Support retrieval of signing key in `apt.repo` operation (replace `apt.key`)

[phlummox]

Describe the bug

The apt.key operation invokes the Debian apt-key command[1], but that command is deprecated (see e.g. the apt-key man page).

The man page above says apt-key will be removed from versions of Ubuntu >= 22.04. This isn't actually true – as I can confirm apt-key in fact is available on Ubuntu 22.04 – but it might be helpful to users to add a deprecation warning in the docstring for the operation, similar to what the equivalent Ansible command does:

https://github.com/ansible/ansible/blob/c3926268e226da771943cbdb96f65fd343a980d5/lib/ansible/modules/apt_key.py#L30

[1]: here, and on the following lines:

https://github.com/Fizzadar/pyinfra/blob/6eca1a52d955a0497cd33c02cb9a94176f93583d/pyinfra/operations/apt.py#L78

To Reproduce

N.A.

Expected behavior

It would be helpful to users to add a deprecation warning in the documentation.

Comments

The recommended new approach is to download keys to somewhere like /usr/share/keyrings, and to use the signed-by option in /etc/apt/sources files (see e.g. "apt-key is deprecated", based on information from the Debian wiki). So it might be worth adding a link to pyinfra's GPG operation documentation.

[Fizzadar]

Agreed, seems like a good add.

[phlummox]

Cheers :) My apologies that I can't provide a pull request at this stage - I haven't had a chance to confirm exactly what the current best practices are for these keys.

[Fizzadar]

Warning added here: https://github.com/pyinfra-dev/pyinfra/commit/b575a9b8a00b2a8cfd6ec03dcee776181841dd8c

I think pyinfra should support fetching and setting the Signed-By field in the apt.repo operation to support a clean switchover, I'll re-purpose this issue to track that.