chore: migrate to apt keyring for validation/signing

2025-12-18 11:28:14 +01:00 · 2025-12-18 11:28:14 +01:00 · 188a6f539f
commit 188a6f539f
parent 172665d237
1 changed files with 11 additions and 3 deletions
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@ -31,15 +31,23 @@
    state: present
  when: ansible_os_family == "Debian"

+- name: Create keyrings directory
+  ansible.builtin.file:
+    path: /etc/apt/keyrings
+    state: directory
+    mode: '0755'
+  when: ansible_os_family == "Debian"
+
 - name: Add Docker GPG key
-  ansible.builtin.apt_key:
+  ansible.builtin.get_url:
    url: https://download.docker.com/linux/debian/gpg
-    state: present
+    dest: /etc/apt/keyrings/docker.asc
+    mode: '0644'
  when: ansible_os_family == "Debian"

 - name: Add Docker repository
  ansible.builtin.apt_repository:
-    repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
+    repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
    state: present
  when: ansible_os_family == "Debian"