Add ability to add extra apt keys

Adds an environment variable DIB_ADD_APT_KEYS pointing to a folder of
apt repo GPG keys. Each key will be verified and installed with apt-key
to the apt keyring.

Change-Id: I4b15347a76aa3241e741931bb94f17598641ae42
This commit is contained in:
Steven DuChene 2014-03-27 15:49:43 -06:00 committed by Alexis Lee
parent b9189a204f
commit 2408569566
3 changed files with 74 additions and 0 deletions

View File

@ -6,3 +6,7 @@ HTTP proxy when installing packages. These customisations live here, where they
can be used by any dpkg based element.
The dpkg specific version of install-packages is also kept here.
If an extra or updated apt key is needed then define DIB\_ADD\_APT\_KEYS with
the path to a folder. Any key files inside will be added to the key ring before
any apt-get commands take place.

View File

@ -0,0 +1,37 @@
#!/bin/bash
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -eu
set -o pipefail
DIB_ADD_APT_KEYS=${DIB_ADD_APT_KEYS:-""}
if [ -z "${DIB_ADD_APT_KEYS}" ]; then
echo "DIB_ADD_APT_KEYS is not set - not importing keys"
exit 0
fi
DIR=${TMP_MOUNT_PATH}/tmp/apt_keys
if [ -e ${DIR} ]; then
echo "${DIR} already exists!"
exit 1
fi
sudo mkdir -p ${DIR}
# Copy to DIR
for KEY in $(find ${DIB_ADD_APT_KEYS} -type f); do
sudo cp -L ${KEY} ${DIR}
done

View File

@ -0,0 +1,33 @@
#!/bin/bash
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -eu
set -o pipefail
KEY_DIRECTORY=/tmp/apt_keys
if [ ! -d "${KEY_DIRECTORY}" ]; then
exit 0
fi
for KEY in ${KEY_DIRECTORY}/*; do
if ! file -b "${KEY}" | grep -q 'PGP public key block'; then
echo "Skipping ${KEY}, not a valid GPG public key"
continue
fi
apt-key add ${KEY}
done