Use modern APT keyrings on Debian family

kenyon · kenyon · commit f064bb42060c · 2025-05-05T00:33:37.000-07:00
This makes use of puppetlabs/puppetlabs-apt#1128 to store the public key in `/etc/apt/keyrings` and add a `signed-by` option to the `sources.list.d` entry.
diff --git a/README.md b/README.md
@@ -77,7 +77,6 @@ class { 'docker':
   docker_ee                 => true,
   docker_ee_source_location => 'https://<docker_ee_repo_url>',
   docker_ee_key_source      => 'https://<docker_ee_key_source_url>',
-  docker_ee_key_id          => '<key id>',
 }
 ```
 
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -312,12 +312,10 @@
 # @param docker_ce_cli_package_name
 # @param docker_ce_source_location
 # @param docker_ce_key_source
-# @param docker_ce_key_id
 # @param docker_ce_release
 # @param docker_package_location
 # @param docker_package_key_source
 # @param docker_package_key_check_source
-# @param docker_package_key_id
 # @param docker_package_release
 # @param docker_engine_start_command
 # @param docker_engine_package_name
@@ -326,7 +324,6 @@
 # @param docker_ee_package_name
 # @param docker_ee_source_location
 # @param docker_ee_key_source
-# @param docker_ee_key_id
 # @param docker_ee_repos
 # @param docker_ee_release
 # @param package_release
@@ -359,12 +356,10 @@
   String[1]                               $docker_ce_cli_package_name        = $docker::params::docker_ce_cli_package_name,
   Optional[String]                        $docker_ce_source_location         = $docker::params::package_ce_source_location,
   Optional[String]                        $docker_ce_key_source              = $docker::params::package_ce_key_source,
-  Optional[String]                        $docker_ce_key_id                  = $docker::params::package_ce_key_id,
   Optional[String]                        $docker_ce_release                 = $docker::params::package_ce_release,
   Optional[String]                        $docker_package_location           = $docker::params::package_source_location,
   Optional[String]                        $docker_package_key_source         = $docker::params::package_key_source,
   Optional[Boolean]                       $docker_package_key_check_source   = $docker::params::package_key_check_source,
-  Optional[String]                        $docker_package_key_id             = $docker::params::package_key_id,
   Optional[String]                        $docker_package_release            = $docker::params::package_release,
   String                                  $docker_engine_start_command       = $docker::params::docker_engine_start_command,
   String                                  $docker_engine_package_name        = $docker::params::docker_engine_package_name,
@@ -373,7 +368,6 @@
   Optional[String]                        $docker_ee_package_name            = $docker::params::package_ee_package_name,
   Optional[String]                        $docker_ee_source_location         = $docker::params::package_ee_source_location,
   Optional[String]                        $docker_ee_key_source              = $docker::params::package_ee_key_source,
-  Optional[String]                        $docker_ee_key_id                  = $docker::params::package_ee_key_id,
   Optional[String]                        $docker_ee_repos                   = $docker::params::package_ee_repos,
   Optional[String]                        $docker_ee_release                 = $docker::params::package_ee_release,
   Optional[Variant[String,Array[String]]] $tcp_bind                          = $docker::params::tcp_bind,
@@ -550,7 +544,6 @@
       $package_location         = $docker::docker_ee_source_location
       $package_key_source       = $docker::docker_ee_key_source
       $package_key_check_source = $docker_package_key_check_source
-      $package_key              = $docker::docker_ee_key_id
       $package_repos            = $docker::docker_ee_repos
       $release                  = $docker::docker_ee_release
       $docker_start_command     = $docker::docker_ee_start_command
@@ -560,7 +553,6 @@
         'Debian' : {
           $package_location   = $docker_ce_source_location
           $package_key_source = $docker_ce_key_source
-          $package_key        = $docker_ce_key_id
           $package_repos      = $docker_ce_channel
           $release            = $docker_ce_release
         }
@@ -588,7 +580,6 @@
