Commit 8acc0653 authored by Simon Coffey's avatar Simon Coffey

Accept prompts while fetching repo metadata

With the new `repo_gpgcheck` attribute, a signing key can now be implicated in
fetching the repository metadata. If this is a previously un-imported key, a
prompt is generated by `yum makecache`, which fails in a chef run due to the
non-interactive context. This results in the `yum_repository` resource failing
if a previously un-imported key is used in tandem with `repo_gpgcheck = true`.

Cookbook users should be responsible for ensuring that keys they refer to in
their resources can be trusted, either by referring to keys at secure URLs, or
by creating a local, trusted file using managed secrets, and referring
directly to that.

Therefore, add the `-y` flag to the `yum makecache` command, allowing repo
metadata to be fetched without manual intervention.
parent 2f9cb507
......@@ -59,7 +59,7 @@ action :create do
# get the metadata for this repo only
execute "yum-makecache-#{new_resource.repositoryid}" do
command "yum -q makecache --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
command "yum -q -y makecache --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
action :nothing
only_if { new_resource.enabled }
end
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment