Lynis - Update to new GPG installation method

chrismeller · chrismeller · commit 24e97c9771a5 · 2024-06-22T19:45:39.000-04:00
This also requires that gpg be installed first, so we install it if not present.
diff --git a/roles/lynis/tasks/main.yml b/roles/lynis/tasks/main.yml
@@ -1,8 +1,20 @@
+    - name: update and upgrade
+      become: true
+      apt:
+        update_cache: yes
+        upgrade: yes
+
+    - name: install lynis dependencies
+      become: true
+      apt:
+        name: gpg
+        state: present
+
     - name: prepare lynis installation
       become: true
       shell: |
-        wget -O - https://packages.cisofy.com/keys/cisofy-software-public.key | sudo apt-key add -
-        echo "deb https://packages.cisofy.com/community/lynis/deb/ stable main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list
+        curl -fsSL https://packages.cisofy.com/keys/cisofy-software-public.key | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/cisofy-software-public.gpg
+        echo "deb [arch=amd64,arm64 signed-by=/etc/apt/trusted.gpg.d/cisofy-software-public.gpg] https://packages.cisofy.com/community/lynis/deb/ stable main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list
 
     - name: update and upgrade
       become: true
