From ade8066221b24a1443787023e0a700be4a1ad00e Mon Sep 17 00:00:00 2001 From: Pratham Patel Date: Mon, 20 Nov 2023 15:15:49 +0530 Subject: [PATCH] improve the GPG key import setup for RPM repos --- includes/post/rpm-repos-enable.ksi | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/includes/post/rpm-repos-enable.ksi b/includes/post/rpm-repos-enable.ksi index 5803c2d..be0a325 100644 --- a/includes/post/rpm-repos-enable.ksi +++ b/includes/post/rpm-repos-enable.ksi @@ -7,12 +7,6 @@ DNF_RELEASEVER="$(dnf config-manager --dump-variables | grep 'releasever' | awk # Setup networking temporarily [ -f /etc/resolv.conf ] || echo "nameserver 1.1.1.1" > /etc/resolv.conf -# import the key manually, since it does not get automatically get imported... -wget "https://download.rockylinux.org/pub/sig/${DNF_RELEASEVER}/altarch/${MACHINE_ARCH}/altarch-common/RPM-GPG-KEY-Rocky-SIG-AltArch" -rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 -rpm --import RPM-GPG-KEY-Rocky-SIG-AltArch -rm RPM-GPG-KEY-Rocky-SIG-AltArch - # This repository is a given since it provides 'uboot-images-armv8' and # 'uboot-tools', which are **required**. dnf config-manager --assumeyes --add-repo "https://download.rockylinux.org/pub/sig/${DNF_RELEASEVER}/altarch/${MACHINE_ARCH}/altarch-common" @@ -20,6 +14,12 @@ if ! dnf repolist --enabled | grep "download.rockylinux.org_pub_sig_${DNF_RELEAS dnf config-manager --set-enabled "download.rockylinux.org_pub_sig_${DNF_RELEASEVER}_altarch_${MACHINE_ARCH}_altarch-common" || exit 1 fi +# import the SIG/AltArch key manually, since it does not get automatically get imported... +wget "https://download.rockylinux.org/pub/sig/${DNF_RELEASEVER}/altarch/${MACHINE_ARCH}/altarch-common/RPM-GPG-KEY-Rocky-SIG-AltArch" +rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 +rpm --import RPM-GPG-KEY-Rocky-SIG-AltArch +rm RPM-GPG-KEY-Rocky-SIG-AltArch + # Enable EPEL if packages are installed from EPEL if dnf list installed | grep '@epel' > /dev/null || dnf list installed | grep 'epel-release' > /dev/null; then dnf install --assumeyes epel-release @@ -40,6 +40,11 @@ if ! dnf repolist --enabled | grep 'copr:copr.fedorainfracloud.org:prathampatel: fi echo 'metadata_expire=1200' | tee -a '/etc/yum.repos.d/_copr:copr.fedorainfracloud.org:prathampatel:kernel-tfg.repo' +# manually import the GPG key for my COPR +wget 'https://download.copr.fedorainfracloud.org/results/prathampatel/kernel-elrepo/pubkey.gpg' +rpm --import pubkey.gpg +rm pubkey.gpg + # this has kernels with elrepo + sbc enablement dnf copr enable --assumeyes prathampatel/kernel-elrepo "rhel-${DNF_RELEASEVER}-${MACHINE_ARCH}" if ! dnf repolist --enabled | grep 'copr:copr.fedorainfracloud.org:prathampatel:kernel-elrepo' > /dev/null; then