use singed-by= option for source list entries of external repos

author: Christian Pointner <equinox@spreadspace.org> 2021-08-12 23:23:04 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2021-08-12 23:23:04 +0200
commit: f73c8ff53d234c8a0d855cc9bdd6e9575d3e355a (patch)
tree: 6205d52cb9d89a7414dbe0d1faa01e1f61822937 /roles/apt-repo/docker-com/tasks
parent: linux/ipv4: disable log_martians by default (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/roles/apt-repo/docker-com/tasks/main.yml b/roles/apt-repo/docker-com/tasks/main.yml
index 3ebfa87f..7b34c3d4 100644
--- a/roles/apt-repo/docker-com/tasks/main.yml
+++ b/roles/apt-repo/docker-com/tasks/main.yml
@@ -2,13 +2,19 @@
 - name: add repository key
   copy:
     src: repo.gpg
-    dest: /etc/apt/trusted.gpg.d/docker-com.gpg
+    dest: /etc/apt/keyrings/docker-com.gpg
   register: apt_repo_docker_com_key
 
+## TODO: remove once all servers have been converted
+- name: remove repository key from old location
+  file:
+    path: /etc/apt/trusted.gpg.d/docker-com.gpg
+    state: absent
+
 - name: add repository entry
   copy:
     content: |
-      deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
+      deb [signed-by=/etc/apt/keyrings/docker-com.gpg] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
     dest: /etc/apt/sources.list.d/docker-com.list
   register: apt_repo_docker_com_sources
author	Christian Pointner <equinox@spreadspace.org>	2021-08-12 23:23:04 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2021-08-12 23:23:04 +0200
commit	f73c8ff53d234c8a0d855cc9bdd6e9575d3e355a (patch)
tree	6205d52cb9d89a7414dbe0d1faa01e1f61822937 /roles/apt-repo/docker-com/tasks
parent	linux/ipv4: disable log_martians by default (diff)