Use dedicated keyring for docker packages (#3486)

kubermatic-bot · kron4eg · web-flow · commit 2bcf539dcb8e · 2024-12-16T13:36:22.000+01:00
Signed-off-by: Artiom Diomin &lt;artiom@kubermatic.com&gt;
Co-authored-by: Artiom Diomin &lt;artiom@kubermatic.com&gt;
diff --git a/pkg/scripts/render.go b/pkg/scripts/render.go
@@ -54,9 +54,12 @@ var containerRuntimeTemplates = map[string]string{
 			{{ if .CONFIGURE_REPOSITORIES }}
 			sudo apt-get update
 			sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release
-			curl -fsSL https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]')/gpg |
-				sudo apt-key add -
-			sudo add-apt-repository "deb https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable"
+			sudo install -m 0755 -d /etc/apt/keyrings
+			curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+			sudo chmod a+r /etc/apt/keyrings/docker.gpg
+
+			echo "deb [signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
+			sudo apt-get update
 			{{ end }}
 
 			sudo apt-mark unhold containerd.io || true
diff --git a/pkg/scripts/testdata/TestKubeadmDebian-cilium_cluster.golden b/pkg/scripts/testdata/TestKubeadmDebian-cilium_cluster.golden
@@ -78,9 +78,12 @@ kube_ver="1.30.0-*"
 
 sudo apt-get update
 sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release
-curl -fsSL https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]')/gpg |
-	sudo apt-key add -
-sudo add-apt-repository "deb https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable"
+sudo install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+sudo chmod a+r /etc/apt/keyrings/docker.gpg
+
+echo "deb [signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
+sudo apt-get update
 
 
 sudo apt-mark unhold containerd.io || true
diff --git a/pkg/scripts/testdata/TestKubeadmDebian-nutanix_cluster.golden b/pkg/scripts/testdata/TestKubeadmDebian-nutanix_cluster.golden
@@ -81,9 +81,12 @@ kube_ver="1.30.0-*"
 
 sudo apt-get update
 sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release
-curl -fsSL https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]')/gpg |
-	sudo apt-key add -
-sudo add-apt-repository "deb https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable"
+sudo install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+sudo chmod a+r /etc/apt/keyrings/docker.gpg
+
+echo "deb [signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
+sudo apt-get update
 
 
 sudo apt-mark unhold containerd.io || true
diff --git a/pkg/scripts/testdata/TestKubeadmDebian-with_containerd.golden b/pkg/scripts/testdata/TestKubeadmDebian-with_containerd.golden
@@ -78,9 +78,12 @@ kube_ver="1.30.0-*"
 
 sudo apt-get update
 sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release
-curl -fsSL https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]')/gpg |
-	sudo apt-key add -
-sudo add-apt-repository "deb https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable"
+sudo install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+sudo chmod a+r /etc/apt/keyrings/docker.gpg
+
+echo "deb [signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
+sudo apt-get update
 
 
 sudo apt-mark unhold containerd.io || true
diff --git a/pkg/scripts/testdata/TestKubeadmDebian-with_containerd_with_insecure_registry.golden b/pkg/scripts/testdata/TestKubeadmDebian-with_containerd_with_insecure_registry.golden
@@ -78,9 +78,12 @@ kube_ver="1.30.0-*"
 
 sudo apt-get update
 sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release
-curl -fsSL https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]')/gpg |
-	sudo apt-key add -
-sudo add-apt-repository "deb https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable"
+sudo install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+sudo chmod a+r /etc/apt/keyrings/docker.gpg
+
+echo "deb [signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
+sudo apt-get update
 
 
 sudo apt-mark unhold containerd.io || true
diff --git a/pkg/scripts/testdata/TestUpgradeKubeadmAndCNIDebian.golden b/pkg/scripts/testdata/TestUpgradeKubeadmAndCNIDebian.golden
@@ -79,9 +79,12 @@ sudo apt-mark unhold kubelet kubeadm kubectl kubernetes-cni cri-tools
 
 sudo apt-get update
 sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release
-curl -fsSL https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]')/gpg |
-	sudo apt-key add -
-sudo add-apt-repository "deb https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable"
+sudo install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+sudo chmod a+r /etc/apt/keyrings/docker.gpg
+
+echo "deb [signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
+sudo apt-get update
 
 
 sudo apt-mark unhold containerd.io || true
diff --git a/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlDebian.golden b/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlDebian.golden
@@ -79,9 +79,12 @@ sudo apt-mark unhold kubelet kubeadm kubectl kubernetes-cni cri-tools
 
 sudo apt-get update
 sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release
-curl -fsSL https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]')/gpg |
-	sudo apt-key add -
-sudo add-apt-repository "deb https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable"
+sudo install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+sudo chmod a+r /etc/apt/keyrings/docker.gpg
+
+echo "deb [signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
+sudo apt-get update
 
 
 sudo apt-mark unhold containerd.io || true
