[neon/neon/livecd-rootfs/Neon/release] live-build/auto: make sure gpg home dir has correct permissions

Carlos De Maine null at kde.org
Mon Aug 26 06:46:54 BST 2024 

Git commit bf306a504e96fd958468030eebe6c348c37193a4 by Carlos De Maine.
Committed on 26/08/2024 at 05:46.
Pushed by carlosdem into branch 'Neon/release'.

make sure gpg home dir has correct permissions

M  +10   -2    live-build/auto/build

https://invent.kde.org/neon/neon/livecd-rootfs/-/commit/bf306a504e96fd958468030eebe6c348c37193a4

diff --git a/live-build/auto/build b/live-build/auto/build
index ce2f6d4e..038f60c9 100755
--- a/live-build/auto/build
+++ b/live-build/auto/build
@@ -133,6 +133,13 @@ Name-Real: Ubuntu Local Archive One-Time Signing Key
 Name-Email: cdimage at ubuntu.com
 Expire-Date: 0
 @@EOF
+
+		#make sure gpg home dir has appropriate permissions
+		mkdir -p congig/gnupg
+		chown -R root config/gnupg/
+		chmod 600 config/gnupg/*
+		chmod 700 config/gnupg
+
 		gpg --verbose --home config/gnupg --gen-key --batch < config/gnupg/NEWKEY \
 			> config/gnupg/generate.log 2>&1 &
 		GPG_PROCESS=$!
@@ -335,10 +342,10 @@ Signed-By: /etc/apt/keyrings/preinstalled-pool.gpg
 				chroot/var/lib/preinstalled-pool/dists/$R_CODENAME/Release
 			mv -v config/gnupg/Release.asc \
 				chroot/var/lib/preinstalled-pool/dists/$R_CODENAME/Release.gpg
-			# export pubring.gpg as modern gnupg stores everythinh in pubring.kbx by default
+			# export pubring.gpg as modern gnupg stores everything in pubring.kbx by default
 			gpg --verbose --home config/gnupg --export-options export-minimal \
 				--keyring config/gnupg/pubring.kbx --output config/gnupg/pubring.gpg --export
-			# cp pubring.gpg to where the .sources expects it
+			# move pubring.gpg to where the .sources expects it
 			mv -v config/gnupg/pubring.gpg chroot/etc/apt/keyrings/preinstalled-pool.gpg
 			echo "finding packages in pool"
 			find chroot/var/lib/preinstalled-pool/ -name Packages | xargs rm
@@ -360,6 +367,7 @@ Signed-By: /etc/apt/keyrings/preinstalled-pool.gpg
 			#fi
 			## End of mangle
 
+			Chroot chroot "apt-get update"
 			# We only want to have a cache for the pre-installed pool at this point
 			Chroot chroot "apt-get update -o Dir::Etc::SourceParts=/dev/null -oDir::Etc::SourceList=etc/apt/sources.list.d/preinstalled-pool.sources"
 			echo "finished preinstalled-pool!!"

More information about the Neon-commits mailing list