From 7a41031b5f095250bfbff78f141a7f603bac1491 Mon Sep 17 00:00:00 2001
From: Vadim Yanitskiy <vyanitskiy@sysmocom.de>
Date: Sun, 19 Feb 2023 05:27:01 +0700
Subject: [PATCH] debian-bullseye-*: apt-key is deprecated, use [signed-by]
 instead

The following warning message appears when running apt-key:

  apt-key is deprecated. Manage keyring files in trusted.gpg.d instead

The apt-key man page mentions that the "use of apt-key is deprecated,
except for the use of apt-key del in maintainer scripts to remove
existing keys from the main keyring".  What's more, "apt-key will last
be available in Debian 11 and Ubuntu 22.04".

Additionally, while the deprecation message says to "manage keyring
files in trusted.gpg.d instead", the Debian wiki states otherwise.
It's recommended to store the keys in /usr/share/keyrings instead,
and then use the 'signed-by' option to reference them.

https://salsa.debian.org/apt-team/apt/-/commit/ee284d5917d09649b68ff1632d44e892f290c52f

Change-Id: I1cae4f49e72f5e4f9d703cdb8f6d117e18e3567c
---
 debian-bullseye-build/Dockerfile      |  7 +++----
 debian-bullseye-erlang/Dockerfile     |  7 +++----
 debian-bullseye-jenkins/Dockerfile    |  7 +++----
 debian-bullseye-obs-latest/Dockerfile |  7 +++----
 debian-bullseye-titan/Dockerfile      |  8 +++-----
 open5gs-latest/Dockerfile             | 19 ++++++++++++-------
 6 files changed, 27 insertions(+), 28 deletions(-)

diff --git a/debian-bullseye-build/Dockerfile b/debian-bullseye-build/Dockerfile
index b1e7cd57..4f09929b 100644
--- a/debian-bullseye-build/Dockerfile
+++ b/debian-bullseye-build/Dockerfile
@@ -64,10 +64,9 @@ RUN	apt-get update && \
 # Make respawn.sh part of this image, so it can be used by other images based on it
 COPY	.common/respawn.sh /usr/local/bin/respawn.sh
 
-COPY	.common/Release.key /tmp/Release.key
-RUN	apt-key add /tmp/Release.key && \
-	rm /tmp/Release.key && \
-	echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-nightly.list
+COPY	.common/Release.key /usr/share/keyrings/osmocom-nightly.asc
+RUN	echo "deb [signed-by=/usr/share/keyrings/osmocom-nightly.asc] $OSMOCOM_REPO ./" \
+		> /etc/apt/sources.list.d/osmocom-nightly.list
 
 # Invalidate cache once the repository is updated
 ADD	$OSMOCOM_REPO/Release /tmp/Release
diff --git a/debian-bullseye-erlang/Dockerfile b/debian-bullseye-erlang/Dockerfile
index e7a584e9..9477ebc6 100644
--- a/debian-bullseye-erlang/Dockerfile
+++ b/debian-bullseye-erlang/Dockerfile
@@ -44,10 +44,9 @@ RUN	apt-get update && \
 RUN	apt-get update && apt-get install -y \
 		ca-certificates \
 		gnupg
-COPY	.common/Release.key /tmp/Release.key
-RUN	apt-key add /tmp/Release.key && \
-	rm /tmp/Release.key && \
-	echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-latest.list
+COPY	.common/Release.key /usr/share/keyrings/osmocom-latest.asc
+RUN	echo "deb [signed-by=/usr/share/keyrings/osmocom-latest.asc] $OSMOCOM_REPO ./" \
+		> /etc/apt/sources.list.d/osmocom-latest.list
 ADD	$OSMOCOM_REPO/Release /tmp/Release
 
 # add a non-root user under which we will normaly execute build tests
diff --git a/debian-bullseye-jenkins/Dockerfile b/debian-bullseye-jenkins/Dockerfile
index 2ef9bba6..71ee08c3 100644
--- a/debian-bullseye-jenkins/Dockerfile
+++ b/debian-bullseye-jenkins/Dockerfile
@@ -161,10 +161,9 @@ ENV LANG en_US.UTF-8
 # * osmo-remsim: libulfius
 # * osmo-trx: liblimesuite-dev, libuhd-dev
 ARG	OSMOCOM_REPO="${OSMOCOM_REPO_MIRROR}/${OSMOCOM_REPO_PATH}/nightly/Debian_11/"
-COPY	.common/Release.key /tmp/Release.key
-RUN	apt-key add /tmp/Release.key && \
-	rm /tmp/Release.key && \
-	echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-nightly.list
+COPY	.common/Release.key /usr/share/keyrings/osmocom-nightly.asc
+RUN	echo "deb [signed-by=/usr/share/keyrings/osmocom-nightly.asc] $OSMOCOM_REPO ./" \
+		> /etc/apt/sources.list.d/osmocom-nightly.list
 ADD	$OSMOCOM_REPO/Release /tmp/Release
 RUN	apt-get update && \
 	apt-get install -y --no-install-recommends \
diff --git a/debian-bullseye-obs-latest/Dockerfile b/debian-bullseye-obs-latest/Dockerfile
index 16320c04..3ab7e1a5 100644
--- a/debian-bullseye-obs-latest/Dockerfile
+++ b/debian-bullseye-obs-latest/Dockerfile
@@ -15,10 +15,9 @@ RUN	apt-get update && \
 		&& \
 	apt-get clean
 
