sipwise
/
netscript
mirror of https://github.com/sipwise/netscript.git
1
0
Fork 0
Code Issues Releases Wiki Activity

MT#6639 Set up /etc/apt/trusted.gpg.d/sipwise.gpg

Browse Source 
Let's get rid of unneeded AllowUnauthenticated usages with apt.
It would be even better if we could ship our own key with the
official Grml-Sipwise ISO (which would technically be no problem,
but we need a way for PXE boot for builder.mgm anyway).
ksolomko/vlan
Michael Prokop 12 years ago
parent 6fdedc9da2
commit 386bc399c3
1 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File

24
deployment.sh
Unescape View File

@ -831,10 +831,6 @@ fi
# otherwise e2fsck fails with "need terminal for interactive repairs"
echo FSCK=no >>/etc/debootstrap/config
# otherwise we can't use packages with missing key http://deb.sipwise.com/autobuild/680FBA8A.asc
# from our own $MIRROR - note: switch to --keyring=KEYRING
echo "DPKG_OPTIONS='-o APT::Get::AllowUnauthenticated=true -o aptitude::Cmdline::ignore-trust-violations=yes'" >> /etc/debootstrap/config
# package selection
cat > /etc/debootstrap/packages << EOF
# addons: packages which d-i installs but debootstrap doesn't
@ -885,6 +881,24 @@ puppet
EOF
fi
# sipwise key setup
wget -O /etc/apt/trusted.gpg.d/sipwise.gpg http://deb.sipwise.com/autobuild/sipwise.gpg
md5sum_sipwise_key_expected=32a4907a7d7aabe325395ca07c531234
md5sum_sipwise_key_calculated=$(md5sum /etc/apt/trusted.gpg.d/sipwise.gpg | awk '{print $1}')
if [ "$md5sum_sipwise_key_calculated" != "$md5sum_sipwise_key_expected" ] ; then
die "Error validating sipwise keyring for apt usage (expected: [$md5sum_sipwise_key_expected] - got: [$md5sum_sipwise_key_calculated])"
fi
mkdir -p /etc/debootstrap/pre-scripts/
cat > /etc/debootstrap/pre-scripts/install-sipwise-key.sh << EOF
#!/bin/bash
# installed via deployment.sh
cp /etc/apt/trusted.gpg.d/sipwise.gpg "\${MNTPOINT}"/etc/apt/trusted.gpg.d/
EOF
chmod 775 /etc/debootstrap/pre-scripts/install-sipwise-key.sh
# NOTE: we use the debian.sipwise.com CNAME by intention here
# to avoid conflicts with apt-pinning, preferring deb.sipwise.com
# over official Debian
@ -899,7 +913,7 @@ echo y | grml-debootstrap \
--grub /dev/${DISK} \
--hostname "${TARGET_HOSTNAME}" \
--mirror "$MIRROR" \
--debopt '--no-check-gpg' $EXTRA_DEBOOTSTRAP_OPTS \
--debopt '--keyring=/etc/apt/trusted.gpg.d/sipwise.gpg' $EXTRA_DEBOOTSTRAP_OPTS \
-r "$DEBIAN_RELEASE" \
-t "$ROOT_FS" \
--password 'sipwise' 2>&1 | tee -a /tmp/grml-debootstrap.log

Write Preview
Loading…
Cancel
Save