[Gluster-users] rsa.pub at https://download.gluster.org/pub/gluster/glusterfs/LATEST/?
Shane St Savage
shane at axiomdatascience.com
Wed Oct 30 23:16:16 UTC 2019
> Why is this preferable to what's in the README.txt (i.e. "wget -O -
https://download.gluster.org/pub/gluster/glusterfs/5/rsa.pub | apt-key add
-") ?
> You import the key once, and it works for every update after that? That's
what Louis Zuckerman (a.k.a. semiosis), the original gluster debian
packager suggested. I don't know enough to know why your deb cmd is better
than semiosis' apt-key add cmd?
> Also the fact that the key hasn't actually changed since glusterfs-5
means, among other things, you only need to change the
/etc/apt/sources.list.d/gluster.list and updates to -6 or -7 will just keep
working with the key you already imported.
These things might be fine if you're manually maintaining a handful of
servers (pets), but they're detrimental when maintaining large amounts of
servers/VMs/Docker images/etc which need to be provisioned from scratch
with reliable, repeatable recipes (cattle). Users shouldn't have to know or
care that they need to install rsa.pub from version 5, 6, or 7 to install
the LATEST client, nor should they need to know that rsa.pub hasn't changed
since version 5. They should know that they can always install LATEST with
a key available at a stable URL (e.g.
https://download.gluster.org/pub/gluster/glusterfs/LATEST/rsa.pub), even
when new versions are released.
> I have the possibly mistaken impression that not everyone wants to always
use .../glusterfs/LATEST. Some people want to install glusterfs-6 and stay
on -6, i.e. .../glusterfs/6/LATEST. And they'd be really upset if they came
in one morning to find that an automatic update (however good or bad an
idea that is) had updated them to glusterfs-7 when they weren't ready for
it. (And worse, if it broke their system.)
Absolutely, that's why both
https://download.gluster.org/pub/gluster/glusterfs/7/LATEST/ and
https://download.gluster.org/pub/gluster/glusterfs/LATEST/ exist, right?
I'm not suggesting that anything within the major version folders change,
I'm suggesting that in addition to the
https://download.gluster.org/pub/gluster/glusterfs/LATEST/ repo we also
have a LATEST rsa.pub at a URL which doesn't change. If internally
https://download.gluster.org/pub/gluster/glusterfs/LATEST/ is just a
symlink and it doensn't make sense to put said LATEST rsa.pub inside that
dir, maybe it could be top level (
https://download.gluster.org/pub/gluster/glusterfs/LATEST_rsa.pub or
similar). It really doesn't matter where it is, as long as it doesn't move
and always matches
https://download.gluster.org/pub/gluster/glusterfs/LATEST/.
> And apropos of nothing in particular, perhaps we should create a new key
for glusterfs-8 when that time comes; it's probably time.
+1
On Tue, Oct 29, 2019 at 12:22 PM Kaleb Keithley <kkeithle at redhat.com> wrote:
>
>
> On Mon, Oct 28, 2019 at 1:03 PM Shane St Savage <
> shane at axiomdatascience.com> wrote:
>
>> Adding rsa.pub at
>> https://download.gluster.org/pub/gluster/glusterfs/LATEST/rsa.pub would
>> allow bootstrapping Debian servers with the following repo/key:
>>
>> deb
>> https://download.gluster.org/pub/gluster/glusterfs/LATEST/Debian/${RELEASE}/amd64/apt
>> ${RELEASE} main
>> https://download.gluster.org/pub/gluster/glusterfs/LATEST/rsa.pub
>>
>> In other words, only LATEST would have to be referenced instead of LATEST
>> and some specific version for the key.
>>
>
> I'm not a Debian packaging expert. (Even if sometimes I play one on TV.)
> Why is this preferable to what's in the README.txt (i.e. "wget -O -
> https://download.gluster.org/pub/gluster/glusterfs/5/rsa.pub | apt-key
> add -") ?
>
> You import the key once, and it works for every update after that? That's
> what Louis Zuckerman (a.k.a. semiosis), the original gluster debian
> packager suggested. I don't know enough to know why your deb cmd is better
> than semiosis' apt-key add cmd?
>
> Also the fact that the key hasn't actually changed since glusterfs-5
> means, among other things, you only need to change the
> /etc/apt/sources.list.d/gluster.list and updates to -6 or -7 will just keep
> working with the key you already imported.
>
> As an example of why this is useful, Gluster 7 has been released since my
>> original mail, so now the key for LATEST is at
>> https://download.gluster.org/pub/gluster/glusterfs/7/rsa.pub instead of
>> https://download.gluster.org/pub/gluster/glusterfs/6/rsa.pub. Every time
>> a new verison of Gluster is released the recipe for installing the latest
>> Gluster client has to be updated.
>>
>
> I have the possibly mistaken impression that not everyone wants to always
> use .../glusterfs/LATEST. Some people want to install glusterfs-6 and stay
> on -6, i.e. .../glusterfs/6/LATEST. And they'd be really upset if they came
> in one morning to find that an automatic update (however good or bad an
> idea that is) had updated them to glusterfs-7 when they weren't ready for
> it. (And worse, if it broke their system.)
>
> And apropos of nothing in particular, perhaps we should create a new key
> for glusterfs-8 when that time comes; it's probably time.
>
>
>
>> On Mon, Sep 9, 2019 at 11:42 PM Kaleb Keithley <kkeithle at redhat.com>
>> wrote:
>>
>>> Hi,
>>>
>>> What is the issue that this would solve?
>>>
>>> The Debian README.txt files and RPM repo files for 6.x all say the
>>> rsa.pub is at
>>> https://download.gluster.org/pub/gluster/glusterfs/6/rsa.pub and have
>>> since day one.
>>>
>>> (Likewise the rsa.pub for 5.x is at
>>> https://download.gluster.org/pub/gluster/glusterfs/5/rsa.pub)
>>> <https://download.gluster.org/pub/gluster/glusterfs/6/rsa.pub>
>>>
>>>
>>> On Mon, Sep 9, 2019 at 10:29 PM Shane St Savage <
>>> shane at axiomdatascience.com> wrote:
>>>
>>>> Hello,
>>>>
>>>> Any chance of getting an rsa.pub available in
>>>>
>>>> https://download.gluster.org/pub/gluster/glusterfs/LATEST/
>>>>
>>>> at
>>>>
>>>> https://download.gluster.org/pub/gluster/glusterfs/LATEST/rsa.pub
>>>>
>>>> ?
>>>>
>>>> (in this case, it should be
>>>> https://download.gluster.org/pub/gluster/glusterfs/6/rsa.pub).
>>>>
>>>> Thanks,
>>>> Shane
>>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gluster.org/pipermail/gluster-users/attachments/20191030/24c316e3/attachment.html>
More information about the Gluster-users
mailing list