Copy apt gpg keys directly into trusted.gpg.d
This avoids having to have gnupg2/apt-key dependencies in the base, and is now well supported by modern Debuntu. Signed-off-by: Matthew Thode <mthode@mthode.org> Change-Id: I7065b2fab6125d9635ef99ff65d374b8b6b4c3a2
This commit is contained in:
parent
d140cc239a
commit
8cc08418d7
@ -0,0 +1 @@
|
|||||||
|
export DIB_ADD_APT_KEYS=${DIB_ADD_APT_KEYS:-""}
|
@ -1,39 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
#
|
|
||||||
# Copyright 2014 Hewlett-Packard Development Company, L.P.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
|
|
||||||
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
|
|
||||||
set -x
|
|
||||||
fi
|
|
||||||
set -eu
|
|
||||||
set -o pipefail
|
|
||||||
|
|
||||||
DIB_ADD_APT_KEYS=${DIB_ADD_APT_KEYS:-""}
|
|
||||||
if [ -z "${DIB_ADD_APT_KEYS}" ]; then
|
|
||||||
echo "DIB_ADD_APT_KEYS is not set - not importing keys"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
DIR=${TMP_MOUNT_PATH}/tmp/apt_keys
|
|
||||||
if [ -e ${DIR} ]; then
|
|
||||||
echo "${DIR} already exists!"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
sudo mkdir -p ${DIR} # dib-lint: safe_sudo
|
|
||||||
|
|
||||||
# Copy to DIR
|
|
||||||
for KEY in $(find ${DIB_ADD_APT_KEYS} -type f); do
|
|
||||||
sudo cp -L ${KEY} ${DIR} # dib-lint: safe_sudo
|
|
||||||
done
|
|
@ -1,37 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
#
|
|
||||||
# Copyright 2014 Hewlett-Packard Development Company, L.P.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
|
|
||||||
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
|
|
||||||
set -x
|
|
||||||
fi
|
|
||||||
set -eu
|
|
||||||
set -o pipefail
|
|
||||||
|
|
||||||
KEY_DIRECTORY=/tmp/apt_keys
|
|
||||||
if [ ! -d "${KEY_DIRECTORY}" ]; then
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
for KEY in ${KEY_DIRECTORY}/*; do
|
|
||||||
if ! file -b "${KEY}" | grep -qE '(PGP public key block|GPG key public ring)'; then
|
|
||||||
echo "Skipping ${KEY}, not a valid GPG public key"
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
apt-key add ${KEY}
|
|
||||||
done
|
|
||||||
|
|
||||||
apt-get -y update
|
|
28
diskimage_builder/elements/dpkg/root.d/09-apt-keyring
Executable file
28
diskimage_builder/elements/dpkg/root.d/09-apt-keyring
Executable file
@ -0,0 +1,28 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# Copyright (c) 2020 Matthew Thode (mthode@mthode.org)
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||||
|
# implied.
|
||||||
|
#
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
# dib-lint: disable=safe_sudo
|
||||||
|
|
||||||
|
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
|
||||||
|
set -x
|
||||||
|
fi
|
||||||
|
set -eu
|
||||||
|
set -o pipefail
|
||||||
|
|
||||||
|
if [ -n "${DIB_ADD_APT_KEYS}" ]; then
|
||||||
|
find "${DIB_ADD_APT_KEYS}" -type f -exec sudo cp -L {} "${TARGET_ROOT}/etc/apt/trusted.gpg.d/" \;
|
||||||
|
fi
|
6
releasenotes/notes/dpkg-copy-keys-578e16f7fedd823b.yaml
Normal file
6
releasenotes/notes/dpkg-copy-keys-578e16f7fedd823b.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
The ``DIB_ADD_APT_KEYS`` argument now copies keys into
|
||||||
|
``/etc/apt/trusted.gpg.d``, rather than using ``apt-key`` to add
|
||||||
|
them.
|
Loading…
Reference in New Issue
Block a user