diff options
| -rw-r--r-- | roles/sane_debian_system/defaults/main.yml | 5 | ||||
| -rw-r--r-- | roles/sane_debian_system/tasks/apt.yml | 11 |
2 files changed, 15 insertions, 1 deletions
diff --git a/roles/sane_debian_system/defaults/main.yml b/roles/sane_debian_system/defaults/main.yml index b804181..44b2b2c 100644 --- a/roles/sane_debian_system/defaults/main.yml +++ b/roles/sane_debian_system/defaults/main.yml @@ -14,7 +14,10 @@ debian_mirror: ftp.fi.debian.org # A list of extra APT repositories to add. Each list entry should be a # dict with the key "repo", which is the sources.list line to add. If -# list is empty (as it is by default), nothing extra is added. +# list is empty (as it is by default), nothing extra is added. Other +# keys are "signing_key", the public key of the archive signing key, +# and "keyring_packge", which contains the .deb package with the +# archive signing key. sources_lists: [] diff --git a/roles/sane_debian_system/tasks/apt.yml b/roles/sane_debian_system/tasks/apt.yml index d6ef838..9cbeca6 100644 --- a/roles/sane_debian_system/tasks/apt.yml +++ b/roles/sane_debian_system/tasks/apt.yml @@ -25,11 +25,22 @@ repo: "{{ item.repo }}" update_cache: no +- name: add archive signing keys + with_items: "{{ sources_lists }}" + apt_key: + data: "{{ item.signing_key }}" + state: present + - name: update package lists apt: update_cache: yes cache_valid_time: 0 +- name: add archive keyrings + with_items: "{{ sources_lists }}" + apt: + name: "{{ item.keyring_package }}" + - name: dist-upgrade so everything is up to date apt: upgrade: dist |