WIP: Use proper keyrings directory #163
No reviewers
Labels
No labels
bug
duplicate
enhancement
help wanted
invalid
question
security
wontfix
No milestone
No project
No assignees
2 participants
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: evolix/ansible-roles#163
Loading…
Reference in a new issue
No description provided.
Delete branch "debian12-keyring"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
We've decided that all gpg/asc files for APT go to
/etc/apt/trusted.gpg.d
, but with APT 2.4 (Debian 12), the proper directory becomes/etc/apt/keyrings
I've added a automatic variables in roles that use this.
I've also added a
signed-by
option in source.list files for thid-party sources.From https://manpages.debian.org/testing/apt/apt-key.8.en.html :
@ -41,3 +41,3 @@
- name: Elastic sources list is available
apt_repository:
repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
repo: "deb [signed-by={{ apt_keyring_dir }}/.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
s/.asc/elastic&/
In fact, moving to a deb822 format might make this even easier.
It is supported since since apt version 1.1 so it is available (at least) since Debian 8 (jessie).
I've noticed that we almost never update source files outside of Ansible (with the
apt_repository
module), so we could decide to change all custom source files to this new format, without breaking anything.Everything has been integrated in the stable/unstable branches.
Pull request closed