From c3ac7edbf4f5bab8820a046e6d5dbf89e11fda1f Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 8 Apr 2014 15:26:37 +0200
Subject: [PATCH] Switch to /etc/apt/trusted.gpg.d

---
 modules/debian-org/manifests/init.pp | 12 +++++++-----
 modules/site/manifests/aptrepo.pp    | 26 +++-----------------------
 2 files changed, 10 insertions(+), 28 deletions(-)

diff --git a/modules/debian-org/manifests/init.pp b/modules/debian-org/manifests/init.pp
index e19be7f8..4417bfd5 100644
--- a/modules/debian-org/manifests/init.pp
+++ b/modules/debian-org/manifests/init.pp
@@ -99,6 +99,13 @@ class debian-org {
 		require => Package['molly-guard'],
 	}
 
+	file { '/etc/apt/trusted-keys.d':
+		ensure => absent,
+	}
+	file { '/etc/apt/trusted.gpg',
+		mode    => '0600',
+		content => "",
+	}
 	site::aptrepo { 'security':
 		url        => 'http://security.debian.org/',
 		suite      => "${::lsbdistcodename}/updates",
@@ -110,11 +117,6 @@ class debian-org {
 		suite      => "${::lsbdistcodename}-backports",
 		components => ['main','contrib','non-free']
 	}
-	site::aptrepo { 'backports.org':
-		ensure => absent,
-		keyid  => '16BA136C',
-		key    => 'puppet:///modules/debian-org/backports.org.asc',
-	}
 
 	site::aptrepo { 'volatile':
 		url        => $mirror,
diff --git a/modules/site/manifests/aptrepo.pp b/modules/site/manifests/aptrepo.pp
index e53de75c..148f9cf0 100644
--- a/modules/site/manifests/aptrepo.pp
+++ b/modules/site/manifests/aptrepo.pp
@@ -3,43 +3,23 @@ define site::aptrepo (
 	$suite='',
 	$components=[],
 	$key = undef,
-	$keyid = undef,
 	$ensure = present
 ) {
 
 	case $ensure {
 		present: {
 			if $key {
-				exec { "apt-key-update-${name}":
-					command     => "apt-key add /etc/apt/trusted-keys.d/${name}.asc",
-					refreshonly => true,
-				}
-
-				file { "/etc/apt/trusted-keys.d/${name}.asc":
+				file { "/etc/apt/trusted.gpg.d/${name}.gpg":
 					source => $key,
 					mode   => '0664',
-					notify => Exec["apt-key-update-${name}"]
 				}
 			}
 		}
 		absent:  {
-			if ($keyid) and ($key) {
-				file { "/etc/apt/trusted-keys.d/${name}.asc":
-					ensure => absent,
-					notify => Exec["apt-key-del-${keyid}"]
-				}
-				exec { "apt-key-del-${keyid}":
-					command     => "apt-key del ${keyid}",
-					refreshonly => true,
-				}
-			} elsif $key {
-				file { "/etc/apt/trusted-keys.d/${name}.asc":
+			if $key {
+				file { "/etc/apt/trusted.gpg.d/${name}.gpg":
 					ensure => absent,
 				}
-			} elsif $keyid {
-				exec { "apt-key-del-${keyid}":
-					command     => "apt-key del ${keyid}",
-				}
 			}
 		}
 		default: { fail ( "Unknown ensure value: '$ensure'" ) }
-- 
2.39.5