- Add or remove an apt key, optionally downloading it.
To generate a full-fingerprint imported key: apt-key adv-list-public-keys-with-fingerprint-with-colons. If you specify both the key id and the URL with state=present, the task can verify or add the key as needed. Adding a new key requires an apt cache update (e.g. Using the apt module’s updatecache option).
The below requirements are needed on the host that executes this module.
- gpg
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| data - | ||
| file | The path to a keyfile on the remote server to add to the keyring. | |
| id - | Including this allows check mode to correctly report the changed state. If specifying a subkey's id be aware that apt-key does not understand how to remove keys via a subkey id. Specify the primary key's id instead. This parameter is required when state is set to absent. | |
| keyring - | The full path to specific keyring file in /etc/apt/trusted.gpg.d/ | |
| keyserver - | ||
| state |
| Ensures that the key is present (added) or absent (revoked). |
| url - | ||
| validate_certs |
| If no, SSL certificates for the target url will not be validated. This should only be used on personally controlled sites using self-signed certificates. |
Note
- Doesn’t download the key unless it really needs it.
- As a sanity check, downloaded key id must match the one specified.
- Use full fingerprint (40 characters) key ids to avoid key collisions. To generate a full-fingerprint imported key:
apt-keyadv--list-public-keys--with-fingerprint--with-colons. - If you specify both the key id and the URL with
state=present, the task can verify or add the key as needed. - Adding a new key requires an apt cache update (e.g. using the apt module’s update_cache option)
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Core Team. [core]
Red Hat Support¶
More information about Red Hat’s support of this module is available from this Red Hat Knowledge Base article.
Authors¶
- Jayson Vantuyl (@jvantuyl)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
Contents
|
Requirements
- Packages: apt-utils (Should be installed by default), dpkg-dev, a web server (apache2), and dpkg-sig (In Ubuntu Universe Repository)
- Base Directory for repository
- .deb files
Installing the Required Packages
Type the following commands:
Create the Repository Directory Structure
Note: If you do not create the repository in the /var/www directory then you will have to create a symbolic link inside that directory linking to your repository directory
For example (Assuming you are in your home directory):
Create the repository in /var/www using this command, while within said directory:
Import the deb files to the binary directory (while within said directory):
Authenticating Repository and Packages
Create a GPG key pair.
Since we are only using our key for only generating digital signatures use RSA for maximum security.
Choose 'key does not expire' for length of validity.
Give at least the name for the new key.
You need a passphrase to protect your secret key. Be sure to choose one you will remember. Follow the on-screen instructions to create the key. You should get output similar to this-
You can list your keys anytime using the following:
Export your public key that was generated to a text file and store it in the root of the repository:
Generate Gpg Key For Apt Repository Download
Sign the packages with your key.
On another computer to access and install these packages, edit the /etc/apt/sources.list file to update the package list for your repository.
Gpg Generate Public Key
- (You can use any text editor, this example uses vi)
Add your repository to the list, using the following nomenclature:
After saving, update the packages list.
Note: An error to the effect of 'cannot find packages' is normal at this point, as no index file has been createded yet.
Generate Gpg Key For Apt Repository List
Download the repository's public key:
To view the added key use the following:
On the repository machine, you will need to change the ownership of the directory structure including everything in it to your user, unless you want it to be set as root.
- (From within the repository_dir directory)
Create an index file for the repository called Packages in the same directory as the deb files and zip it. An uncompressed Packages file must be kept there too.
Create Gpg Key
- (From within the binary directory)
Create a Release, InRelease, and Release.gpg file:
Generate Gpg Key For Apt Repository Online
- (From within binary directory)
Update the package list for the recipient computer and install the packages.
Generate Gpg Key For Apt Repository In India
More info on building and maintaining repositories can be found on the Debian website.
Generate Gpg Key For Apt Repository In Windows
Originally posted The Ubuntu Forums (ubuntuforums.org)