pyinfra
pyinfra copied to clipboard
Support adding APT keyrings key files
Is your feature request related to a problem? Please describe
apt.keys
currently uses apt-key
, which is deprecated. Instead of adding keys with apt-key
, it is now recommended to download them to a specific directory (/etc/apt/keyrings
) and specify them in APT repositories using signed-by
.
There is currently no easy way of doing this with pyinfra
, apart from manually running shell commands.
Describe the solution you'd like
Either apt.key
should be modified to support this newer-style keys, or there should be another similar operation available.
What that operation would need to do is to:
- Make sure that
/etc/apt/keyrings/
exists (it may not exist on some systems by default) - Download GPG key from file, URL or keyserver (same as
apt.key
). - Dearmor the key (
gpg --dearmor
). - Store it to
/usr/share/keyrings/FILENAME.gpg
(filename should be configurable).
This is roughly equivalent to the following commands:
mkdir -p /etc/apt/keyrings/
curl -fsSL KEY-URL | gpg --dearmor | sudo tee /usr/share/keyrings/FILENAME.gpg
Additionally, there should probably be some facts about such installed keys.