From ef9a2840c1d3be4378b3d8becae7b586aa4d29c8 Mon Sep 17 00:00:00 2001
From: hamir-suspect <ahasanbasic@semaphore.io>
Date: Wed, 19 Nov 2025 13:33:08 +0100
Subject: [PATCH 1/4] chore: migrate to new apt repositories

---
 packer/linux/ansible/group_vars/all.yml       | 10 +++++--
 .../linux/ansible/roles/erlang/tasks/main.yml | 28 +++++++++++++------
 2 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/packer/linux/ansible/group_vars/all.yml b/packer/linux/ansible/group_vars/all.yml
index f9dd032..6642d8d 100644
--- a/packer/linux/ansible/group_vars/all.yml
+++ b/packer/linux/ansible/group_vars/all.yml
@@ -7,9 +7,13 @@ awscli_url: "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-{{ awscli_vers
 docker_apt_repository: "deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
 docker_apt_gpg_key: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
 yq_url: "https://github.com/mikefarah/yq/releases/download/v4.16.2/yq_linux_amd64"
-erlang_gpg_key_url: https://github.com/rabbitmq/signing-keys/releases/download/3.0/cloudsmith.rabbitmq-erlang.E495BB49CC4BBE5B.key
-erlang_gpg_key_checksum: "84df2e5fd80d464c3eb9acd2f751b2f6a723438200915dd50fbf12f08698e4ec"
-erlang_gpg_key_path: /usr/share/keyrings/rabbitmq-erlang.E495BB49CC4BBE5B.asc
+erlang_gpg_key_url: https://keys.openpgp.org/vks/v1/by-fingerprint/0A9AF2115F4687BD29803A206B73A36E6026DFCA
+erlang_gpg_key_checksum: "f06ccb0568a012e751e276c15b733494147fbb0663c79ab77f3574def4767f99"
+erlang_gpg_key_path: /usr/share/keyrings/com.rabbitmq.team.gpg
+erlang_gpg_key_source_path: "{{ erlang_gpg_key_path }}.asc"
+erlang_repo_mirrors:
+  - https://deb1.rabbitmq.com
+  - https://deb2.rabbitmq.com
 cloudwatch_agent_url: https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
 systemd_restart_seconds: 300
 apt_hold_patterns: []
diff --git a/packer/linux/ansible/roles/erlang/tasks/main.yml b/packer/linux/ansible/roles/erlang/tasks/main.yml
index 4fc4580..57ad66a 100644
--- a/packer/linux/ansible/roles/erlang/tasks/main.yml
+++ b/packer/linux/ansible/roles/erlang/tasks/main.yml
@@ -1,21 +1,33 @@
 ---
 - name: Download GPG key
+  register: erlang_gpg_key_download
   ansible.builtin.get_url:
     url: "{{ erlang_gpg_key_url }}"
-    dest: "{{ erlang_gpg_key_path }}"
+    dest: "{{ erlang_gpg_key_source_path }}"
     checksum: "sha256:{{ erlang_gpg_key_checksum }}"
-    mode: '0755'
+    mode: '0644'
     force: true
 
-- name: "Add repository to APT sources list"
-  ansible.builtin.apt_repository:
-    repo: "deb [arch=amd64 signed-by={{ erlang_gpg_key_path }}] https://ppa1.rabbitmq.com/rabbitmq/rabbitmq-erlang/deb/ubuntu focal main"
-    state: present
+- name: Check existing keyring
+  ansible.builtin.stat:
+    path: "{{ erlang_gpg_key_path }}"
+  register: erlang_gpg_keyring
 
