* the key should be shipped as a key fragment in /usr/share/keyrings/ubuntu-keyring-extended-security-maintainance.gpg
* the shell script should simply copy that key fragment into /etc/apt/trusted.gpg.d/ upon enablement of the ESM repository
* there should not be encoded binary in the shell script, and no need to call apt-key; just a cp.
* the script should check for and install apt-transport-https if missing
* the key should be shipped as a key fragment in /usr/share/ keyrings/ ubuntu- keyring- extended- security- maintainance. gpg
* the shell script should simply copy that key fragment into /etc/apt/ trusted. gpg.d/ upon enablement of the ESM repository
* there should not be encoded binary in the shell script, and no need to call apt-key; just a cp.
* the script should check for and install apt-transport-https if missing