zester
GuidesModules

pkgrepo.managed

Manages an apt or yum/dnf package repository definition. On Debian it writes /etc/apt/sources.list.d/<name>.list (optionally importing a signing key and refreshing the cache); on the RedHat family it writes /etc/yum.repos.d/<name>.repo. PPAs are handled via add-apt-repository.

Source: pkg/state/modules/pkgrepo.go


Parameters

ParameterTypeRequiredDefaultDescription
namestringNoState IDRepository identifier — used for the default filename and the yum section header.
humannamestringNonameDescriptive display name (yum name= field / apt comment line).
baseurlstringNo""On apt: the full deb ... source line. On yum: the baseurl= value.
ppastringNo""An apt PPA reference (e.g. ppa:user/name). When set and baseurl is empty, the repo is added via add-apt-repository -y. Setting ppa also forces the Debian code path when the OS family cannot be detected.
filestringNo(family default)Override the repository definition file path.
key_urlstringNo""Signing-key URL. On apt the key is fetched with curl and imported via apt-key add; on yum it becomes the gpgkey= field.
enabledboolNotrueThe yum enabled= field (1/0). Ignored on apt.
gpgcheckboolNotrueThe yum gpgcheck= field (1/0). Ignored on apt.
refreshboolNotrueRefresh the package cache after writing the repo (apt-get update / <mgr> makecache).

All states also accept the full set of requisite parameters and Salt-parity state attributes — see Dependencies & Requisites.


Check Behavior

  • If the OS family cannot be determined, Check errors.
  • PPA repos always report changes needed — a PPA cannot be verified from a single file, so add-apt-repository (which is idempotent) is always re-run on Apply.
  • Otherwise the desired file content is rendered and compared byte-for-byte with the current repo file; a missing or differing file means changes are needed.

Rendered file content

# Managed by Zester: <humanname>
<baseurl>
[<name>]
name=<humanname>
baseurl=<baseurl>
enabled=1
gpgcheck=1
gpgkey=<key_url>          # only when key_url is set

Apply Behavior

Debian: imports the signing key when key_url is set (curl + apt-key add), then either runs add-apt-repository -y <ppa> or writes the .list file (creating the parent directory), then runs apt-get update when refresh is true.

RedHat: writes the .repo file, then runs <mgr> makecache when refresh is true.


Revert Behavior

  • PPA repos are removed via add-apt-repository -r -y <ppa>.
  • File-based repos: the repo definition file is deleted.

Examples

State File

Apt repository (note: baseurl is the full deb line):

docker:
  pkgrepo.managed:
    - humanname: Docker CE
    - baseurl: "deb [arch=amd64] https://download.docker.com/linux/ubuntu jammy stable"
    - key_url: https://download.docker.com/linux/ubuntu/gpg

Yum repository:

epel:
  pkgrepo.managed:
    - humanname: Extra Packages for Enterprise Linux
    - baseurl: "https://download.fedoraproject.org/pub/epel/9/Everything/x86_64/"
    - gpgcheck: false

PPA:

deadsnakes:
  pkgrepo.managed:
    - ppa: "ppa:deadsnakes/ppa"

Divergences from Salt

  • On apt, baseurl holds the entire deb ... source line. In Salt the deb line goes in name:; Zester keeps name as the repo identifier and reuses baseurl for both families.
  • Apt keys are imported with the deprecated apt-key add (Salt supports signed-by/keyring files).
  • Salt's disabled, mirrorlist, gpgautoimport, comps, and architectures parameters are not supported.
  • Reverting removes the whole repo file rather than restoring prior content.

On this page