From 5f1b3a04811dbf6c781af0b4dbaf68404cd28d26 Mon Sep 17 00:00:00 2001
From: Thomas Schneider <thomas@fsmpi.rwth-aachen.de>
Date: Fri, 24 Feb 2023 15:12:13 +0100
Subject: [PATCH] zabbix-repo: Fix obsolete apt_key usage
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
While we’re at it:
- update Zabbix’ key (now without obsolete ciphers)
- remove superfluous handlers (apt_repository updates on its own)
---
zabbix-repo/files/{chr.gpg => chr.asc} | 0
zabbix-repo/files/zabbix.gpg | Bin 2938 -> 1183 bytes
zabbix-repo/handlers/main.yml | 4 ----
zabbix-repo/tasks/main.yml | 32 ++++++++++---------------
4 files changed, 12 insertions(+), 24 deletions(-)
rename zabbix-repo/files/{chr.gpg => chr.asc} (100%)
delete mode 100644 zabbix-repo/handlers/main.yml
diff --git a/zabbix-repo/files/chr.gpg b/zabbix-repo/files/chr.asc
similarity index 100%
rename from zabbix-repo/files/chr.gpg
rename to zabbix-repo/files/chr.asc
diff --git a/zabbix-repo/files/zabbix.gpg b/zabbix-repo/files/zabbix.gpg
index d814e63d58dc1a8fb9a823c7e4eca32f24bcc463..660c453a2cc1e110670bfd0b6aa4f81fc5353c31 100644
GIT binary patch
literal 1183
zcmbQq$jcJmQTCUSgW<qAk8|G)U+{{*RJ$+U_?yxDU?#)$<Kju*zEuYvysuGUV;HOU
zmhEB3M3*HNUxkma*k64k_R}}TN9p4C)igWvg?8yl#cs;`_IgsOpVywxv-}Rmb=^;9
zG1`&uc1yIudFcVibu4<Pe)KQ~$eeqZHJwY9`D@+_(^Xlr;os)(5D44qq+K{kOy};d
zZz(yuMJJfoXG>;AxHEj<W7VE;HE(UF`(-8jbH$tML?oWIm-^OppJ83ga&Lo~TJY?n
zjz))0ur1!`A628AuKnk8wW{3w6L;$P)?am8^yC_IP6y``zZqwg*LU`%T?#&beaHT9
z+Y0iZsa6<rzHjZ3zPxV-Ur2#?#vN`3K}H6~EecVINlBR%3O+v03N{6a$=QkNsYMP|
zU_rg){9L<EMhg~UMkWR&RwhuuF-bGCadUF8Gc&P?axignakGdqF*7pBF*1oaFmQ1S
zaA<AKUg-aH;^sZ<|Ll!qG6L>Sv`hTWZs?{|?IoCCkSoc2UWIS+mB+E+3+fJ}pG&w@
z)}#22XKiKJx_$e$^{M7A=5+agFF&_xHj9#w-lDedtIP6s{GRH1usoap?E_75W0BUq
z$L?fLeKujai;!{EhWo7*-NF~eT<+VdHheswbff4Bd*`#<vdnaQh1nu;8wyK~2RI(I
zTOORfB0p#e_pQLwV(ob=d44$e9Xh`|@>tpHEC;y*E-!3PoLO|e$@A+6@ehGVRhg&U
zd#e$CaA}LwL4C<BcWspt&si^+`EP>BN{(e6Hzo#tFniW{f;Z`O@@JnY{sr3ictgXg
zwG!R#y>e!s|E}`Wu6XWkb|;i#RTOq265GtiUklDp(};h)I4s7rvDWjqhWvFGoq+Rh
zO+iO?SWNQ%AazG~N*<%sk9#L~{khr2*vj=Mm)UIIn#0UzcP9C*_K}!8xi?W%T6Dsl
z9W!1(4r@xSc)=dt<@YAA*!21Iuls~IC(Ua~v;Vjy`%|#V=^zKyxs$V7T&07O7xHXd
zvoT`(Eg>UAxv=+q9ZI^!3TM;29$mapw}Qtj@J`M<$-ra%{cm(1D7;g%G`46vtkUS@
z%iQea{<Nz-|8>_HmE(V!-rYNOUTyuh`<p-h`L4@2p@sS0ipKMYO=73_Uez>IYdN{4
zMDOA8O&7E#?b^evlFKtWLinw1k6~;;_mUQ`)4O^jY_nRyiLH}So<)L@iGdTAlz5O+
z%%9)v|Esp8SD3ysUK8PeYI#9a%$00E&d1HBdux?+w@on=FTd3r6kvQ)q3VoY#%a!U
zcQ4Z-&X~3NRR;F&b}0S-b>+_42W8xSl?#8H&64tZSG0(^(dWms$d@IJ^VYqoJI4IV
z^Y&i-|DGkH|CUKV+|;w5P5s1~Uw2>2G;;WDH2HREcFcdi``pj?S><2Lbari;({Wg4
zRq#RaQ-NV0|6Xa*-6vMIorC$}cNGo>jTA0Zse^9YLL!$vS^S5m!fIi%<;+`imVLG4
zIkmF;NW<*~N5sBzZ$5VMmj`qC1d%&^c2#;`rB3>l{<PQ}t)Xcre$#1RiNf?<`um?w
Ua?f(u_3oZu<7TPNg`Xb+04cB?@&Et;
literal 2938
zcmdM|0Vh{?Pd|kK_W*@}P$wTxX9aK9NChV!e`jxytS(nrYEf}!ex8+rdtPaPyF!_v
zo{65Jfr5s+U#PxMW?pH9CKp$3pnIm1o3o!+Vq}n$qq9k#XShYakzb|1XK{Iwg;7MF
zv14SgZ)mb#RH?U<QJQZ_L8(D_MR0^?P-cXYQ@Jx&WJHBUvZrfcSY(M$kdu#TzJXUt
zZoZ#$R=8PKifNjESZc1ZYp#ECKz4CiRaH=Uex7H#n@5_7tEW+(p|@8umsdoDex8f7
zc4~fxX+^lPX>O38o1eautCvSbMP`t@ds2asuXCPbL3w&nluw3#X;z}MyJLA`nR~f&
zdZxRH3s<?fZ<I+zgjuAKdzrCsaA}pVXNW;kva6$aWS((&enzl%X-a`XrL(b{hf9`r
zenncTM?rQ@sbNK_r*WlOMk1Gqfl;EXTVjS^rg3?Zv7uRMc6v&HW28?~L6x~#W?6oI
zX^5A8sF81BlAlkOV{w5?Sx%luL_}p_fUl{$vza$nR!Kxap<hvuZ>V!od1i6GV@7_F
zduY18cCcwdWkh*#c(Rw7t9P!Wg+W1(rH8+ENK&z@kE>~td#ZkZvXQX`SBbt+zLTS~
zaaD4liCK9-Sww-av!7d%wyTS|VWEqEPM%9-VxnU}QdW9)Szdv5xSv^Gl$%>+YFSo=
zp@o5WIagu0zfWF{Ux1mHf2muzk-2Yxxv8&9fJ;G=qoaSAt6zaxVP0vtWlBXvh@XW)
zWI=$BcW6aXV6a75ctBoNb|hDLNobmzxoLr`zoWBTSV($=XQ69)xPhx#etEf(hgYU$
zm78f=u!U!in}=6biC<(%Qeb*`u3KhgZjOnko1Yg~V6dY_vb$SWqLEu(RD_pfDpb-Z
z*RL!o#LP3&F)+k6(9_Y=G1NKK(;%lH-80FtJkrNGFx|tk+|!lIEzr}`u{<!`G2Pe6
zF~h{kF(cK{(J|l4)z8&3+&{?FEXO=FBedKxH{H`c%Gfg0%*CkODBm;O#l<4m+&j#e
zE8o+=%+brzHP64o*EgraH7g{$#4^XV%ss<3!Z67-!#pY5$t5r-Fe^Ab*VQr5v9Llr
zHQB$)DJi4Sx6m{rlq<*BGTF;4$0RX7xysBn$}%@NINwb_UE9O0$}BuGFTgP^C^51!
