apt_key deprecated in Debian/Ubuntu - how to fix in Ansible
source link: https://www.jeffgeerling.com/blog/2022/aptkey-deprecated-debianubuntu-how-fix-ansible
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
apt_key deprecated in Debian/Ubuntu - how to fix in Ansible
August 30, 2022
For many packages, like Elasticsearch, Docker, or Jenkins, you need to install a trusted GPG key on your system before you can install from the official package repository.
Traditionally, you'd run a command like:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
But if you do that in modern versions of Debian or Ubuntu, you get the following warning:
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
This way of adding apt keys still works for now (in mid-2022), but will stop working in the next major releases of Ubuntu and Debian (and derivatives). So it's better to stop the usage now. In Ansible, you would typically use the ansible.builtin.apt_key module, but even that module has the following deprecation warning:
The apt-key command has been deprecated and suggests to ‘manage keyring files in trusted.gpg.d instead’. See the Debian wiki for details. This module is kept for backwards compatiblity for systems that still use apt-key as the main way to manage apt repository keys.
So traditionally, I would use a task like the following in my Ansible roles and playbooks:
- name: Add Jenkins apt repository key.
ansible.builtin.apt_key:
url: https://pkg.jenkins.io/debian-stable/jenkins.io.key
state: present
- name: Add Jenkins apt repository.
ansible.builtin.apt_repository:
repo: "deb https://pkg.jenkins.io/debian-stable binary/"
state: present
update_cache: true
The new way to do this without adding an extra gpg --dearmor task is to use get_url to download the file into the trusted.gpg.d folder with the .asc filename. Therefore the first task above can be replaced with:
- name: Add Jenkins apt repository key.
ansible.builtin.get_url:
url: "{{ jenkins_repo_key_url }}"
dest: /etc/apt/trusted.gpg.d/jenkins.asc
mode: '0644'
force: true
See this issue in ansible/ansible for a little more background.
Recommend
-
9
Upgrade Single Package on UbuntuHow can I upgrade a single package on Ubuntu/Debian/Linux Mint using apt-get command line tool?. The most common way of upgrading packages on Ubuntu/Debian is by running the command sudo apt-get upgrade
-
14
Install LAMP Stack on UbuntuLAMP stack is an acronym for Linux, Apache, MySQL/MariaDB, and PHP stack. This forms a powerful stack that powers many websites and web applications on the internet. LAMP stack is a combination of the four open-sou...
-
10
Install add-apt-repository on Debian 10|9If you have a minimal installation of Debian 10/9 & / Ubuntu 20.04/18.04 / Ubuntu 16.04, chances are you may not have commandadd-apt-repository present in your system. If you get the e...
-
20
How To Install Ansible AWX on Ubuntu 20.04/18.04In this post, we will dive into how to install Ansible AWX on Ubuntu 20.04/18.04 / Debian 10 Linux system with Nginx Reverse Proxy and optional Let’s Encrypt SSL Certificate. AWX is an open sour...
-
3
请注意,本文编写于 491 天前,最后修改于 491 天前,其中某些信息可能已经过时。 Debian 10 apt 使用阿里云镜像本文地址:blog.lucien.ink/archives/513
-
12
Fix Nvidia Apt Repository Public Key Error 2022-05-05 Linux 234 words 2 mins read 12 times read When run...
-
8
Deploy Graylog Server using Ansible on Ubuntu/Debian/CentOSSearch ComputingForGeeks...
-
7
本文将指导如何在 Debian 12 和 Ubuntu 22.04 开启 SSH 的 RSA Key 登录。自从 OpenSSH 8.3 开始,RSA Key 登录默认被禁用,并被认为
-
7
【踩坑】Debian 使用 Apt 时报错 2023-06-27 2023-06-30...
-
5
Debian/Ubuntu repo using apt-ftparchive · GitHub Instantly share code, notes, and snippets.
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK