improve the GPG key import setup for RPM repos

This commit is contained in:
Pratham Patel 2023-11-20 15:15:49 +05:30
parent 10d911f885
commit ade8066221
No known key found for this signature in database

View File

@ -7,12 +7,6 @@ DNF_RELEASEVER="$(dnf config-manager --dump-variables | grep 'releasever' | awk
# Setup networking temporarily # Setup networking temporarily
[ -f /etc/resolv.conf ] || echo "nameserver 1.1.1.1" > /etc/resolv.conf [ -f /etc/resolv.conf ] || echo "nameserver 1.1.1.1" > /etc/resolv.conf
# import the key manually, since it does not get automatically get imported...
wget "https://download.rockylinux.org/pub/sig/${DNF_RELEASEVER}/altarch/${MACHINE_ARCH}/altarch-common/RPM-GPG-KEY-Rocky-SIG-AltArch"
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
rpm --import RPM-GPG-KEY-Rocky-SIG-AltArch
rm RPM-GPG-KEY-Rocky-SIG-AltArch
# This repository is a given since it provides 'uboot-images-armv8' and # This repository is a given since it provides 'uboot-images-armv8' and
# 'uboot-tools', which are **required**. # 'uboot-tools', which are **required**.
dnf config-manager --assumeyes --add-repo "https://download.rockylinux.org/pub/sig/${DNF_RELEASEVER}/altarch/${MACHINE_ARCH}/altarch-common" dnf config-manager --assumeyes --add-repo "https://download.rockylinux.org/pub/sig/${DNF_RELEASEVER}/altarch/${MACHINE_ARCH}/altarch-common"
@ -20,6 +14,12 @@ if ! dnf repolist --enabled | grep "download.rockylinux.org_pub_sig_${DNF_RELEAS
dnf config-manager --set-enabled "download.rockylinux.org_pub_sig_${DNF_RELEASEVER}_altarch_${MACHINE_ARCH}_altarch-common" || exit 1 dnf config-manager --set-enabled "download.rockylinux.org_pub_sig_${DNF_RELEASEVER}_altarch_${MACHINE_ARCH}_altarch-common" || exit 1
fi fi
# import the SIG/AltArch key manually, since it does not get automatically get imported...
wget "https://download.rockylinux.org/pub/sig/${DNF_RELEASEVER}/altarch/${MACHINE_ARCH}/altarch-common/RPM-GPG-KEY-Rocky-SIG-AltArch"
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
rpm --import RPM-GPG-KEY-Rocky-SIG-AltArch
rm RPM-GPG-KEY-Rocky-SIG-AltArch
# Enable EPEL if packages are installed from EPEL # Enable EPEL if packages are installed from EPEL
if dnf list installed | grep '@epel' > /dev/null || dnf list installed | grep 'epel-release' > /dev/null; then if dnf list installed | grep '@epel' > /dev/null || dnf list installed | grep 'epel-release' > /dev/null; then
dnf install --assumeyes epel-release dnf install --assumeyes epel-release
@ -40,6 +40,11 @@ if ! dnf repolist --enabled | grep 'copr:copr.fedorainfracloud.org:prathampatel:
fi fi
echo 'metadata_expire=1200' | tee -a '/etc/yum.repos.d/_copr:copr.fedorainfracloud.org:prathampatel:kernel-tfg.repo' echo 'metadata_expire=1200' | tee -a '/etc/yum.repos.d/_copr:copr.fedorainfracloud.org:prathampatel:kernel-tfg.repo'
# manually import the GPG key for my COPR
wget 'https://download.copr.fedorainfracloud.org/results/prathampatel/kernel-elrepo/pubkey.gpg'
rpm --import pubkey.gpg
rm pubkey.gpg
# this has kernels with elrepo + sbc enablement # this has kernels with elrepo + sbc enablement
dnf copr enable --assumeyes prathampatel/kernel-elrepo "rhel-${DNF_RELEASEVER}-${MACHINE_ARCH}" dnf copr enable --assumeyes prathampatel/kernel-elrepo "rhel-${DNF_RELEASEVER}-${MACHINE_ARCH}"
if ! dnf repolist --enabled | grep 'copr:copr.fedorainfracloud.org:prathampatel:kernel-elrepo' > /dev/null; then if ! dnf repolist --enabled | grep 'copr:copr.fedorainfracloud.org:prathampatel:kernel-elrepo' > /dev/null; then