[neon/neon/keyring/Neon/release] debian: ensure deb822 compliant sources

Carlos De Maine null at kde.org
Thu Sep 26 11:25:36 BST 2024 

Git commit 427460c19dec39c3bf66e22e84e0a76a958fae2b by Carlos De Maine.
Committed on 26/09/2024 at 10:25.
Pushed by carlosdem into branch 'Neon/release'.

ensure deb822 compliant sources

M  +6    -0    debian/changelog
D  +0    -1    debian/compat
M  +3    -2    debian/control
M  +55   -12   debian/neon-keyring.postinst
D  +0    -7    debian/neon.sources

https://invent.kde.org/neon/neon/keyring/-/commit/427460c19dec39c3bf66e22e84e0a76a958fae2b

diff --git a/debian/changelog b/debian/changelog
index f8fcdf9..204ff3f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+neon-keyring (2024.09.24) jammy; urgency=medium
+
+  * new release to ensure deb822 compliant sources
+
+ -- Jonathan Riddell <jriddell at ubuntu.com>  Thu, 26 Sep 2024 09:05:45 +0100
+
 neon-keyring (2024.08.09) jammy; urgency=medium
 
   * Initial package
diff --git a/debian/compat b/debian/compat
deleted file mode 100644
index f599e28..0000000
--- a/debian/compat
+++ /dev/null
@@ -1 +0,0 @@
-10
diff --git a/debian/control b/debian/control
index 09aea25..4d93ac8 100644
--- a/debian/control
+++ b/debian/control
@@ -2,8 +2,8 @@ Source: neon-keyring
 Section: important
 Priority: optional
 Maintainer: Jonathan Riddell <jr at jriddell.org>
-Standards-Version: 4.1.3
-Build-Depends: gnupg, debhelper (>= 10)
+Standards-Version: 4.6.2
+Build-Depends: gnupg, debhelper-compat (= 13)
 Vcs-Browser: http://packaging.neon.kde.org/cgit/neon/keyring.git/
 Vcs-Git: git://packaging.neon.kde.org/neon/keyring
 
@@ -11,6 +11,7 @@ Package: neon-keyring
 Priority: important
 Architecture: all
 Multi-Arch: foreign
+Depends: ${misc:Depends},
 Description: GnuPG keys used by Neon
  KDE neon signs all packages and also Release files used by the archive.
  .
diff --git a/debian/neon-keyring.postinst b/debian/neon-keyring.postinst
index 86bd416..25e4d55 100644
--- a/debian/neon-keyring.postinst
+++ b/debian/neon-keyring.postinst
@@ -2,7 +2,21 @@
 
 set -ex
 
-ARCH= dpkg --print-architecture
+ARCH=$(dpkg --print-architecture)
+SUITE=$(grep DISTRIB_CODENAME= /etc/lsb-release | grep -oP '(?<=DISTRIB_CODENAME=).*')
+# populate NEONARCHIVE var
+NEONARCHIVE_USER=$(grep -o User /etc/lsb-release | tr '[:upper:]' '[:lower:]' )
+if [ "$NEONARCHIVE_USER" = "user" ];
+    then NEONARCHIVE=$NEONARCHIVE_USER;
+fi
+NEONARCHIVE_TESTING=$(grep -o Testing /etc/lsb-release | tr '[:upper:]' '[:lower:]' )
+if [ "$NEONARCHIVE_TESTING" = "testing" ];
+    then NEONARCHIVE=$NEONARCHIVE_TESTING;
+fi
+NEONARCHIVE_UNSTABLE=$(grep -o Unstable /etc/lsb-release | tr '[:upper:]' '[:lower:]' )
+if [ "$NEONARCHIVE_UNSTABLE" = "unstable" ];
+    then NEONARCHIVE=$NEONARCHIVE_UNSTABLE;
+fi
 