         $package_location         = $docker_package_location
         $package_key_source       = $docker_package_key_source
         $package_key_check_source = $docker_package_key_check_source
-        $package_key              = $docker_package_key_id
         $package_repos            = 'main'
         $release                  = $docker_package_release
       }
diff --git a/manifests/params.pp b/manifests/params.pp
@@ -13,7 +13,6 @@
   $docker_ee_start_command           = 'dockerd'
   $docker_ee_source_location         = undef
   $docker_ee_key_source              = undef
-  $docker_ee_key_id                  = undef
   $docker_ee_repos                   = stable
   $tcp_bind                          = undef
   $tls_enable                        = false
@@ -163,7 +162,6 @@
 
       $package_ce_source_location    = "https://download.docker.com/linux/${os_lc}"
       $package_ce_key_source         = "https://download.docker.com/linux/${os_lc}/gpg"
-      $package_ce_key_id             = '9DC858229FC7DD38854AE2D88D81803C0EBFCD88'
       if (versioncmp($facts['facterversion'], '2.4.6') <= 0) {
         $package_ce_release            = $facts['os']['lsb']['distcodename']
       } else {
@@ -172,10 +170,8 @@
       $package_source_location       = 'http://apt.dockerproject.org/repo'
       $package_key_source            = 'https://apt.dockerproject.org/gpg'
       $package_key_check_source      = undef
-      $package_key_id                = '58118E89F3A912897C070ADBF76221572C52609D'
       $package_ee_source_location    = $docker_ee_source_location
       $package_ee_key_source         = $docker_ee_key_source
-      $package_ee_key_id             = $docker_ee_key_id
       if (versioncmp($facts['facterversion'], '2.4.6') <= 0) {
         $package_ee_release            = $facts['os']['lsb']['distcodename']
       } else {
@@ -206,18 +202,15 @@
 
       $apt_source_pin_level        = undef
       $detach_service_in_init      = false
-      $package_ce_key_id           = undef
       $package_ce_key_source       = 'https://download.docker.com/linux/rhel/gpg'
       $package_ce_release          = undef
       $package_ce_source_location  = "https://download.docker.com/linux/rhel/${facts['os']['release']['major']}/${facts['os']['architecture']}/${docker_ce_channel}"
-      $package_ee_key_id           = $docker_ee_key_id
       $package_ee_key_source       = $docker_ee_key_source
       $package_ee_package_name     = $docker_ee_package_name
       $package_ee_release          = undef
       $package_ee_repos            = $docker_ee_repos
       $package_ee_source_location  = $docker_ee_source_location
       $package_key_check_source    = true
-      $package_key_id              = undef
       $package_key_source          = 'https://yum.dockerproject.org/gpg'
       $package_release             = undef
       $package_source_location     = "https://yum.dockerproject.org/repo/main/centos/${facts['os']['release']['major']}"
@@ -242,18 +235,15 @@
       $docker_group                        = 'docker'
       $package_ce_source_location          = undef
       $package_ce_key_source               = undef
-      $package_ce_key_id                   = undef
       $package_ce_repos                    = undef
       $package_ce_release                  = undef
-      $package_key_id                      = undef
       $package_release                     = undef
       $package_source_location             = undef
       $package_key_source                  = undef
       $package_key_check_source            = undef
       $package_ee_source_location          = undef
       $package_ee_package_name             = $docker_ee_package_name
       $package_ee_key_source               = undef
-      $package_ee_key_id                   = undef
       $package_ee_repos                    = undef
       $package_ee_release                  = undef
       $use_upstream_package_source         = undef
@@ -279,17 +269,14 @@
       $package_key_source                  = undef
       $package_key_check_source            = undef
       $package_source_location             = undef
-      $package_key_id                      = undef
       $package_repos                       = undef
       $package_release                     = undef
       $package_ce_key_source               = undef
       $package_ce_source_location          = undef
-      $package_ce_key_id                   = undef
