Add ability to add extra apt keys

Adds an environment variable DIB_ADD_APT_KEYS pointing to a folder of apt repo GPG keys. Each key will be verified and installed with apt-key to the apt keyring. Change-Id: I4b15347a76aa3241e741931bb94f17598641ae42
2014-03-27 15:49:43 -06:00 · 2014-03-27 15:49:43 -06:00 · 2408569566
commit 2408569566
parent b9189a204f
3 changed files with 74 additions and 0 deletions
--- a/elements/dpkg/README.md
+++ b/elements/dpkg/README.md
@ -6,3 +6,7 @@ HTTP proxy when installing packages. These customisations live here, where they
 can be used by any dpkg based element.

 The dpkg specific version of install-packages is also kept here.
+
+If an extra or updated apt key is needed then define DIB\_ADD\_APT\_KEYS with
+the path to a folder. Any key files inside will be added to the key ring before
+any apt-get commands take place.
--- a/elements/dpkg/extra-data.d/01-copy-apt-keys
+++ b/elements/dpkg/extra-data.d/01-copy-apt-keys
@ -0,0 +1,37 @@
+#!/bin/bash
+#
+# Copyright 2014 Hewlett-Packard Development Company, L.P.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+set -eu
+set -o pipefail
+
+DIB_ADD_APT_KEYS=${DIB_ADD_APT_KEYS:-""}
+if [ -z "${DIB_ADD_APT_KEYS}" ]; then
+    echo "DIB_ADD_APT_KEYS is not set - not importing keys"
+    exit 0
+fi
+
+DIR=${TMP_MOUNT_PATH}/tmp/apt_keys
+if [ -e ${DIR} ]; then
+    echo "${DIR} already exists!"
+    exit 1
+fi
+sudo mkdir -p ${DIR}
+
+# Copy to DIR
+for KEY in $(find ${DIB_ADD_APT_KEYS} -type f); do
+    sudo cp -L ${KEY} ${DIR}
+done
--- a/elements/dpkg/pre-install.d/02-add-apt-keys
+++ b/elements/dpkg/pre-install.d/02-add-apt-keys
@ -0,0 +1,33 @@
+#!/bin/bash
+#
+# Copyright 2014 Hewlett-Packard Development Company, L.P.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+set -eu
+set -o pipefail
+
+KEY_DIRECTORY=/tmp/apt_keys
+if [ ! -d "${KEY_DIRECTORY}" ]; then
+    exit 0
+fi
+
+for KEY in ${KEY_DIRECTORY}/*; do
+    if ! file -b "${KEY}" | grep -q 'PGP public key block'; then
+        echo "Skipping ${KEY}, not a valid GPG public key"
+        continue
+    fi
+
+    apt-key add ${KEY}
+done