From e0251f0ce96f83ba084e89a3a2c0af78b6cb6b97 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 1 Apr 2023 16:28:17 -0400 Subject: [PATCH] Modernize Yarn install w/ signed apt/PPA key --- roles/yarn/tasks/install.yml | 49 ++++++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 19 deletions(-) diff --git a/roles/yarn/tasks/install.yml b/roles/yarn/tasks/install.yml index 48628d688..e7f759a96 100644 --- a/roles/yarn/tasks/install.yml +++ b/roles/yarn/tasks/install.yml @@ -1,30 +1,41 @@ -- name: "Yarn | GPG" - apt_key: - url: https://dl.yarnpkg.com/debian/pubkey.gpg - state: present +- name: Yarn | Download apt key to /usr/share/keyrings/yarn.gpg + shell: curl https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor > /usr/share/keyrings/yarn.gpg -- name: "Yarn | Ensure Debian sources list file exists" - file: - path: /etc/apt/sources.list.d/yarn.list - owner: root - mode: '0644' - state: touch +- name: Yarn | Add signed Yarn PPA to /etc/apt/sources.list.d/dl_yarnpkg_com_debian.list + apt_repository: + repo: "deb [signed-by=/usr/share/keyrings/yarn.gpg] https://dl.yarnpkg.com/debian/ stable main" + #filename: yarn # If legacy filename yarn.list is preferred -- name: "Yarn | Ensure Debian package is in sources list" - lineinfile: - dest: /etc/apt/sources.list.d/yarn.list - regexp: 'deb https://dl.yarnpkg.com/debian/ stable main' - line: 'deb https://dl.yarnpkg.com/debian/ stable main' - state: present +# 2023-04-01 above avoids DEPRECATED apt-key command & associated problems: +# https://github.com/iiab/iiab/wiki/IIAB-Platforms#etcapttrustedgpg-legacy-keyring-warnings -- name: "Yarn | Update APT cache" +# - name: "Yarn | GPG" +# apt_key: +# url: https://dl.yarnpkg.com/debian/pubkey.gpg +# state: present + +# - name: "Yarn | Ensure Debian sources list file exists" +# file: +# path: /etc/apt/sources.list.d/yarn.list +# owner: root +# mode: '0644' +# state: touch + +# - name: "Yarn | Ensure Debian package is in sources list" +# lineinfile: +# dest: /etc/apt/sources.list.d/yarn.list +# regexp: 'deb https://dl.yarnpkg.com/debian/ stable main' +# line: 'deb https://dl.yarnpkg.com/debian/ stable main' +# state: present + +- name: Yarn | Update APT cache apt: update_cache: yes -- name: "Yarn | Install" +- name: Yarn | Install package: name: yarn - state: latest + #state: latest # No need to mention it, with apt # RECORD Yarn AS INSTALLED