From: Tom Hughes <tom@compton.nu>
Date: Sun, 4 Sep 2016 20:36:45 +0000 (+0100)
Subject: Remove expired apt keys
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/28d3b4a01faa4780e97c15edc9575c24ff7944d0

Remove expired apt keys
---

diff --git a/cookbooks/apt/providers/source.rb b/cookbooks/apt/providers/source.rb
index c12679f0d..048d1eeae 100644
--- a/cookbooks/apt/providers/source.rb
+++ b/cookbooks/apt/providers/source.rb
@@ -25,7 +25,12 @@ use_inline_resources
 
 action :create do
   if new_resource.key
-    execute "apt-key-#{new_resource.key}" do
+    execute "apt-key-#{new_resource.key}-clean" do
+      command "/usr/bin/apt-key adv --batch --delete-key --yes #{new_resource.key}"
+      only_if "/usr/bin/apt-key adv --list-keys #{new_resource.key} | fgrep expired"
+    end
+
+    execute "apt-key-#{new_resource.key}-install" do
       command "/usr/bin/apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys #{new_resource.key}"
       not_if "/usr/bin/apt-key adv --list-keys #{new_resource.key}"
     end