diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 50a66172..ffca3acb 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -136,7 +136,6 @@ rubocop:
 # default-ubuntu-2004-tiamat-py3: {extends: '.test_instance'}
 # default-ubuntu-1804-tiamat-py3: {extends: '.test_instance'}
 # default-centos-stream8-tiamat-py3: {extends: '.test_instance_failure_permitted'}
-# default-centos-8-tiamat-py3: {extends: '.test_instance'}
 # default-centos-7-tiamat-py3: {extends: '.test_instance'}
 # default-amazonlinux-2-tiamat-py3: {extends: '.test_instance'}
 # default-oraclelinux-8-tiamat-py3: {extends: '.test_instance'}
@@ -161,20 +160,13 @@ ubuntu-1804-master-py3: {extends: '.test_instance'}
 # default-centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'}
 # passenger-centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'}
 centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'}
-# default-centos-8-master-py3: {extends: '.test_instance'}
-# passenger-centos-8-master-py3: {extends: '.test_instance'}
-centos-8-master-py3: {extends: '.test_instance'}
 # default-centos-7-master-py3: {extends: '.test_instance'}
 # passenger-centos-7-master-py3: {extends: '.test_instance'}
 centos-7-master-py3: {extends: '.test_instance'}
 default-fedora-34-master-py3: {extends: '.test_instance'}
 # fedora-34-master-py3: {extends: '.test_instance'}
-default-fedora-33-master-py3: {extends: '.test_instance'}
-# fedora-33-master-py3: {extends: '.test_instance'}
 default-opensuse-leap-153-master-py3: {extends: '.test_instance'}
 # opensuse-leap-153-master-py3: {extends: '.test_instance'}
-default-opensuse-leap-152-master-py3: {extends: '.test_instance'}
-# opensuse-leap-152-master-py3: {extends: '.test_instance'}
 default-opensuse-tmbl-latest-master-py3: {extends: '.test_instance_failure_permitted'}
 # opensuse-tmbl-latest-master-py3: {extends: '.test_instance_failure_permitted'}
 default-amazonlinux-2-master-py3: {extends: '.test_instance'}
@@ -202,12 +194,9 @@ rockylinux-8-master-py3: {extends: '.test_instance'}
 # default-ubuntu-2004-3004-0-py3: {extends: '.test_instance'}
 # default-ubuntu-1804-3004-0-py3: {extends: '.test_instance'}
 # default-centos-stream8-3004-0-py3: {extends: '.test_instance_failure_permitted'}
-# default-centos-8-3004-0-py3: {extends: '.test_instance'}
 # default-centos-7-3004-0-py3: {extends: '.test_instance'}
 # default-fedora-34-3004-0-py3: {extends: '.test_instance'}
-# default-fedora-33-3004-0-py3: {extends: '.test_instance'}
 # default-opensuse-leap-153-3004-0-py3: {extends: '.test_instance'}
-# default-opensuse-leap-152-3004-0-py3: {extends: '.test_instance'}
 # default-opensuse-tmbl-latest-3004-0-py3: {extends: '.test_instance_failure_permitted'}
 # default-amazonlinux-2-3004-0-py3: {extends: '.test_instance'}
 # default-oraclelinux-8-3004-0-py3: {extends: '.test_instance'}
@@ -217,61 +206,36 @@ rockylinux-8-master-py3: {extends: '.test_instance'}
 # default-gentoo-stage3-systemd-3004-0-py3: {extends: '.test_instance'}
 # default-almalinux-8-3004-0-py3: {extends: '.test_instance'}
 # default-rockylinux-8-3004-0-py3: {extends: '.test_instance'}
-# default-debian-11-3003-3-py3: {extends: '.test_instance'}
 # default-debian-10-3003-3-py3: {extends: '.test_instance'}
 # default-debian-9-3003-3-py3: {extends: '.test_instance'}
 # default-ubuntu-2004-3003-3-py3: {extends: '.test_instance'}
 # default-ubuntu-1804-3003-3-py3: {extends: '.test_instance'}
 # default-centos-stream8-3003-3-py3: {extends: '.test_instance_failure_permitted'}
-# default-centos-8-3003-3-py3: {extends: '.test_instance'}
 # default-centos-7-3003-3-py3: {extends: '.test_instance'}
+# default-fedora-35-3003-3-py3: {extends: '.test_instance_failure_permitted'}
 # default-fedora-34-3003-3-py3: {extends: '.test_instance'}
-# default-fedora-33-3003-3-py3: {extends: '.test_instance'}
 # default-opensuse-leap-153-3003-3-py3: {extends: '.test_instance'}
-# default-opensuse-leap-152-3003-3-py3: {extends: '.test_instance'}
 # default-opensuse-tmbl-latest-3003-3-py3: {extends: '.test_instance_failure_permitted'}
 # default-amazonlinux-2-3003-3-py3: {extends: '.test_instance'}
 # default-oraclelinux-8-3003-3-py3: {extends: '.test_instance'}
 # default-oraclelinux-7-3003-3-py3: {extends: '.test_instance'}
-# default-arch-base-latest-3003-3-py3: {extends: '.test_instance'}
 # default-gentoo-stage3-latest-3003-3-py3: {extends: '.test_instance'}
 # default-gentoo-stage3-systemd-3003-3-py3: {extends: '.test_instance'}
 # default-almalinux-8-3003-3-py3: {extends: '.test_instance'}
-# default-debian-11-3002-7-py3: {extends: '.test_instance'}
 # default-debian-10-3002-7-py3: {extends: '.test_instance'}
 # default-debian-9-3002-7-py3: {extends: '.test_instance'}
 # default-ubuntu-2004-3002-7-py3: {extends: '.test_instance'}
 # default-ubuntu-1804-3002-7-py3: {extends: '.test_instance'}
-# default-centos-8-3002-7-py3: {extends: '.test_instance'}
 # default-centos-7-3002-7-py3: {extends: '.test_instance'}
+# default-fedora-35-3002-7-py3: {extends: '.test_instance_failure_permitted'}
 # default-fedora-34-3002-7-py3: {extends: '.test_instance'}
-# default-fedora-33-3002-7-py3: {extends: '.test_instance'}
 # default-opensuse-leap-153-3002-7-py3: {extends: '.test_instance'}
-# default-opensuse-leap-152-3002-7-py3: {extends: '.test_instance'}
 # default-opensuse-tmbl-latest-3002-7-py3: {extends: '.test_instance_failure_permitted'}
 # default-amazonlinux-2-3002-7-py3: {extends: '.test_instance'}
 # default-oraclelinux-8-3002-7-py3: {extends: '.test_instance'}
 # default-oraclelinux-7-3002-7-py3: {extends: '.test_instance'}
-# default-arch-base-latest-3002-7-py3: {extends: '.test_instance'}
 # default-gentoo-stage3-latest-3002-7-py3: {extends: '.test_instance'}
 # default-gentoo-stage3-systemd-3002-7-py3: {extends: '.test_instance'}
-# default-debian-10-3001-8-py3: {extends: '.test_instance'}
-# default-debian-9-3001-8-py3: {extends: '.test_instance'}
-# default-ubuntu-2004-3001-8-py3: {extends: '.test_instance'}
-# default-ubuntu-1804-3001-8-py3: {extends: '.test_instance'}
-# default-centos-8-3001-8-py3: {extends: '.test_instance'}
-# default-centos-7-3001-8-py3: {extends: '.test_instance'}
-# default-fedora-34-3001-8-py3: {extends: '.test_instance'}
-# default-fedora-33-3001-8-py3: {extends: '.test_instance'}
-# default-opensuse-leap-153-3001-8-py3: {extends: '.test_instance'}
-# default-opensuse-leap-152-3001-8-py3: {extends: '.test_instance'}
-# default-opensuse-tmbl-latest-3001-8-py3: {extends: '.test_instance_failure_permitted'}
-# default-amazonlinux-2-3001-8-py3: {extends: '.test_instance'}
-# default-oraclelinux-8-3001-8-py3: {extends: '.test_instance'}
-# default-oraclelinux-7-3001-8-py3: {extends: '.test_instance'}
-# default-arch-base-latest-3001-8-py3: {extends: '.test_instance'}
-# default-gentoo-stage3-latest-3001-8-py3: {extends: '.test_instance'}
-# default-gentoo-stage3-systemd-3001-8-py3: {extends: '.test_instance'}
 
