evolix
/
ansible-roles
22
2
Fork 2
Code Issues 61 Pull Requests 18 Releases 32 Wiki Activity

apt: add move-apt-keyrings script/tasks

This commit is contained in:
Jérémy Lecour 2023-02-27 13:58:01 +01:00 committed by Jérémy Lecour
parent b2c215eef0
commit 17946f7280
3 changed files with 69 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -12,6 +12,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
### Added
* apt: add move-apt-keyrings script/tasks
* nagios-nrpe: Print pool config path in check_phpfpm_multi output
* nagios-nrpe: add tasks/files for a wrapper
* fail2ban: add "Internal login failure" to Dovecot filter

32
apt/files/move-apt-keyrings.sh Normal file
View File

@ -0,0 +1,32 @@
#!/bin/sh
# Move apt repository key from /etc/apt/trusted.gpg.d/ to /etc/apt/keyrings/ and add "signed-by" tag in source list
#
# Example: move-apt-keyrings.sh http://repo.mongodb.org/apt/debian mongodb-server-[0-9\\.]+.asc
repository_pattern=$1
key=$2
found_files=$(grep --files-with-matches --recursive --extended-regexp "${repository_pattern}" "/etc/apt/sources.list.d/")
old_key_file="/etc/apt/trusted.gpg.d/${key}"
new_key_file="/etc/apt/keyrings/${key}"
for file in ${found_files}; do
if ! grep --quiet "signed-by" "${file}"; then
signed_by="signed-by=${new_key_file}"
if grep --quiet "deb(-src)? \[" "${file}"; then
sed -i "s@deb\(-src\)\? \[\([^]]\+\)\]@deb\1 [\2 ${signed_by}]@" "${file}"
else
sed -i "s@deb\(-src\)\? @deb\1 [${signed_by}] @" "${file}"
fi
fi
done
if [ -f "${old_key_file}" ] && [ ! -f "${new_key_file}" ]; then
mv "${old_key_file}" "${new_key_file}"
fi
if [ -f "${new_key_file}" ]; then
chmod 644 "${new_key_file}"
chown root: "${new_key_file}"
fi

36
apt/tasks/move-apt-keyring.yml Normal file
View File

@ -0,0 +1,36 @@
---
- name: New APT keyrings directory is present
file:
path: /etc/apt/keyrings
state: directory
mode: "0755"
owner: root
group: root
- name: migration script is present
copy:
src: move-apt-keyrings.sh
dest: /root/move-apt-keyrings.sh
mode: "0755"
owner: root
group: root
- name: Move repository signing key
command: "/root/move-apt-keyrings.sh \"{{ item.repository_pattern }}\" \"{{ item.key }}\""
loop:
- { repository_pattern: "http://pub.evolix.net/", key: "reg.asc" }
- { repository_pattern: "https://artifacts.elastic.co/packages/[^/]+/apt", key: "elastics.asc" }
- { repository_pattern: "https://download.docker.com/linux/debian", key: "docker-debian.asc" }
- { repository_pattern: "https://downloads.linux.hpe.com/SDR/repo/mcp", key: "hpePublicKey2048_key1.asc" }
- { repository_pattern: "http://pkg.jenkins-ci.org/debian-stable", key: "jenkins.asc" }
- { repository_pattern: "https://packages.sury.org/php/", key: "sury.gpg" }
- { repository_pattern: "http://repo.mongodb.org/apt/debian", key: "mongodb-server-[0-9\\.]+.asc" }
- { repository_pattern: "http://apt.newrelic.com/debian/", key: "newrelic.asc" }
- { repository_pattern: "https://deb.nodesource.com/", key: "nodesource.asc" }
- { repository_pattern: "https://dl.yarnpkg.com/debian/", key: "yarn.asc" }
- { repository_pattern: "http://apt.postgresql.org/pub/repos/apt/", key: "postgresql.asc" }
register: _cmd
- name: Debug command
debug:
var: _cmd