From 258a7ecfa9e6ac3d32ad5280e856265c5b463bd7 Mon Sep 17 00:00:00 2001
From: kwadronaut <kwadronaut@leap.se>
Date: Tue, 26 Sep 2017 10:54:27 +0200
Subject: [PATCH] Bug: jessie apt keys must be in /etc/apt/trusted.gpg.d
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

For newer than jessie the 'old' code was enough. This bug didn't show up
because our testing images had the keys and sources lines already
included within /etc/apt…

solves #8862
---
 .../modules/site_apt/manifests/leap_repo.pp   | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/puppet/modules/site_apt/manifests/leap_repo.pp b/puppet/modules/site_apt/manifests/leap_repo.pp
index 7c6c49c5..08c3d0e6 100644
--- a/puppet/modules/site_apt/manifests/leap_repo.pp
+++ b/puppet/modules/site_apt/manifests/leap_repo.pp
@@ -4,10 +4,21 @@ class site_apt::leap_repo {
   $platform = hiera_hash('platform')
   $major_version = $platform['major_version']
 
-  if $::site_apt::apt_url_platform_basic =~ /.*experimental.*/ {
-    $archive_key = '/usr/share/keyrings/leap-experimental-archive.gpg'
-  } else {
-    $archive_key = '/usr/share/keyrings/leap-archive.gpg'
+  # on jessie, keys need to be in /etc/apt/...
+  # see https://0xacab.org/leap/platform/issues/8862
+  if ( $::operatingsystemmajrelease == '8' ) {
+    if $::site_apt::apt_url_platform_basic =~ /.*experimental.*/ {
+      $archive_key = 'CE433F407BAB443AFEA196C1837C1AD5367429D9'
+    } else {
+      $archive_key = '1E453B2CE87BEE2F7DFE99661E34A1828E207901'
+    }
+  }
+  if ( $::operatingsystemmajrelease != '8' ) {
+    if $::site_apt::apt_url_platform_basic =~ /.*experimental.*/ {
+      $archive_key = '/usr/share/keyrings/leap-experimental-archive.gpg'
+    } else {
+      $archive_key = '/usr/share/keyrings/leap-archive.gpg'
+    }
   }
 
   apt::sources_list { 'leap.list':
-- 
GitLab