From 6af0517fb1e1065eb287b6ec774b90f7d8814907 Mon Sep 17 00:00:00 2001 From: Waldemar Smirnow Date: Fri, 17 Jan 2025 12:09:25 +0100 Subject: [PATCH] Debian Apt-key deploecation fixed Debian deprecated the apt-key tool for managing repository keys. The recommended way since 2016, improved by an security aspect, is implemented by this patch. I recommend to read https://stackoverflow.com/questions/68992799/warning-apt-key-is-deprecated-manage-keyring-files-in-trusted-gpg-d-instead --- tasks/debian.yml | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/tasks/debian.yml b/tasks/debian.yml index 3dfbce5..0f9bd68 100644 --- a/tasks/debian.yml +++ b/tasks/debian.yml @@ -6,10 +6,22 @@ - gnupg2 cache_valid_time: 3600 +- name: Create directory for keyrings used by apt + ansible.builtin.file: + path: /etc/apt/keyrings + state: directory + owner: root + group: root + mode: '0755' + - name: Install the opencast package repository key - ansible.builtin.apt_key: + ansible.builtin.get_url: url: https://pkg.opencast.org/gpgkeys/opencast-deb.key - state: present + dest: /etc/apt/keyrings/opencast.asc + force: false + owner: root + group: root + mode: '0644' - name: Remove orphan opencast package repository definition register: rm_orphan_repo @@ -25,7 +37,7 @@ register: add_oc_repo ansible.builtin.apt_repository: repo: >- - deb https://pkg.opencast.org/debian + deb [signed-by=/etc/apt/keyrings/opencast.asc] https://pkg.opencast.org/debian {{ opencast_version_major }}.x stable filename: opencast @@ -36,7 +48,7 @@ register: add_oc_testing_repo ansible.builtin.apt_repository: repo: >- - deb https://pkg.opencast.org/debian + deb [signed-by=/etc/apt/keyrings/opencast.asc] https://pkg.opencast.org/debian {{ opencast_version_major }}.x testing filename: opencast