Stop using apt_key: module to install keyrings

Fixes #16 by replacing uses of the `apt_key:` module with `get_url:` to download apt keyrings into `/etc/apt/keyrings`, then used `signed-by=/etc/path/keyrings/<keyring>` in the appropriate sources.list file.
2023-06-24 11:25:54 +01:00 · 2023-06-24 11:25:54 +01:00 · 31a819e481
commit 31a819e481
parent 026969a32d
2 changed files with 50 additions and 15 deletions
--- a/roles/1password/tasks/Debian.yaml
+++ b/roles/1password/tasks/Debian.yaml
@ -1,16 +1,23 @@
 ---
- set_fact:
-    keyring: /etc/apt/trusted.gpg.d/1password-archive-keyring.gpg
+- name: set keyring path
+  set_fact:
+    keyring: /etc/apt/keyrings/1password.asc
+    old_keyring: /etc/apt/trusted.gpg.d/1password-archive-keyring.gpg
+
+- name: remove old keyring
+  file:
+    path: '{{old_keyring}}'
+    state: absent

 - name: add apt signing key
  when: '"WSL" not in ansible_kernel'
  become: true
-  apt_key:
+  get_url:
    url: https://downloads.1password.com/linux/keys/1password.asc
-    keyring: '{{keyring}}'
-    state: present
+    dest: '{{keyring}}'

- when: ansible_machine == 'x86_64'
+- name: set compatible architecture
+  when: ansible_machine == 'x86_64'
  set_fact:
    arch: amd64

--- a/roles/llvm/tasks/Ubuntu.yaml
+++ b/roles/llvm/tasks/Ubuntu.yaml
@ -25,11 +25,44 @@
      'http://apt.llvm.org/{{ubuntu_codename}}/'
    llvm_apt_category:
      'llvm-toolchain-{{ubuntu_codename}}-{{llvm_major_version}}'
+    keyring: '/etc/apt/keyrings/llvm.asc'
+
+- name: remove old keyring
+  when: '"WSL" not in ansible_kernel'
+  become: true
+  apt_key:
+    url: https://apt.llvm.org/llvm-snapshot.gpg.key
+    id: 6084F3CF814B57C1CF12EFD515CF4D18AF4F7421
+    state: absent
+
+- name: remove old upstream deb repository
+  become: true
+  apt_repository:
+    repo: 'deb {{llvm_apt_repo_url}} {{llvm_apt_category}} main'
+    state: absent
+    filename: llvm
+    update_cache: false
+
+- name: remove old upstream deb-src repository
+  become: true
+  apt_repository:
+    repo: 'deb-src {{llvm_apt_repo_url}} {{llvm_apt_category}} main'
+    state: absent
+    filename: llvm
+    update_cache: false
+
+- name: add apt repository key
+  become: true
+  get_url:
+    url: https://apt.llvm.org/llvm-snapshot.gpg.key
+    dest: '{{keyring}}'

 - name: add upstream deb repository
  become: true
  apt_repository:
-    repo: 'deb {{llvm_apt_repo_url}} {{llvm_apt_category}} main'
+    repo: >
+      deb [signed-by={{keyring}}]
+      {{llvm_apt_repo_url}} {{llvm_apt_category}} main
    state: present
    filename: llvm
    update_cache: false
@ -37,18 +70,13 @@
 - name: add upstream deb-src repository
  become: true
  apt_repository:
-    repo: 'deb-src {{llvm_apt_repo_url}} {{llvm_apt_category}} main'
+    repo: >
+      deb-src [signed-by={{keyring}}]
+      {{llvm_apt_repo_url}} {{llvm_apt_category}} main
    state: present
    filename: llvm
    update_cache: false

- name: add apt repository key
-  become: true
-  apt_key:
-    url: https://apt.llvm.org/llvm-snapshot.gpg.key
-    id: 6084F3CF814B57C1CF12EFD515CF4D18AF4F7421
-    state: present
-
 - name: update apt cache
  become: true
  apt: