From 4f1db03d96389b9ef47a806030fa3d396ff1a211 Mon Sep 17 00:00:00 2001
From: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Date: Sat, 25 Aug 2018 21:18:42 +0100
Subject: [PATCH] Make apt key import for Ubuntu a uniform process

In https://review.openstack.org/588962 the implementation
of the apt key store copy into the container was changed
for bionic, but left alone for xenial. This patch makes
the approach uniform across both distributions.

Change-Id: I79f49fd02be3bbee5f22cdde000b19578167e3ca
---
 handlers/main.yml                           |  5 -----
 tasks/lxc_cache_preparation.yml             | 17 -----------------
 templates/prep-scripts/ubuntu_16_prep.sh.j2 |  2 --
 vars/ubuntu-16.04.yml                       |  2 +-
 4 files changed, 1 insertion(+), 25 deletions(-)

diff --git a/handlers/main.yml b/handlers/main.yml
index a0907ad6..54ce95e5 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -84,11 +84,6 @@
     name: it_does_not_matter
     daemon_reload: yes
 
-- name: Remove generated apt keys from LXC host
-  file:
-    path: /root/repo.keys
-    state: absent
-
 - name: Remove rootfs archive
   file:
     path: "/tmp/{{ cache_basename }}"
diff --git a/tasks/lxc_cache_preparation.yml b/tasks/lxc_cache_preparation.yml
index cf18371d..f14ebddf 100644
--- a/tasks/lxc_cache_preparation.yml
+++ b/tasks/lxc_cache_preparation.yml
@@ -69,23 +69,6 @@
           to ensure they're available otherwise disable the quota system by
           setting `lxc_host_machine_quota_disabled` to true.
 
-- block:
-    - name: Generate apt keys from LXC host for the container cache
-      shell: "apt-key exportall"
-      changed_when: false
-      register: _apt_exportall
-      tags:
-        - skip_ansible_lint
-
-    - name: Write exported keys to temporary file
-      copy:
-        content: "{{ _apt_exportall.stdout }}"
-        dest: "/root/repo.keys"
-      notify:
-        - Remove generated apt keys from LXC host
-  when:
-    - ansible_pkg_mgr == 'apt'
-
 # NOTE(cloudnull): We're using rsync  and an if block because we've no means
 #                  to loop over a block. Re-evaluate this task when/if this is
 #                  merged https://github.com/ansible/ansible/issues/13262
diff --git a/templates/prep-scripts/ubuntu_16_prep.sh.j2 b/templates/prep-scripts/ubuntu_16_prep.sh.j2
index f85a5910..524965ff 100644
--- a/templates/prep-scripts/ubuntu_16_prep.sh.j2
+++ b/templates/prep-scripts/ubuntu_16_prep.sh.j2
@@ -5,8 +5,6 @@ set -e -x
 
 {% include 'templates/prep-scripts/_container_sys_setup.sh.j2' %}
 
-apt-key add -v /root/repo.keys
-rm /root/repo.keys
 export DEBIAN_FRONTEND=noninteractive
 apt-get remove -y --purge snap* lxc* lxd* resolvconf* || true
 
diff --git a/vars/ubuntu-16.04.yml b/vars/ubuntu-16.04.yml
index 18581397..df791ef8 100644
--- a/vars/ubuntu-16.04.yml
+++ b/vars/ubuntu-16.04.yml
@@ -22,10 +22,10 @@ _lxc_cache_map:
   copy_from_host:
     - /etc/apt/sources.list
     - /etc/apt/apt.conf.d/
+    - /etc/apt/trusted.gpg.d
     - /etc/apt/preferences.d/
     - /etc/environment
     - /etc/localtime
-    - /root/repo.keys
     - /etc/protocols
 
 _lxc_cache_prep_template: "prep-scripts/ubuntu_16_prep.sh.j2"