Role uses deprecated keyring.gpg - Githubissues

Oefenweb / ansible-insync

Ansible role to set up Insync in Debian-like systems

MIT License

1 stars 1 forks source link

Role uses deprecated keyring.gpg #5

Open hydrian opened 2 weeks ago

hydrian commented 2 weeks ago

Role fails because the task uses apt_key and adds it to the default keyring. Now extra repositories should use their own keyring and reference it the .list file

tersmitten commented 1 week ago

I don't see anything failing

tersmitten commented 1 week ago

But I agree that using "your own keyring" is the way to go (nowadays).

tersmitten commented 1 week ago

But:

Adding a key to /etc/apt/trusted.gpg.d is insecure because it adds the key for all repositories. This is exactly why apt-key had to be deprecated.

tersmitten commented 1 week ago

See https://github.com/Oefenweb/ansible-vagrant

hydrian commented 1 week ago

Adding a key to /etc/apt/trusted.gpg.d is insecure because it adds the key for all repositories. This is exactly why apt-key had to be deprecated.

I know that /etc/apt/trusted.gpg.d isn't trused. It was a typo. The PR has been updated to use /etc/apt/keyrings.

tersmitten commented 1 week ago

I prefer consistency (because we have so many roles), can you make it just like the vagrant role?

hydrian commented 1 week ago

I'll look into it. Not very familiar with vagrant.