diff --git a/diskimage_builder/elements/dpkg/environment.d/10-debian-minimal.bash b/diskimage_builder/elements/dpkg/environment.d/10-debian-minimal.bash new file mode 100644 index 00000000..3e595476 --- /dev/null +++ b/diskimage_builder/elements/dpkg/environment.d/10-debian-minimal.bash @@ -0,0 +1 @@ +export DIB_ADD_APT_KEYS=${DIB_ADD_APT_KEYS:-""} diff --git a/diskimage_builder/elements/dpkg/extra-data.d/01-copy-apt-keys b/diskimage_builder/elements/dpkg/extra-data.d/01-copy-apt-keys deleted file mode 100755 index 52f4ff79..00000000 --- a/diskimage_builder/elements/dpkg/extra-data.d/01-copy-apt-keys +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash -# -# Copyright 2014 Hewlett-Packard Development Company, L.P. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then - set -x -fi -set -eu -set -o pipefail - -DIB_ADD_APT_KEYS=${DIB_ADD_APT_KEYS:-""} -if [ -z "${DIB_ADD_APT_KEYS}" ]; then - echo "DIB_ADD_APT_KEYS is not set - not importing keys" - exit 0 -fi - -DIR=${TMP_MOUNT_PATH}/tmp/apt_keys -if [ -e ${DIR} ]; then - echo "${DIR} already exists!" - exit 1 -fi -sudo mkdir -p ${DIR} # dib-lint: safe_sudo - -# Copy to DIR -for KEY in $(find ${DIB_ADD_APT_KEYS} -type f); do - sudo cp -L ${KEY} ${DIR} # dib-lint: safe_sudo -done diff --git a/diskimage_builder/elements/dpkg/pre-install.d/02-add-apt-keys b/diskimage_builder/elements/dpkg/pre-install.d/02-add-apt-keys deleted file mode 100755 index a60f4c0f..00000000 --- a/diskimage_builder/elements/dpkg/pre-install.d/02-add-apt-keys +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -# -# Copyright 2014 Hewlett-Packard Development Company, L.P. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then - set -x -fi -set -eu -set -o pipefail - -KEY_DIRECTORY=/tmp/apt_keys -if [ ! -d "${KEY_DIRECTORY}" ]; then - exit 0 -fi - -for KEY in ${KEY_DIRECTORY}/*; do - if ! file -b "${KEY}" | grep -qE '(PGP public key block|GPG key public ring)'; then - echo "Skipping ${KEY}, not a valid GPG public key" - continue - fi - - apt-key add ${KEY} -done - -apt-get -y update diff --git a/diskimage_builder/elements/dpkg/root.d/09-apt-keyring b/diskimage_builder/elements/dpkg/root.d/09-apt-keyring new file mode 100755 index 00000000..3f545ac0 --- /dev/null +++ b/diskimage_builder/elements/dpkg/root.d/09-apt-keyring @@ -0,0 +1,28 @@ +#!/bin/bash +# Copyright (c) 2020 Matthew Thode (mthode@mthode.org) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# +# See the License for the specific language governing permissions and +# limitations under the License. + +# dib-lint: disable=safe_sudo + +if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +if [ -n "${DIB_ADD_APT_KEYS}" ]; then + find "${DIB_ADD_APT_KEYS}" -type f -exec sudo cp -L {} "${TARGET_ROOT}/etc/apt/trusted.gpg.d/" \; +fi diff --git a/releasenotes/notes/dpkg-copy-keys-578e16f7fedd823b.yaml b/releasenotes/notes/dpkg-copy-keys-578e16f7fedd823b.yaml new file mode 100644 index 00000000..1c9cbbc3 --- /dev/null +++ b/releasenotes/notes/dpkg-copy-keys-578e16f7fedd823b.yaml @@ -0,0 +1,6 @@ +--- +upgrade: + - | + The ``DIB_ADD_APT_KEYS`` argument now copies keys into + ``/etc/apt/trusted.gpg.d``, rather than using ``apt-key`` to add + them.