testing: Use new recommended approach to install key for custom apt repository

apt-key add is deprecated (and not available in trixie) as it makes the
available for all sources.  The recommended approach makes the key very
specifically available for just our repository.

diff --git a/testing/scripts/build-baseimage b/testing/scripts/build-baseimage
index edb1588c46fec51813a5850ec1a62dee10f029ef..ce8bdc69009769747c58518bd422c1848ad3fab5 100755 (executable)
--- a/testing/scripts/build-baseimage
+++ b/testing/scripts/build-baseimage
@@ -125,13 +125,13 @@ EOF
 execute_chroot "locale-gen"
 
 log_action "Downloading signing key for custom apt repo"
-execute_chroot "wget -q $BASEIMGEXTKEY -O /tmp/key"
+execute_chroot "wget -q $BASEIMGEXTKEY -O /tmp/strongswan.key"
 log_action "Installing signing key for custom apt repo"
-execute_chroot "apt-key add /tmp/key"
+execute_chroot "mv /tmp/strongswan.key /etc/apt/keyrings/"
 
 log_action "Enabling custom apt repo"
 cat > $LOOPDIR/etc/apt/sources.list.d/strongswan.list << EOF
-deb $BASEIMGEXTREPO $BASEIMGSUITE main
+deb [signed-by=/etc/apt/keyrings/strongswan.key] $BASEIMGEXTREPO $BASEIMGSUITE main
 EOF
 log_status $?