From 7c787d565951633a2ff846e10e52ac30608b397d Mon Sep 17 00:00:00 2001 From: Egor Tensin Date: Tue, 15 Aug 2023 22:09:10 +0200 Subject: apt_repo: support keys that must be gpg --dearmor'ed --- roles/apt_repo/defaults/main.yml | 1 + roles/apt_repo/tasks/main.yml | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/apt_repo/defaults/main.yml b/roles/apt_repo/defaults/main.yml index 6d09a7b..7394a29 100644 --- a/roles/apt_repo/defaults/main.yml +++ b/roles/apt_repo/defaults/main.yml @@ -1 +1,2 @@ apt_repo_keys_dir: /etc/apt/keyrings +apt_repo_key_dearmor: false diff --git a/roles/apt_repo/tasks/main.yml b/roles/apt_repo/tasks/main.yml index b9baffd..3ad7642 100644 --- a/roles/apt_repo/tasks/main.yml +++ b/roles/apt_repo/tasks/main.yml @@ -9,7 +9,11 @@ - name: Set key path ansible.builtin.set_fact: - key_path: '{{ apt_repo_keys_dir }}/{{ apt_repo_name }}.asc' + # For some reason, if the key is in a weird format that requires + # running `gpg --dearmor`, you must save it with the .gpg extension + # instead of .asc. You can then completely skip the gpg step. Source: + # https://stackoverflow.com/q/71585303/514684 + key_path: '{{ apt_repo_keys_dir }}/{{ apt_repo_name }}{{ apt_repo_key_dearmor | ternary(".gpg", ".asc") }}' - name: 'Add key: {{ apt_repo_name }}' ansible.builtin.get_url: -- cgit v1.2.3