diff options
author | Vadim Yanitskiy <vyanitskiy@sysmocom.de> | 2023-02-19 05:27:01 +0700 |
---|---|---|
committer | Vadim Yanitskiy <vyanitskiy@sysmocom.de> | 2023-02-20 16:39:07 +0700 |
commit | 7a41031b5f095250bfbff78f141a7f603bac1491 (patch) | |
tree | 1cd9dcd02ffe2d5a4e58c9b66d6b1bdac191229a | |
parent | bb1b35e725ee55110a333fad8c2b4cc432cb43d9 (diff) |
debian-bullseye-*: apt-key is deprecated, use [signed-by] instead
The following warning message appears when running apt-key:
apt-key is deprecated. Manage keyring files in trusted.gpg.d instead
The apt-key man page mentions that the "use of apt-key is deprecated,
except for the use of apt-key del in maintainer scripts to remove
existing keys from the main keyring". What's more, "apt-key will last
be available in Debian 11 and Ubuntu 22.04".
Additionally, while the deprecation message says to "manage keyring
files in trusted.gpg.d instead", the Debian wiki states otherwise.
It's recommended to store the keys in /usr/share/keyrings instead,
and then use the 'signed-by' option to reference them.
https://salsa.debian.org/apt-team/apt/-/commit/ee284d5917d09649b68ff1632d44e892f290c52f
Change-Id: I1cae4f49e72f5e4f9d703cdb8f6d117e18e3567c
-rw-r--r-- | debian-bullseye-build/Dockerfile | 7 | ||||
-rw-r--r-- | debian-bullseye-erlang/Dockerfile | 7 | ||||
-rw-r--r-- | debian-bullseye-jenkins/Dockerfile | 7 | ||||
-rw-r--r-- | debian-bullseye-obs-latest/Dockerfile | 7 | ||||
-rw-r--r-- | debian-bullseye-titan/Dockerfile | 8 | ||||
-rw-r--r-- | open5gs-latest/Dockerfile | 19 |
6 files changed, 27 insertions, 28 deletions
diff --git a/debian-bullseye-build/Dockerfile b/debian-bullseye-build/Dockerfile index b1e7cd5..4f09929 100644 --- a/debian-bullseye-build/Dockerfile +++ b/debian-bullseye-build/Dockerfile @@ -64,10 +64,9 @@ RUN apt-get update && \ # Make respawn.sh part of this image, so it can be used by other images based on it COPY .common/respawn.sh /usr/local/bin/respawn.sh -COPY .common/Release.key /tmp/Release.key -RUN apt-key add /tmp/Release.key && \ - rm /tmp/Release.key && \ - echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-nightly.list +COPY .common/Release.key /usr/share/keyrings/osmocom-nightly.asc +RUN echo "deb [signed-by=/usr/share/keyrings/osmocom-nightly.asc] $OSMOCOM_REPO ./" \ + > /etc/apt/sources.list.d/osmocom-nightly.list # Invalidate cache once the repository is updated ADD $OSMOCOM_REPO/Release /tmp/Release diff --git a/debian-bullseye-erlang/Dockerfile b/debian-bullseye-erlang/Dockerfile index e7a584e..9477ebc 100644 --- a/debian-bullseye-erlang/Dockerfile +++ b/debian-bullseye-erlang/Dockerfile @@ -44,10 +44,9 @@ RUN apt-get update && \ RUN apt-get update && apt-get install -y \ ca-certificates \ gnupg -COPY .common/Release.key /tmp/Release.key -RUN apt-key add /tmp/Release.key && \ - rm /tmp/Release.key && \ - echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-latest.list +COPY .common/Release.key /usr/share/keyrings/osmocom-latest.asc +RUN echo "deb [signed-by=/usr/share/keyrings/osmocom-latest.asc] $OSMOCOM_REPO ./" \ + > /etc/apt/sources.list.d/osmocom-latest.list ADD $OSMOCOM_REPO/Release /tmp/Release # add a non-root user under which we will normaly execute build tests diff --git a/debian-bullseye-jenkins/Dockerfile b/debian-bullseye-jenkins/Dockerfile index 2ef9bba..71ee08c 100644 --- a/debian-bullseye-jenkins/Dockerfile +++ b/debian-bullseye-jenkins/Dockerfile @@ -161,10 +161,9 @@ ENV LANG en_US.UTF-8 # * osmo-remsim: libulfius # * osmo-trx: liblimesuite-dev, libuhd-dev ARG