stages/yum: only write known options to repo file

This is similar to the previous commit for the dnf stage. Don't pass through arbitrary options. This means that pipeline repo objects don't have the same options as yum repo files anymore: 1. Hard code repo name to repo id. The name has no influence on the resulting image and should thus not appear in a pipeline. 2. Set gpgcheck=1 when gpgkey is given. It defaults to false, which means that all sample and test pipelines didn't verify packages. It would have failed anyway, because the container doesn't have the key referenced in /etc. Change all gpgkeys to refer to the key id and import them manually. 3. Don't allow lists for baseurl and gpgkey. We can add that if we need it at some point. Also be less verbose.
2019-09-24 15:53:31 +02:00 · 2019-09-24 15:53:31 +02:00 · e23b5a32a2
commit e23b5a32a2
parent 0dd939b658
3 changed files with 26 additions and 19 deletions
--- a/samples/base-from-yum.json
+++ b/samples/base-from-yum.json
@ -10,9 +10,8 @@
          "basearch": "x86_64",
          "repos": {
            "fedora": {
-              "name": "Fedora",
              "baseurl": "https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/$releasever/Everything/$basearch/os/",
-              "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch"
+              "gpgkey": "860E 19B0 AFA8 00A1 7518 81A6 F55E 7430 F528 2EE4"
            }
          },
          "packages": [
--- a/samples/build-from-yum.json
+++ b/samples/build-from-yum.json
@ -8,9 +8,8 @@
        "basearch": "x86_64",
        "repos": {
          "fedora": {
-            "name": "Fedora",
            "baseurl": "https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/$releasever/Everything/$basearch/os/",
-            "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch"
+            "gpgkey": "860E 19B0 AFA8 00A1 7518 81A6 F55E 7430 F528 2EE4"
          }
        },
        "packages": [