debian-bullseye-*: apt-key is deprecated, use [signed-by] instead

The following warning message appears when running apt-key:

  apt-key is deprecated. Manage keyring files in trusted.gpg.d instead

The apt-key man page mentions that the "use of apt-key is deprecated,
except for the use of apt-key del in maintainer scripts to remove
existing keys from the main keyring".  What's more, "apt-key will last
be available in Debian 11 and Ubuntu 22.04".

Additionally, while the deprecation message says to "manage keyring
files in trusted.gpg.d instead", the Debian wiki states otherwise.
It's recommended to store the keys in /usr/share/keyrings instead,
and then use the 'signed-by' option to reference them.

ee284d5917

Change-Id: I1cae4f49e72f5e4f9d703cdb8f6d117e18e3567c
This commit is contained in:
Vadim Yanitskiy 2023-02-19 05:27:01 +07:00
parent bb1b35e725
commit 7a41031b5f
6 changed files with 27 additions and 28 deletions

View File

@ -64,10 +64,9 @@ RUN apt-get update && \
# Make respawn.sh part of this image, so it can be used by other images based on it
COPY .common/respawn.sh /usr/local/bin/respawn.sh
COPY .common/Release.key /tmp/Release.key
RUN apt-key add /tmp/Release.key && \
rm /tmp/Release.key && \
echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-nightly.list
COPY .common/Release.key /usr/share/keyrings/osmocom-nightly.asc
RUN echo "deb [signed-by=/usr/share/keyrings/osmocom-nightly.asc] $OSMOCOM_REPO ./" \
> /etc/apt/sources.list.d/osmocom-nightly.list
# Invalidate cache once the repository is updated
ADD $OSMOCOM_REPO/Release /tmp/Release

View File

@ -44,10 +44,9 @@ RUN apt-get update && \
RUN apt-get update && apt-get install -y \
ca-certificates \
gnupg
COPY .common/Release.key /tmp/Release.key
RUN apt-key add /tmp/Release.key && \
rm /tmp/Release.key && \
echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-latest.list
COPY .common/Release.key /usr/share/keyrings/osmocom-latest.asc
RUN echo "deb [signed-by=/usr/share/keyrings/osmocom-latest.asc] $OSMOCOM_REPO ./" \
> /etc/apt/sources.list.d/osmocom-latest.list
ADD $OSMOCOM_REPO/Release /tmp/Release
# add a non-root user under which we will normaly execute build tests

View File

@ -161,10 +161,9 @@ ENV LANG en_US.UTF-8
# * osmo-remsim: libulfius
# * osmo-trx: liblimesuite-dev, libuhd-dev
ARG OSMOCOM_REPO="${OSMOCOM_REPO_MIRROR}/${OSMOCOM_REPO_PATH}/nightly/Debian_11/"
COPY .common/Release.key /tmp/Release.key
RUN apt-key add /tmp/Release.key && \
rm /tmp/Release.key && \
echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-nightly.list
COPY .common/Release.key /usr/share/keyrings/osmocom-nightly.asc
RUN echo "deb [signed-by=/usr/share/keyrings/osmocom-nightly.asc] $OSMOCOM_REPO ./" \
> /etc/apt/sources.list.d/osmocom-nightly.list
ADD $OSMOCOM_REPO/Release /tmp/Release
RUN apt-get update && \
apt-get install -y --no-install-recommends \

View File

@ -15,10 +15,9 @@ RUN apt-get update && \
&& \
apt-get clean
COPY .common/Release.key /tmp/Release.key
RUN apt-key add /tmp/Release.key && \
rm /tmp/Release.key && \
echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-latest.list
COPY .common/Release.key /usr/share/keyrings/osmocom-latest.asc
RUN echo "deb [signed-by=/usr/share/keyrings/osmocom-latest.asc] $OSMOCOM_REPO ./" \
> /etc/apt/sources.list.d/osmocom-latest.list
# Make respawn.sh part of this image, so it can be used by other images based on it
COPY .common/respawn.sh /usr/local/bin/respawn.sh

View File

@ -9,11 +9,9 @@ RUN apt-get update && apt-get install -y \
ca-certificates \
gnupg
COPY .common/Release.key /tmp/Release.key
RUN apt-key add /tmp/Release.key && \
rm /tmp/Release.key && \
echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-latest.list
COPY .common/Release.key /usr/share/keyrings/osmocom-latest.asc
RUN echo "deb [signed-by=/usr/share/keyrings/osmocom-latest.asc] $OSMOCOM_REPO ./" \
> /etc/apt/sources.list.d/osmocom-latest.list
ADD $OSMOCOM_REPO/Release /tmp/Release
RUN apt-get update && \

View File

@ -1,20 +1,25 @@
ARG REGISTRY=docker.io
FROM ${REGISTRY}/debian:bullseye
ARG OPEN5GS_REPO_HOST="https://download.opensuse.org"
ARG OPEN5GS_REPO_PATH="repositories/home:/acetcom:/open5gs:"
ARG OPEN5GS_REPO="${OPEN5GS_REPO_HOST}/${OPEN5GS_REPO_PATH}/latest/Debian_11"
ARG OPEN5GS_KEY=/usr/share/keyrings/open5gs-latest.asc
ARG MONGODB_KEY=/usr/share/keyrings/mongodb-org.asc
RUN apt-get update && \
apt-get install -y --no-install-recommends \
ca-certificates \
gnupg
gnupg \
wget
ADD https://download.opensuse.org/repositories/home:/acetcom:/open5gs:/latest/Debian_11/Release.key /tmp/Release.key
ADD https://pgp.mongodb.com/server-5.0.asc /tmp/server-5.0.asc
RUN echo "deb http://download.opensuse.org/repositories/home:/acetcom:/open5gs:/latest/Debian_11/ ./" \
RUN echo "deb [signed-by=$OPEN5GS_KEY] $OPEN5GS_REPO/ ./" \
> /etc/apt/sources.list.d/open5gs.list
RUN echo "deb http://repo.mongodb.org/apt/debian bullseye/mongodb-org/5.0 main" \
RUN echo "deb [signed-by=$MONGODB_KEY] http://repo.mongodb.org/apt/debian bullseye/mongodb-org/5.0 main" \
> /etc/apt/sources.list.d/mongodb-org.list
RUN apt-key add /tmp/Release.key && apt-key add /tmp/server-5.0.asc
RUN wget "$OPEN5GS_REPO/Release.key" -O "$OPEN5GS_KEY" && \
wget "https://pgp.mongodb.com/server-5.0.asc" -O "$MONGODB_KEY"
RUN apt-get update && \
apt-get install -y \