-- name: "Add src repository to APT sources list"
+- name: De-Armor GPG key
+  ansible.builtin.command:
+    cmd: "gpg --dearmor --yes --output {{ erlang_gpg_key_path }} {{ erlang_gpg_key_source_path }}"
+  when: erlang_gpg_key_download.changed or not erlang_gpg_keyring.stat.exists
+
+- name: "Add repository to APT sources list"
   ansible.builtin.apt_repository:
-    repo: "deb-src [signed-by={{ erlang_gpg_key_path }}] https://ppa1.rabbitmq.com/rabbitmq/rabbitmq-erlang/deb/ubuntu focal main"
+    repo: >-
+      deb [arch=amd64 signed-by={{ erlang_gpg_key_path }}]
+      {{ item }}/rabbitmq-erlang/{{ ansible_distribution | lower }}/{{ ansible_distribution_release }}
+      {{ ansible_distribution_release }} main
     state: present
+  loop: "{{ erlang_repo_mirrors }}"
+  loop_control:
+    label: "{{ item }}"
 
 - name: Install Erlang
   when: install_erlang | bool

From cbfe819bc855d9ccad1d9b826e842e3f5a973885 Mon Sep 17 00:00:00 2001
From: hamir-suspect <ahasanbasic@semaphore.io>
Date: Wed, 19 Nov 2025 14:19:20 +0100
Subject: [PATCH 2/4] chore: upgrade erlang version

---
 packer/linux/ansible/group_vars/all.yml          | 3 +++
 packer/linux/ansible/roles/erlang/tasks/main.yml | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/packer/linux/ansible/group_vars/all.yml b/packer/linux/ansible/group_vars/all.yml
index 6642d8d..5c28a27 100644
--- a/packer/linux/ansible/group_vars/all.yml
+++ b/packer/linux/ansible/group_vars/all.yml
@@ -14,6 +14,9 @@ erlang_gpg_key_source_path: "{{ erlang_gpg_key_path }}.asc"
 erlang_repo_mirrors:
   - https://deb1.rabbitmq.com
   - https://deb2.rabbitmq.com
+erlang_package_specs:
+  # Pin Erlang 26.2.5.13 across all Ubuntu releases for consistent builds.
+  default: erlang-base=1:26.2.5.13-1
 cloudwatch_agent_url: https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
 systemd_restart_seconds: 300
 apt_hold_patterns: []
diff --git a/packer/linux/ansible/roles/erlang/tasks/main.yml b/packer/linux/ansible/roles/erlang/tasks/main.yml
index 57ad66a..ab44394 100644
--- a/packer/linux/ansible/roles/erlang/tasks/main.yml
+++ b/packer/linux/ansible/roles/erlang/tasks/main.yml
@@ -33,4 +33,4 @@
   when: install_erlang | bool
   ansible.builtin.apt:
     pkg:
-      - erlang-base=1:24.3.4.17-1
+      - "{{ erlang_package_specs.get(ansible_distribution_release, erlang_package_specs.default) }}"

From df755227a92dc515b2954db591be3b026af4b3b2 Mon Sep 17 00:00:00 2001
From: hamir-suspect <ahasanbasic@semaphore.io>
Date: Wed, 19 Nov 2025 14:49:36 +0100
Subject: [PATCH 3/4] chore: upgrade toolbox

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 84dffdd..abc8920 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@ AMI_ARCH=x86_64
 AMI_PREFIX=semaphore-agent
 AMI_INSTANCE_TYPE=t2.micro
 AGENT_VERSION=v2.2.16
-TOOLBOX_VERSION=v1.20.5
+TOOLBOX_VERSION=v1.38.3
 PACKER_OS=linux
 UBUNTU_VERSION=focal
 SOURCE_AMI?=

From b25216d244d6c9af0bbf57ea5c38b19b062ff1f3 Mon Sep 17 00:00:00 2001
From: hamir-suspect <ahasanbasic@semaphore.io>
Date: Wed, 19 Nov 2025 17:31:26 +0100
Subject: [PATCH 4/4] fix: toolbox version with windows fix

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index abc8920..892223e 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@ AMI_ARCH=x86_64
 AMI_PREFIX=semaphore-agent
 AMI_INSTANCE_TYPE=t2.micro
 AGENT_VERSION=v2.2.16
-TOOLBOX_VERSION=v1.38.3
+TOOLBOX_VERSION=v1.38.4
 PACKER_OS=linux
 UBUNTU_VERSION=focal
 SOURCE_AMI?=