pyinfra icon indicating copy to clipboard operation
pyinfra copied to clipboard

Published 20 hours ago verified publisher icon pyinfra-dev

Support adding APT keyrings key files

Open filips123 opened this issue 1 year ago • 0 comments

Is your feature request related to a problem? Please describe

apt.keys currently uses apt-key, which is deprecated. Instead of adding keys with apt-key, it is now recommended to download them to a specific directory (/etc/apt/keyrings) and specify them in APT repositories using signed-by.

There is currently no easy way of doing this with pyinfra, apart from manually running shell commands.

Describe the solution you'd like

Either apt.key should be modified to support this newer-style keys, or there should be another similar operation available.

What that operation would need to do is to:

  1. Make sure that /etc/apt/keyrings/ exists (it may not exist on some systems by default)
  2. Download GPG key from file, URL or keyserver (same as apt.key).
  3. Dearmor the key (gpg --dearmor).
  4. Store it to /usr/share/keyrings/FILENAME.gpg (filename should be configurable).

This is roughly equivalent to the following commands:

mkdir -p /etc/apt/keyrings/
curl -fsSL KEY-URL | gpg --dearmor | sudo tee /usr/share/keyrings/FILENAME.gpg

Additionally, there should probably be some facts about such installed keys.

filips123 avatar Apr 27 '23 13:04 filips123