From 41ea290e6839e174ab634409989cf1d345f0d0dd Mon Sep 17 00:00:00 2001
From: Michal Arbet <michal.arbet@ultimum.io>
Date: Tue, 24 Jan 2023 15:38:04 +0100
Subject: [PATCH] Debian/Ubuntu: handle APT keys in proper way

apt-key is deprecated and in Debian 'bullseye' it complain when we use
it the way we did.

The right way is to store key files in separate directory and then, for
each repo source file, point to proper key. And this is what this patch
does.

Both distros use the same keys now.

More info:
  - https://losst.pro/en/how-to-fix-key-is-stored-in-legacy-trusted-gpg-keyring-in-ubuntu
  - https://wiki.debian.org/DebianRepository/UseThirdParty

Change-Id: I4a5116499b13fff0b9523ed29acb080df110e2d4
---
 roles/docker/defaults/main.yml     |  3 +--
 roles/docker/tasks/repo-Debian.yml | 14 +++++++++++---
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml
index f4419be..39c7d28 100644
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@@ -7,9 +7,8 @@ enable_docker_repo: "{% if ansible_facts.distribution == 'openEuler' %}false{% e
 
 # Docker APT repository configuration.
 docker_apt_url: "https://download.docker.com/linux/{{ ansible_facts.distribution | lower }}"
-docker_apt_repo: "deb {{ docker_apt_url }} {{ ansible_facts.distribution_release }} stable"
+docker_apt_repo: "deb [signed-by=/etc/apt/keyrings/docker.asc] {{ docker_apt_url }} {{ ansible_facts.distribution_release }} stable"
 docker_apt_key_file: "gpg"
-docker_apt_key_id: "0EBFCD88"
 docker_apt_package: "docker-ce"
 
 # Docker Yum repository configuration.
diff --git a/roles/docker/tasks/repo-Debian.yml b/roles/docker/tasks/repo-Debian.yml
index fac2656..e754c68 100644
--- a/roles/docker/tasks/repo-Debian.yml
+++ b/roles/docker/tasks/repo-Debian.yml
@@ -16,11 +16,19 @@
     recurse: yes
   become: True
 
+- name: Ensure apt keyrings directory exists
+  file:
+    path: /etc/apt/keyrings
+    state: directory
+    recurse: yes
+  become: True
+
 - name: Install docker apt gpg key
-  apt_key:
+  get_url:
     url: "{{ docker_apt_url }}/{{ docker_apt_key_file }}"
-    id: "{{ docker_apt_key_id }}"
-    state: present
+    dest: "/etc/apt/keyrings/docker.asc"
+    mode: "0644"
+    force: true
   become: True
 
 - name: Enable docker apt repository