Details
-
Type:
Improvement
-
Status: Open
-
Priority:
Normal
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: apt
-
Labels:None
-
Template:
-
QA Risk Assessment:Needs Assessment
Description
Basic Info
Module Version: 7.1.0
Puppet Version: 6.7.2
OS Name/Version: Debian 10
apt-key is effectively a deprecated interface, and modules should be shipping trusted key files instead.
On Debian 9, apt-key still works, but in a default Debian 10 install, it fails:
$ apt-key adv
E: gnupg, gnupg2 and gnupg1 do not seem to be installed, but one of them is required for this operation
It appears to be common practice to ship keyfiles into /etc/apt/trusted.gpg.d, even though https://wiki.debian.org/DebianRepository/UseThirdParty says the correct place is /usr/share/keyrings/ with some repository-specific configuration. The puppet6-release package installs into /etc/... .
I'd want something that works on a plain minimal Debian 10 install, and hopefully end the idea of downloading keys from the keyserver network. Deprecating apt::key/apt_key and providing guidance in the puppetlabs-apt documentation sounds like a good start ...
