[neon/infrastructure/pangea-data] imager/config-hooks-neon: make sure the pre-installed pool has the keyring it expects

Carlos De Maine null at kde.org
Wed Aug 21 11:30:03 BST 2024 

Git commit 3c984b849d80d0ecd7a3afd997e124dfd42daf11 by Carlos De Maine.
Committed on 21/08/2024 at 10:29.
Pushed by carlosdem into branch 'master'.

make sure the pre-installed pool has the keyring it expects

M  +17   -13   imager/config-hooks-neon/repo.sh

https://invent.kde.org/neon/infrastructure/pangea-data/-/commit/3c984b849d80d0ecd7a3afd997e124dfd42daf11

diff --git a/imager/config-hooks-neon/repo.sh b/imager/config-hooks-neon/repo.sh
index 17ea4d0..67fef89 100644
--- a/imager/config-hooks-neon/repo.sh
+++ b/imager/config-hooks-neon/repo.sh
@@ -27,29 +27,33 @@ else
 apt install -y curl
 
   # use this hack until new neon-keyring is in the wild, then we can use cp down below
-  mkdir -p /etc/apt/keyring
+  mkdir -p /etc/apt/keyrings
   chmod 700 ~/.gnupg
-  curl -s --compressed "https://invent.kde.org/neon/neon/keyring/-/raw/work/overhaul/keyrings/neon-archive-keyring.gpg?ref_type=heads&inline=false" |  tee /etc/apt/keyring/neon-archive-keyring-web.gpg >/dev/null
-  gpg --no-default-keyring --export-options export-minimal --keyring /etc/apt/keyring/neon-archive-keyring-web.gpg --output /etc/apt/keyring/neon-archive-keyring.gpg --export 444DABCF3667D0283F894EDDE6D4736255751E5D
-  gpg --export --keyring /etc/apt/keyring/neon-archive-keyring.gpg --export-options export-minimal --armor > /etc/apt/keyring/neon-archive-keyring.asc
-  gpg --import /etc/apt/keyring/neon-archive-keyring.gpg
+  curl -s --compressed "https://invent.kde.org/neon/neon/keyring/-/raw/work/overhaul/keyrings/neon-archive-keyring.gpg?ref_type=heads&inline=false" |  tee /etc/apt/keyrings/neon-archive-keyring-web.gpg >/dev/null
+  gpg --no-default-keyring --export-options export-minimal --keyring /etc/apt/keyrings/neon-archive-keyring-web.gpg --output /etc/apt/keyrings/neon-archive-keyring.gpg --export 444DABCF3667D0283F894EDDE6D4736255751E5D
+  gpg --export --keyring /etc/apt/keyrings/neon-archive-keyring.gpg --export-options export-minimal --armor > /etc/apt/keyrings/neon-archive-keyring.asc
+  gpg --import /etc/apt/keyrings/neon-archive-keyring.gpg
 
   # use ubuntu-defaults.key for iso creation until we can use neon-keyring package for LB_BOOTSTRAP_KEYRING='neon-keyring'
-  cp /etc/apt/keyring/neon-archive-keyring.gpg config/archives/ubuntu-defaults.key
+  cp /etc/apt/keyrings/neon-archive-keyring.gpg config/archives/ubuntu-defaults.key
   chmod 644 config/archives/ubuntu-defaults.key || true
 
   # cp our non-armoured (binary) public key to where it needs to be
-  mkdir  -p chroot/etc/apt/keyring/
-  cp /etc/apt/keyring/* chroot/etc/apt/keyring/
+  mkdir  -p chroot/etc/apt/keyrings/
+  # make sure the pre-installed pool has the keyring it expects
+  cp /etc/apt/keyrings/neon-archive-keyring.asc /etc/apt/keyrings/preinstalled-pool.gpg
+  cp /etc/apt/keyrings/* chroot/etc/apt/keyrings/
+
 
   # make sure _apt can read this file. it may get copied into the chroot
-  chmod 644 chroot/etc/apt/keyring/neon-archive-keyring.asc || true
-  chmod 644 chroot/etc/apt/keyring/neon-archive-keyring.gpg || true
+  chmod 644 chroot/etc/apt/keyrings/neon-archive-keyring.asc || true
+  chmod 644 chroot/etc/apt/keyrings/neon-archive-keyring.gpg || true
+  chmod 644 chroot/etc/apt/keyrings/preinstalled-pool.gpg || true
 
   # use a signed neon.list until we work out how to enable neon.sources in livecd-rootfs
   cat <<EOF >config/archives/neon.list
-deb [signed-by=/etc/apt/keyring/neon-archive-keyring.asc] http://archive.neon.kde.org/${NEONARCHIVE} $SUITE main
-deb-src [signed-by=/etc/apt/keyring/neon-archive-keyring.asc] http://archive.neon.kde.org/${NEONARCHIVE} $SUITE main
+deb [signed-by=/etc/apt/keyrings/neon-archive-keyring.asc] http://archive.neon.kde.org/${NEONARCHIVE} $SUITE main
+deb-src [signed-by=/etc/apt/keyrings/neon-archive-keyring.asc] http://archive.neon.kde.org/${NEONARCHIVE} $SUITE main
 EOF
 
   # add a nice depreciation message when we actually have depreciated the above hack
@@ -63,7 +67,7 @@ URIs: http://archive.neon.kde.org/${NEONARCHIVE}
 Suites: $SUITE
 Components: main
 Architectures: $ARCH
-Signed-By: /etc/apt/keyring/neon-archive-keyring-pubkey.asc
+Signed-By: /etc/apt/keyrings/neon-archive-keyring-pubkey.asc
 EOF
 
   # check our stuffs are in the right place

More information about the Neon-commits mailing list