summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wirzenius <liw@liw.fi>2021-12-28 17:32:02 +0200
committerLars Wirzenius <liw@liw.fi>2021-12-28 17:32:02 +0200
commit6e885e5cd79520e8e9bbb3a7b8f7dca118b17979 (patch)
tree7a925ab6c65605b9d5aa7261e6b0ecc7b5ee9e76
parente52e8db319d5683e90e7e0116b995e65392cfefc (diff)
downloaddebian-ansible-6e885e5cd79520e8e9bbb3a7b8f7dca118b17979.tar.gz
sane_debian_system: avoid apt-key for adding repository signing keys
Debian has decided to deprecate apt-key, though I can't find out why. Sponsored-by: author
-rw-r--r--roles/sane_debian_system/tasks/apt.yml22
1 files changed, 13 insertions, 9 deletions
diff --git a/roles/sane_debian_system/tasks/apt.yml b/roles/sane_debian_system/tasks/apt.yml
index 13937c9..3f1fd5e 100644
--- a/roles/sane_debian_system/tasks/apt.yml
+++ b/roles/sane_debian_system/tasks/apt.yml
@@ -39,23 +39,27 @@
src: sources.list.j2
dest: /etc/apt/sources.list
-- name: additional sources.list.d/*
- with_items: "{{ sane_debian_system_sources_lists }}"
- apt_repository:
- repo: "{{ item.repo }}"
- update_cache: no
+- name: "update package lists"
+ apt:
+ update_cache: yes
- name: install necessary tools
apt:
name:
- sudo
- - gpg
+
+- name: additional sources.list.d/*
+ with_items: "{{ sane_debian_system_sources_lists }}"
+ apt_repository:
+ repo: "{{ item.repo }}"
+ update_cache: no
- name: add archive signing keys
with_items: "{{ sane_debian_system_sources_lists }}"
- apt_key:
- data: "{{ item.signing_key }}"
- state: present
+ shell: |
+ key="{{ item.signing_key }}"
+ sum="$(echo -n "$key" | sha1sum | awk '{ print $1 }')"
+ echo "$key" > "/etc/apt/trusted.gpg.d/$sum.asc"
when: item.signing_key is defined
# Use shell to run apt-get to update package lists so that we can pass