Skip to content

fix(ansible): pub key storing location for agnocast ppa package #6603

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
isamu-takagi merged 5 commits into from
Dec 16, 2025
Merged

fix(ansible): pub key storing location for agnocast ppa package #6603

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
92fe8c0
fix pub key storing location for agnocast ppa package
Koichi98 Nov 21, 2025
812f140
delete unnecessary comments
Koichi98 Nov 21, 2025
cba3357
fix ansible-lint
Koichi98 Nov 26, 2025
5cb5e08
use copy module
Koichi98 Nov 26, 2025
75bbbeb
remove legacy settings
Koichi98 Dec 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
75 changes: 70 additions & 5 deletions ansible/roles/agnocast/tasks/main.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,27 @@
# Remove legacy agnocast PPA configuration (if exists)
- name: Remove legacy agnocast PPA via add-apt-repository
ansible.builtin.command: add-apt-repository --remove ppa:t4-system-software/agnocast -y
register: agnocast_legacy_ppa_remove
failed_when: false
changed_when: agnocast_legacy_ppa_remove.rc == 0
become: true

- name: Remove legacy agnocast sources.list files
ansible.builtin.shell: rm -f /etc/apt/sources.list.d/*agnocast*.list
args:
executable: /bin/bash
register: agnocast_legacy_sources_remove
changed_when: false
become: true

- name: Remove legacy agnocast GPG keys from trusted.gpg.d
ansible.builtin.shell: rm -f /etc/apt/trusted.gpg.d/*agnocast*.gpg
args:
executable: /bin/bash
register: agnocast_legacy_gpg_remove
changed_when: false
become: true

# TODO(rej55, sykwer): IPv6 support
- name: Save current IPv6 settings
ansible.builtin.shell: |
Expand All @@ -18,11 +42,52 @@
- { name: net.ipv6.conf.default.disable_ipv6 }
become: true

- name: Add agnocast PPA repository while IPv6 is disabled
ansible.builtin.apt_repository:
repo: ppa:t4-system-software/agnocast
state: present
update_cache: false
- name: Create /etc/apt/keyrings directory
ansible.builtin.file:
path: /etc/apt/keyrings
state: directory
mode: "0755"
become: true

- name: Download agnocast PPA GPG key while IPv6 is disabled
ansible.builtin.get_url:
url: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xCFDB1950382092423DF37D3E075CD8B5C91E5ACA
dest: /tmp/agnocast-ppa.asc
mode: "0644"
register: agnocast_gpg_key_download

- name: Convert GPG key to binary format and install
ansible.builtin.shell: |
gpg --dearmor < /tmp/agnocast-ppa.asc > /etc/apt/keyrings/agnocast-ppa.gpg
chmod 0644 /etc/apt/keyrings/agnocast-ppa.gpg
args:
creates: /etc/apt/keyrings/agnocast-ppa.gpg
become: true

- name: Verify GPG key fingerprint
ansible.builtin.shell: |
set -o pipefail
gpg --show-keys /etc/apt/keyrings/agnocast-ppa.gpg | grep -q 'CFDB1950382092423DF37D3E075CD8B5C91E5ACA'
args:
executable: /bin/bash
register: agnocast_gpg_verify
failed_when: agnocast_gpg_verify.rc != 0
changed_when: false

- name: Display GPG key verification success
ansible.builtin.debug:
msg: "GPG key fingerprint verified successfully: CFDB1950382092423DF37D3E075CD8B5C91E5ACA"

- name: Add agnocast repository
ansible.builtin.copy:
dest: /etc/apt/sources.list.d/agnocast.sources
content: |
Types: deb
URIs: http://ppa.launchpad.net/t4-system-software/agnocast/ubuntu
Suites: jammy
Components: main
Signed-By: /etc/apt/keyrings/agnocast-ppa.gpg
mode: "0644"
become: true

- name: Restore original IPv6 settings # noqa: no-changed-when
Expand Down
Loading