From 5ca6bf2381d3ea5300cdc0881bdc0c88d09e8958 Mon Sep 17 00:00:00 2001
From: Kenyon Ralph <quic_kralph@quicinc.com>
Date: Tue, 21 Nov 2023 13:34:15 -0800
Subject: [PATCH] (MODULES-9695) Debian: use modern APT keyring format

This updates puppet_agent::osfamily::debian to use modern APT keyrings
instead of the deprecated apt-key method used by apt::key and
apt::source.key without `name`.

This also removes the legacy key, because keys not used for signing
package sources aren't needed.

/etc/pki is not needed anymore (also this directory is a RedHatism)
because keyrings are now stored in the default location of
/etc/apt/keyrings. We don't clean it up though, in case people are using
the files there for something else.
---
 manifests/osfamily/debian.pp | 35 +++--------------------------------
 1 file changed, 3 insertions(+), 32 deletions(-)

diff --git a/manifests/osfamily/debian.pp b/manifests/osfamily/debian.pp
index 7cbd9d3e..3cc2f525 100644
--- a/manifests/osfamily/debian.pp
+++ b/manifests/osfamily/debian.pp
@@ -71,44 +71,15 @@
       } else {
         $source = $puppet_agent::apt_source
       }
-      $legacy_keyname = 'GPG-KEY-puppet'
-      $legacy_gpg_path = "/etc/pki/deb-gpg/${legacy_keyname}"
-      $keyname = 'GPG-KEY-puppet-20250406'
-      $gpg_path = "/etc/pki/deb-gpg/${keyname}"
-
-      if getvar('::puppet_agent::manage_pki_dir') == true {
-        file { ['/etc/pki', '/etc/pki/deb-gpg']:
-          ensure => directory,
-        }
-      }
-
-      file { $legacy_gpg_path:
-        ensure => file,
-        owner  => 0,
-        group  => 0,
-        mode   => '0644',
-        source => "puppet:///modules/puppet_agent/${legacy_keyname}",
-      }
-
-      apt::key { 'legacy key':
-        id     => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
-        source => $legacy_gpg_path,
-      }
 
-      file { $gpg_path:
-        ensure => file,
-        owner  => 0,
-        group  => 0,
-        mode   => '0644',
-        source => "puppet:///modules/puppet_agent/${keyname}",
-      }
+      $keyname = 'GPG-KEY-puppet-20250406'
 
       apt::source { 'pc_repo':
         location => $source,
         repos    => $puppet_agent::collection,
         key      => {
-          'id'     => 'D6811ED3ADEEB8441AF5AA8F4528B6CD9E61EF26',
-          'source' => $gpg_path,
+          'name'    => "${keyname}.asc",
+          'content' => file("${module_name}/${keyname}"),
         },
         notify   => Exec['pc_repo_force'],
       }