From 09031d90055e80c8101f06951b824f5c7fa96e14 Mon Sep 17 00:00:00 2001
From: Varac <varac@leap.se>
Date: Tue, 20 Mar 2018 20:39:08 +0100
Subject: Bug: Directly deploy leap-archive keyrings

The leap-archive keyring expired March 8th 2018.
We updated it, and published updated installation
docs at https://bitmask.net/en/install/linux.

For jessie, we dont install the leap-archive-keyring
package anymore but directly deploy the keys to
apt's trusted keystore.

- Fixes: https://0xacab.org/leap/bitmask-dev/issues/9279
---
 puppet/modules/site_apt/files/keys/leap-archive.gpg | Bin 20188 -> 21915 bytes
 .../files/keys/leap-experimental-archive.gpg        | Bin 3423 -> 5177 bytes
 puppet/modules/site_apt/manifests/leap_repo.pp      |  14 ++++++++++----
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/puppet/modules/site_apt/files/keys/leap-archive.gpg b/puppet/modules/site_apt/files/keys/leap-archive.gpg
index dd7f3be6..dc19f623 100644
Binary files a/puppet/modules/site_apt/files/keys/leap-archive.gpg and b/puppet/modules/site_apt/files/keys/leap-archive.gpg differ
diff --git a/puppet/modules/site_apt/files/keys/leap-experimental-archive.gpg b/puppet/modules/site_apt/files/keys/leap-experimental-archive.gpg
index 5cc9064b..19e6ba1f 100644
Binary files a/puppet/modules/site_apt/files/keys/leap-experimental-archive.gpg and b/puppet/modules/site_apt/files/keys/leap-experimental-archive.gpg differ
diff --git a/puppet/modules/site_apt/manifests/leap_repo.pp b/puppet/modules/site_apt/manifests/leap_repo.pp
index 1e18b441..d3ab463d 100644
--- a/puppet/modules/site_apt/manifests/leap_repo.pp
+++ b/puppet/modules/site_apt/manifests/leap_repo.pp
@@ -21,13 +21,19 @@ class site_apt::leap_repo {
     }
   }
 
+  file {
+    '/etc/apt/trusted.gpg.d/leap-archive.gpg':
+      ensure => present,
+      source => 'puppet:///modules/site_apt/keys/leap-archive.gpg';
+    '/etc/apt/trusted.gpg.d/leap-experimental-archive.gpg':
+      ensure => present,
+      source => 'puppet:///modules/site_apt/keys/leap-experimental-archive.gpg'
+  }
+
+
   apt::sources_list { 'leap.list':
     content => "deb [signed-by=${archive_key}] ${::site_apt::apt_url_platform_basic} ${::site_apt::apt_platform_component} ${::site_apt::apt_platform_codename}\n",
     before  => Exec[refresh_apt]
   }
 
-  package { 'leap-archive-keyring':
-    ensure => latest
-  }
-
 }
-- 
cgit v1.2.3