From e0251f0ce96f83ba084e89a3a2c0af78b6cb6b97 Mon Sep 17 00:00:00 2001
From: root <holta@users.noreply.github.com>
Date: Sat, 1 Apr 2023 16:28:17 -0400
Subject: [PATCH] Modernize Yarn install w/ signed apt/PPA key

---
 roles/yarn/tasks/install.yml | 49 ++++++++++++++++++++++--------------
 1 file changed, 30 insertions(+), 19 deletions(-)

diff --git a/roles/yarn/tasks/install.yml b/roles/yarn/tasks/install.yml
index 48628d688..e7f759a96 100644
--- a/roles/yarn/tasks/install.yml
+++ b/roles/yarn/tasks/install.yml
@@ -1,30 +1,41 @@
-- name: "Yarn | GPG"
-  apt_key:
-    url: https://dl.yarnpkg.com/debian/pubkey.gpg
-    state: present
+- name: Yarn | Download apt key to /usr/share/keyrings/yarn.gpg
+  shell: curl https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor > /usr/share/keyrings/yarn.gpg
 
-- name: "Yarn | Ensure Debian sources list file exists"
-  file:
-    path: /etc/apt/sources.list.d/yarn.list
-    owner: root
-    mode: '0644'
-    state: touch
+- name: Yarn | Add signed Yarn PPA to /etc/apt/sources.list.d/dl_yarnpkg_com_debian.list
+  apt_repository:
+    repo: "deb [signed-by=/usr/share/keyrings/yarn.gpg] https://dl.yarnpkg.com/debian/ stable main"
+    #filename: yarn    # If legacy filename yarn.list is preferred
 
-- name: "Yarn | Ensure Debian package is in sources list"
-  lineinfile:
-    dest: /etc/apt/sources.list.d/yarn.list
-    regexp: 'deb https://dl.yarnpkg.com/debian/ stable main'
-    line: 'deb https://dl.yarnpkg.com/debian/ stable main'
-    state: present
+# 2023-04-01 above avoids DEPRECATED apt-key command & associated problems:
+# https://github.com/iiab/iiab/wiki/IIAB-Platforms#etcapttrustedgpg-legacy-keyring-warnings
 
-- name: "Yarn | Update APT cache"
+# - name: "Yarn | GPG"
+#   apt_key:
+#     url: https://dl.yarnpkg.com/debian/pubkey.gpg
+#     state: present
+
+# - name: "Yarn | Ensure Debian sources list file exists"
+#   file:
+#     path: /etc/apt/sources.list.d/yarn.list
+#     owner: root
+#     mode: '0644'
+#     state: touch
+
+# - name: "Yarn | Ensure Debian package is in sources list"
+#   lineinfile:
+#     dest: /etc/apt/sources.list.d/yarn.list
+#     regexp: 'deb https://dl.yarnpkg.com/debian/ stable main'
+#     line: 'deb https://dl.yarnpkg.com/debian/ stable main'
+#     state: present
+
+- name: Yarn | Update APT cache
   apt:
     update_cache: yes
 
-- name: "Yarn | Install"
+- name: Yarn | Install
   package:
     name: yarn
-    state: latest
+    #state: latest    # No need to mention it, with apt
 
 
 # RECORD Yarn AS INSTALLED