From d4e151468b33443f6de7dc0792e81d70c4366837 Mon Sep 17 00:00:00 2001
From: jo <ljonas@riseup.net>
Date: Fri, 16 Dec 2022 01:39:47 +0100
Subject: [PATCH 1/6] Add .gitignore

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1d17dae
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.venv

From 5084b252f16353cd156fafcce28be54a831fa7ed Mon Sep 17 00:00:00 2001
From: jo <ljonas@riseup.net>
Date: Fri, 16 Dec 2022 14:55:06 +0100
Subject: [PATCH 2/6] Don't use template delimiters in conditions

---
 molecule/default/verify.yml | 6 +++---
 molecule/vagrant/verify.yml | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
index 58f5aad..55e9bb5 100644
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@@ -77,14 +77,14 @@
       ansible.builtin.shell: |
         mariadb -Bse 'STATUS' | grep "^Server version:"
       register: version
-      when: "{{ lookup('env', 'MARIADB_VERSION') }}"
+      when: lookup('env', 'MARIADB_VERSION')
 
     - name: Check MariaDB version
       ansible.builtin.assert:
         that:
-          - "'{{ lookup('env', 'MARIADB_VERSION') }}' in version.stdout"
+          - lookup('env', 'MARIADB_VERSION') in version.stdout
         msg: "{{ version.stdout }}"
-      when: "{{ lookup('env', 'MARIADB_VERSION') }}"
+      when: lookup('env', 'MARIADB_VERSION')
 
     - name: Check that Innodb engine is enabled (and default)
       ansible.builtin.shell: |
diff --git a/molecule/vagrant/verify.yml b/molecule/vagrant/verify.yml
index cb7ac93..402937f 100644
--- a/molecule/vagrant/verify.yml
+++ b/molecule/vagrant/verify.yml
@@ -77,14 +77,14 @@
       ansible.builtin.shell: |
         sudo mariadb -Bse 'STATUS' | grep "^Server version:"
       register: version
-      when: "{{ lookup('env', 'MARIADB_VERSION') }}"
+      when: lookup('env', 'MARIADB_VERSION')
 
     - name: Check MariaDB version
       ansible.builtin.assert:
         that:
-          - "'{{ lookup('env', 'MARIADB_VERSION') }}' in version.stdout"
+          - lookup('env', 'MARIADB_VERSION') in version.stdout
         msg: "{{ version.stdout }}"
-      when: "{{ lookup('env', 'MARIADB_VERSION') }}"
+      when: lookup('env', 'MARIADB_VERSION')
 
     - name: Check that Innodb engine is enabled (and default)
       ansible.builtin.shell: |

From aff5c93fe13863c85744b5cebe61cd4795ea8d67 Mon Sep 17 00:00:00 2001
From: jo <ljonas@riseup.net>
Date: Thu, 15 Dec 2022 18:31:12 +0100
Subject: [PATCH 3/6] Format .pre-commit-config.yaml

---
 .pre-commit-config.yaml | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 16f1ebf..3572484 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -55,15 +55,15 @@ repos:
         name: Run prettier with docker
         entry: tmknom/prettier:latest -l
         language: docker_image
-        files: "\\.(\
-          css|less|scss\
-          |graphql|gql\
-          |html\
-          |js|jsx\
-          |json\
-          |md|markdown|mdown|mkdn\
-          |mdx\
-          |ts|tsx\
-          |vue\
-          |yaml|yml\
-          )$"
+        files: |
+          (?x)\.(
+            css|less|scss
+            graphql|gql|
+            html|
+            js|jsx|ts|tsx|
+            json|
+            md|markdown|mdown|mkdn|
+            mdx|
+            vue|
+            yaml|yml
+          )$

From 86e436f161daa420f1781b3f6670da96de4c45c0 Mon Sep 17 00:00:00 2001
From: jo <ljonas@riseup.net>
Date: Thu, 15 Dec 2022 18:32:09 +0100
Subject: [PATCH 4/6] Fix sid distribution release repositories

On Debian sid, ansible collected the following facts:
  "ansible_distribution": "Debian",
  "ansible_distribution_major_version": "n/a",
  "ansible_distribution_release": "bookworm",
  "ansible_distribution_version": "n/a",

While on debian bullseye (current stable), it collected:
  "ansible_distribution": "Debian",
  "ansible_distribution_major_version": "11",
  "ansible_distribution_release": "bullseye",
  "ansible_distribution_version": "11.5",

We assume that sid will never have a distribution version, so we
set the distribution release to 'sid'.
---
 tasks/setup_debian.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/tasks/setup_debian.yml b/tasks/setup_debian.yml
index f73abfb..ceb65ff 100644
--- a/tasks/setup_debian.yml
+++ b/tasks/setup_debian.yml
@@ -22,16 +22,17 @@
       # change is always triggered in check mode
       when: not ansible_check_mode
 
-    - name: Determine distribution name (Debian sid pb)
+    - name: Determine repo distribution release
       ansible.builtin.set_fact:
-        distribution: "{% if 'n/a' in ansible_distribution_release %}sid{% else %}{{ ansible_distribution_release }}{% endif %}"
+        repo_distribution_release: >-
+          {{ 'sid' if 'n/a' in ansible_distribution_version else ansible_distribution_release }}
 
     - name: Setup mariadb repository sourcelist entry
       ansible.builtin.copy:
         dest: /etc/apt/sources.list.d/mariadb.list
         content: |
           # Ansible managed
-          deb {{ mariadb_use_official_repo_url }}/{{ mariadb_use_official_repo_version }}/{{ ansible_distribution | lower() }} {{ distribution }} main
+          deb {{ mariadb_use_official_repo_url }}/{{ mariadb_use_official_repo_version }}/{{ ansible_distribution | lower() }} {{ repo_distribution_release }} main
         owner: root
         group: root
         mode: "0644"

