diff options
Diffstat (limited to 'roles/sane_debian_system/tasks/apt.yml')
-rw-r--r-- | roles/sane_debian_system/tasks/apt.yml | 47 |
1 files changed, 31 insertions, 16 deletions
diff --git a/roles/sane_debian_system/tasks/apt.yml b/roles/sane_debian_system/tasks/apt.yml index 21eea70..0da3332 100644 --- a/roles/sane_debian_system/tasks/apt.yml +++ b/roles/sane_debian_system/tasks/apt.yml @@ -11,28 +11,24 @@ # First update package lists. The ones that come with the image may be # badly out of date. # -# Ignore any error here so that later tasks can fix things such as a badly -# formed sources.list. +# Use shell to run apt-get, rather than the Ansible apt module, so +# that we can pass in the --allow-releaseinfo--change option. +- name: update package lists + shell: | + apt-get update --allow-releaseinfo-change + - name: update package lists ignore_errors: yes apt: update_cache: yes cache_valid_time: 0 -- name: install sudo - apt: - name: sudo - # Now install https transport for APT. This is installed before # changing sources lists, so that if they happen to use https URLs apt # will still work. apt-transport-https is in the main Debian archive, # and we assume those are in the sources.list that come with the # image. -# -# Ignore any error here so that later tasks can fix things such as a badly -# formed sources.list. - name: install apt-transport-https - ignore_errors: yes apt: name: apt-transport-https @@ -41,6 +37,22 @@ src: sources.list.j2 dest: /etc/apt/sources.list +- name: "update package lists" + apt: + update_cache: yes + +- name: install necessary tools + apt: + name: + - sudo + +- name: "allow root to use sudo" + copy: + content: | + root ALL=(ALL:ALL) NOPASSWD: ALL + dest: /etc/sudoers.d/root + mode: 0600 + - name: additional sources.list.d/* with_items: "{{ sane_debian_system_sources_lists }}" apt_repository: @@ -49,15 +61,18 @@ - name: add archive signing keys with_items: "{{ sane_debian_system_sources_lists }}" - apt_key: - data: "{{ item.signing_key }}" - state: present + shell: | + key="{{ item.signing_key }}" + sum="$(echo -n "$key" | sha1sum | awk '{ print $1 }')" + echo "$key" > "/etc/apt/trusted.gpg.d/$sum.asc" when: item.signing_key is defined +# Use shell to run apt-get to update package lists so that we can pass +# in the --allow-releaseinfo--change option. - name: update package lists - apt: - update_cache: yes - cache_valid_time: 0 + shell: | + apt-get update --allow-releaseinfo-change + - name: add archive keyrings with_items: "{{ sane_debian_system_sources_lists }}" |