 # move apt-key master key back to where it belongs if it was previously moved in unstable
 if [ ! -e /etc/apt/trusted.gpg ] && [ -e /etc/apt/trusted.gpg.d/apt-trusted.gpg ]; then
@@ -25,13 +39,8 @@ if [ "$1" = 'configure' -a -n "$2" ]; then
 				fi
 				# rm the the key from the apt-key trusted.gpg keyring
 				apt-key --keyring "$TRUSTEDFILE" del $KEY > /dev/null 2>&1 || :
-				# update the *.list to reflect the signed key path
-				SIGNEDBY='[signed-by=/etc/apt/keyrings/neon-archive-keyring.gpg]'
-				DEB_LIST=/etc/apt/sources.list.d/neon.list
-				touch $DEB_LIST
-				sed -i "s#deb http#deb $SIGNEDBY http#" $DEB_LIST
-				sed -i "s#deb-src http#deb-src $SIGNEDBY http#" $DEB_LIST
 			done
+
 			# rm ancient Ubuntu Local Archive One-Time Signing Key <cdimage at ubuntu.com>
 			for KEY in '7B92 9DC5 3D6D 77FD 6427  45ED 1EC9 3359 A395 228C'; do
 				# rm the historic post-install copy to stop apt-key re-entering that keyring
@@ -40,12 +49,46 @@ if [ "$1" = 'configure' -a -n "$2" ]; then
 				fi
 				# rm the the key from the apt-key trusted.gpg keyring
 				apt-key --keyring "$TRUSTEDFILE" del $KEY > /dev/null 2>&1 || :
-				# update the *.list to reflect the signed key path
-				SIGNEDBY='[signed-by=/etc/apt/keyrings/ubuntu-local-archive-one-time-signing-key.gpg]'
-				DEB_LIST=/etc/apt/sources.list.d/preinstalled-pool.list
-				touch $DEB_LIST
-				sed -i "s#deb [arch=$ARCH] file#deb [arch=$ARCH $SIGNEDBY file#" $DEB_LIST
 			done
 		fi
 	fi
+
+	# ensure all our *.lists are transitioned to *.sources
+	# rm the old neon.list if it's still there
+	if [ -e /etc/apt/sources.list.d/neon.list ]; then
+		rm /etc/apt/sources.list.d/neon.list
+	fi
+	# add a nice depreciation message about the move to neon.sources
+	echo "# KDE neon sources have moved to /etc/apt/sources.list.d/neon.sources" >> /etc/apt/sources.list.d/neon.list
+
+	# rm the the neon.sources if it already exists
+	if [ -e /etc/apt/sources.list.d/neon.sources ]; then
+		rm /etc/apt/sources.list.d/neon.sources
+	fi
+	# add our spiffy new signed deb822 neon.sources that doesn't rely on apt-key
+	cat > /etc/apt/sources.list.d/neon.sources << EOF
+X-Repolib-Name: KDE neon $SUITE $NEONARCHIVE
+Types: deb deb-src
+URIs: http://archive.neon.kde.org/$NEONARCHIVE
+Suites: $SUITE
+Components: main
+Architectures: $ARCH
+Signed-By: /etc/apt/keyrings/neon-archive-keyring-pubkey.asc
+EOF
+
+	# remove the old preinstalled-pool.list is it's still there
+	if [ -e /etc/apt/sources.list.d/preinstalled-pool.list ]; then
+		rm /etc/apt/sources.list.d/preinstalled-pool.list
+	fi
+	# install our new disabled deb822 preinstalled-pool.sources
+	cat > /etc/apt/sources.list.d/preinstalled-pool.sources << EOF
+Enabled: no
+Types: deb
+URIs: file:/var/lib/preinstalled-pool/
+Suites: $SUITE
+Components: main restricted universe multiverse
+EOF
+
 fi
+
+#DEBHELPER#
diff --git a/debian/neon.sources b/debian/neon.sources
deleted file mode 100644
index f6fc353..0000000
--- a/debian/neon.sources
+++ /dev/null
@@ -1,7 +0,0 @@
-X-Repolib-Name: KDE neon user noble edition
-Enabled: yes
-Types: deb deb-src
-URIs: http://archive.neon.kde.org/user
-Suites: noble
-Components: main
-Signed-By: /etc/apt/keyrings/neon-archive-keyring.gpg
\ No newline at end of file

More information about the Neon-commits mailing list