       $package_ce_repos                    = undef
       $package_ce_release                  = undef
       $package_ee_source_location          = undef
       $package_ee_key_source               = undef
-      $package_ee_key_id                   = undef
       $package_ee_release                  = undef
       $package_ee_repos                    = undef
       $package_ee_package_name             = undef
@@ -319,17 +306,14 @@
       $package_key_source                  = undef
       $package_key_check_source            = undef
       $package_source_location             = undef
-      $package_key_id                      = undef
       $package_repos                       = undef
       $package_release                     = undef
       $package_ce_key_source               = undef
       $package_ce_source_location          = undef
-      $package_ce_key_id                   = undef
       $package_ce_repos                    = undef
       $package_ce_release                  = undef
       $package_ee_source_location          = undef
       $package_ee_key_source               = undef
-      $package_ee_key_id                   = undef
       $package_ee_release                  = undef
       $package_ee_repos                    = undef
       $package_ee_package_name             = undef
diff --git a/manifests/repos.pp b/manifests/repos.pp
@@ -19,7 +19,6 @@
   case $facts['os']['family'] {
     'Debian': {
       $release       = $docker::release
-      $package_key   = $docker::package_key
       $package_repos = $docker::package_repos
 
       if ($docker::use_upstream_package_source) {
@@ -29,7 +28,7 @@
           release      => $release,
           repos        => $package_repos,
           key          => {
-            id     => $package_key,
+            name   => 'docker.asc',
             source => $key_source,
           },
           include      => {
diff --git a/metadata.json b/metadata.json
@@ -14,7 +14,7 @@
     },
     {
       "name": "puppetlabs/apt",
-      "version_requirement": ">= 4.4.1 < 11.0.0"
+      "version_requirement": ">= 9.2.0 < 11.0.0"
     },
     {
       "name": "puppetlabs/powershell",
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -86,14 +86,12 @@
             'dns_search' => defaults['dns_search'],
             'dns' => defaults['dns'],
             'docker_ce_channel' => defaults['docker_ce_channel'],
-            'docker_ce_key_id' => defaults['package_ce_key_id'],
             'docker_ce_key_source' => defaults['package_ce_key_source'],
             'docker_ce_package_name' => defaults['docker_ce_package_name'],
             'docker_ce_cli_package_name' => defaults['docker_ce_cli_package_name'],
             'docker_ce_release' => defaults['package_ce_release'],
             'docker_ce_source_location' => defaults['package_ce_source_location'],
             'docker_ce_start_command' => defaults['docker_ce_start_command'],
-            'docker_ee_key_id' => defaults['package_ee_key_id'],
             'docker_ee_key_source' => defaults['package_ee_key_source'],
             'docker_ee_package_name' => defaults['package_ee_package_name'],
             'docker_ee_release' => defaults['package_ee_release'],
@@ -105,7 +103,6 @@
             'docker_group' => defaults['docker_group'],
             'docker_msft_provider_version' => defaults['docker_msft_provider_version'],
             'docker_package_key_check_source' => defaults['package_key_check_source'],
-            'docker_package_key_id' => defaults['package_key_id'],
             'docker_package_key_source' => defaults['package_key_source'],
             'docker_package_location' => defaults['package_source_location'],
             'docker_package_release' => defaults['package_release'],

Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,6 @@ class { 'docker':`
`77`	`77`	`docker_ee => true,`
`78`	`78`	`docker_ee_source_location => 'https://<docker_ee_repo_url>',`
`79`	`79`	`docker_ee_key_source => 'https://<docker_ee_key_source_url>',`
`80`		`- docker_ee_key_id => '<key id>',`
`81`	`80`	`}`
`82`	`81`	```
`83`	`82`
Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,7 @@`
`14`	`14`	`},`
`15`	`15`	`{`
`16`	`16`	`"name": "puppetlabs/apt",`
`17`		`- "version_requirement": ">= 4.4.1 < 11.0.0"`
	`17`	`+ "version_requirement": ">= 9.2.0 < 11.0.0"`
`18`	`18`	`},`
`19`	`19`	`{`
`20`	`20`	`"name": "puppetlabs/powershell",`