Restrict the Tails APT key to the Tails repo (!128) · Merge requests · tails / puppet-tails

Zen Fu requested to merge sysadmin-17898-use-drop-in-for-APT-key into master Aug 24, 2023

Until now, we've been using apt-key (via the puppetlabs-apt module) to add the deb.tails.boum.org key to /etc/apt/trusted.gpg, which makes it able to sign packages to all configured repositories. Let's instead use a file in /etc/apt/keyrings (as per sources.list(5)) and instruct APT to use that file to verify packages.

Note: The current Tails APT key is configured via Hiera and will need further cleanup.

refs sysadmin#17898 (closed)

Restrict the Tails APT key to the Tails repo

Merge request reports