 ###############################################################################
 # `release` stage: `semantic-release`
diff --git a/.travis.yml b/.travis.yml
index c72b3a90..2d4f83f4 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -89,7 +89,6 @@ jobs:
     # - env: INSTANCE=default-ubuntu-2004-tiamat-py3
     # - env: INSTANCE=default-ubuntu-1804-tiamat-py3
     # - env: INSTANCE=default-centos-stream8-tiamat-py3
-    # - env: INSTANCE=default-centos-8-tiamat-py3
     # - env: INSTANCE=default-centos-7-tiamat-py3
     # - env: INSTANCE=default-amazonlinux-2-tiamat-py3
     # - env: INSTANCE=default-oraclelinux-8-tiamat-py3
@@ -114,20 +113,13 @@ jobs:
     # - env: INSTANCE=default-centos-stream8-master-py3
     # - env: INSTANCE=passenger-centos-stream8-master-py3
     - env: INSTANCE=centos-stream8-master-py3
-    # - env: INSTANCE=default-centos-8-master-py3
-    # - env: INSTANCE=passenger-centos-8-master-py3
-    - env: INSTANCE=centos-8-master-py3
     # - env: INSTANCE=default-centos-7-master-py3
     # - env: INSTANCE=passenger-centos-7-master-py3
     - env: INSTANCE=centos-7-master-py3
     - env: INSTANCE=default-fedora-34-master-py3
     # - env: INSTANCE=fedora-34-master-py3
-    - env: INSTANCE=default-fedora-33-master-py3
-    # - env: INSTANCE=fedora-33-master-py3
     - env: INSTANCE=default-opensuse-leap-153-master-py3
     # - env: INSTANCE=opensuse-leap-153-master-py3
-    - env: INSTANCE=default-opensuse-leap-152-master-py3
-    # - env: INSTANCE=opensuse-leap-152-master-py3
     - env: INSTANCE=default-opensuse-tmbl-latest-master-py3
     # - env: INSTANCE=opensuse-tmbl-latest-master-py3
     - env: INSTANCE=default-amazonlinux-2-master-py3
@@ -155,12 +147,9 @@ jobs:
     # - env: INSTANCE=default-ubuntu-2004-3004-0-py3
     # - env: INSTANCE=default-ubuntu-1804-3004-0-py3
     # - env: INSTANCE=default-centos-stream8-3004-0-py3
-    # - env: INSTANCE=default-centos-8-3004-0-py3
     # - env: INSTANCE=default-centos-7-3004-0-py3
     # - env: INSTANCE=default-fedora-34-3004-0-py3
-    # - env: INSTANCE=default-fedora-33-3004-0-py3
     # - env: INSTANCE=default-opensuse-leap-153-3004-0-py3
-    # - env: INSTANCE=default-opensuse-leap-152-3004-0-py3
     # - env: INSTANCE=default-opensuse-tmbl-latest-3004-0-py3
     # - env: INSTANCE=default-amazonlinux-2-3004-0-py3
     # - env: INSTANCE=default-oraclelinux-8-3004-0-py3
@@ -170,61 +159,36 @@ jobs:
     # - env: INSTANCE=default-gentoo-stage3-systemd-3004-0-py3
     # - env: INSTANCE=default-almalinux-8-3004-0-py3
     # - env: INSTANCE=default-rockylinux-8-3004-0-py3
-    # - env: INSTANCE=default-debian-11-3003-3-py3
     # - env: INSTANCE=default-debian-10-3003-3-py3
     # - env: INSTANCE=default-debian-9-3003-3-py3
     # - env: INSTANCE=default-ubuntu-2004-3003-3-py3
     # - env: INSTANCE=default-ubuntu-1804-3003-3-py3
     # - env: INSTANCE=default-centos-stream8-3003-3-py3
-    # - env: INSTANCE=default-centos-8-3003-3-py3
     # - env: INSTANCE=default-centos-7-3003-3-py3
+    # - env: INSTANCE=default-fedora-35-3003-3-py3
     # - env: INSTANCE=default-fedora-34-3003-3-py3
-    # - env: INSTANCE=default-fedora-33-3003-3-py3
     # - env: INSTANCE=default-opensuse-leap-153-3003-3-py3
-    # - env: INSTANCE=default-opensuse-leap-152-3003-3-py3
     # - env: INSTANCE=default-opensuse-tmbl-latest-3003-3-py3
     # - env: INSTANCE=default-amazonlinux-2-3003-3-py3
     # - env: INSTANCE=default-oraclelinux-8-3003-3-py3
     # - env: INSTANCE=default-oraclelinux-7-3003-3-py3
-    # - env: INSTANCE=default-arch-base-latest-3003-3-py3
     # - env: INSTANCE=default-gentoo-stage3-latest-3003-3-py3
     # - env: INSTANCE=default-gentoo-stage3-systemd-3003-3-py3
     # - env: INSTANCE=default-almalinux-8-3003-3-py3
-    # - env: INSTANCE=default-debian-11-3002-7-py3
     # - env: INSTANCE=default-debian-10-3002-7-py3
     # - env: INSTANCE=default-debian-9-3002-7-py3
     # - env: INSTANCE=default-ubuntu-2004-3002-7-py3
     # - env: INSTANCE=default-ubuntu-1804-3002-7-py3
-    # - env: INSTANCE=default-centos-8-3002-7-py3
     # - env: INSTANCE=default-centos-7-3002-7-py3
+    # - env: INSTANCE=default-fedora-35-3002-7-py3
     # - env: INSTANCE=default-fedora-34-3002-7-py3
-    # - env: INSTANCE=default-fedora-33-3002-7-py3
     # - env: INSTANCE=default-opensuse-leap-153-3002-7-py3
-    # - env: INSTANCE=default-opensuse-leap-152-3002-7-py3
     # - env: INSTANCE=default-opensuse-tmbl-latest-3002-7-py3
     # - env: INSTANCE=default-amazonlinux-2-3002-7-py3
     # - env: INSTANCE=default-oraclelinux-8-3002-7-py3
     # - env: INSTANCE=default-oraclelinux-7-3002-7-py3
-    # - env: INSTANCE=default-arch-base-latest-3002-7-py3
     # - env: INSTANCE=default-gentoo-stage3-latest-3002-7-py3
     # - env: INSTANCE=default-gentoo-stage3-systemd-3002-7-py3
-    # - env: INSTANCE=default-debian-10-3001-8-py3
-    # - env: INSTANCE=default-debian-9-3001-8-py3
-    # - env: INSTANCE=default-ubuntu-2004-3001-8-py3
-    # - env: INSTANCE=default-ubuntu-1804-3001-8-py3
-    # - env: INSTANCE=default-centos-8-3001-8-py3
-    # - env: INSTANCE=default-centos-7-3001-8-py3
-    # - env: INSTANCE=default-fedora-34-3001-8-py3
-    # - env: INSTANCE=default-fedora-33-3001-8-py3
-    # - env: INSTANCE=default-opensuse-leap-153-3001-8-py3
-    # - env: INSTANCE=default-opensuse-leap-152-3001-8-py3
-    # - env: INSTANCE=default-opensuse-tmbl-latest-3001-8-py3
-    # - env: INSTANCE=default-amazonlinux-2-3001-8-py3
-    # - env: INSTANCE=default-oraclelinux-8-3001-8-py3
-    # - env: INSTANCE=default-oraclelinux-7-3001-8-py3
-    # - env: INSTANCE=default-arch-base-latest-3001-8-py3
-    # - env: INSTANCE=default-gentoo-stage3-latest-3001-8-py3
-    # - env: INSTANCE=default-gentoo-stage3-systemd-3001-8-py3
 
