From 240856956606585113f4c76fc55d3a5645f7230a Mon Sep 17 00:00:00 2001 From: Steven DuChene Date: Thu, 27 Mar 2014 15:49:43 -0600 Subject: [PATCH] Add ability to add extra apt keys Adds an environment variable DIB_ADD_APT_KEYS pointing to a folder of apt repo GPG keys. Each key will be verified and installed with apt-key to the apt keyring. Change-Id: I4b15347a76aa3241e741931bb94f17598641ae42 --- elements/dpkg/README.md | 4 +++ elements/dpkg/extra-data.d/01-copy-apt-keys | 37 +++++++++++++++++++++ elements/dpkg/pre-install.d/02-add-apt-keys | 33 ++++++++++++++++++ 3 files changed, 74 insertions(+) create mode 100755 elements/dpkg/extra-data.d/01-copy-apt-keys create mode 100755 elements/dpkg/pre-install.d/02-add-apt-keys diff --git a/elements/dpkg/README.md b/elements/dpkg/README.md index c4e72591..b204d425 100644 --- a/elements/dpkg/README.md +++ b/elements/dpkg/README.md @@ -6,3 +6,7 @@ HTTP proxy when installing packages. These customisations live here, where they can be used by any dpkg based element. The dpkg specific version of install-packages is also kept here. + +If an extra or updated apt key is needed then define DIB\_ADD\_APT\_KEYS with +the path to a folder. Any key files inside will be added to the key ring before +any apt-get commands take place. diff --git a/elements/dpkg/extra-data.d/01-copy-apt-keys b/elements/dpkg/extra-data.d/01-copy-apt-keys new file mode 100755 index 00000000..27607e00 --- /dev/null +++ b/elements/dpkg/extra-data.d/01-copy-apt-keys @@ -0,0 +1,37 @@ +#!/bin/bash +# +# Copyright 2014 Hewlett-Packard Development Company, L.P. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -eu +set -o pipefail + +DIB_ADD_APT_KEYS=${DIB_ADD_APT_KEYS:-""} +if [ -z "${DIB_ADD_APT_KEYS}" ]; then + echo "DIB_ADD_APT_KEYS is not set - not importing keys" + exit 0 +fi + +DIR=${TMP_MOUNT_PATH}/tmp/apt_keys +if [ -e ${DIR} ]; then + echo "${DIR} already exists!" + exit 1 +fi +sudo mkdir -p ${DIR} + +# Copy to DIR +for KEY in $(find ${DIB_ADD_APT_KEYS} -type f); do + sudo cp -L ${KEY} ${DIR} +done diff --git a/elements/dpkg/pre-install.d/02-add-apt-keys b/elements/dpkg/pre-install.d/02-add-apt-keys new file mode 100755 index 00000000..59210558 --- /dev/null +++ b/elements/dpkg/pre-install.d/02-add-apt-keys @@ -0,0 +1,33 @@ +#!/bin/bash +# +# Copyright 2014 Hewlett-Packard Development Company, L.P. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -eu +set -o pipefail + +KEY_DIRECTORY=/tmp/apt_keys +if [ ! -d "${KEY_DIRECTORY}" ]; then + exit 0 +fi + +for KEY in ${KEY_DIRECTORY}/*; do + if ! file -b "${KEY}" | grep -q 'PGP public key block'; then + echo "Skipping ${KEY}, not a valid GPG public key" + continue + fi + + apt-key add ${KEY} +done