Skip to content

Commit 00f5769

Browse files
author
Derek
committed
fix: dearmor Google Cloud GPG key for apt repository
The armored GPG key from packages.cloud.google.com/apt/doc/apt-key.gpg must be dearmored before use as a signed-by keyring. Without dearmoring, apt cannot verify the repository signature, failing with NO_PUBKEY C0BA5CE6DC6315A3.
1 parent 707d376 commit 00f5769

1 file changed

Lines changed: 13 additions & 2 deletions

File tree

ansible/roles/developer_core/tasks/gcloud.yml

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -41,11 +41,22 @@
4141
- gnupg
4242
state: present
4343

44-
- name: Download Google Cloud GPG key
44+
- name: Download Google Cloud GPG key (armored)
4545
ansible.builtin.get_url:
4646
url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
47-
dest: /usr/share/keyrings/cloud.google.gpg
47+
dest: /tmp/cloud.google.asc
4848
mode: '0644'
49+
force: true
50+
51+
- name: Dearmor Google Cloud GPG key
52+
ansible.builtin.shell:
53+
cmd: gpg --batch --yes --dearmor -o /usr/share/keyrings/cloud.google.gpg /tmp/cloud.google.asc
54+
changed_when: true
55+
56+
- name: Remove temporary armored key
57+
ansible.builtin.file:
58+
path: /tmp/cloud.google.asc
59+
state: absent
4960

5061
- name: Add Google Cloud CLI repository
5162
ansible.builtin.apt_repository:

0 commit comments

Comments
 (0)