MT#11455 Clean up keyring usage flow

1) Previously we were installing keys everywhere,
this produces a mess, so lets install them once on start.

2) GRML bypass /etc/apt/trusted.gpg.d/sipwise.gpg to NGCP CHROOT via install-sipwise-key.sh.
So we have /etc/apt/trusted.gpg.d/sipwise.gpg on every installed VM for wheezy/squeezy/jessie.

3) /var/log/deployment-installer-debug.log on all plain and NGCP VMs contains:
> echo "Sipwise Debian mirror key is already present."
So, we can safetely clean it from vagrant_configuration, IMHO.

Change-Id: I873f87faed24df4a93474cf17f41eb19e8a14ab1

deployment.sh

@@ -154,6 +154,14 @@ install_sipwise_key() {
   if [ "$md5sum_sipwise_key_calculated" != "$md5sum_sipwise_key_expected" ] ; then
     die "Error validating sipwise keyring for apt usage (expected: [$md5sum_sipwise_key_expected] - got: [$md5sum_sipwise_key_calculated])"
   fi
+
+  mkdir -p /etc/debootstrap/pre-scripts/
+  cat > /etc/debootstrap/pre-scripts/install-sipwise-key.sh << EOF
+#!/bin/bash
+# installed via deployment.sh
+cp /etc/apt/trusted.gpg.d/sipwise.gpg "\${MNTPOINT}"/etc/apt/trusted.gpg.d/
+EOF
+  chmod 775 /etc/debootstrap/pre-scripts/install-sipwise-key.sh
 }
 
 # see MT#6253
@@ -181,8 +189,6 @@ fai_upgrade() {
     return 0
   fi
 
-  install_sipwise_key
-
   # use temporary apt database for speed reasons
   local TMPDIR=$(mktemp -d)
   mkdir -p "${TMPDIR}/statedir/lists/partial" "${TMPDIR}/cachedir/archives/partial"
@@ -211,8 +217,6 @@ grml_debootstrap_upgrade() {
     local debsrcfile=$(mktemp)
     echo "deb http://${SIPWISE_REPO_HOST}/grml.org grml-testing main" >> "$debsrcfile"
 
-    install_sipwise_key
-
     DEBIAN_FRONTEND='noninteractive' apt-get -o dir::cache="${TMPDIR}/cachedir" \
       -o dir::state="${TMPDIR}/statedir" -o dir::etc::sourcelist="$debsrcfile" \
       -o Dir::Etc::sourceparts=/dev/null update
@@ -624,6 +628,9 @@ if ! "$NGCP_INSTALLER" ; then
   unset ROLE
 fi
 
+set_deploy_status "installing_sipwise_keys"
+install_sipwise_key
+
 set_deploy_status "grml_debootstrap_upgrade"
 grml_debootstrap_upgrade
 
@@ -1101,16 +1108,6 @@ $FIRMWARE_PACKAGES
 EOF
 fi
 
-install_sipwise_key
-
-mkdir -p /etc/debootstrap/pre-scripts/
-cat > /etc/debootstrap/pre-scripts/install-sipwise-key.sh << EOF
-#!/bin/bash
-# installed via deployment.sh
-cp /etc/apt/trusted.gpg.d/sipwise.gpg "\${MNTPOINT}"/etc/apt/trusted.gpg.d/
-EOF
-chmod 775 /etc/debootstrap/pre-scripts/install-sipwise-key.sh
-
 # NOTE: we use the debian.sipwise.com CNAME by intention here
 # to avoid conflicts with apt-pinning, preferring deb.sipwise.com
 # over official Debian
@@ -1978,16 +1975,6 @@ EOF
 }
 
 vagrant_configuration() {
-  # if ngcp-keyring isn't present (e.g. on plain Debian systems) then we have
-  # to install our key for usage of our own Debian mirror
-  if grml-chroot "${TARGET}" apt-key list | grep -q 680FBA8A ; then
-    echo "Sipwise Debian mirror key is already present."
-  else
-    echo "Installing Sipwise Debian mirror key (680FBA8A)."
-    grml-chroot "${TARGET}" wget -O /etc/apt/680FBA8A.asc http://${SIPWISE_REPO_HOST}/autobuild/680FBA8A.asc
-    grml-chroot "${TARGET}" apt-key add /etc/apt/680FBA8A.asc
-  fi
-
   # make sure we use the most recent package versions, including apt-key setup
   grml-chroot "${TARGET}" apt-get update