Packagecloud apt key rotation not applied

[robbat2]

The packagecloud_repo repo only pulls the GPG key during deployment; and does not detect in any way that the key might have been rotated.

To properly solve this, the resource needs to keep the downloaded key, and be able to compare it back against the server copy for updates.

[damacus]

This would stop the cookbook from being idempotent, as it would change every run. Or at least download the key every run. If you can think of a way of implementing this, we're happy to receive a PR for this 👍🏼

[robbat2]

Wow, dead ticket resurrect here.

Do you consider remote_file resource properties use_conditional_get / use_etag / use_last_modified to be sufficiently idempotent?

To use it, you'd have to wire up gpg_url to produce a file that stays on disk after it's imported into the keyring.

[damacus]

hah yeah, wading through lost repositories now we've adopted them!

I haven't considered that yet. Are you still using the cookbook? If so, do you fancy giving that a go?