Bug: Directly deploy leap-archive keyrings

The leap-archive keyring expired March 8th 2018.
We updated it, and published updated installation
docs at https://bitmask.net/en/install/linux.

For jessie, we dont install the leap-archive-keyring
package anymore but directly deploy the keys to
apt's trusted keystore.

- Fixes: https://0xacab.org/leap/bitmask-dev/issues/9279

diff --git a/puppet/modules/site_apt/files/keys/leap-archive.gpg b/puppet/modules/site_apt/files/keys/leap-archive.gpg
index dd7f3be..dc19f62 100644 (file)
Binary files a/puppet/modules/site_apt/files/keys/leap-archive.gpg and b/puppet/modules/site_apt/files/keys/leap-archive.gpg differ

diff --git a/puppet/modules/site_apt/files/keys/leap-experimental-archive.gpg b/puppet/modules/site_apt/files/keys/leap-experimental-archive.gpg
index 5cc9064..19e6ba1 100644 (file)
Binary files a/puppet/modules/site_apt/files/keys/leap-experimental-archive.gpg and b/puppet/modules/site_apt/files/keys/leap-experimental-archive.gpg differ

diff --git a/puppet/modules/site_apt/manifests/leap_repo.pp b/puppet/modules/site_apt/manifests/leap_repo.pp
index 1e18b44..d3ab463 100644 (file)
--- a/puppet/modules/site_apt/manifests/leap_repo.pp
+++ b/puppet/modules/site_apt/manifests/leap_repo.pp
@@ -21,13 +21,19 @@ class site_apt::leap_repo {
     }
   }
 
+  file {
+    '/etc/apt/trusted.gpg.d/leap-archive.gpg':
+      ensure => present,
+      source => 'puppet:///modules/site_apt/keys/leap-archive.gpg';
+    '/etc/apt/trusted.gpg.d/leap-experimental-archive.gpg':
+      ensure => present,
+      source => 'puppet:///modules/site_apt/keys/leap-experimental-archive.gpg'
+  }
+
+
   apt::sources_list { 'leap.list':
     content => "deb [signed-by=${archive_key}] ${::site_apt::apt_url_platform_basic} ${::site_apt::apt_platform_component} ${::site_apt::apt_platform_codename}\n",
     before  => Exec[refresh_apt]
   }
 
-  package { 'leap-archive-keyring':
-    ensure => latest
-  }
-
 }