APT repo has new GPG key

REFERENCE.md

@@ -30,7 +30,7 @@ The following parameters are available in the `lldpd` class:
 * [`manage_service`](#-lldpd--manage_service)
 * [`manage_repo`](#-lldpd--manage_repo)
 * [`repourl`](#-lldpd--repourl)
-* [`apt_key_hash`](#-lldpd--apt_key_hash)
+* [`apt_key`](#-lldpd--apt_key)
 
 ##### <a name="-lldpd--ensure"></a>`ensure`
 
@@ -64,11 +64,11 @@ String that completes the url for the upstream repository
 
 Default value: `undef`
 
-##### <a name="-lldpd--apt_key_hash"></a>`apt_key_hash`
+##### <a name="-lldpd--apt_key"></a>`apt_key`
 
-Data type: `String[1]`
+Data type: `Optional[String[1]]`
 
-the sha256 hashsum for the GPG key file that was used to sign the packages
+the public key used to sign the apt repository (default loaded from hiera)
 
-Default value: `'4f9e668fbdaaedf4fc8d83f4eb98db33553d7f4e1f0bca212d0a7ccc9f1a6adf'`
+Default value: `undef`
 

data/common.yaml

@@ -1,2 +1,25 @@
 ---
 lldpd::manage_repo: true
+
+lldp::apt_key: |
+    -----BEGIN PGP PUBLIC KEY BLOCK-----
+    Version: GnuPG v1.4.5 (GNU/Linux)
+
+    mQENBFrWFxUBCADE36u4rOV+FNTq/G5D0QEaxOoaBJxKOtAwxOs2euxrOuQeUhU3
+    J926Jp3IJbh3t2GROvNWvG+ypxZLXEJw1V1/C5aUFo4yYSBweAkXzNxBJtmh5+UB
+    uLwwdVvJLm3Ew4VV7hO5dn+I1D58pxOydeKhsE3Hb2z3Gg8gEuWwQCnMyRM4JAMq
+    5QcTotPJ/n3hHRR4v5WDUOa7W8rcpX9Je1BHT+BdRl+WyK9qjfSvsRvJNXzoZfIX
+    WIOX7Dw/3160aVFuHNEv/kOluIfttVjYnKlqiNqMEbho9OBwgl4zs5zNB56XiNvP
+    BQ7Qi0GxK8+OkAVqlQ80RimkT5Kv7AQP14qhABEBAAG0OmhvbWU6dmJlcm5hdCBP
+    QlMgUHJvamVjdCA8aG9tZTp2YmVybmF0QGJ1aWxkLm9wZW5zdXNlLm9yZz6JAT4E
+    EwEIACgFAmcd1SkCGwMFCRBmbhQGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJ
+    EEMcN6l8PhFLPXkH/3jcPLce4jnbY+tPW2LasCGATNw38ZxEat4POYSw7u2nTMJf
+    gq+8Dktb2yRpLqXN1RoAfIt3iVHFlaRIHKO2I9jJVnwE22PKrfNoWngH9+f+++Ys
+    LBXS1R0W1R/sls+QxEhty6byiP++mg0XtBYQ+bdz4OF8JKbjBfj+ng5BUhJp7SIP
+    P0A9hLAKaZpGdP6y53W0s7f9I7G+tQRhlgtkxwoL2m2q9vr/8iGgE8jNAlTJ1o9j
+    m19N3ZBtcrbLh8C6KB+wOe3yqmJPKFC2RJmV204yqoakNvPCvYkImkbH+JP+83hs
+    61HRaMOzpNfLqdD5D+7225CLMNCOrvV/HhojsR6IRgQTEQIABgUCWtYXFQAKCRA7
+    MBG3a51lI8xNAKCc6J+qY7tSAhO06zW8+/1RsfCxJQCfbpnP0JZ/WzQQxyWpXuNa
+    t+Xd7EU=
+    =vZBz
+    -----END PGP PUBLIC KEY BLOCK-----

manifests/init.pp

@@ -9,13 +9,13 @@
 # @param manage_service Enable or disable the service management
 # @param manage_repo Enable or disable the repository setup
 # @param repourl String that completes the url for the upstream repository
-# @param apt_key_hash the sha256 hashsum for the GPG key file that was used to sign the packages
+# @param apt_key the public key used to sign the apt repository (default loaded from hiera)
 class lldpd (
   Enum['present', 'absent', 'latest'] $ensure            = 'present',
   Boolean                             $manage_repo       = false,
   Boolean                             $manage_service    = true,
   Optional[String[1]]                 $repourl           = undef,
-  String[1]                           $apt_key_hash      = '4f9e668fbdaaedf4fc8d83f4eb98db33553d7f4e1f0bca212d0a7ccc9f1a6adf',
+  Optional[String[1]]                 $apt_key           = undef,
 ) {
   if $manage_repo {
     case $facts['os']['family'] {
@@ -32,13 +32,11 @@
         # place the key in the keyrings directory where apt won't search for keys for all repos
         # ascii encoded files need to end with *.asc, binary files with .gpg...
         file { '/usr/share/keyrings/lldpd.asc':
-          ensure         => 'file',
-          source         => "https://download.opensuse.org/repositories/home:/vbernat/${repourl}/Release.key",
-          owner          => 'root',
-          group          => 'root',
-          mode           => '0644',
-          checksum_value => $apt_key_hash,
-          checksum       => 'sha256',
+          ensure  => 'file',
+          content => $apt_key,
+          owner   => 'root',
+          group   => 'root',
+          mode    => '0644',
         }
         # purge old key files that we installed in previous releases
         file { ['/etc/apt/trusted.gpg.d/home_vbernat.gpg', '/etc/apt/trusted.gpg.d/home_vbernat.gpg~']: