From f73c8ff53d234c8a0d855cc9bdd6e9575d3e355a Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Thu, 12 Aug 2021 23:23:04 +0200
Subject: use singed-by= option for source list entries of external repos

---
 roles/apt-repo/docker-com/tasks/main.yml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'roles/apt-repo/docker-com/tasks')

diff --git a/roles/apt-repo/docker-com/tasks/main.yml b/roles/apt-repo/docker-com/tasks/main.yml
index 3ebfa87f..7b34c3d4 100644
--- a/roles/apt-repo/docker-com/tasks/main.yml
+++ b/roles/apt-repo/docker-com/tasks/main.yml
@@ -2,13 +2,19 @@
 - name: add repository key
   copy:
     src: repo.gpg
-    dest: /etc/apt/trusted.gpg.d/docker-com.gpg
+    dest: /etc/apt/keyrings/docker-com.gpg
   register: apt_repo_docker_com_key
 
+## TODO: remove once all servers have been converted
+- name: remove repository key from old location
+  file:
+    path: /etc/apt/trusted.gpg.d/docker-com.gpg
+    state: absent
+
 - name: add repository entry
   copy:
     content: |
-      deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
+      deb [signed-by=/etc/apt/keyrings/docker-com.gpg] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
     dest: /etc/apt/sources.list.d/docker-com.list
   register: apt_repo_docker_com_sources
 
-- 
cgit v1.2.3