From 2fe30b31162928c721e5f0c7888c986f539420de Mon Sep 17 00:00:00 2001
From: jo <ljonas@riseup.net>
Date: Mon, 17 Oct 2022 12:15:42 +0200
Subject: [PATCH 5/6] Enable signed-by in debian repository source.list

---
 tasks/setup_debian.yml | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/tasks/setup_debian.yml b/tasks/setup_debian.yml
index ceb65ff..7236406 100644
--- a/tasks/setup_debian.yml
+++ b/tasks/setup_debian.yml
@@ -10,18 +10,34 @@
         state: present
         update_cache: true
 
-    - name: Install mariadb repository key
+    - name: Ensure keyrings dir exists
+      ansible.builtin.file:
+        path: /etc/apt/keyrings
+        state: directory
+        owner: root
+        group: root
+        mode: "0755"
+
+    - name: Fetch mariadb repository key
       ansible.builtin.get_url:
-        url: "https://mariadb.org/mariadb_release_signing_key.asc"
-        dest: "/etc/apt/trusted.gpg.d/mariadb.asc"
+        url: https://mariadb.org/mariadb_release_signing_key.asc
+        dest: /etc/apt/keyrings/mariadb-keyring.asc
         # //TEMP todo
         # checksum: sha256:http://example.com/path/sha256sum.txt
         owner: root
         group: root
         mode: "0644"
+      register: fetch_repository_key
       # change is always triggered in check mode
       when: not ansible_check_mode
 
+    - name: Dearmor mariadb repository key
+      ansible.builtin.command: >
+        gpg --dearmor
+        -o /etc/apt/keyrings/mariadb-keyring.gpg
+        /etc/apt/keyrings/mariadb-keyring.asc
+      when: fetch_repository_key is changed
+
     - name: Determine repo distribution release
       ansible.builtin.set_fact:
         repo_distribution_release: >-
@@ -32,7 +48,7 @@
         dest: /etc/apt/sources.list.d/mariadb.list
         content: |
           # Ansible managed
-          deb {{ mariadb_use_official_repo_url }}/{{ mariadb_use_official_repo_version }}/{{ ansible_distribution | lower() }} {{ repo_distribution_release }} main
+          deb [signed-by=/etc/apt/keyrings/mariadb-keyring.gpg] {{ mariadb_use_official_repo_url }}/{{ mariadb_use_official_repo_version }}/{{ ansible_distribution | lower() }} {{ repo_distribution_release }} main
         owner: root
         group: root
         mode: "0644"

From 0766f242f27c901a6fd6c9908e0139056746a755 Mon Sep 17 00:00:00 2001
From: jo <ljonas@riseup.net>
Date: Mon, 17 Oct 2022 12:23:30 +0200
Subject: [PATCH 6/6] Add deb822 sources for mariadb repository

See:
- https://repolib.readthedocs.io/en/latest/deb822-format.html
- https://wiki.debian.org/DebianRepository/UseThirdParty
---
 README.md              |  1 +
 defaults/main.yml      |  2 ++
 tasks/setup_debian.yml | 17 +++++++++++++++++
 3 files changed, 20 insertions(+)

diff --git a/README.md b/README.md
index 5f2eeef..667c7f1 100644
--- a/README.md
+++ b/README.md
@@ -92,6 +92,7 @@ Available variables are listed below, along with default values (see
 mariadb_use_official_repo: false
 mariadb_use_official_repo_url: https://deb.mariadb.org
 mariadb_use_official_repo_version: "10.10"
+mariadb_use_official_repo_format_deb822: false
 ```
 
 You may deploy the MariaDB Server version that comes with your distribution
diff --git a/defaults/main.yml b/defaults/main.yml
index c29f60a..085ef11 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -7,6 +7,8 @@ ansible_python_interpreter: /usr/bin/python3
 mariadb_use_official_repo: false
 mariadb_use_official_repo_url: https://deb.mariadb.org
 mariadb_use_official_repo_version: 10.6
+# see: https://manpages.debian.org/stable/apt/sources.list.5.en.html#DEB822-STYLE_FORMAT
+mariadb_use_official_repo_format_deb822: false
 
 mariadb_enabled_on_startup: true
 # The following is set to true by default but you may consider setting it to
diff --git a/tasks/setup_debian.yml b/tasks/setup_debian.yml
index 7236406..c0b76c7 100644
--- a/tasks/setup_debian.yml
+++ b/tasks/setup_debian.yml
@@ -52,6 +52,23 @@
         owner: root
         group: root
         mode: "0644"
+      when: not mariadb_use_official_repo_format_deb822
+
+    - name: Setup mariadb repository sources entry
+      ansible.builtin.copy:
+        dest: /etc/apt/sources.list.d/mariadb.sources
+        content: |
+          # Ansible managed
+          X-Repolib-Name: MariaDB
+          Types: deb
+          URIs: {{ mariadb_use_official_repo_url }}/{{ mariadb_use_official_repo_version }}/{{ ansible_distribution | lower() }}
+          Suites: {{ repo_distribution_release }}
+          Components: main
+          Signed-By: /etc/apt/keyrings/mariadb-keyring.gpg
+        owner: root
+        group: root
+        mode: "0644"
+      when: mariadb_use_official_repo_format_deb822
 
     - name: Prefer MariaDB repo over Debian repo
       ansible.builtin.copy: