From b512a7f76593c0fa175bb9ee525f126512eb0dd9 Mon Sep 17 00:00:00 2001
From: Alan Orth <alan.orth@gmail.com>
Date: Mon, 12 Sep 2022 10:05:12 +0300
Subject: [PATCH] roles/common: create /etc/apt/keyrings

According the the Debian docs for third-party repositories we must
create this manually on distros before Debian 12 and Ubuntu 22.04.
This is due to changes in apt-secure and the deprecation of apt-key.

See: https://wiki.debian.org/DebianRepository/UseThirdParty
---
 roles/common/tasks/packages_Debian.yml | 13 +++++++++++++
 roles/common/tasks/packages_Ubuntu.yml | 13 +++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/roles/common/tasks/packages_Debian.yml b/roles/common/tasks/packages_Debian.yml
index 8aa4c70..631ccaa 100644
--- a/roles/common/tasks/packages_Debian.yml
+++ b/roles/common/tasks/packages_Debian.yml
@@ -2,6 +2,19 @@
 
 - name: Configure Debian packages
   block:
+    # Create directory for third-party package signing keys. Required on distros
+    # older than Debian 12 / Ubuntu 22.04.
+    #
+    # See: https://wiki.debian.org/DebianRepository/UseThirdParty
+    - name: Create /etc/apt/keyrings
+      file:
+        path: /etc/apt/keyrings
+        mode: 0755
+        owner: root
+        group: root
+        state: directory
+      when: ansible_distribution_major_version is version('12', '<')
+
     - name: Configure apt mirror
       ansible.builtin.template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
       when: ansible_architecture != 'armv7l'
diff --git a/roles/common/tasks/packages_Ubuntu.yml b/roles/common/tasks/packages_Ubuntu.yml
index b397516..a61bdae 100644
--- a/roles/common/tasks/packages_Ubuntu.yml
+++ b/roles/common/tasks/packages_Ubuntu.yml
@@ -2,6 +2,19 @@
 
 - name: Configure Ubuntu packages
   block:
+    # Create directory for third-party package signing keys. Required on distros
+    # older than Debian 12 / Ubuntu 22.04.
+    #
+    # See: https://wiki.debian.org/DebianRepository/UseThirdParty
+    - name: Create /etc/apt/keyrings
+      file:
+        path: /etc/apt/keyrings
+        mode: 0755
+        owner: root
+        group: root
+        state: directory
+      when: ansible_distribution_major_version is version('22.04', '<')
+
     - name: Configure apt mirror
       ansible.builtin.template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
       when: ansible_architecture != 'armv7l'