From fa6c46f5b0b5d89c5bd34d4e86d7c9c340ebcf75 Mon Sep 17 00:00:00 2001
From: Noelle Leigh <noelle_leigh@fastmail.com>
Date: Thu, 28 Oct 2021 22:09:57 -0400
Subject: [PATCH] images/debian,ubuntu: Replace deprecated apt-key

Since the use of apt-key has been deprecated ([1]), the Debian and
Ubuntu `add_repository` functions have had their invocations replaced
with two calls to `gpg`:

1. Given a key-id, fetch the key from keyserver.ubuntu.com and store it
   in a new trust database.
2. Export that same key from the trust database to a file in
   `/etc/apt/trusted.gpg.d/`, as per the deprecation instructions.

Ideally this could all be done in a single step, but I'm not aware of a
way to do that.

Once this is merged, the builds.sr.ht compatibility docs should be
updated to remove the mention of `apt-key` ([2]).

[1]: https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#deprecated-components
[2]: https://git.sr.ht/~sircmpwn/sr.ht-docs/tree/ac19223120f57fbbd88ec8c784250b0343a6405d/item/builds.sr.ht/compatibility.md?view-source#L413
---
 images/debian/functions | 9 ++++++++-
 images/ubuntu/functions | 9 ++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/images/debian/functions b/images/debian/functions
index 9ee5c4e..058e076 100644
--- a/images/debian/functions
+++ b/images/debian/functions
@@ -54,10 +54,17 @@ add_repository() {
 	key=$(echo $src | cut -d' ' -f4)
 	if [ "$key" != "" ]
 	then
+		# Import the GPG key into a user trustdb
 		guest_ssh -p $port build@localhost sudo \
-			apt-key adv \
+			gpg \
 			--keyserver hkp://keyserver.ubuntu.com:80 \
 			--recv-keys $key
+
+		# Export the GPG key to Apt's key directory
+		guest_ssh -p $port build@localhost sudo \
+			gpg \
+			--output /etc/apt/trusted.gpg.d/$key.gpg \
+			--export $key
 	fi
 	printf 'deb %s %s %s\n' "$repo" "$distro" "$cmpnt" \
 		| guest_ssh -p $port build@localhost sudo tee -a /etc/apt/sources.list
diff --git a/images/ubuntu/functions b/images/ubuntu/functions
index 02ffa08..ec12174 100644
--- a/images/ubuntu/functions
+++ b/images/ubuntu/functions
@@ -43,10 +43,17 @@ add_repository() {
 	key=$(echo $src | cut -d' ' -f4)
 	if [ "$key" != "" ]
 	then
+		# Import the GPG key into a user trustdb
 		guest_ssh -p $port build@localhost sudo \
-			apt-key adv \
+			gpg \
 			--keyserver hkp://keyserver.ubuntu.com:80 \
 			--recv-keys $key
+
+		# Export the GPG key to Apt's key directory
+		guest_ssh -p $port build@localhost sudo \
+			gpg \
+			--output /etc/apt/trusted.gpg.d/$key.gpg \
+			--export $key
 	fi
 	printf 'deb %s %s %s' "$repo" "$distro" "$cmpnt" \
 		| guest_ssh -p $port build@localhost sudo tee -a /etc/apt/sources.list
-- 
2.38.5