From d3d332a1138eaf2256a6132ff6224d7d126c812e Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Sat, 28 Dec 2024 00:28:14 +0200
Subject: [PATCH] toolbx: Update the APT keyring handling.

- Use the asc format instead of the gpg DB. APT starts ignoring these
  files with the warnings that this is an unsupported filetype.
- Move them to /etc/apt/keyrings while I was at it. It's the new proper
  place for them.
---
 toolbx/Dockerfile                     | 23 ++++++++---------------
 toolbx/sources.d/charm.sources        |  2 +-
 toolbx/sources.d/clickhouse.sources   |  2 +-
 toolbx/sources.d/cloudposse.sources   |  2 +-
 toolbx/sources.d/docker.sources       |  2 +-
 toolbx/sources.d/google-cloud.sources |  2 +-
 toolbx/sources.d/hashicorp.sources    |  2 +-
 toolbx/sources.d/mongodb.sources      |  2 +-
 toolbx/sources.d/opentofu.sources     |  2 +-
 9 files changed, 16 insertions(+), 23 deletions(-)

diff --git a/toolbx/Dockerfile b/toolbx/Dockerfile
index 4c10788..390ec4c 100644
--- a/toolbx/Dockerfile
+++ b/toolbx/Dockerfile
@@ -24,21 +24,14 @@ RUN rm /etc/apt/apt.conf.d/docker-* && \
     && \
     export GNUPGHOME=/tmp/gnupghome && \
     mkdir --mode=0700 "$GNUPGHOME" && \
-    curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | \
-    gpg --no-default-keyring --import --batch --keyring /usr/share/keyrings/google-cloud.gpg && \
-    curl https://pgp.mongodb.com/server-5.0.asc | \
-    gpg --no-default-keyring --import --batch --keyring /usr/share/keyrings/mongodb.gpg && \
-    curl https://apt.releases.hashicorp.com/gpg | \
-    gpg --no-default-keyring --import --batch --keyring /usr/share/keyrings/hashicorp.gpg && \
-    curl https://dl.cloudsmith.io/public/cloudposse/packages/gpg.7333C6FDEFA717CC.key | \
-    gpg --no-default-keyring --import --batch --keyring /usr/share/keyrings/cloudposse.gpg && \
-    curl https://repo.charm.sh/apt/gpg.key | \
-    gpg --no-default-keyring --import --batch --keyring /usr/share/keyrings/charm.gpg && \
-    curl https://packages.opentofu.org/opentofu/tofu/gpgkey | \
-    gpg --no-default-keyring --import --batch --keyring /usr/share/keyrings/opentofu.gpg && \
-    curl https://download.docker.com/linux/debian/gpg | \
-    gpg --no-default-keyring --import --batch --keyring /usr/share/keyrings/docker.gpg && \
-    gpg --no-default-keyring --keyring /usr/share/keyrings/clickhouse.gpg --keyserver hkp://keyserver.ubuntu.com:80  --recv-keys 8919F6BD2B48D754 && \
+    curl https://packages.cloud.google.com/apt/doc/apt-key.gpg  --output /etc/apt/keyrings/google-cloud.asc && \
+    curl https://pgp.mongodb.com/server-5.0.asc --output /etc/apt/keyrings/mongodb.asc && \
+    curl https://apt.releases.hashicorp.com/gpg --output /etc/apt/keyrings/hashicorp.asc && \
+    curl https://dl.cloudsmith.io/public/cloudposse/packages/gpg.7333C6FDEFA717CC.key --output /etc/apt/keyrings/cloudposse.asc && \
+    curl https://repo.charm.sh/apt/gpg.key --output /etc/apt/keyrings/charm.asc && \
+    curl https://packages.opentofu.org/opentofu/tofu/gpgkey --output /etc/apt/keyrings/opentofu.asc && \
+    curl https://download.docker.com/linux/debian/gpg --output /etc/apt/keyrings/docker.asc && \
+    curl https://packages.clickhouse.com/rpm/lts/repodata/repomd.xml.key --output /etc/apt/keyrings/clickhouse.asc && \