     ## Define the release stage that runs `semantic-release`
     - stage: 'release'
diff --git a/AUTHORS.md b/AUTHORS.md
index e2105b7f..e76bab9d 100644
--- a/AUTHORS.md
+++ b/AUTHORS.md
@@ -4,11 +4,11 @@ This list is sorted by the number of commits per contributor in _descending_ ord
 
 Avatar|Contributor|Contributions
 :-:|---|:-:
-<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/10231489?v=4' width='36' height='36' alt='@myii'>|[@myii](https://github.com/myii)|146
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/10231489?v=4' width='36' height='36' alt='@myii'>|[@myii](https://github.com/myii)|148
 <img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1800660?v=4' width='36' height='36' alt='@aboe76'>|[@aboe76](https://github.com/aboe76)|46
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/242396?v=4' width='36' height='36' alt='@javierbertoli'>|[@javierbertoli](https://github.com/javierbertoli)|28
 <img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1396878?v=4' width='36' height='36' alt='@gravyboat'>|[@gravyboat](https://github.com/gravyboat)|27
 <img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3374962?v=4' width='36' height='36' alt='@nmadhok'>|[@nmadhok](https://github.com/nmadhok)|24
-<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/242396?v=4' width='36' height='36' alt='@javierbertoli'>|[@javierbertoli](https://github.com/javierbertoli)|23
 <img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/13322818?v=4' width='36' height='36' alt='@noelmcloughlin'>|[@noelmcloughlin](https://github.com/noelmcloughlin)|19
 <img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/91293?v=4' width='36' height='36' alt='@whiteinge'>|[@whiteinge](https://github.com/whiteinge)|17
 <img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/4956475?v=4' width='36' height='36' alt='@ross-p'>|[@ross-p](https://github.com/ross-p)|13
@@ -82,4 +82,4 @@ Avatar|Contributor|Contributions
 
 ---
 
-Auto-generated by a [forked version](https://github.com/myii/maintainer) of [gaocegege/maintainer](https://github.com/gaocegege/maintainer) on 2022-02-02.
+Auto-generated by a [forked version](https://github.com/myii/maintainer) of [gaocegege/maintainer](https://github.com/gaocegege/maintainer) on 2022-02-03.
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7125d13a..361f6293 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,37 @@
 # Changelog
 
