From fa64652681dd6178dcd5ab49c1283f758689967c Mon Sep 17 00:00:00 2001
From: Tagada <36127788+Tagadda@users.noreply.github.com>
Date: Sat, 17 Feb 2024 20:07:23 +0100
Subject: [PATCH] regenconf/apt:Purge expired apt keys

Co-authored-by: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com>
---
 hooks/conf_regen/10-apt | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/hooks/conf_regen/10-apt b/hooks/conf_regen/10-apt
index 32b939664..da6186a98 100755
--- a/hooks/conf_regen/10-apt
+++ b/hooks/conf_regen/10-apt
@@ -69,12 +69,9 @@ do_post_regen() {
         wget --timeout 900 --quiet "https://packages.sury.org/php/apt.gpg" --output-document=- | gpg --dearmor >"/etc/apt/trusted.gpg.d/extra_php_version.gpg"
     fi
 
-    # Update sury apt key if 95BD4743 is present
-    if apt-key list | grep -q "95BD4743"; then
-        echo "Updating sury apt key..."
-        apt-key del 95BD4743; wget -nv -O - "https://packages.sury.org/php/apt.gpg" | apt-key add -
-    fi
-
+    # Purge expired keys (such as sury 95BD4743)
+    EXPIRED_KEYS="$(LC_ALL='en_US.UTF-8' apt-key list 2>/dev/null | grep -A1 'expired:' | grep -v 'expired\|^-' | sed 's/\s//g')"
+    for KEY in $EXPIRED_KEYS; do apt-key del $KEY 2>/dev/null; done
     # Make sure php7.4 is the default version when using php in cli
     if test -e /usr/bin/php$YNH_DEFAULT_PHP_VERSION
     then