resource apt_repository doesn't update repo key

[drdev]

apt_repository resource doesn't update key when it gets expired. Here's the output for expired key for MongoDB repository:

$ apt-key list E162F504A20CDF15827F718D4B7C549A058F8B6B
pub   rsa4096 2018-04-18 [SC] [expired: 2023-04-17]
      E162 F504 A20C DF15 827F  718D 4B7C 549A 058F 8B6B
uid           [ expired] MongoDB 4.2 Release Signing Key <packaging@mongodb.com>

The key attribute for resource passed as a fingerprint (E162F504A20CDF15827F718D4B7C549A058F8B6B)

Resource code lines responsible for key validation:

https://github.com/chef/chef/blob/a9f5978a67869a0772c947633f2c944f73a21b9f/lib/chef/resource/apt_repository.rb#L213

[dkowis]

I just experienced this with a different repo, and my key was specified as a URL to get it from:

apt_repository 'matrix-synapse' do
  uri "https://packages.matrix.org/debian/"
  components ["main"]
  key "https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg"
end

Workaround required me to manually delete the key using the apt-key command.

[jaymzh]

Looks like this was fixed in #13535

[johnmccrae]

Targeting a chef 18.2 or 18.3 release in the next couple of weeks.

[jaymzh]

So this should be fixed in Chef 18.2.7. Please re-open if you find it still does not work for you.