+# [2.8.0](https://github.com/saltstack-formulas/nginx-formula/compare/v2.7.5...v2.8.0) (2022-02-03)
+
+
+### Code Refactoring
+
+* **pkgs:** readbility ([b76e8cc](https://github.com/saltstack-formulas/nginx-formula/commit/b76e8cc6640943d97bc778948555ae3f45a71552))
+
+
+### Continuous Integration
+
+* **kitchen+gitlab:** update for new pre-salted images [skip ci] ([7fcb960](https://github.com/saltstack-formulas/nginx-formula/commit/7fcb9608cd838469e7c1faf2126ea8d5673d0481))
+
+
+### Features
+
+* **debian:** use keyrings instead of key_ids ([037c13a](https://github.com/saltstack-formulas/nginx-formula/commit/037c13a674d9e2850a808bcb0fe8600e4ec8b177))
+
+
+### Reverts
+
+* **pkg:** use grains.osfinger in a format suitable for all platforms ([8fee9f0](https://github.com/saltstack-formulas/nginx-formula/commit/8fee9f05bd86c549a050a5b4c555fa0d532493d3))
+
+
+### Styles
+
+* **map.jinja:** remove empty line ([ae52641](https://github.com/saltstack-formulas/nginx-formula/commit/ae52641cfc87ad576f22f0675eff436ebccf3d34))
+
+
+### Tests
+
+* **repository:** favor `platform` over `os` ([c16ecf8](https://github.com/saltstack-formulas/nginx-formula/commit/c16ecf82f52b0236a8b54b5ad984c08902b79534))
+
 ## [2.7.5](https://github.com/saltstack-formulas/nginx-formula/compare/v2.7.4...v2.7.5) (2022-02-02)
 
 
diff --git a/FORMULA b/FORMULA
index 07761522..435cdb45 100644
--- a/FORMULA
+++ b/FORMULA
@@ -1,7 +1,7 @@
 name: nginx
 os: Debian, Ubuntu, RedHat, Fedora, CentOS, Suse, openSUSE
 os_family: Debian, RedHat, Suse
-version: 2.7.5
+version: 2.8.0
 release: 1
 minimum_version: 2017.3
 summary: nginx formula
diff --git a/docs/AUTHORS.rst b/docs/AUTHORS.rst
index 69297cc1..6d955b30 100644
--- a/docs/AUTHORS.rst
+++ b/docs/AUTHORS.rst
@@ -15,19 +15,19 @@ This list is sorted by the number of commits per contributor in *descending* ord
      - Contributions
    * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/10231489?v=4' width='36' height='36' alt='@myii'>`
      - `@myii <https://github.com/myii>`_
-     - 146
+     - 148
    * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1800660?v=4' width='36' height='36' alt='@aboe76'>`
      - `@aboe76 <https://github.com/aboe76>`_
      - 46
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/242396?v=4' width='36' height='36' alt='@javierbertoli'>`
+     - `@javierbertoli <https://github.com/javierbertoli>`_
+     - 28
    * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1396878?v=4' width='36' height='36' alt='@gravyboat'>`
      - `@gravyboat <https://github.com/gravyboat>`_
      - 27
    * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3374962?v=4' width='36' height='36' alt='@nmadhok'>`
      - `@nmadhok <https://github.com/nmadhok>`_
      - 24
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/242396?v=4' width='36' height='36' alt='@javierbertoli'>`
-     - `@javierbertoli <https://github.com/javierbertoli>`_
-     - 23
    * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/13322818?v=4' width='36' height='36' alt='@noelmcloughlin'>`
      - `@noelmcloughlin <https://github.com/noelmcloughlin>`_
      - 19
@@ -242,4 +242,4 @@ This list is sorted by the number of commits per contributor in *descending* ord
 
 ----
 
-Auto-generated by a `forked version <https://github.com/myii/maintainer>`_ of `gaocegege/maintainer <https://github.com/gaocegege/maintainer>`_ on 2022-02-02.
+Auto-generated by a `forked version <https://github.com/myii/maintainer>`_ of `gaocegege/maintainer <https://github.com/gaocegege/maintainer>`_ on 2022-02-03.
diff --git a/docs/CHANGELOG.rst b/docs/CHANGELOG.rst
index 24412f49..ecfcdde0 100644
--- a/docs/CHANGELOG.rst
+++ b/docs/CHANGELOG.rst
@@ -2,6 +2,45 @@
 Changelog
 =========
 
+`2.8.0 <https://github.com/saltstack-formulas/nginx-formula/compare/v2.7.5...v2.8.0>`_ (2022-02-03)
+-------------------------------------------------------------------------------------------------------
+
+Code Refactoring
+^^^^^^^^^^^^^^^^
+
+
+* **pkgs:** readbility (\ `b76e8cc <https://github.com/saltstack-formulas/nginx-formula/commit/b76e8cc6640943d97bc778948555ae3f45a71552>`_\ )
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* **kitchen+gitlab:** update for new pre-salted images [skip ci] (\ `7fcb960 <https://github.com/saltstack-formulas/nginx-formula/commit/7fcb9608cd838469e7c1faf2126ea8d5673d0481>`_\ )
+
+Features
+^^^^^^^^
+
+
+* **debian:** use keyrings instead of key_ids (\ `037c13a <https://github.com/saltstack-formulas/nginx-formula/commit/037c13a674d9e2850a808bcb0fe8600e4ec8b177>`_\ )
+
+Reverts
+^^^^^^^
+
+
+* **pkg:** use grains.osfinger in a format suitable for all platforms (\ `8fee9f0 <https://github.com/saltstack-formulas/nginx-formula/commit/8fee9f05bd86c549a050a5b4c555fa0d532493d3>`_\ )
+
+Styles
+^^^^^^
+
+
+* **map.jinja:** remove empty line (\ `ae52641 <https://github.com/saltstack-formulas/nginx-formula/commit/ae52641cfc87ad576f22f0675eff436ebccf3d34>`_\ )
+
+Tests
+^^^^^
+
+
+* **repository:** favor ``platform`` over ``os`` (\ `c16ecf8 <https://github.com/saltstack-formulas/nginx-formula/commit/c16ecf82f52b0236a8b54b5ad984c08902b79534>`_\ )
+
 `2.7.5 <https://github.com/saltstack-formulas/nginx-formula/compare/v2.7.4...v2.7.5>`_ (2022-02-02)
 -------------------------------------------------------------------------------------------------------
 
