From 00aa614cfdb103c96375d9fbef809947a8682d2d Mon Sep 17 00:00:00 2001
From: Sandwich <sandwich@archworks.co>
Date: Thu, 19 Feb 2026 12:08:33 +0100
Subject: [PATCH] fix(bootstrap): use explicit keyring for debootstrap and copy
 resolv.conf

---
 roles/bootstrap/tasks/ubuntu.yml | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/roles/bootstrap/tasks/ubuntu.yml b/roles/bootstrap/tasks/ubuntu.yml
index 36d2e4b..04fd7f5 100644
--- a/roles/bootstrap/tasks/ubuntu.yml
+++ b/roles/bootstrap/tasks/ubuntu.yml
@@ -39,17 +39,20 @@
 
     - name: Install Ubuntu base system
       ansible.builtin.command: >-
-        debootstrap --include={{ bootstrap_ubuntu_base_csv }}
+        debootstrap
+        --keyring=/usr/share/keyrings/ubuntu-archive-keyring.gpg
+        --include={{ bootstrap_ubuntu_base_csv }}
         {{ bootstrap_ubuntu_release }} /mnt
         http://archive.ubuntu.com/ubuntu/
       register: bootstrap_ubuntu_base_result
       changed_when: bootstrap_ubuntu_base_result.rc == 0
 
     - name: Ensure chroot has resolv.conf
-      ansible.builtin.file:
-        src: /run/NetworkManager/resolv.conf
+      ansible.builtin.copy:
+        src: /etc/resolv.conf
         dest: /mnt/etc/resolv.conf
-        state: link
+        remote_src: true
+        mode: "0644"
 
     - name: Enable universe repository
       ansible.builtin.command: "{{ chroot_command }} sed -i '1s|$| universe|' /etc/apt/sources.list"