Skip to content

Restrict the Tails APT key to the Tails repo

Zen Fu requested to merge sysadmin-17898-use-drop-in-for-APT-key into master

Until now, we've been using apt-key (via the puppetlabs-apt module) to add the key to /etc/apt/trusted.gpg, which makes it able to sign packages to all configured repositories. Let's instead use a file in /etc/apt/keyrings (as per sources.list(5)) and instruct APT to use that file to verify packages.

Note: The current Tails APT key is configured via Hiera and will need further cleanup.

refs sysadmin#17898 (closed)

Merge request reports