diff --git a/docs/README.apt.keyrings.rst b/docs/README.apt.keyrings.rst
new file mode 100644
index 00000000..7319c96b
--- /dev/null
+++ b/docs/README.apt.keyrings.rst
@@ -0,0 +1,34 @@
+.. _readme_apt_keyrings:
+
+apt repositories' keyrings
+==========================
+
+Debian family of OSes deprecated the use of `apt-key` to manage repositories' keys
+in favor of using `keyring files` which contain a binary OpenPGP format of the key
+(also known as "GPG key public ring")
+
+As nginx and passenger don't provide such key files, we created them following the
+official recomendations in their sites and install the resulting files.
+
+Nginx
+-----
+
+See https://nginx.org/en/linux_packages.html#Debian for details
+
+.. code-block:: bash
+
+   $ curl -s https://nginx.org/keys/nginx_signing.key | \
+       gpg --dearmor --output nginx-archive-keyring.gpg
+
+Phusion-passenger
+-----------------
+
+See https://www.phusionpassenger.com/docs/tutorials/deploy_to_production/installations/oss/ownserver/ruby/nginx/
+for more details.
+
+.. code-block:: bash
+
+   $ gpg --keyserver keyserver.ubuntu.com \
+         --output - \
+         --recv-keys 561F9B9CAC40B2F7 | \
+     gpg --export --output phusionpassenger-archive-keyring.gpg
diff --git a/kitchen.yml b/kitchen.yml
index 39812e56..01148777 100644
--- a/kitchen.yml
+++ b/kitchen.yml
@@ -43,9 +43,6 @@ platforms:
   - name: centos-stream8-tiamat-py3
     driver:
       image: saltimages/salt-tiamat-py3:centos-stream8
-  - name: centos-8-tiamat-py3
-    driver:
-      image: saltimages/salt-tiamat-py3:centos-8
   - name: centos-7-tiamat-py3
     driver:
       image: saltimages/salt-tiamat-py3:centos-7
@@ -89,18 +86,12 @@ platforms:
   - name: centos-stream8-master-py3
     driver:
       image: saltimages/salt-master-py3:centos-stream8
-  - name: centos-8-master-py3
-    driver:
-      image: saltimages/salt-master-py3:centos-8
   - name: centos-7-master-py3
     driver:
       image: saltimages/salt-master-py3:centos-7
   - name: fedora-34-master-py3
     driver:
       image: saltimages/salt-master-py3:fedora-34
-  - name: fedora-33-master-py3
-    driver:
-      image: saltimages/salt-master-py3:fedora-33
   - name: opensuse-leap-153-master-py3
     driver:
       image: saltimages/salt-master-py3:opensuse-leap-15.3
@@ -108,13 +99,6 @@ platforms:
     # => SCP did not finish successfully (255):  (Net::SCP::Error)
     transport:
       max_ssh_sessions: 1
-  - name: opensuse-leap-152-master-py3
-    driver:
-      image: saltimages/salt-master-py3:opensuse-leap-15.2
-    # Workaround to avoid intermittent failures on `opensuse-leap-15.2`:
-    # => SCP did not finish successfully (255):  (Net::SCP::Error)
-    transport:
-      max_ssh_sessions: 1
   - name: opensuse-tmbl-latest-master-py3
     driver:
       image: saltimages/salt-master-py3:opensuse-tumbleweed-latest
@@ -172,18 +156,12 @@ platforms:
   - name: centos-stream8-3004-0-py3
     driver:
       image: saltimages/salt-3004.0-py3:centos-stream8
-  - name: centos-8-3004-0-py3
-    driver:
-      image: saltimages/salt-3004.0-py3:centos-8
   - name: centos-7-3004-0-py3
     driver:
       image: saltimages/salt-3004.0-py3:centos-7
   - name: fedora-34-3004-0-py3
     driver:
       image: saltimages/salt-3004.0-py3:fedora-34
-  - name: fedora-33-3004-0-py3
-    driver:
-      image: saltimages/salt-3004.0-py3:fedora-33
   - name: opensuse-leap-153-3004-0-py3
     driver:
       image: saltimages/salt-3004.0-py3:opensuse-leap-15.3
@@ -191,13 +169,6 @@ platforms:
     # => SCP did not finish successfully (255):  (Net::SCP::Error)
     transport:
       max_ssh_sessions: 1
-  - name: opensuse-leap-152-3004-0-py3
-    driver:
-      image: saltimages/salt-3004.0-py3:opensuse-leap-15.2
-    # Workaround to avoid intermittent failures on `opensuse-leap-15.2`:
-    # => SCP did not finish successfully (255):  (Net::SCP::Error)
-    transport:
-      max_ssh_sessions: 1
   - name: opensuse-tmbl-latest-3004-0-py3
     driver:
       image: saltimages/salt-3004.0-py3:opensuse-tumbleweed-latest
@@ -232,10 +203,6 @@ platforms:
       image: saltimages/salt-3004.0-py3:rockylinux-8
 
   ## SALT `3003.3`
-  - name: debian-11-3003-3-py3
-    driver:
-      image: saltimages/salt-3003.3-py3:debian-11
-      run_command: /lib/systemd/systemd
   - name: debian-10-3003-3-py3
     driver:
       image: saltimages/salt-3003.3-py3:debian-10
@@ -255,18 +222,15 @@ platforms:
   - name: centos-stream8-3003-3-py3
     driver:
       image: saltimages/salt-3003.3-py3:centos-stream8
-  - name: centos-8-3003-3-py3
-    driver:
-      image: saltimages/salt-3003.3-py3:centos-8
   - name: centos-7-3003-3-py3
     driver:
       image: saltimages/salt-3003.3-py3:centos-7
+  - name: fedora-35-3003-3-py3
+    driver:
+      image: saltimages/salt-3003.3-py3:fedora-35
   - name: fedora-34-3003-3-py3
     driver:
       image: saltimages/salt-3003.3-py3:fedora-34
-  - name: fedora-33-3003-3-py3
-    driver:
-      image: saltimages/salt-3003.3-py3:fedora-33
   - name: opensuse-leap-153-3003-3-py3
     driver:
       image: saltimages/salt-3003.3-py3:opensuse-leap-15.3
@@ -274,13 +238,6 @@ platforms:
     # => SCP did not finish successfully (255):  (Net::SCP::Error)
     transport:
       max_ssh_sessions: 1
-  - name: opensuse-leap-152-3003-3-py3
-    driver:
-      image: saltimages/salt-3003.3-py3:opensuse-leap-15.2
-    # Workaround to avoid intermittent failures on `opensuse-leap-15.2`:
-    # => SCP did not finish successfully (255):  (Net::SCP::Error)
-    transport:
-      max_ssh_sessions: 1
   - name: opensuse-tmbl-latest-3003-3-py3
     driver:
       image: saltimages/salt-3003.3-py3:opensuse-tumbleweed-latest
@@ -297,9 +254,6 @@ platforms:
   - name: oraclelinux-7-3003-3-py3
     driver:
       image: saltimages/salt-3003.3-py3:oraclelinux-7
-  - name: arch-base-latest-3003-3-py3
-    driver:
-      image: saltimages/salt-3003.3-py3:arch-base-latest
   - name: gentoo-stage3-latest-3003-3-py3
     driver:
       image: saltimages/salt-3003.3-py3:gentoo-stage3-latest
@@ -312,10 +266,6 @@ platforms:
       image: saltimages/salt-3003.3-py3:almalinux-8
 
