Copy apt gpg keys directly into trusted.gpg.d
This avoids having to have gnupg2/apt-key dependencies in the base, and is now well supported by modern Debuntu. Signed-off-by: Matthew Thode <mthode@mthode.org> Change-Id: I7065b2fab6125d9635ef99ff65d374b8b6b4c3a2
This commit is contained in:
parent
d140cc239a
commit
8cc08418d7
@ -0,0 +1 @@
|
||||
export DIB_ADD_APT_KEYS=${DIB_ADD_APT_KEYS:-""}
|
@ -1,39 +0,0 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Copyright 2014 Hewlett-Packard Development Company, L.P.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
|
||||
set -x
|
||||
fi
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
DIB_ADD_APT_KEYS=${DIB_ADD_APT_KEYS:-""}
|
||||
if [ -z "${DIB_ADD_APT_KEYS}" ]; then
|
||||
echo "DIB_ADD_APT_KEYS is not set - not importing keys"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
DIR=${TMP_MOUNT_PATH}/tmp/apt_keys
|
||||
if [ -e ${DIR} ]; then
|
||||
echo "${DIR} already exists!"
|
||||
exit 1
|
||||
fi
|
||||
sudo mkdir -p ${DIR} # dib-lint: safe_sudo
|
||||
|
||||
# Copy to DIR
|
||||
for KEY in $(find ${DIB_ADD_APT_KEYS} -type f); do
|
||||
sudo cp -L ${KEY} ${DIR} # dib-lint: safe_sudo
|
||||
done
|
@ -1,37 +0,0 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Copyright 2014 Hewlett-Packard Development Company, L.P.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
|
||||
set -x
|
||||
fi
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
KEY_DIRECTORY=/tmp/apt_keys
|
||||
if [ ! -d "${KEY_DIRECTORY}" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
for KEY in ${KEY_DIRECTORY}/*; do
|
||||
if ! file -b "${KEY}" | grep -qE '(PGP public key block|GPG key public ring)'; then
|
||||
echo "Skipping ${KEY}, not a valid GPG public key"
|
||||
continue
|
||||
fi
|
||||
|
||||
apt-key add ${KEY}
|
||||
done
|
||||
|
||||
apt-get -y update
|
28
diskimage_builder/elements/dpkg/root.d/09-apt-keyring
Executable file
28
diskimage_builder/elements/dpkg/root.d/09-apt-keyring
Executable file
@ -0,0 +1,28 @@
|
||||
#!/bin/bash
|
||||
# Copyright (c) 2020 Matthew Thode (mthode@mthode.org)
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied.
|
||||
#
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# dib-lint: disable=safe_sudo
|
||||
|
||||
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
|
||||
set -x
|
||||
fi
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
if [ -n "${DIB_ADD_APT_KEYS}" ]; then
|
||||
find "${DIB_ADD_APT_KEYS}" -type f -exec sudo cp -L {} "${TARGET_ROOT}/etc/apt/trusted.gpg.d/" \;
|
||||
fi
|
6
releasenotes/notes/dpkg-copy-keys-578e16f7fedd823b.yaml
Normal file
6
releasenotes/notes/dpkg-copy-keys-578e16f7fedd823b.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
upgrade:
|
||||
- |
|
||||
The ``DIB_ADD_APT_KEYS`` argument now copies keys into
|
||||
``/etc/apt/trusted.gpg.d``, rather than using ``apt-key`` to add
|
||||
them.
|
Loading…
Reference in New Issue
Block a user