Add ability to add extra apt keys

Adds an environment variable DIB_ADD_APT_KEYS pointing to a folder of
apt repo GPG keys. Each key will be verified and installed with apt-key
to the apt keyring.

Change-Id: I4b15347a76aa3241e741931bb94f17598641ae42
This commit is contained in:
Steven DuChene 2014-03-27 15:49:43 -06:00 committed by Alexis Lee
parent b9189a204f
commit 2408569566
3 changed files with 74 additions and 0 deletions

View File

@ -6,3 +6,7 @@ HTTP proxy when installing packages. These customisations live here, where they
can be used by any dpkg based element. can be used by any dpkg based element.
The dpkg specific version of install-packages is also kept here. The dpkg specific version of install-packages is also kept here.
If an extra or updated apt key is needed then define DIB\_ADD\_APT\_KEYS with
the path to a folder. Any key files inside will be added to the key ring before
any apt-get commands take place.

View File

@ -0,0 +1,37 @@
#!/bin/bash
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -eu
set -o pipefail
DIB_ADD_APT_KEYS=${DIB_ADD_APT_KEYS:-""}
if [ -z "${DIB_ADD_APT_KEYS}" ]; then
echo "DIB_ADD_APT_KEYS is not set - not importing keys"
exit 0
fi
DIR=${TMP_MOUNT_PATH}/tmp/apt_keys
if [ -e ${DIR} ]; then
echo "${DIR} already exists!"
exit 1
fi
sudo mkdir -p ${DIR}
# Copy to DIR
for KEY in $(find ${DIB_ADD_APT_KEYS} -type f); do
sudo cp -L ${KEY} ${DIR}
done

View File

@ -0,0 +1,33 @@
#!/bin/bash
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -eu
set -o pipefail
KEY_DIRECTORY=/tmp/apt_keys
if [ ! -d "${KEY_DIRECTORY}" ]; then
exit 0
fi
for KEY in ${KEY_DIRECTORY}/*; do
if ! file -b "${KEY}" | grep -q 'PGP public key block'; then
echo "Skipping ${KEY}, not a valid GPG public key"
continue
fi
apt-key add ${KEY}
done