Remove old apt key from Ansible logic #6138
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Status
Ready for review
Description of Changes
Fixes #6133
Follow-up to #5979. Removes the old, i.e. 22245C81E3BAEB4138B36061310F561200F4AD77, apt key from the Ansible install-time logic. The key has been expired since 2021-06-30. Also updates the staging vars to use only the new key, never the old key, alongside the apt-test key.
Testing
Here's what I did while working on the change:
22245C81E3BAEB4138B36061310F561200F4AD77
is not removed during upgrade #6133)sudo apt-key del '22245C81E3BAEB4138B36061310F561200F4AD77'
./securedrop-admin install
and observe after that 2224 was re-added../securedrop-admin install
Because we're about to publish rc2, I think running through all those steps as part of PR review is overkill, and I encourage visual review. cc @zenmonkeykstop for thoughts on that.
I'm also submitting this PR from a
stg-*
branch to ensure that the staging changes don't break anything.Deployment
No special considerations. The old key is expired, and can't be used anymore, and we want it gone everywhere.