     ln --symbolic --target /usr/local/bin/ /usr/libexec/flatpak-xdg-utils/* && \
     ln --symbolic /usr/local/bin/host-spawn /usr/local/bin/podman && \
     #mkdir /etc/krb5.conf.d && \
diff --git a/toolbx/sources.d/charm.sources b/toolbx/sources.d/charm.sources
index f9aa3d4..d151bd3 100644
--- a/toolbx/sources.d/charm.sources
+++ b/toolbx/sources.d/charm.sources
@@ -2,4 +2,4 @@ Types: deb
 URIs:https://repo.charm.sh/apt/
 Suites: *
 Components: *
-Signed-By: /usr/share/keyrings/charm.gpg
+Signed-By: /etc/apt/keyrings/charm.asc
diff --git a/toolbx/sources.d/clickhouse.sources b/toolbx/sources.d/clickhouse.sources
index 7ff6432..978cc5e 100644
--- a/toolbx/sources.d/clickhouse.sources
+++ b/toolbx/sources.d/clickhouse.sources
@@ -2,4 +2,4 @@ Types: deb
 URIs: https://packages.clickhouse.com/deb
 Suites: stable
 Components: main
-Signed-By: /usr/share/keyrings/clickhouse.gpg
+Signed-By: /etc/apt/keyrings/clickhouse.asc
diff --git a/toolbx/sources.d/cloudposse.sources b/toolbx/sources.d/cloudposse.sources
index 4dd3a48..a42a653 100644
--- a/toolbx/sources.d/cloudposse.sources
+++ b/toolbx/sources.d/cloudposse.sources
@@ -2,4 +2,4 @@ Types: deb deb-src
 URIs: https://dl.cloudsmith.io/public/cloudposse/packages/deb/debian
 Suites: any-version
 Components: main
-Signed-By: /usr/share/keyrings/cloudposse.gpg
+Signed-By: /etc/apt/keyrings/cloudposse.asc
diff --git a/toolbx/sources.d/docker.sources b/toolbx/sources.d/docker.sources
index c06d585..e5c5ddf 100644
--- a/toolbx/sources.d/docker.sources
+++ b/toolbx/sources.d/docker.sources
@@ -2,4 +2,4 @@ Types: deb
 URIs: https://download.docker.com/linux/debian
 Suites: bookworm
 Components: stable
-Signed-By: /usr/share/keyrings/docker.gpg
+Signed-By: /etc/apt/keyrings/docker.asc
diff --git a/toolbx/sources.d/google-cloud.sources b/toolbx/sources.d/google-cloud.sources
index fc8038f..514d5be 100644
--- a/toolbx/sources.d/google-cloud.sources
+++ b/toolbx/sources.d/google-cloud.sources
@@ -2,4 +2,4 @@ Types: deb
 URIs: https://packages.cloud.google.com/apt
 Suites: cloud-sdk
 Components: main
-Signed-By: /usr/share/keyrings/google-cloud.gpg
+Signed-By: /etc/apt/keyrings/google-cloud.asc
diff --git a/toolbx/sources.d/hashicorp.sources b/toolbx/sources.d/hashicorp.sources
index 215512f..7f3816e 100644
--- a/toolbx/sources.d/hashicorp.sources
+++ b/toolbx/sources.d/hashicorp.sources
@@ -2,4 +2,4 @@ Types: deb
 URIs: https://apt.releases.hashicorp.com
 Suites: bookworm
 Components: main
-Signed-By: /usr/share/keyrings/hashicorp.gpg
+Signed-By: /etc/apt/keyrings/hashicorp.asc
diff --git a/toolbx/sources.d/mongodb.sources b/toolbx/sources.d/mongodb.sources
index bb92c98..79e0bd6 100644
--- a/toolbx/sources.d/mongodb.sources
+++ b/toolbx/sources.d/mongodb.sources
@@ -2,4 +2,4 @@ Types: deb
 URIs: https://repo.mongodb.org/apt/debian
 Suites: buster/mongodb-org/5.0
 Components: main
-Signed-By: /usr/share/keyrings/mongodb.gpg
+Signed-By: /etc/apt/keyrings/mongodb.asc
diff --git a/toolbx/sources.d/opentofu.sources b/toolbx/sources.d/opentofu.sources
index 9ea032e..c50613d 100644
--- a/toolbx/sources.d/opentofu.sources
+++ b/toolbx/sources.d/opentofu.sources
@@ -2,4 +2,4 @@ Types: deb deb-src
 URIs: https://packages.opentofu.org/opentofu/tofu/any/
 Suites: any
 Components: main
-Signed-By: /usr/share/keyrings/opentofu.gpg
+Signed-By: /etc/apt/keyrings/opentofu.asc
-- 
GitLab