Further backwards compatibility issues with recent apt file name and GPG changes

[gygitlab]

As called out in #436 there's been some recent changes to GPG key locations and apt config. Additionally last year the filename for the apt config was changed to docker.list in #369.

The change to the GPG key location did cause some backwards compatibility issues that were addressed in #461 but it appears there are still some knock ons for longer running systems, specifically ones that ran on versions of the role before the name change due to the way Ansible's apt_repository works.

Specifically, while the file name is changed if the apt config already exists apt_repository appears to leave it be. This in turn means running on such a system results in the following config:

sources.list.d/download_docker_com_linux_ubuntu.list
1:deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable
2:deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/docker.asc] https://download.docker.com/linux/ubuntu focal stable

apt funny enough accepts this config, albeit with multiple configured multiple times warnings. Note that there's two entries here as the original GPG config was added previously.

The problem is when the config has been subsequently changed as what happened recently with the GPG path change. In this case apt_repository then detects a change and attempts to update the config but in the new file location as it's configured. This creates the following config as a result.

docker.list
1:deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu focal stable

download_docker_com_linux_ubuntu.list
1:deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable

apt does not accept this:

E: Conflicting values set for option Signed-By regarding source https://download.docker.com/linux/ubuntu/ focal: /etc/apt/trusted.gpg.d/docker.asc !=
E: The list of sources could not be read.

For more graceful handling extending #461 to handle all previous versions of the file may be the best approach here for older users?

[dbrennand]

Hi @gygitlab

Thanks for putting this together. I just hit this exact issue myself. I had run this role a long time ago to install Docker.

Maybe we could add a task to check if download_docker_com_linux_ubuntu.list is present in /etc/apt/sources.list.d/ and remove it?

For now I've just added a pre_task in my playbook to remove it:

# ...
    # https://github.com/geerlingguy/ansible-role-docker/issues/470
    - name: Remove /etc/apt/sources.list.d/download_docker_com_linux_ubuntu.list
      become: true
      ansible.builtin.file:
        path: /etc/apt/sources.list.d/download_docker_com_linux_ubuntu.list
        state: absent

[gygitlab]

@dbrennand no problem.

That could indeed work. Certainly cleaning up any old package lists created by the role would seem prudent.