   ## SALT `3002.7`
-  - name: debian-11-3002-7-py3
-    driver:
-      image: saltimages/salt-3002.7-py3:debian-11
-      run_command: /lib/systemd/systemd
   - name: debian-10-3002-7-py3
     driver:
       image: saltimages/salt-3002.7-py3:debian-10
@@ -332,18 +282,15 @@ platforms:
     driver:
       image: saltimages/salt-3002.7-py3:ubuntu-18.04
       run_command: /lib/systemd/systemd
-  - name: centos-8-3002-7-py3
-    driver:
-      image: saltimages/salt-3002.7-py3:centos-8
   - name: centos-7-3002-7-py3
     driver:
       image: saltimages/salt-3002.7-py3:centos-7
+  - name: fedora-35-3002-7-py3
+    driver:
+      image: saltimages/salt-3002.7-py3:fedora-35
   - name: fedora-34-3002-7-py3
     driver:
       image: saltimages/salt-3002.7-py3:fedora-34
-  - name: fedora-33-3002-7-py3
-    driver:
-      image: saltimages/salt-3002.7-py3:fedora-33
   - name: opensuse-leap-153-3002-7-py3
     driver:
       image: saltimages/salt-3002.7-py3:opensuse-leap-15.3
@@ -351,13 +298,6 @@ platforms:
     # => SCP did not finish successfully (255):  (Net::SCP::Error)
     transport:
       max_ssh_sessions: 1
-  - name: opensuse-leap-152-3002-7-py3
-    driver:
-      image: saltimages/salt-3002.7-py3:opensuse-leap-15.2
-    # Workaround to avoid intermittent failures on `opensuse-leap-15.2`:
-    # => SCP did not finish successfully (255):  (Net::SCP::Error)
-    transport:
-      max_ssh_sessions: 1
   - name: opensuse-tmbl-latest-3002-7-py3
     driver:
       image: saltimages/salt-3002.7-py3:opensuse-tumbleweed-latest
@@ -374,9 +314,6 @@ platforms:
   - name: oraclelinux-7-3002-7-py3
     driver:
       image: saltimages/salt-3002.7-py3:oraclelinux-7
-  - name: arch-base-latest-3002-7-py3
-    driver:
-      image: saltimages/salt-3002.7-py3:arch-base-latest
   - name: gentoo-stage3-latest-3002-7-py3
     driver:
       image: saltimages/salt-3002.7-py3:gentoo-stage3-latest
@@ -385,76 +322,6 @@ platforms:
     driver:
       image: saltimages/salt-3002.7-py3:gentoo-stage3-systemd
 
