As the apt-key man pages recommends, this PR removes the use of it and replaces it with a Signed-By clause that points to a download gpg key.
The PR adds the key_url field to yaml to store the URI to grab the key from. The keyfield is still preserve to check that the key stored has the expected fringerprint to improve the security.
The tool will replace:
Automatically the files under /etc/apt/config.d/sources.list.d/_gzdev_ files if they exist with a new one using the signed-by clause.
Previous gzdev installation of gpg keys inside /usr/share/keyring
The tool will not replace:
Any key authorized before using apt-key or other method.
Second take of #74. Reproducing the text here:
As the
apt-key
man pages recommends, this PR removes the use of it and replaces it with aSigned-By
clause that points to a download gpg key.The PR adds the
key_url
field to yaml to store the URI to grab the key from. Thekey
field is still preserve to check that the key stored has the expected fringerprint to improve the security.The tool will replace:
/etc/apt/config.d/sources.list.d/_gzdev_
files if they exist with a new one using thesigned-by
clause./usr/share/keyring
The tool will not replace:
apt-key
or other method.