From f31f1c2b0c7860bdf0bfd005fe7b4e30bff66fff Mon Sep 17 00:00:00 2001
From: Paul Gottschling <paul.gottschling@goteleport.com>
Date: Wed, 11 Dec 2024 13:58:39 -0500
Subject: [PATCH] Restore `signed-by` in `teleport.list`

Responds to marcoandredinis feedback. Trust only the Teleport-issued
public key when validating Teleport DEB packages.
---
 docs/pages/includes/cloud/install-linux-cloud.mdx     | 3 ++-
 docs/pages/includes/install-linux-ent-self-hosted.mdx | 3 ++-
 docs/pages/installation.mdx                           | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/docs/pages/includes/cloud/install-linux-cloud.mdx b/docs/pages/includes/cloud/install-linux-cloud.mdx
index 20374c347bf52..ba18bdf613771 100644
--- a/docs/pages/includes/cloud/install-linux-cloud.mdx
+++ b/docs/pages/includes/cloud/install-linux-cloud.mdx
@@ -10,7 +10,8 @@
   # Source variables about OS version
   $ source /etc/os-release
   # Add the Teleport APT repository for cloud.
-  $ echo "deb https://apt.releases.teleport.dev/${ID?} ${VERSION_CODENAME?} stable/cloud" \
+  $ echo "deb [signed-by=/etc/apt/trusted.gpg.d/teleport.asc] \
+  https://apt.releases.teleport.dev/${ID?} ${VERSION_CODENAME?} stable/cloud" \
   | sudo tee /etc/apt/sources.list.d/teleport.list > /dev/null
 
   # Provide your Teleport domain to query the latest compatible Teleport version
diff --git a/docs/pages/includes/install-linux-ent-self-hosted.mdx b/docs/pages/includes/install-linux-ent-self-hosted.mdx
index 3a907685ece22..0d89883ff621d 100644
--- a/docs/pages/includes/install-linux-ent-self-hosted.mdx
+++ b/docs/pages/includes/install-linux-ent-self-hosted.mdx
@@ -10,7 +10,8 @@ $ sudo curl https://apt.releases.teleport.dev/gpg \
 $ source /etc/os-release
 # Add the Teleport APT repository for v(=teleport.major_version=). You'll need to update this
 # file for each major release of Teleport.
-$ echo "deb https://apt.releases.teleport.dev/${ID?} ${VERSION_CODENAME?} stable/v(=teleport.major_version=)" \
+$ echo "deb [signed-by=/etc/apt/trusted.gpg.d/teleport.asc] \
+https://apt.releases.teleport.dev/${ID?} ${VERSION_CODENAME?} stable/v(=teleport.major_version=)" \
 | sudo tee /etc/apt/sources.list.d/teleport.list > /dev/null
 
 $ sudo apt-get update
diff --git a/docs/pages/installation.mdx b/docs/pages/installation.mdx
index ccb60dde5a34f..44e86dbe95006 100644
--- a/docs/pages/installation.mdx
+++ b/docs/pages/installation.mdx
@@ -246,7 +246,8 @@ repositories.
    -o /etc/apt/trusted.gpg.d/teleport.asc
    # Add the Teleport APT repository. You'll need to update this file for each
    # major release of Teleport.
-   $ echo "deb https://apt.releases.teleport.dev/${ID?} ${VERSION_CODENAME?} \
+   $ echo "deb [signed-by=/etc/apt/trusted.gpg.d/teleport.asc] \
+   https://apt.releases.teleport.dev/${ID?} ${VERSION_CODENAME?} \
    ${TELEPORT_CHANNEL?}" \
    | sudo tee /etc/apt/sources.list.d/teleport.list > /dev/null