z%_lc1rNqs&$lb}s#iX)0F(=a9w9>`YGKkB!%(TQWEKT3pwL;s=F~B#Yz|70pDce0L
z(L=k!qrBK8)hWO|J2lay$lWh2z}UyQ$k9AqJJ~QYBFfX*J;;;G-`~UB*|W+sO26DJ
z(apU$puoJs*Vr^aJulhOu{_j8-?-SqFWJ!F$EDK3(8bxT$i1K<%{4SA#k8O-ML)}c
z%f-|s(;z(9$u-#{qQEpSB*Uf3tSDbUtjIv$EzHxYB*fCZB-hC!!pOYRDcCrmu%f~*
z$TKU-z&$uTurQ^(m@CjC-#9WvJIEu;sWd$z&%(JX#J|ilPunQa&)3nywZz>sDxknQ
zDaWhKqR`COEg;h}*F3Q-up+(Gx3DxVJ)JAfG27hO+&rknGN>@qHQUwQ$<^7>G26{C
z2VBTFyO)<cI;Up`8iW`|ntJ3FMwA3rn3OxGC3{7A`gw;Ha%Bg4=7$-3hXgu$Ru!3f
zmL)~yJLVZ0MMRXCxCdBRR(O<F1-L|6m_>SpIi}~OdFKYY`Z>9!dZv^aI5|7IIC52G
zXZc%ZdE~nUr4@LUSVW|!6*~o6xD`11rFpm+`50N|l?0WiSmY<WlvhLqCzUvrx_f4a
z250*Rgoad@W$JUKT4tnJltpHk<R(WLS4I|OhFb)eW||~MBzcuumX-#mgqnJn1^6e1
z6uYHnmRM#vxp<o-86+jTMLM|@Bs)2A6{QE3R+eS@I)*tWSCyI;=9K5>IO>O$nz@7*
zCT18$SQcoTxVj}824<F2WM@Pc8z&VRMY&g+yG1z~rx_JTaV3UjcsK?)`a1=e1{#K&
zm1Ksdg?MJ^`zM?GX}dXP<z^U%`K5W5`8p*UxEdEZ8hPdTCsl;HR+bm1yXTv`1#pGu
zm1jj&mRVRB7w32s=zAJ_nD`f2hB@VzhJ-sBReCz72KndumS+{2<oZXIc!gA1rka%L
zCmJQY>*sn!q*rh`r)s-pIhBQ!6{Y)!c{oNS`jz`QI=MPII=UNpx)o$Z=6V&RIy?D>
zxca6CcsON58kJ;38HH5_dO+m3Qk_k+l8g+rGXq^soSb}}9Mc^$odUfgGCh(k9W#nu
zoYITEoE?*09MdDioE<&AoYRY4-O@c>90NU59RochxY8XRy`6&`J-v&<it<DCbF!2C
zEu8dC^nEib@<aWMf&y|q%$=&-+&%M3yj{Z`%aek#U8*Vr{j)7YvLeD#)49@$o${)3
zU4m2c%QMW=D@#(t5=+a9%#5-!!%FhYb6oW;P0NxZ3X`0iJ%fD;z1=e{!*i30vdnWr
zBb-u<iUYXJQymN3s(eE;l8oJr-Altv3!L+UoII;ii(Jw&A~JnkEnUNd{46ZJB3&xV
zoqZycO9DMIQ=>{!a&z(mDxH(K+}zB{lOsYrLR~$a0t!<?63sHoLJI?ZjB-4D-11XO
z3j?c60!_@FtISKHD)N$w60;ps%UwhA1Cq0R^Gi~lxq{Oo%H8yxf+~VTU2^=)OT69E
zoC+cX6U&1wqDuS>EIo5Q{Qb?Gqx1_L4GIG@b2I%igF@3BjZE|NJYB+le7GX@{d~jI
zwbQ*VP5i>bqRhQ>-Q0~!3tXH`^-ELJyv-uYON|1G(=#K21Jg@UGLmytdRk#RSCwgG
zeuQ>uR#;BCVS0q2mv&`(nxR2paj37QdwPzKYpF|SaIn5(qOr44Xi~asqPCy8S7}*Q
zRA#!nn{!!3372D4Vrr4EuS-=@PG(49iLbkte@IriYnXdQc%ZRQW~7<6UwC?Mn2DKV
zN<?P1d2wijuc4`FnqgUne^q3GnJZURmVQNvds$^@Rftb$wqs6SlwVPXYiLqvu78G$
zPhxR#Sf;U2hG(U3kZHJixtXVDra_gbuVHR*sZWrBhgm+Ci)%rUv3pgidzgoNmWh6`
zPpV_Od1j=kZ&jvyd1bIuV77rvx<Q49X=I^Cl6I+gm2-%PzNb&AadA<ASE05Mm$7+3
zg?>PCiDQ(rtD~h^etNRLi=UfOL{>^@fp2i4Yh_Z9flsN2M{$W`VRliWg=1w<iHnzC
zq^q`pWtNLu3RkFSX?BKdkxyy9VPrsfp&K+Kc{v7IxVk&S%13Y!1}`6-oeK>U&D;V^
zqdY9Qw9C`<Q;VYVQe7enea$K&Lo5pOlHCfD4c$xpom2f?{E`eUJu{7ra$H;^QY;Jo
zLUSCejDnras+>*pE6a28xPlDw4U^Mzl8eGE&3s+-OG}-7^tDSulB-gkjGRqOP4m-=
zjdC*zyv_5xGaXIbe6_uzqRb+Ko$?CJi_?lDUAWA$^ODMf_4R`z0>ktRBa=*$ynV~c
zBl9YKtIUj3i<8p>GyID~LW~RwN|N=<&C{H<BLkd*^ou+^bG?fTDm}T%D=G^^EnFii
zbKJr$(u_mXGmW&}@)C`m9Rq?aD+4_poinnXvqBTgLlcd{+;VeGy#p*<Jkrhb!+lM2
zQwo#03d%xFU3?1*GA)7~jm%tJ-O56JiY=0Yw6oJ)QcN8~jXh1YQ!~vC-HUVlQ_`|c
