From f73c8ff53d234c8a0d855cc9bdd6e9575d3e355a Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Thu, 12 Aug 2021 23:23:04 +0200
Subject: use singed-by= option for source list entries of external repos

---
 roles/apt-repo/kubic-project/tasks/main.yml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'roles/apt-repo/kubic-project/tasks')

diff --git a/roles/apt-repo/kubic-project/tasks/main.yml b/roles/apt-repo/kubic-project/tasks/main.yml
index 115d4060..6f9e2d78 100644
--- a/roles/apt-repo/kubic-project/tasks/main.yml
+++ b/roles/apt-repo/kubic-project/tasks/main.yml
@@ -2,13 +2,19 @@
 - name: add repository key
   copy:
     src: repo.gpg
-    dest: /etc/apt/trusted.gpg.d/kubic-project.gpg
+    dest: /etc/apt/keyrings/kubic-project.gpg
   register: apt_repo_kubic_project_key
 
+## TODO: remove once all servers have been converted
+- name: remove repository key from old location
+  file:
+    path: /etc/apt/trusted.gpg.d/kubic-project.gpg
+    state: absent
+
 - name: add repository entry
   copy:
     content: |
-      deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ (ansible_distribution == 'Ubuntu') | ternary('xUbuntu', ansible_distribution) }}_{{ ansible_distribution_version }}/ /
+      deb [signed-by=/etc/apt/keyrings/kubic-project.gpg] http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ (ansible_distribution == 'Ubuntu') | ternary('xUbuntu', ansible_distribution) }}_{{ ansible_distribution_version }}/ /
     dest: /etc/apt/sources.list.d/kubic-project.list
   register: apt_repo_kubic_project_sources
 
-- 
cgit v1.2.3