apt: add move-apt-keyrings script/tasks
This commit is contained in:
parent
b2c215eef0
commit
17946f7280
|
@ -12,6 +12,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
|||
|
||||
### Added
|
||||
|
||||
* apt: add move-apt-keyrings script/tasks
|
||||
* nagios-nrpe: Print pool config path in check_phpfpm_multi output
|
||||
* nagios-nrpe: add tasks/files for a wrapper
|
||||
* fail2ban: add "Internal login failure" to Dovecot filter
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Move apt repository key from /etc/apt/trusted.gpg.d/ to /etc/apt/keyrings/ and add "signed-by" tag in source list
|
||||
#
|
||||
# Example: move-apt-keyrings.sh http://repo.mongodb.org/apt/debian mongodb-server-[0-9\\.]+.asc
|
||||
|
||||
repository_pattern=$1
|
||||
key=$2
|
||||
|
||||
found_files=$(grep --files-with-matches --recursive --extended-regexp "${repository_pattern}" "/etc/apt/sources.list.d/")
|
||||
|
||||
old_key_file="/etc/apt/trusted.gpg.d/${key}"
|
||||
new_key_file="/etc/apt/keyrings/${key}"
|
||||
|
||||
for file in ${found_files}; do
|
||||
if ! grep --quiet "signed-by" "${file}"; then
|
||||
signed_by="signed-by=${new_key_file}"
|
||||
if grep --quiet "deb(-src)? \[" "${file}"; then
|
||||
sed -i "s@deb\(-src\)\? \[\([^]]\+\)\]@deb\1 [\2 ${signed_by}]@" "${file}"
|
||||
else
|
||||
sed -i "s@deb\(-src\)\? @deb\1 [${signed_by}] @" "${file}"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
if [ -f "${old_key_file}" ] && [ ! -f "${new_key_file}" ]; then
|
||||
mv "${old_key_file}" "${new_key_file}"
|
||||
fi
|
||||
if [ -f "${new_key_file}" ]; then
|
||||
chmod 644 "${new_key_file}"
|
||||
chown root: "${new_key_file}"
|
||||
fi
|
|
@ -0,0 +1,36 @@
|
|||
---
|
||||
- name: New APT keyrings directory is present
|
||||
file:
|
||||
path: /etc/apt/keyrings
|
||||
state: directory
|
||||
mode: "0755"
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: migration script is present
|
||||
copy:
|
||||
src: move-apt-keyrings.sh
|
||||
dest: /root/move-apt-keyrings.sh
|
||||
mode: "0755"
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Move repository signing key
|
||||
command: "/root/move-apt-keyrings.sh \"{{ item.repository_pattern }}\" \"{{ item.key }}\""
|
||||
loop:
|
||||
- { repository_pattern: "http://pub.evolix.net/", key: "reg.asc" }
|
||||
- { repository_pattern: "https://artifacts.elastic.co/packages/[^/]+/apt", key: "elastics.asc" }
|
||||
- { repository_pattern: "https://download.docker.com/linux/debian", key: "docker-debian.asc" }
|
||||
- { repository_pattern: "https://downloads.linux.hpe.com/SDR/repo/mcp", key: "hpePublicKey2048_key1.asc" }
|
||||
- { repository_pattern: "http://pkg.jenkins-ci.org/debian-stable", key: "jenkins.asc" }
|
||||
- { repository_pattern: "https://packages.sury.org/php/", key: "sury.gpg" }
|
||||
- { repository_pattern: "http://repo.mongodb.org/apt/debian", key: "mongodb-server-[0-9\\.]+.asc" }
|
||||
- { repository_pattern: "http://apt.newrelic.com/debian/", key: "newrelic.asc" }
|
||||
- { repository_pattern: "https://deb.nodesource.com/", key: "nodesource.asc" }
|
||||
- { repository_pattern: "https://dl.yarnpkg.com/debian/", key: "yarn.asc" }
|
||||
- { repository_pattern: "http://apt.postgresql.org/pub/repos/apt/", key: "postgresql.asc" }
|
||||
register: _cmd
|
||||
|
||||
- name: Debug command
|
||||
debug:
|
||||
var: _cmd
|
Loading…
Reference in New Issue