forked from evolix/ansible-roles
apt: Add Signed-by on Bookworm updates
The generic keyring is used instead of the specific ones for system and security because /usr/share/keyrings/debian-archive-bookworm-* are not present (yet) on major upgrades. It’s not ideal, and should be replaced afterwards. https://wiki.evolix.org/HowtoDebian/SourcesList#bookworm-12
This commit is contained in:
parent
f2c37dddff
commit
fef86b0a3f
|
@ -30,3 +30,21 @@
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
|
||||||
|
- name: Add signed-by when relevant for bookworm
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
dest: /etc/apt/sources.list.d/system.sources
|
||||||
|
line: "Signed-by: /usr/share/keyrings/debian-archive-keyring.gpg"
|
||||||
|
insertafter: "Suites: bookworm bookworm-updates"
|
||||||
|
state: present
|
||||||
|
tags:
|
||||||
|
- apt
|
||||||
|
|
||||||
|
- name: Add signed-by when relevant for bookworm-security
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
dest: /etc/apt/sources.list.d/security.sources
|
||||||
|
line: "Signed-by: /usr/share/keyrings/debian-archive-keyring.gpg"
|
||||||
|
insertafter: "Suites: bookworm-security"
|
||||||
|
state: present
|
||||||
|
tags:
|
||||||
|
- apt
|
||||||
|
|
Loading…
Reference in a new issue