roles/common: update tarsnap task

Update tarsnap task to use apt signed-by for package signing keys
instead of adding keys directly to apt-key.
This commit is contained in:
Alan Orth 2023-08-23 21:18:27 +03:00
parent 8dbec29d2a
commit 51c95e5d4c
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9

View File

@ -1,18 +1,34 @@
--- ---
- name: Add Tarsnap apt mirror - name: Check tarsnap apt signing key
ansible.builtin.template: src=tarsnap_sources.list.j2 dest=/etc/apt/sources.list.d/tarsnap.list owner=root group=root mode=0644 ansible.builtin.stat:
path: /etc/apt/keyrings/tarsnap-deb-packaging-key.asc
register: tarsnap_signing_key_stat
- name: Download tarsnap apt signing key
ansible.builtin.get_url:
url: https://pkg.tarsnap.com/tarsnap-deb-packaging-key.asc
dest: /etc/apt/keyrings/tarsnap-deb-packaging-key.asc
owner: root
group: root
mode: 0644
register: download_tarsnap_signing_key
when: not tarsnap_signing_key_stat.stat.exists
- name: Add tarsnap.org repo
ansible.builtin.template:
src: tarsnap_sources.list.j2
dest: /etc/apt/sources.list.d/tarsnap.list
owner: root
group: root
mode: 0644
register: add_tarsnap_apt_repository register: add_tarsnap_apt_repository
when: ansible_architecture != 'armv7l' when: ansible_architecture != 'armv7l'
- name: Add GPG key for Tarsnap
ansible.builtin.apt_key: id=0xF608BA1BFB5CE8F8CAB088359F084BEE7F938A76 url=https://pkg.tarsnap.com/tarsnap-deb-packaging-key.asc state=present
register: add_tarsnap_apt_key
- name: Update apt cache - name: Update apt cache
ansible.builtin.apt: ansible.builtin.apt: # noqa no-handler
update_cache: true update_cache: true
when: when:
add_tarsnap_apt_key is changed or (download_tarsnap_signing_key.status_code is defined and download_tarsnap_signing_key.status_code == 200) or
add_tarsnap_apt_repository is changed add_tarsnap_apt_repository is changed
- name: Install tarsnap - name: Install tarsnap