diff --git a/EXTREPO.md b/EXTREPO.md index b65af5a76..9a8960d4d 100644 --- a/EXTREPO.md +++ b/EXTREPO.md @@ -32,6 +32,7 @@ The variables defined in the package definition file are the following: * `CODENAMES_SUPPORTED`: A space-separated list of supported upstream codenames, supporting the values from `UPSTREAM_CODENAME`. * `ASC_KEY_URL`: A URL to the ASCII-armored keyring file. * `GPG_KEY_URL`: A URL to the binary keyring file. +* `GPG_KEY_ID`: The Key ID to be fetched from a keyserver. * `APT_LIST_NAME`: The name of the `*.list` file, without the extension. * `APT_REPO_URL`: The repository URL, the distribution codename and any following components for the line that will be printed to the `*.list` file. * `APT_REPO_OPTIONS`: The space-separated extra options, such as `arch=` or `by-hash=` for the line that will be printed to the `*.list` file. @@ -110,6 +111,22 @@ WEBSITE="" SUMMARY="" ``` +If the keyring file must be fetched from a keyserver by ID use this template: + +```bash +DEFVER=1 +ARCHS_SUPPORTED="amd64 arm64 armhf" +CODENAMES_SUPPORTED="buster bullseye bookworm sid focal jammy kinetic lunar" +GPG_KEY_ID="" +APT_LIST_NAME="" +APT_REPO_URL="" +APT_REPO_OPTIONS="arch=${HOST_ARCH}" +EULA="" +PRETTY_NAME="" +WEBSITE="" +SUMMARY="" +``` + ## Launchpad PPA ```bash diff --git a/deb-get b/deb-get index 24a24b234..e92892821 100755 --- a/deb-get +++ b/deb-get @@ -391,6 +391,7 @@ function validate_deb() { export DEFVER="" export ASC_KEY_URL="" export GPG_KEY_URL="" + export GPG_KEY_ID="" export APT_LIST_NAME="${APP}" export APT_REPO_URL="" export APT_REPO_OPTIONS="" @@ -425,16 +426,32 @@ function validate_deb() { if [ -n "${APT_REPO_URL}" ]; then METHOD="apt" if [ "${ACTION}" != "prettylist" ]; then - if [ -z "${ASC_KEY_URL}" ] && [ -z "${GPG_KEY_URL}" ]; then + if [ -z "${ASC_KEY_URL}" ] && [ -z "${GPG_KEY_URL}" ] && [ -z "${GPG_KEY_ID}" ]; then fancy_message error "Missing required information of apt package ${APP}:" echo "ASC_KEY_URL=${ASC_KEY_URL}" >&2 echo "GPG_KEY_URL=${GPG_KEY_URL}" >&2 + echo "GPG_KEY_ID=${GPG_KEY_ID}" >&2 exit 1 fi if [ -n "${ASC_KEY_URL}" ] && [ -n "${GPG_KEY_URL}" ]; then fancy_message error "Conflicting repository key types for apt package ${APP}:" echo "ASC_KEY_URL=${ASC_KEY_URL}" >&2 echo "GPG_KEY_URL=${GPG_KEY_URL}" >&2 + echo "GPG_KEY_ID=${GPG_KEY_ID}" >&2 + exit 1 + fi + if [ -n "${GPG_KEY_URL}" ] && [ -n "${GPG_KEY_ID}" ]; then + fancy_message error "Conflicting repository key types for apt package ${APP}:" + echo "ASC_KEY_URL=${ASC_KEY_URL}" >&2 + echo "GPG_KEY_URL=${GPG_KEY_URL}" >&2 + echo "GPG_KEY_ID=${GPG_KEY_ID}" >&2 + exit 1 + fi + if [ -n "${ASC_KEY_URL}" ] && [ -n "${GPG_KEY_ID}" ]; then + fancy_message error "Conflicting repository key types for apt package ${APP}:" + echo "ASC_KEY_URL=${ASC_KEY_URL}" >&2 + echo "GPG_KEY_URL=${GPG_KEY_URL}" >&2 + echo "GPG_KEY_ID=${GPG_KEY_ID}" >&2 exit 1 fi fi @@ -1088,13 +1105,13 @@ function add_apt_repo() { ${ELEVATE} wget -q "${ASC_KEY_URL}" -O "/usr/share/keyrings/${APT_LIST_NAME}-archive-keyring" ${ELEVATE} gpg --yes --dearmor "/usr/share/keyrings/${APT_LIST_NAME}-archive-keyring" ${ELEVATE} rm "/usr/share/keyrings/${APT_LIST_NAME}-archive-keyring" + elif [ -n "${GPG_KEY_ID}" ]; then + ${ELEVATE} gpg --no-default-keyring --keyring /usr/share/keyrings/${APT_LIST_NAME}-archive-keyring.gpg --keyserver keyserver.ubuntu.com --recv ${GPG_KEY_ID} else #GPG_KEY_URL ${ELEVATE} wget -q "${GPG_KEY_URL}" -O "/usr/share/keyrings/${APT_LIST_NAME}-archive-keyring.gpg" fi fi - #TODO: https://superuser.com/questions/1641291/gpg-only-download-a-key-from-a-keyserver - local APT_LIST_LINE="deb [signed-by=/usr/share/keyrings/${APT_LIST_NAME}-archive-keyring.gpg" if [ -n "${APT_REPO_OPTIONS}" ]; then