diff options
| author | dd <dd@wx.tnyzeq.icu> | 2024-06-24 07:24:54 +0200 |
|---|---|---|
| committer | dd <dd@wx.tnyzeq.icu> | 2024-06-24 07:24:54 +0200 |
| commit | 30a0a045e81bc74ed2b5aca55a21a9b29a983708 (patch) | |
| tree | f32594d8c918144c99fde2e7a8c5523e285f878d /data | |
| parent | 7abcd9763b52211dadb623aef9af9430b8bc94ae (diff) | |
| download | vyos-build-30a0a045e81bc74ed2b5aca55a21a9b29a983708.tar.gz vyos-build-30a0a045e81bc74ed2b5aca55a21a9b29a983708.zip | |
build: added APT KEYEXPIRED workaround
Diffstat (limited to 'data')
| -rw-r--r-- | data/live-build-config/includes.chroot/etc/apt/apt.conf.d/01gpgvnoexpkeysig | 1 | ||||
| -rwxr-xr-x | data/live-build-config/includes.chroot/usr/libexec/gpgvnoexpkeysig | 51 |
2 files changed, 52 insertions, 0 deletions
diff --git a/data/live-build-config/includes.chroot/etc/apt/apt.conf.d/01gpgvnoexpkeysig b/data/live-build-config/includes.chroot/etc/apt/apt.conf.d/01gpgvnoexpkeysig new file mode 100644 index 00000000..8bb07cd2 --- /dev/null +++ b/data/live-build-config/includes.chroot/etc/apt/apt.conf.d/01gpgvnoexpkeysig @@ -0,0 +1 @@ +Apt::Key::gpgvcommand "/usr/libexec/gpgvnoexpkeysig"; diff --git a/data/live-build-config/includes.chroot/usr/libexec/gpgvnoexpkeysig b/data/live-build-config/includes.chroot/usr/libexec/gpgvnoexpkeysig new file mode 100755 index 00000000..f528ee4b --- /dev/null +++ b/data/live-build-config/includes.chroot/usr/libexec/gpgvnoexpkeysig @@ -0,0 +1,51 @@ +#!/bin/sh +# +# No copyright is claimed. This code is in the public domain; do with +# it what you wish. +# +# Author: Johannes Schauer Marin Rodrigues <josch@mister-muffin.de> +# +# This is a wrapper around gpgv as invoked by apt. It turns EXPKEYSIG results +# from gpgv into GOODSIG results. This is necessary for apt to access very old +# timestamps from snapshot.debian.org for which the GPG key is already expired: +# +# Get:1 http://snapshot.debian.org/archive/debian/20150106T000000Z unstable InRelease [242 kB] +# Err:1 http://snapshot.debian.org/archive/debian/20150106T000000Z unstable InRelease +# The following signatures were invalid: EXPKEYSIG 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org> +# Reading package lists... +# W: GPG error: http://snapshot.debian.org/archive/debian/20150106T000000Z unstable InRelease: The following signatures were invalid: EXPKEYSIG 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org> +# E: The repository 'http://snapshot.debian.org/archive/debian/20150106T000000Z unstable InRelease' is not signed. +# +# To use this script, call apt with +# +# -o Apt::Key::gpgvcommand=/usr/libexec/mmdebstrap/gpgvnoexpkeysig +# +# Scripts doing similar things can be found here: +# +# * debuerreotype as /usr/share/debuerreotype/scripts/.gpgv-ignore-expiration.sh +# * derivative census: salsa.d.o/deriv-team/census/-/blob/master/bin/fakegpgv + +set -eu + +find_gpgv_status_fd() { + while [ "$#" -gt 0 ]; do + if [ "$1" = '--status-fd' ]; then + echo "$2" + return 0 + fi + shift + done + # default fd is stdout + echo 1 +} +GPGSTATUSFD="$(find_gpgv_status_fd "$@")" + +case $GPGSTATUSFD in + ''|*[!0-9]*) + echo "invalid --status-fd argument" >&2 + exit 1 + ;; +esac + +# we need eval because we cannot redirect a variable fd +eval 'exec gpgv "$@" '"$GPGSTATUSFD"'>&1 | sed "s/^\[GNUPG:\] EXPKEYSIG /[GNUPG:] GOODSIG /" >&'"$GPGSTATUSFD" |