From 318f1822a401c8ceccdb9d210a6eaa8e77ac1d40 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Perez?=
 <36963695+steph-perez@users.noreply.github.com>
Date: Wed, 11 Jun 2025 10:55:32 +0200
Subject: [PATCH 1/2] Replace hardcoded GPG key for Redhat

---
 roles/gitlab/tasks/install.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/gitlab/tasks/install.yml b/roles/gitlab/tasks/install.yml
index 2d784dd..5c4a269 100644
--- a/roles/gitlab/tasks/install.yml
+++ b/roles/gitlab/tasks/install.yml
@@ -70,7 +70,7 @@
         enabled: true
         gpgkey:
           - "{{ gitlab_gpg_key_url }}"
-          - "{{ gitlab_gpg_key_url }}/gitlab-{{ gitlab_edition }}-3D645A26AB9FBD22.pub.gpg"
+          - "{{ gitlab_gpg_key_url }}/gitlab-{{ gitlab_edition }}-{{ gitlab_gpg_key_id }}.pub.gpg"
         sslverify: true
         sslcacert: "/etc/pki/tls/certs/ca-bundle.crt"
         metadata_expire: "300"
@@ -86,7 +86,7 @@
         enabled: true
         gpgkey:
           - "{{ gitlab_gpg_key_url }}"
-          - "{{ gitlab_gpg_key_url }}/gitlab-{{ gitlab_edition }}-3D645A26AB9FBD22.pub.gpg"
+          - "{{ gitlab_gpg_key_url }}/gitlab-{{ gitlab_edition }}-{{ gitlab_gpg_key_id }}.pub.gpg"
         sslverify: true
         sslcacert: "/etc/pki/tls/certs/ca-bundle.crt"
         metadata_expire: "300"

From e70b727872009a8f0760d163b76036a6effd4d2c Mon Sep 17 00:00:00 2001
From: Stephane Perez <stephane.perez@kelkoo.com>
Date: Wed, 9 Jul 2025 17:27:37 +0200
Subject: [PATCH 2/2] Move gitlab_gpg_key_id to vars

---
 roles/gitlab/defaults/main.yml  | 1 -
 roles/gitlab/vars/AlmaLinux.yml | 1 +
 roles/gitlab/vars/CentOS.yml    | 1 +
 roles/gitlab/vars/Debian.yml    | 1 +
 roles/gitlab/vars/Ubuntu.yml    | 1 +
 5 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/roles/gitlab/defaults/main.yml b/roles/gitlab/defaults/main.yml
index 8ff9656..a3b4d9c 100644
--- a/roles/gitlab/defaults/main.yml
+++ b/roles/gitlab/defaults/main.yml
@@ -9,7 +9,6 @@ gitlab_edition: "gitlab-ee"
 gitlab_version: ""
 gitlab_release: ""
 gitlab_gpg_key_url: "https://packages.gitlab.com/gitlab/{{ gitlab_edition }}/gpgkey"
-gitlab_gpg_key_id: "F6403F6544A38863DAA0B6E03F01618A51312F3F"
 
 # Do not display sensitive changes in diffs by default
 gitlab_hide_sensitive_changes: true
diff --git a/roles/gitlab/vars/AlmaLinux.yml b/roles/gitlab/vars/AlmaLinux.yml
index ab45127..4e40fd2 100644
--- a/roles/gitlab/vars/AlmaLinux.yml
+++ b/roles/gitlab/vars/AlmaLinux.yml
@@ -13,3 +13,4 @@ gitlab_dependencies:
 gitlab_repo_url: "https://packages.gitlab.com/gitlab/{{ gitlab_edition }}/el/{{ ansible_facts.distribution_major_version }}/$basearch"
 gitlab_source_repo_url: "https://packages.gitlab.com/gitlab/{{ gitlab_edition }}/el/{{ ansible_facts.distribution_major_version }}/SRPMS"
 gitlab_package_name: "{{ gitlab_edition + '-' + gitlab_version + '-' + gitlab_release if gitlab_version and gitlab_release else gitlab_edition }}"
+gitlab_gpg_key_id: "CB947AD886C8E8FD"
diff --git a/roles/gitlab/vars/CentOS.yml b/roles/gitlab/vars/CentOS.yml
index ab45127..4e40fd2 100644
--- a/roles/gitlab/vars/CentOS.yml
+++ b/roles/gitlab/vars/CentOS.yml
@@ -13,3 +13,4 @@ gitlab_dependencies:
 gitlab_repo_url: "https://packages.gitlab.com/gitlab/{{ gitlab_edition }}/el/{{ ansible_facts.distribution_major_version }}/$basearch"
 gitlab_source_repo_url: "https://packages.gitlab.com/gitlab/{{ gitlab_edition }}/el/{{ ansible_facts.distribution_major_version }}/SRPMS"
 gitlab_package_name: "{{ gitlab_edition + '-' + gitlab_version + '-' + gitlab_release if gitlab_version and gitlab_release else gitlab_edition }}"
+gitlab_gpg_key_id: "CB947AD886C8E8FD"
diff --git a/roles/gitlab/vars/Debian.yml b/roles/gitlab/vars/Debian.yml
index 8805d2a..f73ba2f 100644
--- a/roles/gitlab/vars/Debian.yml
+++ b/roles/gitlab/vars/Debian.yml
@@ -13,3 +13,4 @@ gitlab_dependencies:
   - "tzdata"
 gitlab_repo_url: "https://packages.gitlab.com/gitlab/{{ gitlab_edition }}/debian/"
 gitlab_package_name: "{{ gitlab_edition + '=' + gitlab_version + '-' + gitlab_release if gitlab_version and gitlab_release else gitlab_edition }}"
+gitlab_gpg_key_id: "F6403F6544A38863DAA0B6E03F01618A51312F3F"
diff --git a/roles/gitlab/vars/Ubuntu.yml b/roles/gitlab/vars/Ubuntu.yml
index 1f6bc08..311489a 100644
--- a/roles/gitlab/vars/Ubuntu.yml
+++ b/roles/gitlab/vars/Ubuntu.yml
@@ -13,3 +13,4 @@ gitlab_dependencies:
   - "tzdata"
 gitlab_repo_url: "https://packages.gitlab.com/gitlab/{{ gitlab_edition }}/ubuntu/"
 gitlab_package_name: "{{ gitlab_edition + '=' + gitlab_version + '-' + gitlab_release if gitlab_version and gitlab_release else gitlab_edition }}"
+gitlab_gpg_key_id: "F6403F6544A38863DAA0B6E03F01618A51312F3F"