TT#54410 Get rid of hardcoded checksum of sipwise.gpg file

We want to get rid of old sipwise gpg file as it contains weak key. To
do it we need either update this hardcoded value (and do it every time
when key is updated) or use the same behavior as it's used in
installer.

Change-Id: I0de951778c7f3c2c877889d3b2225588442be3de
(cherry picked from commit 35bfe45d24)

deployment.sh

@@ -138,18 +138,29 @@ loadNfsIpArray() {
 }
 
 install_sipwise_key() {
+  local tmp_key
+  tmp_key="$(mktemp)"
+
+  for x in 1 2 3; do
     if "$PRO_EDITION" ; then
-    wget -O /etc/apt/trusted.gpg.d/sipwise.gpg http://${SIPWISE_REPO_HOST}/sppro/sipwise.gpg
+      wget -q -T 10 --retry-connrefused --tries=3 --no-verbose -O "${tmp_key}" http://${SIPWISE_REPO_HOST}/sppro/sipwise.gpg
     else
-    wget -O /etc/apt/trusted.gpg.d/sipwise.gpg http://${SIPWISE_REPO_HOST}/spce/sipwise.gpg
+      wget -q -T 10 --retry-connrefused --tries=3 --no-verbose -O "${tmp_key}" http://${SIPWISE_REPO_HOST}/spce/sipwise.gpg
     fi
+    chmod 644 "${tmp_key}"
+    local sipwise_key_checksum
+    sipwise_key_checksum=$(sha256sum "${tmp_key}" | awk '{print $1}')
+    echo "Sipwise keyring downloaded with checksum (sha256sum: [${sipwise_key_checksum}]). Is it correct and should be imported into the system? [y/N]"
 
-  md5sum_sipwise_key_expected=bcd09c9ad563b2d380152a97d5a0ea83
+    if "${INTERACTIVE}"; then
-  md5sum_sipwise_key_calculated=$(md5sum /etc/apt/trusted.gpg.d/sipwise.gpg | awk '{print $1}')
+      local a
-
+      read -r a
-  if [ "$md5sum_sipwise_key_calculated" != "$md5sum_sipwise_key_expected" ] ; then
+      if [[ "${a,,}" != "y" ]] ; then
-    die "Error validating sipwise keyring for apt usage (expected: [$md5sum_sipwise_key_expected] - got: [$md5sum_sipwise_key_calculated])"
+        echo "The key wasn't accepted, retrying... ${x}/3"
+        continue
       fi
+    fi
+
 }
 
 # see MT#6253