From 0e1ea33c19e2ea84d65600facce816d886a4749d Mon Sep 17 00:00:00 2001
From: Chris Croome <chris@webarchitects.co.uk>
Date: Tue, 28 Jun 2022 16:35:03 +0100
Subject: [PATCH] Updates
---
tasks/docker.yml | 31 +++++++++++++++++++++++++++----
templates/docker.sources.j2 | 2 +-
vars/main.yml | 7 +++++++
3 files changed, 35 insertions(+), 5 deletions(-)
diff --git a/tasks/docker.yml b/tasks/docker.yml
index 912b2d5..0246ec9 100644
--- a/tasks/docker.yml
+++ b/tasks/docker.yml
@@ -72,17 +72,40 @@
owner: root
group: root
- - name: Docker gpg key present
+ - name: Docker ascii armored gpg key present
ansible.builtin.get_url:
- url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
+ url: "{{ docker_gpg_url }}"
checksum: "{{ docker_gpg_checksum }}"
- dest: /etc/apt/keyrings/docker.asc
+ dest: /root/docker.asc
mode: 0644
owner: root
group: root
+ register: docker_gpg_asc_file
+
+ - name: Stat Docker gpg asc file
+ ansible.builtin.stat:
+ path: /etc/apt/keyrings/docker.gpg
+ register: docker_gpg_file
+
+ - name: Docker gpg key dearmored
+ ansible.builtin.shell: |
+ set -e -o pipefail
+ gpg --dearmor < /root/docker.asc > /etc/apt/keyrings/docker.gpg
+ args:
+ executable: "{% if ansible_distribution == 'Ubuntu' %}/usr/bin/bash{% elif ansible_distribution == 'Debian' %}/bin/bash{% endif %}"
+ when: ( docker_gpg_asc_file.changed | bool ) or ( not docker_gpg_file.stat.exists | bool )
- name: Docker gpg key check command
- ansible.builtin.command: gpg --with-colons --show-keys /etc/apt/keyrings/docker.asc
+ ansible.builtin.command:
+ gpg --with-colons
+ {% if ansible_distribution == "Ubuntu" and ansible_distribution_version is version('18.04', '<=') %}
+ --with-fingerprint --with-subkey-fingerprint
+ {% elif ansible_distribution == "Debian" and ansible_distribution_version is version('10.0', '<=') %}
+ --with-fingerprint --with-subkey-fingerprint
+ {% else %}
+ --show-keys
+ {% endif %}
+ /etc/apt/keyrings/docker.gpg
check_mode: false
changed_when: false
register: docker_gpg
diff --git a/templates/docker.sources.j2 b/templates/docker.sources.j2
index 93dd5b2..126fcc2 100644
--- a/templates/docker.sources.j2
+++ b/templates/docker.sources.j2
@@ -5,4 +5,4 @@ URIs: https://download.docker.com/linux/{{ ansible_distribution | lower }}
Architectures: {{ ansible_facts.ansible_local.dpkg_arch.arch }}
Components: stable
Suites: {{ ansible_distribution_release }}
-Signed-By: /etc/apt/keyrings/docker.asc
+Signed-By: /etc/apt/keyrings/docker.gpg
diff --git a/vars/main.yml b/vars/main.yml
index e1366c7..c232f14 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,4 +1,8 @@
---
+# ASCII armored GPG public key URL linked from
+# https://docs.docker.com/engine/install/debian/
+docker_gpg_url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
+
# Get the sha256 checksum using the following command
# wget -q https://download.docker.com/linux/debian/gpg -O - | sha256sum - | awk '{ print $1 }' | sed 's/^/"sha256:/' | sed 's/$/"/'
docker_gpg_checksum: "sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570"
@@ -9,6 +13,9 @@ docker_gpg_fingerprints:
- 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
- D3306A018370199E527AE7997EA0A9C3F273FCD8
+# Packages available will vary between distros, you can get the packages installed from this repo using
+# aptitude search "?origin (docker) ?installed"
+#
# Get the packages using the following command
# grep Package /var/lib/apt/lists/download.docker.com_*_Packages | sed 's/^Package: //' | uniq | sort | sed 's/^/ - /'
docker_pkg:
--
GitLab