apt key variables

bundles/apt/items.py

@@ -73,7 +73,7 @@ actions = {
 
 for name, config in node.metadata.get('apt/sources').items():
     # place keyfile
-    keyfile_destination_path = config['options']['Signed-By']
+    keyfile_destination_path = repo.libs.apt.format_variables(node, config['options']['Signed-By'])
     files[keyfile_destination_path] = {
         'source': join(repo.path, 'data', 'apt', 'keys', basename(keyfile_destination_path)),
         'content_type': 'binary',

bundles/apt/metadata.py

@@ -80,8 +80,7 @@ def signed_by(metadata):
             'sources': {
                 source_name: {
                     'options': {
-                        #'Signed-By': 'XXXXXXXX',
+                        'Signed-By': '/etc/apt/keyrings/' + metadata.get(f'apt/sources/{source_name}/key') + '.' + repo.libs.apt.find_keyfile_extension(node, metadata.get(f'apt/sources/{source_name}/key')),
-                        'Signed-By': '/etc/apt/keyrings/' + metadata.get(f'apt/sources/{source_name}/key') + '.' + repo.libs.apt.find_keyfile_extension(repo, metadata.get(f'apt/sources/{source_name}/key')),
                     },
                 }
                     for source_name in metadata.get('apt/sources')

groups/os/debian-11.py

@@ -3,16 +3,6 @@
         'debian',
     ],
     'metadata': {
-        'apt': {
-            'sources': {
-                'debian': {
-                    'key': 'debian-11',
-                },
-                'debian-security': {
-                    'key': 'debian-11-security',
-                },
-            },
-        },
         'php': {
             'version': '7.4',
         },

groups/os/debian-12.py

@@ -9,13 +9,11 @@
                     'components': {
                         'non-free-firmware',
                     },
-                    'key': 'debian-12',
                 },
                 'debian-security': {
                     'components': {
                         'non-free-firmware',
                     },
-                    'key': 'debian-12-security',
                 },
             },
         },

groups/os/debian.py

@@ -24,6 +24,7 @@
                         'contrib',
                         'non-free',
                     },
+                    'key': 'debian-{version}',
                 },
                 'debian-security': {
                     'url': 'https://security.debian.org/',
@@ -35,6 +36,7 @@
                         'contrib',
                         'non-free',
                     },
+                    'key': 'debian-{version}-security',
                 },
             },
             'packages': {

libs/apt.py

@@ -5,12 +5,21 @@ from glob import glob
 from os.path import join, basename, exists
 
 
-def find_keyfile_extension(repo, key_name):
+def format_variables(node, string):
+    return string.format(
+        codename=node.metadata.get('os_codename'),
+        version=node.os_version[0],
+    )
+
+
+def find_keyfile_extension(node, key_name):
+    formatted_key_name = format_variables(node, key_name)
+
     for extension in ('asc', 'gpg'):
-        if exists(join(repo.path, 'data', 'apt', 'keys', f'{key_name}.{extension}')):
+        if exists(join(node.repo.path, 'data', 'apt', 'keys', f'{formatted_key_name}.{extension}')):
             return extension
     else:
-        raise Exception(f"no keyfile '{key_name}.(asc|gpg)' found")
+        raise Exception(f"no keyfile '{formatted_key_name}.(asc|gpg)' found")
 
 
 def render_apt_conf(section, depth=0):
@@ -77,11 +86,5 @@ def render_source(node, source_name):
             f'{key}: ' + value
         )
 
-    # render to string and replace version/codename
+    # render to string and format variables
-    string = '\n'.join(lines).format(
+    return format_variables(node, '\n'.join(lines) + '\n')
-        codename=node.metadata.get('os_codename'),
-        version=node.os_version[0], # WIP crystal
-    ) + '\n'
-
-    # return
-    return string