Change requisite clausule.
Add check for existing key for idempotency.
diff --git a/linux/system/repo.sls b/linux/system/repo.sls
index 50ec3fe..5d4a567 100644
--- a/linux/system/repo.sls
+++ b/linux/system/repo.sls
@@ -142,7 +142,8 @@
linux_repo_{{ name }}_key:
cmd.run:
- name: "echo '{{ repo.key }}' | apt-key add -"
- - onchange:
+ - unless: "apt-key finger --with-colons | grep -qF $(echo '{{ repo-key }} | gpg --with-fingerprint --with-colons | grep -E '^fpr')"
+ - require_in:
- pkgrepo: linux_repo_{{ name }}
{%- elif repo.key_url|default(False) %}
@@ -150,7 +151,8 @@
linux_repo_{{ name }}_key:
cmd.run:
- name: "curl -s {{ repo.key_url }} | apt-key add -"
- - onchange:
+ - unless: "apt-key finger --with-colons | grep -qF $(curl -s {{ repo.key_url }} | gpg --with-fingerprint --with-colons | grep -E '^fpr')"
+ - require_in:
- pkgrepo: linux_repo_{{ name }}
{%- endif %}