2014-02-04 11:24:10 +00:00
|
|
|
cdist-type__apt_key(7)
|
|
|
|
======================
|
2016-06-23 14:08:59 +00:00
|
|
|
|
|
|
|
NAME
|
|
|
|
----
|
|
|
|
cdist-type__apt_key - Manage the list of keys used by apt
|
2014-02-04 11:24:10 +00:00
|
|
|
|
|
|
|
|
|
|
|
DESCRIPTION
|
|
|
|
-----------
|
|
|
|
Manages the list of keys used by apt to authenticate packages.
|
|
|
|
|
2021-05-10 10:08:22 +00:00
|
|
|
This is done by placing the requested key in a file named
|
|
|
|
``$__object_id.gpg`` in the ``keydir`` directory.
|
|
|
|
|
|
|
|
This is supported by modern releases of Debian-based distributions.
|
|
|
|
|
|
|
|
In order of preference, exactly one of: ``source``, ``uri`` or ``keyid``
|
|
|
|
must be specified.
|
|
|
|
|
2014-02-04 11:24:10 +00:00
|
|
|
|
|
|
|
REQUIRED PARAMETERS
|
|
|
|
-------------------
|
|
|
|
None.
|
|
|
|
|
|
|
|
|
|
|
|
OPTIONAL PARAMETERS
|
|
|
|
-------------------
|
2021-05-10 10:08:22 +00:00
|
|
|
keydir
|
|
|
|
keyring directory, defaults to ``/etc/apt/trusted.pgp.d``, which is
|
|
|
|
enabled system-wide by default.
|
|
|
|
|
|
|
|
source
|
|
|
|
path to a file containing the GPG key of the repository.
|
|
|
|
Using this is recommended as it ensures that the manifest/type manintainer
|
|
|
|
has validated the key.
|
|
|
|
If ``-``, the GPG key is read from the type's stdin.
|
|
|
|
|
2016-05-20 06:50:56 +00:00
|
|
|
state
|
2014-02-04 11:24:10 +00:00
|
|
|
'present' or 'absent'. Defaults to 'present'
|
|
|
|
|
2021-05-10 10:08:22 +00:00
|
|
|
uri
|
|
|
|
the URI from which to download the key.
|
|
|
|
It is highly recommended that you only use protocols with TLS like HTTPS.
|
|
|
|
This uses ``__download`` but does not use checksums, if you want to ensure
|
|
|
|
that the key doesn't change, you are better off downloading it and using
|
|
|
|
``--source``.
|
|
|
|
|
|
|
|
|
|
|
|
DEPRECATED OPTIONAL PARAMETERS
|
|
|
|
------------------------------
|
2016-05-20 06:50:56 +00:00
|
|
|
keyid
|
2021-05-10 10:08:22 +00:00
|
|
|
the id of the key to download from the ``keyserver``.
|
|
|
|
This is to be used in absence of ``--source`` and ``--uri`` or together
|
|
|
|
with ``--use-deprecated-apt-key`` for key removal.
|
|
|
|
Defaults to ``$__object_id``.
|
2014-02-04 11:24:10 +00:00
|
|
|
|
2016-05-20 06:50:56 +00:00
|
|
|
keyserver
|
2021-05-10 10:08:22 +00:00
|
|
|
the keyserver from which to fetch the key.
|
|
|
|
Defaults to ``pool.sks-keyservers.net``.
|
2014-02-04 11:24:10 +00:00
|
|
|
|
2019-05-25 13:58:39 +00:00
|
|
|
|
2021-05-10 10:08:22 +00:00
|
|
|
DEPRECATED BOOLEAN PARAMETERS
|
|
|
|
-----------------------------
|
|
|
|
use-deprecated-apt-key
|
|
|
|
``apt-key(8)`` will last be available in Debian 11 and Ubuntu 22.04.
|
|
|
|
You can use this parameter to force usage of ``apt-key(8)``.
|
|
|
|
Please only use this parameter to *remove* keys from the keyring,
|
|
|
|
in order to prepare for removal of ``apt-key``.
|
|
|
|
Adding keys should be done without this parameter.
|
|
|
|
This parameter will be removed when Debian 11 stops being supported.
|
2019-05-25 13:58:39 +00:00
|
|
|
|
2014-02-04 11:24:10 +00:00
|
|
|
|
|
|
|
EXAMPLES
|
|
|
|
--------
|
|
|
|
|
2016-05-20 06:50:56 +00:00
|
|
|
.. code-block:: sh
|
|
|
|
|
2021-05-10 10:08:22 +00:00
|
|
|
# add a key that has been verified by a type maintainer
|
|
|
|
__apt_key jitsi_meet_2021 \
|
|
|
|
--source cdist-contrib/type/__jitsi_meet/files/apt_2021.gpg
|
|
|
|
|
|
|
|
# remove an old, deprecated or expired key
|
|
|
|
__apt_key jitsi_meet_2016 --state absent
|
2014-02-04 11:24:10 +00:00
|
|
|
|
2021-05-10 10:08:22 +00:00
|
|
|
# Get rid of a key that might have been added to
|
|
|
|
# /etc/apt/trusted.gpg with apt-key
|
|
|
|
__apt_key 0x40976EAF437D05B5 --use-deprecated-apt-key --state absent
|
2014-02-04 11:24:10 +00:00
|
|
|
|
2021-05-10 10:08:22 +00:00
|
|
|
# add a key that we define in-line
|
|
|
|
__apt_key jitsi_meet_2021 --source '-' <<EOF
|
|
|
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
|
|
[...]
|
|
|
|
-----END PGP PUBLIC KEY BLOCK-----
|
|
|
|
EOF
|
2014-02-04 11:24:10 +00:00
|
|
|
|
2021-05-10 10:08:22 +00:00
|
|
|
# download or update key from the internet
|
|
|
|
__apt_key rabbitmq_2007 \
|
|
|
|
--uri https://www.rabbitmq.com/rabbitmq-signing-key-public.asc
|
2019-05-25 13:58:39 +00:00
|
|
|
|
2014-02-04 11:24:10 +00:00
|
|
|
|
2016-06-17 19:28:16 +00:00
|
|
|
AUTHORS
|
|
|
|
-------
|
|
|
|
Steven Armstrong <steven-cdist--@--armstrong.cc>
|
2019-05-25 13:58:39 +00:00
|
|
|
Ander Punnar <ander-at-kvlt-dot-ee>
|
2021-05-10 10:08:22 +00:00
|
|
|
Evilham <contact~~@~~evilham.com>
|
2014-02-04 11:24:10 +00:00
|
|
|
|
|
|
|
|
|
|
|
COPYING
|
|
|
|
-------
|
2021-05-10 10:08:22 +00:00
|
|
|
Copyright \(C) 2011-2021 Steven Armstrong, Ander Punnar and Evilham. You can
|
2019-05-25 13:58:39 +00:00
|
|
|
redistribute it and/or modify it under the terms of the GNU General Public
|
|
|
|
License as published by the Free Software Foundation, either version 3 of the
|
2016-08-10 16:15:54 +00:00
|
|
|
License, or (at your option) any later version.
|