From 1d9cbde627ab20871199f0eec920e69ee3715ce7 Mon Sep 17 00:00:00 2001
From: Tagada <36127788+Tagadda@users.noreply.github.com>
Date: Mon, 19 Feb 2024 18:46:37 +0100
Subject: [PATCH] hooks/conf_regen/apt: remove expired apt keys before
 downloading sury's key

---
 hooks/conf_regen/10-apt | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/hooks/conf_regen/10-apt b/hooks/conf_regen/10-apt
index da6186a98..81fa5dd25 100755
--- a/hooks/conf_regen/10-apt
+++ b/hooks/conf_regen/10-apt
@@ -62,6 +62,10 @@ Pin-Priority: -1
 do_post_regen() {
     regen_conf_files=$1
 
+    # Purge expired keys (such as sury 95BD4743)
+    EXPIRED_KEYS="$(LC_ALL='en_US.UTF-8' apt-key list 2>/dev/null | grep -A1 'expired:' | grep -v 'expired\|^-' | sed 's/\s//g')"
+    for KEY in $EXPIRED_KEYS; do apt-key del $KEY 2>/dev/null; done
+
     # Add sury key
     # We do this only at the post regen and if the key doesn't already exists, because we don't want the regenconf to fuck everything up if the regenconf runs while the network is down
     if [[ ! -s /etc/apt/trusted.gpg.d/extra_php_version.gpg ]]
@@ -69,9 +73,6 @@ do_post_regen() {
         wget --timeout 900 --quiet "https://packages.sury.org/php/apt.gpg" --output-document=- | gpg --dearmor >"/etc/apt/trusted.gpg.d/extra_php_version.gpg"
     fi
 
-    # Purge expired keys (such as sury 95BD4743)
-    EXPIRED_KEYS="$(LC_ALL='en_US.UTF-8' apt-key list 2>/dev/null | grep -A1 'expired:' | grep -v 'expired\|^-' | sed 's/\s//g')"
-    for KEY in $EXPIRED_KEYS; do apt-key del $KEY 2>/dev/null; done
     # Make sure php7.4 is the default version when using php in cli
     if test -e /usr/bin/php$YNH_DEFAULT_PHP_VERSION
     then