From 891aa0fbbed87e24322da7d3a80514f1bf94f0ac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@koumbit.org>
Date: Thu, 11 Jun 2015 10:21:56 -0400
Subject: allow for binary keys that can be removed

---
 README | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

(limited to 'README')

diff --git a/README b/README
index 835db79..d2cb71b 100644
--- a/README
+++ b/README
@@ -485,8 +485,25 @@ Deploys a secure apt OpenPGP key. This usually accompanies the
 sources.list snippets above for third party repositories. For example,
 you would do:
 
-  apt::key { 'neurodebian.key':
-    source => 'puppet:///modules/site_apt/neurodebian.key',
+  apt::key { 'neurodebian.gpg':
+    ensure => present,
+    source => 'puppet:///modules/site_apt/neurodebian.gpg',
+  }
+
+This deploys the key in the `/etc/apt/trusted.gpg.d` directory, which
+is assumed by secure apt to be binary OpenPGP keys and *not*
+"ascii-armored" or "plain text" OpenPGP key material. For the latter,
+use `apt::key::plain`.
+
+apt::key::plain
+---------------
+
+Deploys a secure apt OpenPGP key. This usually accompanies the
+sources.list snippets above for third party repositories. For example,
+you would do:
+
+  apt::key::asc { 'neurodebian.asc':
+    source => 'puppet:///modules/site_apt/neurodebian.asc',
   }
 
 This deploys the key in the `${apt_base_dir}/keys` directory (as
@@ -495,6 +512,10 @@ this exists on top of `$custom_key_dir` is to allow a more
 decentralised distribution of those keys, without having all modules
 throw their keys in the same directory in the manifests.
 
+Note that this model does *not* currently allow keys to be removed!
+Use `apt::key` instead for a more practical, revokable approach, but
+that needs binary keys.
+
 apt::upgrade_package
 --------------------
 
-- 
cgit v1.2.3