OSMOCOM_REPO="${OSMOCOM_REPO_MIRROR}/${OSMOCOM_REPO_PATH}/nightly/Debian_11/" -COPY .common/Release.key /tmp/Release.key -RUN apt-key add /tmp/Release.key && \ - rm /tmp/Release.key && \ - echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-nightly.list +COPY .common/Release.key /usr/share/keyrings/osmocom-nightly.asc +RUN echo "deb [signed-by=/usr/share/keyrings/osmocom-nightly.asc] $OSMOCOM_REPO ./" \ + > /etc/apt/sources.list.d/osmocom-nightly.list ADD $OSMOCOM_REPO/Release /tmp/Release RUN apt-get update && \ apt-get install -y --no-install-recommends \ diff --git a/debian-bullseye-obs-latest/Dockerfile b/debian-bullseye-obs-latest/Dockerfile index 16320c0..3ab7e1a 100644 --- a/debian-bullseye-obs-latest/Dockerfile +++ b/debian-bullseye-obs-latest/Dockerfile @@ -15,10 +15,9 @@ RUN apt-get update && \ && \ apt-get clean -COPY .common/Release.key /tmp/Release.key -RUN apt-key add /tmp/Release.key && \ - rm /tmp/Release.key && \ - echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-latest.list +COPY .common/Release.key /usr/share/keyrings/osmocom-latest.asc +RUN echo "deb [signed-by=/usr/share/keyrings/osmocom-latest.asc] $OSMOCOM_REPO ./" \ + > /etc/apt/sources.list.d/osmocom-latest.list # Make respawn.sh part of this image, so it can be used by other images based on it COPY .common/respawn.sh /usr/local/bin/respawn.sh diff --git a/debian-bullseye-titan/Dockerfile b/debian-bullseye-titan/Dockerfile index 49650a0..c9f5392 100644 --- a/debian-bullseye-titan/Dockerfile +++ b/debian-bullseye-titan/Dockerfile @@ -9,11 +9,9 @@ RUN apt-get update && apt-get install -y \ ca-certificates \ gnupg -COPY .common/Release.key /tmp/Release.key - -RUN apt-key add /tmp/Release.key && \ - rm /tmp/Release.key && \ - echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-latest.list +COPY .common/Release.key /usr/share/keyrings/osmocom-latest.asc +RUN echo "deb [signed-by=/usr/share/keyrings/osmocom-latest.asc] $OSMOCOM_REPO ./" \ + > /etc/apt/sources.list.d/osmocom-latest.list ADD $OSMOCOM_REPO/Release /tmp/Release RUN apt-get update && \ diff --git a/open5gs-latest/Dockerfile b/open5gs-latest/Dockerfile index 519701c..683f7c7 100644 --- a/open5gs-latest/Dockerfile +++ b/open5gs-latest/Dockerfile @@ -1,20 +1,25 @@ ARG REGISTRY=docker.io FROM ${REGISTRY}/debian:bullseye +ARG OPEN5GS_REPO_HOST="https://download.opensuse.org" +ARG OPEN5GS_REPO_PATH="repositories/home:/acetcom:/open5gs:" +ARG OPEN5GS_REPO="${OPEN5GS_REPO_HOST}/${OPEN5GS_REPO_PATH}/latest/Debian_11" +ARG OPEN5GS_KEY=/usr/share/keyrings/open5gs-latest.asc +ARG MONGODB_KEY=/usr/share/keyrings/mongodb-org.asc RUN apt-get update && \ apt-get install -y --no-install-recommends \ ca-certificates \ - gnupg + gnupg \ + wget -ADD https://download.opensuse.org/repositories/home:/acetcom:/open5gs:/latest/Debian_11/Release.key /tmp/Release.key -ADD https://pgp.mongodb.com/server-5.0.asc /tmp/server-5.0.asc - -RUN echo "deb http://download.opensuse.org/repositories/home:/acetcom:/open5gs:/latest/Debian_11/ ./" \ +RUN echo "deb [signed-by=$OPEN5GS_KEY] $OPEN5GS_REPO/ ./" \ > /etc/apt/sources.list.d/open5gs.list -RUN echo "deb http://repo.mongodb.org/apt/debian bullseye/mongodb-org/5.0 main" \ +RUN echo "deb [signed-by=$MONGODB_KEY] http://repo.mongodb.org/apt/debian bullseye/mongodb-org/5.0 main" \ > /etc/apt/sources.list.d/mongodb-org.list -RUN apt-key add /tmp/Release.key && apt-key add /tmp/server-5.0.asc + +RUN wget "$OPEN5GS_REPO/Release.key" -O "$OPEN5GS_KEY" && \ + wget "https://pgp.mongodb.com/server-5.0.asc" -O "$MONGODB_KEY" RUN apt-get update && \ apt-get install -y \ |