-  ## SALT `3001.8`
-  - name: debian-10-3001-8-py3
-    driver:
-      image: saltimages/salt-3001.8-py3:debian-10
-      run_command: /lib/systemd/systemd
-  - name: debian-9-3001-8-py3
-    driver:
-      image: saltimages/salt-3001.8-py3:debian-9
-      run_command: /lib/systemd/systemd
-  - name: ubuntu-2004-3001-8-py3
-    driver:
-      image: saltimages/salt-3001.8-py3:ubuntu-20.04
-      run_command: /lib/systemd/systemd
-  - name: ubuntu-1804-3001-8-py3
-    driver:
-      image: saltimages/salt-3001.8-py3:ubuntu-18.04
-      run_command: /lib/systemd/systemd
-  - name: centos-8-3001-8-py3
-    driver:
-      image: saltimages/salt-3001.8-py3:centos-8
-  - name: centos-7-3001-8-py3
-    driver:
-      image: saltimages/salt-3001.8-py3:centos-7
-  - name: fedora-34-3001-8-py3
-    driver:
-      image: saltimages/salt-3001.8-py3:fedora-34
-  - name: fedora-33-3001-8-py3
-    driver:
-      image: saltimages/salt-3001.8-py3:fedora-33
-  - name: opensuse-leap-153-3001-8-py3
-    driver:
-      image: saltimages/salt-3001.8-py3:opensuse-leap-15.3
-    # Workaround to avoid intermittent failures on `opensuse-leap-15.3`:
-    # => SCP did not finish successfully (255):  (Net::SCP::Error)
-    transport:
-      max_ssh_sessions: 1
-  - name: opensuse-leap-152-3001-8-py3
-    driver:
-      image: saltimages/salt-3001.8-py3:opensuse-leap-15.2
-    # Workaround to avoid intermittent failures on `opensuse-leap-15.2`:
-    # => SCP did not finish successfully (255):  (Net::SCP::Error)
-    transport:
-      max_ssh_sessions: 1
-  - name: opensuse-tmbl-latest-3001-8-py3
-    driver:
-      image: saltimages/salt-3001.8-py3:opensuse-tumbleweed-latest
-    # Workaround to avoid intermittent failures on `opensuse-tumbleweed`:
-    # => SCP did not finish successfully (255):  (Net::SCP::Error)
-    transport:
-      max_ssh_sessions: 1
-  - name: amazonlinux-2-3001-8-py3
-    driver:
-      image: saltimages/salt-3001.8-py3:amazonlinux-2
-  - name: oraclelinux-8-3001-8-py3
-    driver:
-      image: saltimages/salt-3001.8-py3:oraclelinux-8
-  - name: oraclelinux-7-3001-8-py3
-    driver:
-      image: saltimages/salt-3001.8-py3:oraclelinux-7
-  - name: arch-base-latest-3001-8-py3
-    driver:
-      image: saltimages/salt-3001.8-py3:arch-base-latest
-  - name: gentoo-stage3-latest-3001-8-py3
-    driver:
-      image: saltimages/salt-3001.8-py3:gentoo-stage3-latest
-      run_command: /sbin/init
-  - name: gentoo-stage3-systemd-3001-8-py3
-    driver:
-      image: saltimages/salt-3001.8-py3:gentoo-stage3-systemd
-
 verifier:
   # https://www.inspec.io/
   name: inspec
@@ -493,7 +360,6 @@ suites:
       - ubuntu-2004-tiamat-py3
       - ubuntu-1804-tiamat-py3
       - centos-stream8-tiamat-py3
-      - centos-8-tiamat-py3
       - centos-7-tiamat-py3
       - oraclelinux-8-tiamat-py3
       - almalinux-8-tiamat-py3
@@ -504,7 +370,6 @@ suites:
       - ubuntu-2004-master-py3
       - ubuntu-1804-master-py3
       - centos-stream8-master-py3
-      - centos-8-master-py3
       - centos-7-master-py3
       - oraclelinux-8-master-py3
       - almalinux-8-master-py3
@@ -515,36 +380,24 @@ suites:
       - ubuntu-2004-3004-0-py3
       - ubuntu-1804-3004-0-py3
       - centos-stream8-3004-0-py3
-      - centos-8-3004-0-py3
       - centos-7-3004-0-py3
       - oraclelinux-8-3004-0-py3
       - almalinux-8-3004-0-py3
       - rockylinux-8-3004-0-py3
-      - debian-11-3003-3-py3
       - debian-10-3003-3-py3
       - debian-9-3003-3-py3
       - ubuntu-2004-3003-3-py3
       - ubuntu-1804-3003-3-py3
       - centos-stream8-3003-3-py3
-      - centos-8-3003-3-py3
       - centos-7-3003-3-py3
       - oraclelinux-8-3003-3-py3
       - almalinux-8-3003-3-py3
-      - debian-11-3002-7-py3
       - debian-10-3002-7-py3
       - debian-9-3002-7-py3
       - ubuntu-2004-3002-7-py3
       - ubuntu-1804-3002-7-py3
-      - centos-8-3002-7-py3
       - centos-7-3002-7-py3
       - oraclelinux-8-3002-7-py3
-      - debian-10-3001-8-py3
-      - debian-9-3001-8-py3
-      - ubuntu-2004-3001-8-py3
-      - ubuntu-1804-3001-8-py3
-      - centos-8-3001-8-py3
-      - centos-7-3001-8-py3
-      - oraclelinux-8-3001-8-py3
     provisioner:
       state_top:
         base:
diff --git a/nginx/files/default/nginx-archive-keyring.gpg b/nginx/files/default/nginx-archive-keyring.gpg
new file mode 100644
index 00000000..82b5bff0
Binary files /dev/null and b/nginx/files/default/nginx-archive-keyring.gpg differ
diff --git a/nginx/files/default/phusionpassenger-archive-keyring.gpg b/nginx/files/default/phusionpassenger-archive-keyring.gpg
new file mode 100644
index 00000000..ee1337f9
Binary files /dev/null and b/nginx/files/default/phusionpassenger-archive-keyring.gpg differ
diff --git a/nginx/map.jinja b/nginx/map.jinja
index 77b41ca4..22f1e2e8 100644
--- a/nginx/map.jinja
+++ b/nginx/map.jinja
@@ -19,6 +19,8 @@
             'server_use_symlink': True,
             'pid_file': '/run/nginx.pid',
             'openssl_package': 'openssl',
+            'package_repo_keyring': '/usr/share/keyrings/nginx-archive-keyring.gpg',
+            'passenger_package_repo_keyring': '/usr/share/keyrings/phusionpassenger-archive-keyring.gpg',
         },
         'CentOS': {
             'package': 'nginx',
diff --git a/nginx/pkg.sls b/nginx/pkg.sls
index a136e188..aec0bea7 100644
--- a/nginx/pkg.sls
+++ b/nginx/pkg.sls
@@ -2,7 +2,11 @@
 #
 # Manages installation of nginx from pkg.
 
-{% from 'nginx/map.jinja' import nginx, sls_block with context %}
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import nginx, sls_block with context %}
+{%- from tplroot ~ "/libtofs.jinja" import files_switch with context %}
+
 {%- if nginx.install_from_repo %}
   {% set from_official = true %}
   {% set from_ppa = false %}
@@ -33,7 +37,19 @@ nginx_install:
     - name: {{ nginx.lookup.package }}
     {% endif %}
 
-{% if salt['grains.get']('os_family') == 'Debian' %}
+{% if grains.os_family == 'Debian' %}
+  {%- if from_official %}
+nginx_official_repo_keyring:
+  file.managed:
+    - name: {{ nginx.lookup.package_repo_keyring }}
+    - source: {{ files_switch(['nginx-archive-keyring.gpg'],
+                              lookup='nginx_official_repo_keyring'
+                 )
+              }}
+    - require_in:
+      - pkgrepo: nginx_official_repo
+  {%- endif %}
+
 nginx_official_repo:
   pkgrepo:
     {%- if from_official %}
@@ -42,10 +58,10 @@ nginx_official_repo:
     - absent
     {%- endif %}
     - humanname: nginx apt repo
-    - name: deb http://nginx.org/packages/{{ grains['os'].lower() }}/ {{ grains['oscodename'] }} nginx
-    - file: /etc/apt/sources.list.d/nginx-official-{{ grains['oscodename'] }}.list
-    - keyid: ABF5BD827BD9BF62
-    - keyserver: keyserver.ubuntu.com
+    - name: >-
+        deb [signed-by={{ nginx.lookup.package_repo_keyring }}]
+        http://nginx.org/packages/{{ grains.os | lower }}/ {{ grains.oscodename }} nginx
+    - file: /etc/apt/sources.list.d/nginx-official-{{ grains.oscodename }}.list
     - require_in:
       - pkg: nginx_install
     - watch_in:
@@ -60,10 +76,10 @@ nginx_ppa_repo:
     {%- else %}
     - absent
     {%- endif %}
-    {% if salt['grains.get']('os') == 'Ubuntu' %}
+    {% if grains.os == 'Ubuntu' %}
     - ppa: nginx/{{ nginx.ppa_version }}
     {% else %}
-    - name: deb http://ppa.launchpad.net/nginx/{{ nginx.ppa_version }}/ubuntu {{ grains['oscodename'] }} main
+    - name: deb http://ppa.launchpad.net/nginx/{{ nginx.ppa_version }}/ubuntu {{ grains.oscodename }} main
     - keyid: C300EE8C
     - keyserver: keyserver.ubuntu.com
     {% endif %}
@@ -73,6 +89,30 @@ nginx_ppa_repo:
       - pkg: nginx_install
    {%- endif %}
 
