fixeria has submitted this change. ( https://gerrit.osmocom.org/c/docker-playground/+/31366 ) Change subject: debian-bullseye-*: apt-key is deprecated, use [signed-by] instead ...................................................................... debian-bullseye-*: apt-key is deprecated, use [signed-by] instead The following warning message appears when running apt-key: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead The apt-key man page mentions that the "use of apt-key is deprecated, except for the use of apt-key del in maintainer scripts to remove existing keys from the main keyring". What's more, "apt-key will last be available in Debian 11 and Ubuntu 22.04". Additionally, while the deprecation message says to "manage keyring files in trusted.gpg.d instead", the Debian wiki states otherwise. It's recommended to store the keys in /usr/share/keyrings instead, and then use the 'signed-by' option to reference them. https://salsa.debian.org/apt-team/apt/-/commit/ee284d5917d09649b68ff1632d44… Change-Id: I1cae4f49e72f5e4f9d703cdb8f6d117e18e3567c --- M debian-bullseye-build/Dockerfile M debian-bullseye-erlang/Dockerfile M debian-bullseye-jenkins/Dockerfile M debian-bullseye-obs-latest/Dockerfile M debian-bullseye-titan/Dockerfile M open5gs-latest/Dockerfile 6 files changed, 52 insertions(+), 28 deletions(-) Approvals: Jenkins Builder: Verified laforge: Looks good to me, but someone else must approve osmith: Looks good to me, approved diff --git a/debian-bullseye-build/Dockerfile b/debian-bullseye-build/Dockerfile index b1e7cd5..4f09929 100644 --- a/debian-bullseye-build/Dockerfile +++ b/debian-bullseye-build/Dockerfile @@ -64,10 +64,9 @@ # Make respawn.sh part of this image, so it can be used by other images based on it COPY .common/respawn.sh /usr/local/bin/respawn.sh -COPY .common/Release.key /tmp/Release.key -RUN apt-key add /tmp/Release.key && \ - rm /tmp/Release.key && \ - echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-nightly.list +COPY .common/Release.key /usr/share/keyrings/osmocom-nightly.asc +RUN echo "deb [signed-by=/usr/share/keyrings/osmocom-nightly.asc] $OSMOCOM_REPO ./" \ + > /etc/apt/sources.list.d/osmocom-nightly.list # Invalidate cache once the repository is updated ADD $OSMOCOM_REPO/Release /tmp/Release diff --git a/debian-bullseye-erlang/Dockerfile b/debian-bullseye-erlang/Dockerfile index e7a584e..9477ebc 100644 --- a/debian-bullseye-erlang/Dockerfile +++ b/debian-bullseye-erlang/Dockerfile @@ -44,10 +44,9 @@ RUN apt-get update && apt-get install -y \ ca-certificates \ gnupg -COPY .common/Release.key /tmp/Release.key -RUN apt-key add /tmp/Release.key && \ - rm /tmp/Release.key && \ - echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-latest.list +COPY .common/Release.key /usr/share/keyrings/osmocom-latest.asc +RUN echo "deb [signed-by=/usr/share/keyrings/osmocom-latest.asc] $OSMOCOM_REPO ./" \ + > /etc/apt/sources.list.d/osmocom-latest.list ADD $OSMOCOM_REPO/Release /tmp/Release # add a non-root user under which we will normaly execute build tests diff --git a/debian-bullseye-jenkins/Dockerfile b/debian-bullseye-jenkins/Dockerfile index 2ef9bba..71ee08c 100644 --- a/debian-bullseye-jenkins/Dockerfile +++ b/debian-bullseye-jenkins/Dockerfile @@ -161,10 +161,9 @@ # * osmo-remsim: libulfius # * osmo-trx: liblimesuite-dev, libuhd-dev ARG OSMOCOM_REPO="${OSMOCOM_REPO_MIRROR}/${OSMOCOM_REPO_PATH}/nightly/Debian_11/" -COPY .common/Release.key /tmp/Release.key -RUN apt-key add /tmp/Release.key && \ - rm /tmp/Release.key && \ - echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-nightly.list +COPY .common/Release.key /usr/share/keyrings/osmocom-nightly.asc +RUN echo "deb [signed-by=/usr/share/keyrings/osmocom-nightly.asc] $OSMOCOM_REPO ./" \ + > /etc/apt/sources.list.d/osmocom-nightly.list ADD $OSMOCOM_REPO/Release /tmp/Release RUN apt-get update && \ apt-get install -y --no-install-recommends \ diff --git a/debian-bullseye-obs-latest/Dockerfile b/debian-bullseye-obs-latest/Dockerfile index 16320c0..3ab7e1a 100644 --- a/debian-bullseye-obs-latest/Dockerfile +++ b/debian-bullseye-obs-latest/Dockerfile @@ -15,10 +15,9 @@ && \ apt-get clean -COPY .common/Release.key /tmp/Release.key -RUN apt-key add /tmp/Release.key && \ - rm /tmp/Release.key && \ - echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-latest.list +COPY .common/Release.key /usr/share/keyrings/osmocom-latest.asc +RUN echo "deb [signed-by=/usr/share/keyrings/osmocom-latest.asc] $OSMOCOM_REPO ./" \ + > /etc/apt/sources.list.d/osmocom-latest.list # Make respawn.sh part of this image, so it can be used by other images based on it COPY .common/respawn.sh /usr/local/bin/respawn.sh diff --git a/debian-bullseye-titan/Dockerfile b/debian-bullseye-titan/Dockerfile index 49650a0..c9f5392 100644 --- a/debian-bullseye-titan/Dockerfile +++ b/debian-bullseye-titan/Dockerfile @@ -9,11 +9,9 @@ ca-certificates \ gnupg -COPY .common/Release.key /tmp/Release.key - -RUN apt-key add /tmp/Release.key && \ - rm /tmp/Release.key && \ - echo "deb " $OSMOCOM_REPO " ./" > /etc/apt/sources.list.d/osmocom-latest.list +COPY .common/Release.key /usr/share/keyrings/osmocom-latest.asc +RUN echo "deb [signed-by=/usr/share/keyrings/osmocom-latest.asc] $OSMOCOM_REPO ./" \ + > /etc/apt/sources.list.d/osmocom-latest.list ADD $OSMOCOM_REPO/Release /tmp/Release RUN apt-get update && \ diff --git a/open5gs-latest/Dockerfile b/open5gs-latest/Dockerfile index 519701c..683f7c7 100644 --- a/open5gs-latest/Dockerfile +++ b/open5gs-latest/Dockerfile @@ -1,20 +1,25 @@ ARG REGISTRY=docker.io FROM ${REGISTRY}/debian:bullseye +ARG OPEN5GS_REPO_HOST="https://download.opensuse.org" +ARG OPEN5GS_REPO_PATH="repositories/home:/acetcom:/open5gs:" +ARG OPEN5GS_REPO="${OPEN5GS_REPO_HOST}/${OPEN5GS_REPO_PATH}/latest/Debian_11" +ARG OPEN5GS_KEY=/usr/share/keyrings/open5gs-latest.asc +ARG MONGODB_KEY=/usr/share/keyrings/mongodb-org.asc RUN apt-get update && \ apt-get install -y --no-install-recommends \ ca-certificates \ - gnupg + gnupg \ + wget -ADD https://download.opensuse.org/repositories/home:/acetcom:/open5gs:/latest/D… /tmp/Release.key -ADD https://pgp.mongodb.com/server-5.0.asc /tmp/server-5.0.asc - -RUN echo "deb http://download.opensuse.org/repositories/home:/acetcom:/open5gs:/latest/De… ./" \ +RUN echo "deb [signed-by=$OPEN5GS_KEY] $OPEN5GS_REPO/ ./" \ -RUN echo "deb http://repo.mongodb.org/apt/debian bullseye/mongodb-org/5.0 main" \ +RUN echo "deb [signed-by=$MONGODB_KEY] http://repo.mongodb.org/apt/debian bullseye/mongodb-org/5.0 main" \ -RUN apt-key add /tmp/Release.key && apt-key add /tmp/server-5.0.asc + +RUN wget "$OPEN5GS_REPO/Release.key" -O "$OPEN5GS_KEY" && \ + wget "https://pgp.mongodb.com/server-5.0.asc" -O "$MONGODB_KEY" RUN apt-get update && \ apt-get install -y \ -- To view, visit https://gerrit.osmocom.org/c/docker-playground/+/31366 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: docker-playground Gerrit-Branch: master Gerrit-Change-Id: I1cae4f49e72f5e4f9d703cdb8f6d117e18e3567c Gerrit-Change-Number: 31366 Gerrit-PatchSet: 3 Gerrit-Owner: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Reviewer: msuraev <msuraev(a)sysmocom.de> Gerrit-Reviewer: osmith <osmith(a)sysmocom.de> Gerrit-Reviewer: pespin <pespin(a)sysmocom.de> Gerrit-MessageType: merged