apt: add move-apt-keyrings script/tasks
This commit is contained in:
parent
b2c215eef0
commit
17946f7280
|
@ -12,6 +12,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
||||||
|
* apt: add move-apt-keyrings script/tasks
|
||||||
* nagios-nrpe: Print pool config path in check_phpfpm_multi output
|
* nagios-nrpe: Print pool config path in check_phpfpm_multi output
|
||||||
* nagios-nrpe: add tasks/files for a wrapper
|
* nagios-nrpe: add tasks/files for a wrapper
|
||||||
* fail2ban: add "Internal login failure" to Dovecot filter
|
* fail2ban: add "Internal login failure" to Dovecot filter
|
||||||
|
|
32
apt/files/move-apt-keyrings.sh
Normal file
32
apt/files/move-apt-keyrings.sh
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Move apt repository key from /etc/apt/trusted.gpg.d/ to /etc/apt/keyrings/ and add "signed-by" tag in source list
|
||||||
|
#
|
||||||
|
# Example: move-apt-keyrings.sh http://repo.mongodb.org/apt/debian mongodb-server-[0-9\\.]+.asc
|
||||||
|
|
||||||
|
repository_pattern=$1
|
||||||
|
key=$2
|
||||||
|
|
||||||
|
found_files=$(grep --files-with-matches --recursive --extended-regexp "${repository_pattern}" "/etc/apt/sources.list.d/")
|
||||||
|
|
||||||
|
old_key_file="/etc/apt/trusted.gpg.d/${key}"
|
||||||
|
new_key_file="/etc/apt/keyrings/${key}"
|
||||||
|
|
||||||
|
for file in ${found_files}; do
|
||||||
|
if ! grep --quiet "signed-by" "${file}"; then
|
||||||
|
signed_by="signed-by=${new_key_file}"
|
||||||
|
if grep --quiet "deb(-src)? \[" "${file}"; then
|
||||||
|
sed -i "s@deb\(-src\)\? \[\([^]]\+\)\]@deb\1 [\2 ${signed_by}]@" "${file}"
|
||||||
|
else
|
||||||
|
sed -i "s@deb\(-src\)\? @deb\1 [${signed_by}] @" "${file}"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ -f "${old_key_file}" ] && [ ! -f "${new_key_file}" ]; then
|
||||||
|
mv "${old_key_file}" "${new_key_file}"
|
||||||
|
fi
|
||||||
|
if [ -f "${new_key_file}" ]; then
|
||||||
|
chmod 644 "${new_key_file}"
|
||||||
|
chown root: "${new_key_file}"
|
||||||
|
fi
|
36
apt/tasks/move-apt-keyring.yml
Normal file
36
apt/tasks/move-apt-keyring.yml
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
---
|
||||||
|
- name: New APT keyrings directory is present
|
||||||
|
file:
|
||||||
|
path: /etc/apt/keyrings
|
||||||
|
state: directory
|
||||||
|
mode: "0755"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
|
||||||
|
- name: migration script is present
|
||||||
|
copy:
|
||||||
|
src: move-apt-keyrings.sh
|
||||||
|
dest: /root/move-apt-keyrings.sh
|
||||||
|
mode: "0755"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
|
||||||
|
- name: Move repository signing key
|
||||||
|
command: "/root/move-apt-keyrings.sh \"{{ item.repository_pattern }}\" \"{{ item.key }}\""
|
||||||
|
loop:
|
||||||
|
- { repository_pattern: "http://pub.evolix.net/", key: "reg.asc" }
|
||||||
|
- { repository_pattern: "https://artifacts.elastic.co/packages/[^/]+/apt", key: "elastics.asc" }
|
||||||
|
- { repository_pattern: "https://download.docker.com/linux/debian", key: "docker-debian.asc" }
|
||||||
|
- { repository_pattern: "https://downloads.linux.hpe.com/SDR/repo/mcp", key: "hpePublicKey2048_key1.asc" }
|
||||||
|
- { repository_pattern: "http://pkg.jenkins-ci.org/debian-stable", key: "jenkins.asc" }
|
||||||
|
- { repository_pattern: "https://packages.sury.org/php/", key: "sury.gpg" }
|
||||||
|
- { repository_pattern: "http://repo.mongodb.org/apt/debian", key: "mongodb-server-[0-9\\.]+.asc" }
|
||||||
|
- { repository_pattern: "http://apt.newrelic.com/debian/", key: "newrelic.asc" }
|
||||||
|
- { repository_pattern: "https://deb.nodesource.com/", key: "nodesource.asc" }
|
||||||
|
- { repository_pattern: "https://dl.yarnpkg.com/debian/", key: "yarn.asc" }
|
||||||
|
- { repository_pattern: "http://apt.postgresql.org/pub/repos/apt/", key: "postgresql.asc" }
|
||||||
|
register: _cmd
|
||||||
|
|
||||||
|
- name: Debug command
|
||||||
|
debug:
|
||||||
|
var: _cmd
|
Loading…
Reference in a new issue