ziVchNy+ceQj6%J&Q=FY6xJom%^-ZI^JQA~=&CE+o{nL|t6N`;Ks!RfHZMkecJc7cx
N!0l#NKNmcWY5+nEw5$LC
diff --git a/zabbix-repo/handlers/main.yml b/zabbix-repo/handlers/main.yml
deleted file mode 100644
index 5c02aac..0000000
--- a/zabbix-repo/handlers/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-
-- name: update apt cache
- apt: update_cache=true
diff --git a/zabbix-repo/tasks/main.yml b/zabbix-repo/tasks/main.yml
index 72183c0..a9efe76 100644
--- a/zabbix-repo/tasks/main.yml
+++ b/zabbix-repo/tasks/main.yml
@@ -3,12 +3,13 @@
# but does not mitigate package signing
- name: ensure apt got the key to verify the zabbix repo
- apt_key:
- data: "{{ lookup('file', 'zabbix.gpg') }}"
- state: present
+ copy:
+ src: zabbix.gpg
+ dest: /etc/apt/trusted.gpg.d/zabbix.gpg
+ owner: root
+ group: root
+ mode: "0644"
when: zabbix_external_repo
- notify:
- - update apt cache
tags:
- repos
- zabbix
@@ -22,8 +23,6 @@
- 'deb http://repo.zabbix.com/zabbix/{{ old_zabbix_version }}/debian {{ debian_version }} main'
# yamllint disable-line rule:line-length
- 'deb-src http://repo.zabbix.com/zabbix/{{ old_zabbix_version }}/debian {{ debian_version }} main'
- notify:
- - update apt cache
tags:
- repos
- zabbix
@@ -38,8 +37,6 @@
- 'deb http://repo.zabbix.com/zabbix/{{ zabbix_version }}/debian {{ debian_version }} main'
# yamllint disable-line rule:line-length
- 'deb-src http://repo.zabbix.com/zabbix/{{ zabbix_version }}/debian {{ debian_version }} main'
- notify:
- - update apt cache
when:
- ansible_distribution == "Debian"
tags:
@@ -55,8 +52,6 @@
- 'deb http://repo.zabbix.com/zabbix/{{ zabbix_version }}/ubuntu {{ ansible_distribution_release }} main'
# yamllint disable-line rule:line-length
- 'deb-src http://repo.zabbix.com/zabbix/{{ zabbix_version }}/ubuntu {{ ansible_distribution_release }} main'
- notify:
- - update apt cache
when:
- ansible_distribution == "Ubuntu"
tags:
@@ -64,11 +59,12 @@
- zabbix
- name: ensure chr's key is present
- apt_key:
- data: "{{ lookup('file', 'chr.gpg') }}"
- state: present
- notify:
- - update apt cache
+ copy:
+ src: chr.asc
+ dest: /etc/apt/trusted.gpg.d/chr.asc
+ owner: root
+ group: root
+ mode: "0644"
tags:
- repos
- zabbix
@@ -80,8 +76,6 @@
state: present
with_items:
- 'deb http://repository.chr.istoph.de/ubuntu xenial main'
- notify:
- - update apt cache
tags:
- repos
- zabbix
@@ -116,5 +110,3 @@
# tags:
# - repos
# - zabbix
-
-- meta: flush_handlers
--
GitLab