Re: Duration of support for "apt-key add" & how to get Ansible to migrate away from using it
On Tue, Apr 23, 2019 at 05:05:17PM +0100, James Youngman wrote:
> Ansible still uses "apt-key add" to add keys. I asked the Ansible team
> to consider moving to just placing new keys in /etc/apt/trusted.gpg.d/ in
> this github issue: https://github.com/ansible/ansible/issues/55590 (I
> suggested this because it's the guidance offered in the current apt-key
> manpage).
>
> However, the Ansible team is concerned that changing approach will make it
> impossible to use Ansible to add keys to older Debian releases which lack
> support for /etc/apt/trusted.gpg.d/. I don't know how old such a release
> would need to be for this to matter, though. I'm also not privy to the
> future plans of the APT maintainers, so I don't know how long to expect
> "apt-key add" to continue to be supported.
>
> if Ansible doesn't migrate until "apt-key add" actually stops working, then
> Ansible users will end up with broken playbooks. Could someone from the
> APT team comment on the bug with a view to agreeing how & when to migrate?
JFTR:
apt-key add stopped working in stretch, unless you also install gnupg on the
system. Hence, you cannot rely on it anyway.
The next step I guess is moving apt-key to /usr/lib/apt, and eventually
removing the functionality. But no time frame on that; it might be next
week or next decade.
--
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer i speak de, en
Reply to: