo. This state is best used with onchanges linked to your package building states.

name

The directory to find packages that will be in the repository

keyid

Changed in version 2016.3.0.

Optional Key ID to use in signing packages and repository. Utilizes Public and Private keys associated with keyid which have been loaded into the minion's Pillar data.

For example, contents from a Pillar data file with named Public and Private keys as follows:

gpg_pkg_priv_key: |
  -----BEGIN PGP PRIVATE KEY BLOCK-----
  Version: GnuPG v1

  lQO+BFciIfQBCADAPCtzx7I5Rl32escCMZsPzaEKWe7bIX1em4KCKkBoX47IG54b
  w82PCE8Y1jF/9Uk2m3RKVWp3YcLlc7Ap3gj6VO4ysvVz28UbnhPxsIkOlf2cq8qc
  .
  .
  Ebe+8JCQTwqSXPRTzXmy/b5WXDeM79CkLWvuGpXFor76D+ECMRPv/rawukEcNptn
  R5OmgHqvydEnO4pWbn8JzQO9YX/Us0SMHBVzLC8eIi5ZIopzalvX
  =JvW8
  -----END PGP PRIVATE KEY BLOCK-----

gpg_pkg_priv_keyname: gpg_pkg_key.pem

gpg_pkg_pub_key: |
  -----BEGIN PGP PUBLIC KEY BLOCK-----
  Version: GnuPG v1

  mQENBFciIfQBCADAPCtzx7I5Rl32escCMZsPzaEKWe7bIX1em4KCKkBoX47IG54b
  w82PCE8Y1jF/9Uk2m3RKVWp3YcLlc7Ap3gj6VO4ysvVz28UbnhPxsIkOlf2cq8qc
  .
  .
  bYP7t5iwJmQzRMyFInYRt77wkJBPCpJc9FPNebL9vlZcN4zv0KQta+4alcWivvoP
  4QIxE+/+trC6QRw2m2dHk6aAeq/J0Sc7ilZufwnNA71hf9SzRIwcFXMsLx4iLlki
  inNqW9c=
  =s1CX
  -----END PGP PUBLIC KEY BLOCK-----

gpg_pkg_pub_keyname: gpg_pkg_key.pub

env

Changed in version 2016.3.0.

A dictionary of environment variables to be utilized in creating the repository. Example:

- env:
    OPTIONS: 'ask-passphrase'

Warning

The above illustrates a common PyYAML pitfall, that yes, no, on, off, true, and false are all loaded as boolean True and False values, and must be enclosed in quotes to be used as strings. More info on this (and other) PyYAML idiosyncrasies can be found here.

Use of OPTIONS on some platforms, for example: ask-passphrase, will require gpg-agent or similar to cache passphrases.

Note

This parameter is not used for making yum repositories.

use_passphraseFalse

New in version 2016.3.0.

Use a passphrase with the signing key presented in keyid. Passphrase is received from Pillar data which could be passed on the command line with pillar parameter. For example:

pillar='{ "gpg_passphrase" : "my_passphrase" }'

gnupghome/etc/salt/gpgkeys

New in version 2016.3.0.

Location where GPG related files are stored, used with 'keyid'

runasbuilder

New in version 2016.3.0.

User to create the repository as, and optionally sign packages.

Note

Ensure the user has correct permissions to any files and directories which are to be utilized.

timeout15.0

New in version 2016.3.4.

Timeout in seconds to wait for the prompt for inputting the passphrase.