-COPY	.common/Release.key /tmp/Release.key
-RUN	apt-key add /tmp/Release.key && \
-	rm /tmp/Release.key && \
-	echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-latest.list
+COPY	.common/Release.key /usr/share/keyrings/osmocom-latest.asc
+RUN	echo "deb [signed-by=/usr/share/keyrings/osmocom-latest.asc] $OSMOCOM_REPO ./" \
+		> /etc/apt/sources.list.d/osmocom-latest.list
 
 # Make respawn.sh part of this image, so it can be used by other images based on it
 COPY	.common/respawn.sh /usr/local/bin/respawn.sh
diff --git a/debian-bullseye-titan/Dockerfile b/debian-bullseye-titan/Dockerfile
index 49650a0f..c9f53926 100644
--- a/debian-bullseye-titan/Dockerfile
+++ b/debian-bullseye-titan/Dockerfile
@@ -9,11 +9,9 @@ RUN	apt-get update && apt-get install -y \
 		ca-certificates \
 		gnupg
 
-COPY	.common/Release.key /tmp/Release.key
-
-RUN	apt-key add /tmp/Release.key && \
-	rm /tmp/Release.key && \
-	echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-latest.list
+COPY	.common/Release.key /usr/share/keyrings/osmocom-latest.asc
+RUN	echo "deb [signed-by=/usr/share/keyrings/osmocom-latest.asc] $OSMOCOM_REPO ./" \
+		> /etc/apt/sources.list.d/osmocom-latest.list
 
 ADD	$OSMOCOM_REPO/Release /tmp/Release
 RUN	apt-get update && \
diff --git a/open5gs-latest/Dockerfile b/open5gs-latest/Dockerfile
index 519701ca..683f7c78 100644
--- a/open5gs-latest/Dockerfile
+++ b/open5gs-latest/Dockerfile
@@ -1,20 +1,25 @@
 ARG	REGISTRY=docker.io
 FROM	${REGISTRY}/debian:bullseye
+ARG	OPEN5GS_REPO_HOST="https://download.opensuse.org"
+ARG	OPEN5GS_REPO_PATH="repositories/home:/acetcom:/open5gs:"
+ARG	OPEN5GS_REPO="${OPEN5GS_REPO_HOST}/${OPEN5GS_REPO_PATH}/latest/Debian_11"
+ARG	OPEN5GS_KEY=/usr/share/keyrings/open5gs-latest.asc
+ARG	MONGODB_KEY=/usr/share/keyrings/mongodb-org.asc
 
 
 RUN	apt-get update && \
 	apt-get install -y --no-install-recommends \
 		ca-certificates \
-		gnupg
+		gnupg \
+		wget
 
-ADD	https://download.opensuse.org/repositories/home:/acetcom:/open5gs:/latest/Debian_11/Release.key /tmp/Release.key
-ADD	https://pgp.mongodb.com/server-5.0.asc /tmp/server-5.0.asc
-
-RUN	echo "deb http://download.opensuse.org/repositories/home:/acetcom:/open5gs:/latest/Debian_11/ ./" \
+RUN	echo "deb [signed-by=$OPEN5GS_KEY] $OPEN5GS_REPO/ ./" \
 		> /etc/apt/sources.list.d/open5gs.list
-RUN	echo "deb http://repo.mongodb.org/apt/debian bullseye/mongodb-org/5.0 main" \
+RUN	echo "deb [signed-by=$MONGODB_KEY] http://repo.mongodb.org/apt/debian bullseye/mongodb-org/5.0 main" \
 		> /etc/apt/sources.list.d/mongodb-org.list
-RUN	apt-key add /tmp/Release.key && apt-key add /tmp/server-5.0.asc
+
+RUN	wget "$OPEN5GS_REPO/Release.key" -O "$OPEN5GS_KEY" && \
+	wget "https://pgp.mongodb.com/server-5.0.asc" -O "$MONGODB_KEY"
 
 RUN	apt-get update && \
 	apt-get install -y \