16.4. cdist-type__apt_key(7)¶
16.4.1. NAME¶
cdist-type__apt_key - Manage the list of keys used by apt
16.4.2. DESCRIPTION¶
Manages the list of keys used by apt to authenticate packages.
This is done by placing the requested key in a file named
$__object_id.gpg
in the keydir
directory.
This is supported by modern releases of Debian-based distributions.
In order of preference, exactly one of: source
, uri
or keyid
must be specified.
16.4.3. REQUIRED PARAMETERS¶
None.
16.4.4. OPTIONAL PARAMETERS¶
- keydir
keyring directory, defaults to
/etc/apt/trusted.pgp.d
, which is enabled system-wide by default.- source
path to a file containing the GPG key of the repository. Using this is recommended as it ensures that the manifest/type manintainer has validated the key. If
-
, the GPG key is read from the type's stdin.- state
'present' or 'absent'. Defaults to 'present'
- uri
the URI from which to download the key. It is highly recommended that you only use protocols with TLS like HTTPS. This uses
__download
but does not use checksums, if you want to ensure that the key doesn't change, you are better off downloading it and using--source
.
16.4.5. DEPRECATED OPTIONAL PARAMETERS¶
- keyid
the id of the key to download from the
keyserver
. This is to be used in absence of--source
and--uri
or together with--use-deprecated-apt-key
for key removal. Defaults to$__object_id
.- keyserver
the keyserver from which to fetch the key. Defaults to
pool.sks-keyservers.net
.
16.4.6. DEPRECATED BOOLEAN PARAMETERS¶
- use-deprecated-apt-key
apt-key(8)
will last be available in Debian 11 and Ubuntu 22.04. You can use this parameter to force usage ofapt-key(8)
. Please only use this parameter to remove keys from the keyring, in order to prepare for removal ofapt-key
. Adding keys should be done without this parameter. This parameter will be removed when Debian 11 stops being supported.
16.4.7. EXAMPLES¶
# add a key that has been verified by a type maintainer
__apt_key jitsi_meet_2021 \
--source cdist-contrib/type/__jitsi_meet/files/apt_2021.gpg
# remove an old, deprecated or expired key
__apt_key jitsi_meet_2016 --state absent
# Get rid of a key that might have been added to
# /etc/apt/trusted.gpg with apt-key
__apt_key 0x40976EAF437D05B5 --use-deprecated-apt-key --state absent
# add a key that we define in-line
__apt_key jitsi_meet_2021 --source '-' <<EOF
-----BEGIN PGP PUBLIC KEY BLOCK-----
[...]
-----END PGP PUBLIC KEY BLOCK-----
EOF
# download or update key from the internet
__apt_key rabbitmq_2007 \
--uri https://www.rabbitmq.com/rabbitmq-signing-key-public.asc
16.4.8. AUTHORS¶
Steven Armstrong <steven-cdist--@--armstrong.cc> Ander Punnar <ander-at-kvlt-dot-ee> Evilham <contact~~@~~evilham.com>
16.4.9. COPYING¶
Copyright (C) 2011-2021 Steven Armstrong, Ander Punnar and Evilham. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.