From 30a0a045e81bc74ed2b5aca55a21a9b29a983708 Mon Sep 17 00:00:00 2001
From: dd <dd@wx.tnyzeq.icu>
Date: Mon, 24 Jun 2024 07:24:54 +0200
Subject: build: added APT KEYEXPIRED workaround

---
 .../etc/apt/apt.conf.d/01gpgvnoexpkeysig           |  1 +
 .../includes.chroot/usr/libexec/gpgvnoexpkeysig    | 51 ++++++++++++++++++++++
 2 files changed, 52 insertions(+)
 create mode 100644 data/live-build-config/includes.chroot/etc/apt/apt.conf.d/01gpgvnoexpkeysig
 create mode 100755 data/live-build-config/includes.chroot/usr/libexec/gpgvnoexpkeysig

diff --git a/data/live-build-config/includes.chroot/etc/apt/apt.conf.d/01gpgvnoexpkeysig b/data/live-build-config/includes.chroot/etc/apt/apt.conf.d/01gpgvnoexpkeysig
new file mode 100644
index 00000000..8bb07cd2
--- /dev/null
+++ b/data/live-build-config/includes.chroot/etc/apt/apt.conf.d/01gpgvnoexpkeysig
@@ -0,0 +1 @@
+Apt::Key::gpgvcommand "/usr/libexec/gpgvnoexpkeysig";
diff --git a/data/live-build-config/includes.chroot/usr/libexec/gpgvnoexpkeysig b/data/live-build-config/includes.chroot/usr/libexec/gpgvnoexpkeysig
new file mode 100755
index 00000000..f528ee4b
--- /dev/null
+++ b/data/live-build-config/includes.chroot/usr/libexec/gpgvnoexpkeysig
@@ -0,0 +1,51 @@
+#!/bin/sh
+#
+# No copyright is claimed.  This code is in the public domain; do with
+# it what you wish.
+#
+# Author: Johannes Schauer Marin Rodrigues <josch@mister-muffin.de>
+#
+# This is a wrapper around gpgv as invoked by apt. It turns EXPKEYSIG results
+# from gpgv into GOODSIG results. This is necessary for apt to access very old
+# timestamps from snapshot.debian.org for which the GPG key is already expired:
+#
+#     Get:1 http://snapshot.debian.org/archive/debian/20150106T000000Z unstable InRelease [242 kB]
+#     Err:1 http://snapshot.debian.org/archive/debian/20150106T000000Z unstable InRelease
+#       The following signatures were invalid: EXPKEYSIG 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>
+#     Reading package lists...
+#     W: GPG error: http://snapshot.debian.org/archive/debian/20150106T000000Z unstable InRelease: The following signatures were invalid: EXPKEYSIG 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>
+#     E: The repository 'http://snapshot.debian.org/archive/debian/20150106T000000Z unstable InRelease' is not signed.
+#
+# To use this script, call apt with
+#
+#    -o Apt::Key::gpgvcommand=/usr/libexec/mmdebstrap/gpgvnoexpkeysig
+#
+# Scripts doing similar things can be found here:
+#
+#  * debuerreotype as /usr/share/debuerreotype/scripts/.gpgv-ignore-expiration.sh
+#  * derivative census: salsa.d.o/deriv-team/census/-/blob/master/bin/fakegpgv
+
+set -eu
+
+find_gpgv_status_fd() {
+	while [ "$#" -gt 0 ]; do
+		if [ "$1" = '--status-fd' ]; then
+			echo "$2"
+			return 0
+		fi
+		shift
+	done
+	# default fd is stdout
+	echo 1
+}
+GPGSTATUSFD="$(find_gpgv_status_fd "$@")"
+
+case $GPGSTATUSFD in
+	''|*[!0-9]*)
+		echo "invalid --status-fd argument" >&2
+		exit 1
+		;;
+esac
+
+# we need eval because we cannot redirect a variable fd
+eval 'exec gpgv "$@" '"$GPGSTATUSFD"'>&1 | sed "s/^\[GNUPG:\] EXPKEYSIG /[GNUPG:] GOODSIG /" >&'"$GPGSTATUSFD"
-- 
cgit v1.2.3