~comcloudway/builds.sr.ht: images/debian,ubuntu: Replace deprecated apt-key

fa6c46f5b0b5d89c5bd34d4e86d7c9c340ebcf75 — Noelle Leigh 3 years ago 9175cd3

images/debian,ubuntu: Replace deprecated apt-key

Since the use of apt-key has been deprecated ([1]), the Debian and
Ubuntu `add_repository` functions have had their invocations replaced
with two calls to `gpg`:

1. Given a key-id, fetch the key from keyserver.ubuntu.com and store it
   in a new trust database.
2. Export that same key from the trust database to a file in
   `/etc/apt/trusted.gpg.d/`, as per the deprecation instructions.

Ideally this could all be done in a single step, but I'm not aware of a
way to do that.

Once this is merged, the builds.sr.ht compatibility docs should be
updated to remove the mention of `apt-key` ([2]).

[1]: https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#deprecated-components
[2]: https://git.sr.ht/~sircmpwn/sr.ht-docs/tree/ac19223120f57fbbd88ec8c784250b0343a6405d/item/builds.sr.ht/compatibility.md?view-source#L413

patch browse .tar.gz

2 files changed, 16 insertions(+), 2 deletions(-)

M images/debian/functions
M images/ubuntu/functions

M images/debian/functions => images/debian/functions +8 -1

@@ 54,10 54,17 @@ add_repository() {
 	key=$(echo $src | cut -d' ' -f4)
 	if [ "$key" != "" ]
 	then
+		# Import the GPG key into a user trustdb
 		guest_ssh -p $port build@localhost sudo \
-			apt-key adv \
+			gpg \
 			--keyserver hkp://keyserver.ubuntu.com:80 \
 			--recv-keys $key
+
+		# Export the GPG key to Apt's key directory
+		guest_ssh -p $port build@localhost sudo \
+			gpg \
+			--output /etc/apt/trusted.gpg.d/$key.gpg \
+			--export $key
 	fi
 	printf 'deb %s %s %s\n' "$repo" "$distro" "$cmpnt" \
 		| guest_ssh -p $port build@localhost sudo tee -a /etc/apt/sources.list

M images/ubuntu/functions => images/ubuntu/functions +8 -1

@@ 43,10 43,17 @@ add_repository() {
 	key=$(echo $src | cut -d' ' -f4)
 	if [ "$key" != "" ]
 	then
+		# Import the GPG key into a user trustdb
 		guest_ssh -p $port build@localhost sudo \
-			apt-key adv \
+			gpg \
 			--keyserver hkp://keyserver.ubuntu.com:80 \
 			--recv-keys $key
+
+		# Export the GPG key to Apt's key directory
+		guest_ssh -p $port build@localhost sudo \
+			gpg \
+			--output /etc/apt/trusted.gpg.d/$key.gpg \
+			--export $key
 	fi
 	printf 'deb %s %s %s' "$repo" "$distro" "$cmpnt" \
 		| guest_ssh -p $port build@localhost sudo tee -a /etc/apt/sources.list