Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Facilitate fetching apt signing key from keyserver by ID #741

Merged
merged 1 commit into from
Feb 10, 2023
Merged

Facilitate fetching apt signing key from keyserver by ID #741

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions EXTREPO.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ The variables defined in the package definition file are the following:
* `CODENAMES_SUPPORTED`: A space-separated list of supported upstream codenames, supporting the values from `UPSTREAM_CODENAME`.
* `ASC_KEY_URL`: A URL to the ASCII-armored keyring file.
* `GPG_KEY_URL`: A URL to the binary keyring file.
* `GPG_KEY_ID`: The Key ID to be fetched from a keyserver.
* `APT_LIST_NAME`: The name of the `*.list` file, without the extension.
* `APT_REPO_URL`: The repository URL, the distribution codename and any following components for the line that will be printed to the `*.list` file.
* `APT_REPO_OPTIONS`: The space-separated extra options, such as `arch=` or `by-hash=` for the line that will be printed to the `*.list` file.
Expand Down Expand Up @@ -110,6 +111,22 @@ WEBSITE=""
SUMMARY=""
```

If the keyring file must be fetched from a keyserver by ID use this template:

```bash
DEFVER=1
ARCHS_SUPPORTED="amd64 arm64 armhf"
CODENAMES_SUPPORTED="buster bullseye bookworm sid focal jammy kinetic lunar"
GPG_KEY_ID=""
APT_LIST_NAME=""
APT_REPO_URL=""
APT_REPO_OPTIONS="arch=${HOST_ARCH}"
EULA=""
PRETTY_NAME=""
WEBSITE=""
SUMMARY=""
```

## Launchpad PPA

```bash
Expand Down
23 changes: 20 additions & 3 deletions deb-get
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -391,6 +391,7 @@ function validate_deb() {
export DEFVER=""
export ASC_KEY_URL=""
export GPG_KEY_URL=""
export GPG_KEY_ID=""
export APT_LIST_NAME="${APP}"
export APT_REPO_URL=""
export APT_REPO_OPTIONS=""
Expand Down Expand Up @@ -425,16 +426,32 @@ function validate_deb() {
if [ -n "${APT_REPO_URL}" ]; then
METHOD="apt"
if [ "${ACTION}" != "prettylist" ]; then
if [ -z "${ASC_KEY_URL}" ] && [ -z "${GPG_KEY_URL}" ]; then
if [ -z "${ASC_KEY_URL}" ] && [ -z "${GPG_KEY_URL}" ] && [ -z "${GPG_KEY_ID}" ]; then
fancy_message error "Missing required information of apt package ${APP}:"
echo "ASC_KEY_URL=${ASC_KEY_URL}" >&2
echo "GPG_KEY_URL=${GPG_KEY_URL}" >&2
echo "GPG_KEY_ID=${GPG_KEY_ID}" >&2
exit 1
fi
if [ -n "${ASC_KEY_URL}" ] && [ -n "${GPG_KEY_URL}" ]; then
fancy_message error "Conflicting repository key types for apt package ${APP}:"
echo "ASC_KEY_URL=${ASC_KEY_URL}" >&2
echo "GPG_KEY_URL=${GPG_KEY_URL}" >&2
echo "GPG_KEY_ID=${GPG_KEY_ID}" >&2
exit 1
fi
if [ -n "${GPG_KEY_URL}" ] && [ -n "${GPG_KEY_ID}" ]; then
fancy_message error "Conflicting repository key types for apt package ${APP}:"
echo "ASC_KEY_URL=${ASC_KEY_URL}" >&2
echo "GPG_KEY_URL=${GPG_KEY_URL}" >&2
echo "GPG_KEY_ID=${GPG_KEY_ID}" >&2
exit 1
fi
if [ -n "${ASC_KEY_URL}" ] && [ -n "${GPG_KEY_ID}" ]; then
fancy_message error "Conflicting repository key types for apt package ${APP}:"
echo "ASC_KEY_URL=${ASC_KEY_URL}" >&2
echo "GPG_KEY_URL=${GPG_KEY_URL}" >&2
echo "GPG_KEY_ID=${GPG_KEY_ID}" >&2
exit 1
fi
fi
Expand Down Expand Up @@ -1088,13 +1105,13 @@ function add_apt_repo() {
${ELEVATE} wget -q "${ASC_KEY_URL}" -O "/usr/share/keyrings/${APT_LIST_NAME}-archive-keyring"
${ELEVATE} gpg --yes --dearmor "/usr/share/keyrings/${APT_LIST_NAME}-archive-keyring"
${ELEVATE} rm "/usr/share/keyrings/${APT_LIST_NAME}-archive-keyring"
elif [ -n "${GPG_KEY_ID}" ]; then
${ELEVATE} gpg --no-default-keyring --keyring /usr/share/keyrings/${APT_LIST_NAME}-archive-keyring.gpg --keyserver keyserver.ubuntu.com --recv ${GPG_KEY_ID}
else #GPG_KEY_URL
${ELEVATE} wget -q "${GPG_KEY_URL}" -O "/usr/share/keyrings/${APT_LIST_NAME}-archive-keyring.gpg"
fi
fi

#TODO: https://superuser.com/questions/1641291/gpg-only-download-a-key-from-a-keyserver

local APT_LIST_LINE="deb [signed-by=/usr/share/keyrings/${APT_LIST_NAME}-archive-keyring.gpg"

if [ -n "${APT_REPO_OPTIONS}" ]; then
Expand Down