Changes on Tor, Signal and APT repository handling

1 files changed, 20 insertions, 4 deletions

diff --git a/manifests/subsystem/apt/repo.pp b/manifests/subsystem/apt/repo.pp
index ca8f5e1..d6e03c0 100644
--- a/manifests/subsystem/apt/repo.pp
+++ b/manifests/subsystem/apt/repo.pp
@@ -1,15 +1,31 @@
 define nodo::subsystem::apt::repo(
   $definition,
   $key_source,
-  $ensure = present,
+  $keyrings_folder = '/etc/apt/keyrings',
+  $ensure          = present,
 ) {
-  file { "/etc/apt/trusted.gpg.d/${name}.gpg":
+  # The recommended locations for keyrings are /usr/share/keyrings for keyrings
+  # managed by packages, and /etc/apt/keyrings for keyrings managed by the
+  # system operator. If no keyring files are specified the default is the
+  # trusted.gpg keyring and all keyrings in the trusted.gpg.d/ directory (see
+  # apt-key fingerprint).
+  #
+  # -- sources.list(5)
+  file { "${keyrings_folder}/${name}.gpg":
     ensure  => $ensure,
     owner   => "root",
     group   => "root",
     mode    => "0644",
     source  => $key_source,
-    notify  => Exec["apt-repo-auto-update-${name}"],
+  }
+
+  # Old location
+  file { "/etc/apt/trusted.gpg.d/${name}.gpg":
+    ensure  => absent,
+    owner   => "root",
+    group   => "root",
+    mode    => "0644",
+    source  => $key_source,
   }
 
   file { "/etc/apt/sources.list.d/${name}.list":
@@ -18,7 +34,7 @@ define nodo::subsystem::apt::repo(
     group   => "root",
     mode    => "0644",
     content => "${definition}\n",
-    require => [ File["/etc/apt/trusted.gpg.d/${name}.gpg"], Package['apt-transport-https'] ],
+    require => [ File["${keyrings_folder}/${name}.gpg"], Package['apt-transport-https'] ],
     notify  => Exec["apt-repo-auto-update-${name}"],
   }