+  {%- if from_phusionpassenger %}
+nginx_phusionpassenger_repo_keyring:
+  file.managed:
+    - name: /usr/share/keyrings/phusionpassenger-archive-keyring.gpg
+    - source: {{ files_switch(['phusionpassenger-archive-keyring.gpg'],
+                              lookup='nginx_phusionpassenger_repo_keyring'
+                 )
+              }}
+    - require_in:
+      - pkgrepo: nginx_phusionpassenger_repo
+
+# Remove the old repo file
+nginx_phusionpassenger_repo_remove:
+  pkgrepo.absent:
+    - name: deb http://nginx.org/packages/{{ grains.os |lower }}/ {{ grains.oscodename }} nginx
+    - keyid: 561F9B9CAC40B2F7
+    - require_in:
+      - pkgrepo: nginx_phusionpassenger_repo
+  file.absent:
+    - name: /etc/apt/sources.list.d/nginx-phusionpassenger-{{ grains.oscodename }}.list
+    - require_in:
+      - pkgrepo: nginx_phusionpassenger_repo
+  {%- endif %}
+
 nginx_phusionpassenger_repo:
   pkgrepo:
     {%- if from_phusionpassenger %}
@@ -81,17 +121,17 @@ nginx_phusionpassenger_repo:
     - absent
     {%- endif %}
     - humanname: nginx phusionpassenger repo
-    - name: deb https://oss-binaries.phusionpassenger.com/apt/passenger {{ grains['oscodename'] }} main
-    - file: /etc/apt/sources.list.d/nginx-phusionpassenger-{{ grains['oscodename'] }}.list
-    - keyid: 561F9B9CAC40B2F7
-    - keyserver: keyserver.ubuntu.com
+    - name: >-
+        deb [signed-by={{ nginx.lookup.passenger_package_repo_keyring }}]
+        https://oss-binaries.phusionpassenger.com/apt/passenger {{ grains.oscodename }} main
+    - file: /etc/apt/sources.list.d/phusionpassenger-official-{{ grains.oscodename }}.list
     - require_in:
       - pkg: nginx_install
     - watch_in:
       - pkg: nginx_install
 {% endif %}
 
-{% if salt['grains.get']('os_family') == 'Suse' or salt['grains.get']('os') == 'SUSE' %}
+{% if grains.os_family == 'Suse' or grains.os == 'SUSE' %}
 nginx_zypp_repo:
   pkgrepo:
     {%- if from_official %}
@@ -112,8 +152,8 @@ nginx_zypp_repo:
       - pkg: nginx_install
 {% endif %}
 
-{% if salt['grains.get']('os_family') == 'RedHat' %}
-{%   if salt['grains.get']('osfinger', '') in ['Amazon Linux-2'] %}
+{% if grains.os_family == 'RedHat' %}
+  {% if grains.get('osfinger', '') == 'Amazon Linux-2' %}
 nginx_epel_repo:
   pkgrepo.managed:
     - name: epel
@@ -138,7 +178,7 @@ nginx_yum_repo:
     {%- endif %}
     - name: nginx
     - humanname: nginx repo
-    {%- if salt['grains.get']('os') == 'CentOS' %}
+    {%- if grains.os == 'CentOS' %}
     - baseurl: 'http://nginx.org/packages/centos/$releasever/$basearch/'
     {%- else %}
     - baseurl: 'http://nginx.org/packages/rhel/{{ nginx.lookup.rh_os_releasever }}/$basearch/'
diff --git a/test/integration/passenger/controls/repository.rb b/test/integration/passenger/controls/repository.rb
new file mode 100644
index 00000000..decd4f63
--- /dev/null
+++ b/test/integration/passenger/controls/repository.rb
@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+case platform.family
+when 'redhat'
+  repo_file = '/etc/yum.repos.d/passenger.repo'
+  repo_url = 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch'
+when 'debian'
+  # Inspec does not provide a `codename` matcher, so we add ours
+  finger_codename = {
+    'ubuntu-18.04' => 'bionic',
+    'ubuntu-20.04' => 'focal',
+    'debian-9' => 'stretch',
+    'debian-10' => 'buster',
+    'debian-11' => 'bullseye'
+  }
+  codename = finger_codename[system.platform[:finger]]
+
+  repo_keyring = '/usr/share/keyrings/phusionpassenger-archive-keyring.gpg'
+  repo_file = "/etc/apt/sources.list.d/phusionpassenger-official-#{codename}.list"
+  # rubocop:disable Metrics/LineLength
+  repo_url = "deb [signed-by=#{repo_keyring}] https://oss-binaries.phusionpassenger.com/apt/passenger #{codename} main"
+  # rubocop:enable Metrics/LineLength
+end
+
+control 'Phusion-passenger repository keyring' do
+  title 'should be installed'
+
+  only_if('Requirement for Debian family') do
+    os.debian?
+  end
+
+  describe file(repo_keyring) do
+    it { should exist }
+    it { should be_owned_by 'root' }
+    it { should be_grouped_into 'root' }
+    its('mode') { should cmp '0644' }
+  end
+end
+
+control 'Phusion-passenger repository' do
+  impact 1
+  title 'should be configured'
+  describe file(repo_file) do
+    its('content') { should include repo_url }
+  end
+end