debian-bullseye-*: apt-key is deprecated, use [signed-by] instead

The following warning message appears when running apt-key:

  apt-key is deprecated. Manage keyring files in trusted.gpg.d instead

The apt-key man page mentions that the "use of apt-key is deprecated,
except for the use of apt-key del in maintainer scripts to remove
existing keys from the main keyring".  What's more, "apt-key will last
be available in Debian 11 and Ubuntu 22.04".

Additionally, while the deprecation message says to "manage keyring
files in trusted.gpg.d instead", the Debian wiki states otherwise.
It's recommended to store the keys in /usr/share/keyrings instead,
and then use the 'signed-by' option to reference them.

ee284d5917

Change-Id: I1cae4f49e72f5e4f9d703cdb8f6d117e18e3567c

debian-bullseye-build/Dockerfile

@@ -64,10 +64,9 @@ RUN	apt-get update && \
 # Make respawn.sh part of this image, so it can be used by other images based on it
 COPY	.common/respawn.sh /usr/local/bin/respawn.sh
 
-COPY	.common/Release.key /tmp/Release.key
+COPY	.common/Release.key /usr/share/keyrings/osmocom-nightly.asc
-RUN	apt-key add /tmp/Release.key && \
+RUN	echo "deb [signed-by=/usr/share/keyrings/osmocom-nightly.asc] $OSMOCOM_REPO ./" \
-	rm /tmp/Release.key && \
+		> /etc/apt/sources.list.d/osmocom-nightly.list
-	echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-nightly.list
 
 # Invalidate cache once the repository is updated
 ADD	$OSMOCOM_REPO/Release /tmp/Release

debian-bullseye-erlang/Dockerfile

@@ -44,10 +44,9 @@ RUN	apt-get update && \
 RUN	apt-get update && apt-get install -y \
 		ca-certificates \
 		gnupg
-COPY	.common/Release.key /tmp/Release.key
+COPY	.common/Release.key /usr/share/keyrings/osmocom-latest.asc
-RUN	apt-key add /tmp/Release.key && \
+RUN	echo "deb [signed-by=/usr/share/keyrings/osmocom-latest.asc] $OSMOCOM_REPO ./" \
-	rm /tmp/Release.key && \
+		> /etc/apt/sources.list.d/osmocom-latest.list
-	echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-latest.list
 ADD	$OSMOCOM_REPO/Release /tmp/Release
 
 # add a non-root user under which we will normaly execute build tests

debian-bullseye-jenkins/Dockerfile

@@ -161,10 +161,9 @@ ENV LANG en_US.UTF-8
 # * osmo-remsim: libulfius
 # * osmo-trx: liblimesuite-dev, libuhd-dev
 ARG	OSMOCOM_REPO="${OSMOCOM_REPO_MIRROR}/${OSMOCOM_REPO_PATH}/nightly/Debian_11/"
-COPY	.common/Release.key /tmp/Release.key
+COPY	.common/Release.key /usr/share/keyrings/osmocom-nightly.asc
-RUN	apt-key add /tmp/Release.key && \
+RUN	echo "deb [signed-by=/usr/share/keyrings/osmocom-nightly.asc] $OSMOCOM_REPO ./" \
-	rm /tmp/Release.key && \
+		> /etc/apt/sources.list.d/osmocom-nightly.list
-	echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-nightly.list
 ADD	$OSMOCOM_REPO/Release /tmp/Release
 RUN	apt-get update && \
 	apt-get install -y --no-install-recommends \

debian-bullseye-obs-latest/Dockerfile

@@ -15,10 +15,9 @@ RUN	apt-get update && \
 		&& \
 	apt-get clean
 
-COPY	.common/Release.key /tmp/Release.key
+COPY	.common/Release.key /usr/share/keyrings/osmocom-latest.asc
-RUN	apt-key add /tmp/Release.key && \
+RUN	echo "deb [signed-by=/usr/share/keyrings/osmocom-latest.asc] $OSMOCOM_REPO ./" \
-	rm /tmp/Release.key && \
+		> /etc/apt/sources.list.d/osmocom-latest.list
-	echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-latest.list
 
 # Make respawn.sh part of this image, so it can be used by other images based on it
 COPY	.common/respawn.sh /usr/local/bin/respawn.sh

debian-bullseye-titan/Dockerfile

@@ -9,11 +9,9 @@ RUN	apt-get update && apt-get install -y \
 		ca-certificates \
 		gnupg
 
-COPY	.common/Release.key /tmp/Release.key
+COPY	.common/Release.key /usr/share/keyrings/osmocom-latest.asc
-
+RUN	echo "deb [signed-by=/usr/share/keyrings/osmocom-latest.asc] $OSMOCOM_REPO ./" \
-RUN	apt-key add /tmp/Release.key && \
+		> /etc/apt/sources.list.d/osmocom-latest.list
-	rm /tmp/Release.key && \
-	echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-latest.list
 
 ADD	$OSMOCOM_REPO/Release /tmp/Release
 RUN	apt-get update && \

open5gs-latest/Dockerfile

@@ -1,20 +1,25 @@
 ARG	REGISTRY=docker.io
 FROM	${REGISTRY}/debian:bullseye
+ARG	OPEN5GS_REPO_HOST="https://download.opensuse.org"
+ARG	OPEN5GS_REPO_PATH="repositories/home:/acetcom:/open5gs:"
+ARG	OPEN5GS_REPO="${OPEN5GS_REPO_HOST}/${OPEN5GS_REPO_PATH}/latest/Debian_11"
+ARG	OPEN5GS_KEY=/usr/share/keyrings/open5gs-latest.asc
+ARG	MONGODB_KEY=/usr/share/keyrings/mongodb-org.asc
 
 
 RUN	apt-get update && \
 	apt-get install -y --no-install-recommends \
 		ca-certificates \
-		gnupg
+		gnupg \
+		wget
 
-ADD	https://download.opensuse.org/repositories/home:/acetcom:/open5gs:/latest/Debian_11/Release.key /tmp/Release.key
+RUN	echo "deb [signed-by=$OPEN5GS_KEY] $OPEN5GS_REPO/ ./" \
-ADD	https://pgp.mongodb.com/server-5.0.asc /tmp/server-5.0.asc
-
-RUN	echo "deb http://download.opensuse.org/repositories/home:/acetcom:/open5gs:/latest/Debian_11/ ./" \
 		> /etc/apt/sources.list.d/open5gs.list
-RUN	echo "deb http://repo.mongodb.org/apt/debian bullseye/mongodb-org/5.0 main" \
+RUN	echo "deb [signed-by=$MONGODB_KEY] http://repo.mongodb.org/apt/debian bullseye/mongodb-org/5.0 main" \
 		> /etc/apt/sources.list.d/mongodb-org.list
-RUN	apt-key add /tmp/Release.key && apt-key add /tmp/server-5.0.asc
+
+RUN	wget "$OPEN5GS_REPO/Release.key" -O "$OPEN5GS_KEY" && \
+	wget "https://pgp.mongodb.com/server-5.0.asc" -O "$MONGODB_KEY"
 
 RUN	apt-get update && \
 	apt-get install -y \