From 6e885e5cd79520e8e9bbb3a7b8f7dca118b17979 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Tue, 28 Dec 2021 17:32:02 +0200
Subject: sane_debian_system: avoid apt-key for adding repository signing keys

Debian has decided to deprecate apt-key, though I can't find out why.

Sponsored-by: author
---
 roles/sane_debian_system/tasks/apt.yml | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

(limited to 'roles')

diff --git a/roles/sane_debian_system/tasks/apt.yml b/roles/sane_debian_system/tasks/apt.yml
index 13937c9..3f1fd5e 100644
--- a/roles/sane_debian_system/tasks/apt.yml
+++ b/roles/sane_debian_system/tasks/apt.yml
@@ -39,23 +39,27 @@
     src: sources.list.j2
     dest: /etc/apt/sources.list
 
-- name: additional sources.list.d/*
-  with_items: "{{ sane_debian_system_sources_lists }}"
-  apt_repository:
-    repo: "{{ item.repo }}"
-    update_cache: no
+- name: "update package lists"
+  apt:
+    update_cache: yes
 
 - name: install necessary tools
   apt:
     name:
       - sudo
-      - gpg
+
+- name: additional sources.list.d/*
+  with_items: "{{ sane_debian_system_sources_lists }}"
+  apt_repository:
+    repo: "{{ item.repo }}"
+    update_cache: no
 
 - name: add archive signing keys
   with_items: "{{ sane_debian_system_sources_lists }}"
-  apt_key:
-    data: "{{ item.signing_key }}"
-    state: present
+  shell: |
+    key="{{ item.signing_key }}"
+    sum="$(echo -n "$key" | sha1sum | awk '{ print $1 }')"
+    echo "$key" > "/etc/apt/trusted.gpg.d/$sum.asc"
   when: item.signing_key is defined
 
 # Use shell to run apt-get to update package lists so that we can pass
-- 
cgit v1.2.1