From 1dca07177fdbb832e0694843c306b98dd9d86cb7 Mon Sep 17 00:00:00 2001
From: Omkar Kawade <kawade.omkar21@gmail.com>
Date: Thu, 16 Nov 2023 18:59:51 -0800
Subject: [PATCH] 434 Add GPG keys to keyrings instead of trusted.gpg.d

---
 defaults/main.yml      |  2 +-
 tasks/setup-Debian.yml | 28 +++++++++++++---------------
 2 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 8deef24..daad48f 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -38,7 +38,7 @@ docker_apt_release_channel: stable
 # and is only necessary until Docker officially supports them.
 docker_apt_ansible_distribution: "{{ 'ubuntu' if ansible_distribution in ['Pop!_OS', 'Linux Mint'] else ansible_distribution }}"
 docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
-docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/trusted.gpg.d/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
+docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/keyrings/docker.gpg] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
 docker_apt_ignore_key_error: true
 docker_apt_gpg_key: "{{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }}/gpg"
 docker_apt_gpg_key_checksum: "sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570"
diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml
index 69529ba..3279803 100644
--- a/tasks/setup-Debian.yml
+++ b/tasks/setup-Debian.yml
@@ -27,25 +27,23 @@
     state: present
   when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '>=')
 
-- name: Add Docker apt key.
-  ansible.builtin.get_url:
-    url: "{{ docker_apt_gpg_key }}"
-    dest: /etc/apt/trusted.gpg.d/docker.asc
-    mode: '0644'
-    force: false
-    checksum: "{{ docker_apt_gpg_key_checksum | default(omit) }}"
-  register: add_repository_key
-  ignore_errors: "{{ docker_apt_ignore_key_error }}"
-  when: docker_add_repo | bool
+- name: Ensure directory exists for /etc/apt/keyrings
+  file:
+    path: /etc/apt/keyrings
+    state: directory
+    mode: '0755'
 
-- name: Ensure curl is present (on older systems without SNI).
+- name: Ensure curl is present
   package: name=curl state=present
-  when: add_repository_key is failed and docker_add_repo | bool
 
-- name: Add Docker apt key (alternative for older systems without SNI).
+- name: Add Docker apt key 
   shell: >
-    curl -sSL {{ docker_apt_gpg_key }} | apt-key add -
-  when: add_repository_key is failed and docker_add_repo | bool
+    curl -sSL {{ docker_apt_gpg_key }} | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg --yes
+
+- name: Change permissions for /etc/apt/keyrings/docker.gpg 
+  file:
+    path: /etc/apt/keyrings/docker.gpg
+    mode: 'a+r'
 
 - name: Add Docker repository.
   apt_repository: