sig_cloud/diskimage-builder
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "Copy apt gpg keys directly into trusted.gpg.d"

Browse Source
This commit is contained in:
Zuul 2020-09-16 08:34:32 +00:00 committed by Gerrit Code Review
commit d8108885df
5 changed files with 35 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
diskimage_builder/elements/dpkg/environment.d/10-debian-minimal.bash Normal file
View File

@ -0,0 +1 @@
export DIB_ADD_APT_KEYS=${DIB_ADD_APT_KEYS:-""}

39
diskimage_builder/elements/dpkg/extra-data.d/01-copy-apt-keys
View File

@ -1,39 +0,0 @@
#!/bin/bash
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
DIB_ADD_APT_KEYS=${DIB_ADD_APT_KEYS:-""}
if [ -z "${DIB_ADD_APT_KEYS}" ]; then
echo "DIB_ADD_APT_KEYS is not set - not importing keys"
exit 0
fi
DIR=${TMP_MOUNT_PATH}/tmp/apt_keys
if [ -e ${DIR} ]; then
echo "${DIR} already exists!"
exit 1
fi
sudo mkdir -p ${DIR} # dib-lint: safe_sudo
# Copy to DIR
for KEY in $(find ${DIB_ADD_APT_KEYS} -type f); do
sudo cp -L ${KEY} ${DIR} # dib-lint: safe_sudo
done

37
diskimage_builder/elements/dpkg/pre-install.d/02-add-apt-keys
View File

@ -1,37 +0,0 @@
#!/bin/bash
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
KEY_DIRECTORY=/tmp/apt_keys
if [ ! -d "${KEY_DIRECTORY}" ]; then
exit 0
fi
for KEY in ${KEY_DIRECTORY}/*; do
if ! file -b "${KEY}" | grep -qE '(PGP public key block|GPG key public ring)'; then
echo "Skipping ${KEY}, not a valid GPG public key"
continue
fi
apt-key add ${KEY}
done
apt-get -y update

28
diskimage_builder/elements/dpkg/root.d/09-apt-keyring Executable file
View File

@ -0,0 +1,28 @@
#!/bin/bash
# Copyright (c) 2020 Matthew Thode (mthode@mthode.org)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
#
# See the License for the specific language governing permissions and
# limitations under the License.
# dib-lint: disable=safe_sudo
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
if [ -n "${DIB_ADD_APT_KEYS}" ]; then
find "${DIB_ADD_APT_KEYS}" -type f -exec sudo cp -L {} "${TARGET_ROOT}/etc/apt/trusted.gpg.d/" \;
fi

6
releasenotes/notes/dpkg-copy-keys-578e16f7fedd823b.yaml Normal file
View File

@ -0,0 +1,6 @@
---
upgrade:
- |
The ``DIB_ADD_APT_KEYS`` argument now copies keys into
``/etc/apt/trusted.gpg.d``, rather than using ``apt-key`` to add
them.