apt-key is gone as of apt version 2.9.17, so rely on apt-key
only for Debian bookworm, instead use our own tooling to verify
the key situation on Debian/trixie (v13) and newer.
Migrate our existing checks from templates/140_apt-keys.yaml.tt2
to our new helper script helper/check-apt-keyrings, so we have one
single interface for all those checks.
FTR: the checksums of the sipwise-archive-2015.gpg +
sipwise-autobuilder-2011.gpg keyfiles differ between bookworm and
trixie, because of the way we generate them during package builds
(gnupg for bookworm vs. sequoia starting with trixie).
Situation on bookworm / trunk:
| root@spce:~# gpg /etc/apt/trusted.gpg.d/sipwise-archive-2015.gpg
| gpg: WARNING: no command supplied. Trying to guess what you mean ...
| pub rsa4096 2015-03-05 [SC] [expires: 2029-10-12]
| 68A702B1FD8E422AAAA1ADA3773236EFF411A836
| uid Sipwise GmbH (Sipwise Repository Key) <support@sipwise.com>
| sub rsa4096 2015-03-05 [E] [expires: 2029-10-12]
| root@spce:~# gpg /etc/apt/trusted.gpg.d/sipwise-autobuilder-2011.gpg
| gpg: WARNING: no command supplied. Trying to guess what you mean ...
| pub rsa4096 2011-06-06 [SC]
| F7B8A739CE638D719A078C9859104633EE5E097D
| uid Sipwise autobuilder (Used to sign packages for autobuild) <development@sipwise.com>
| sub rsa4096 2011-06-06 [E]
| root@spce:~# sha256sum /etc/apt/trusted.gpg.d/sipwise-archive-2015.gpg /etc/apt/trusted.gpg.d/sipwise-autobuilder-2011.gpg
| 811f878f5320fc8563a70b166d2c27ec060b4397ca021702f433bc4659336b9b /etc/apt/trusted.gpg.d/sipwise-archive-2015.gpg
| f00aad42a76ddec341fb2c67b45b41e2d1c19d67bd239196cd52488c4b7da4a0 /etc/apt/trusted.gpg.d/sipwise-autobuilder-2011.gpg
Situation on trixie / trunk:
| root@spce:~# gpg /etc/apt/trusted.gpg.d/sipwise-archive-2015.gpg
| gpg: WARNING: no command supplied. Trying to guess what you mean ...
| pub rsa4096 2015-03-05 [SC] [expires: 2029-10-12]
| 68A702B1FD8E422AAAA1ADA3773236EFF411A836
| uid Sipwise GmbH (Sipwise Repository Key) <support@sipwise.com>
| sub rsa4096 2015-03-05 [E] [expires: 2029-10-12]
| root@spce:~# gpg /etc/apt/trusted.gpg.d/sipwise-autobuilder-2011.gpg
| gpg: WARNING: no command supplied. Trying to guess what you mean ...
| pub rsa4096 2011-06-06 [SC]
| F7B8A739CE638D719A078C9859104633EE5E097D
| uid Sipwise autobuilder (Used to sign packages for autobuild) <development@sipwise.com>
| sub rsa4096 2011-06-06 [E]
|
| root@spce:~# sha256sum /etc/apt/trusted.gpg.d/sipwise-archive-2015.gpg /etc/apt/trusted.gpg.d/sipwise-autobuilder-2011.gpg
| 88d92e09810a13b5e749839bca89029fbbe73cca261a3a26712a560cc7b50e47 /etc/apt/trusted.gpg.d/sipwise-archive-2015.gpg
| b64656d5f8fa0a636d46084bda74e16cef502d3d48e8ed101c6386ad8bbcacef /etc/apt/trusted.gpg.d/sipwise-autobuilder-2011.gpg
NOTE: Once we switch our /etc/apt/sources.list* setup to the
deb822.sources format (see sources.list(5) + deb822(5) for details), and
neither our ngcp-archive-keyring nor Debian's debian-archive-keyring no
longer installs any files inside /etc/apt/trusted.gpg.d, we can instead
check for empty /etc/apt/trusted.gpg.d + /etc/apt/keyrings and expected
files inside /usr/share/keyrings.
Change-Id: I0ef7e1d8f0684f94c1e6ae0499f85080cdcd690a
lintian v2.115.3 - as currently present in Debian/booksworm - doesn't
support the existing syntax for the file-in-etc-not-marked-as-conffile
override, and therefore fails with:
| E: ngcp-system-tests: file-in-etc-not-marked-as-conffile [etc/ngcp-config/templates/etc/ngcp-system-tests/000_self-test-command.yaml.tt2]
| E: ngcp-system-tests: file-in-etc-not-marked-as-conffile [etc/ngcp-config/templates/etc/ngcp-system-tests/110_filesys-cores.yaml.tt2]
| E: ngcp-system-tests: file-in-etc-not-marked-as-conffile [etc/ngcp-config/templates/etc/ngcp-system-tests/120_filesys-free-space.yaml.tt2]
| E: ngcp-system-tests: file-in-etc-not-marked-as-conffile [etc/ngcp-config/templates/etc/ngcp-system-tests/130_filesys-ngcp.yaml.tt2]
| E: ngcp-system-tests: file-in-etc-not-marked-as-conffile [etc/ngcp-config/templates/etc/ngcp-system-tests/131_filesys-ngcp-pro.yaml.tt2]
| E: ngcp-system-tests: file-in-etc-not-marked-as-conffile [etc/ngcp-config/templates/etc/ngcp-system-tests/132_filesys-ngcp-templates.yaml.tt2]
| E: ngcp-system-tests: file-in-etc-not-marked-as-conffile [etc/ngcp-config/templates/etc/ngcp-system-tests/133_filesys-deprecated.yaml.tt2]
| E: ngcp-system-tests: file-in-etc-not-marked-as-conffile [etc/ngcp-config/templates/etc/ngcp-system-tests/134_filesys-voisniff.yaml.tt2]
| [...]
It instead expects the filename(s) to be listed under "[...]".
By using "*etc/ngcp-config/templates/*" instead, we can support the
lintian versions as present in bookworm and bullseye at the same time
(thanks to Guillem for the hint!).
Change-Id: I412ad99ae409288a92bdb1143340ffd58c3cc32c
Before the logic was - compare 2 structures and if they are different
analyze every element and exception list.
But there is no sense to do this 1st comparison as they are always
different that's why we have exception list. So remove this module.
Also add perl:Depends to dependencies.
Change-Id: Ia7e1628108d823601a9cd6e6ce14310b9afba795
The new installations are going to be using Prometheus, and old ones
will be fine with the new influxdb alternatives. This simplifies the
installation process, as then we do not need to install the prometheus
packages and remove the influxdb packages as independent steps.
Change-Id: Id47b0713fa47a698f1d2ffc0505d0763483ff01b
Use compare_dbs as a wrapper to check all the used schemes.
Add different formats of output to compare_dbs.pl - tap and human
readable one.
Process all the schemes in one run of compare_dbs.pl and do it in one db
connection.
If the tap formatter is used - output the result of all schemes in a
single file.
Change-Id: I2696680aa30b56658f130bd1cea116099c086753
We get dangling symlink errors on a fresh installation as
/etc/ngcp-system-tests has not been generated yet, but we do not
currently have any users of the old /etc/ngcp-tests, so we can just
remove it.
Change-Id: I6c3369b6c4c948135ffcef608a1d358729b06e82
This new program is a wrapper to make running the tests easier, and it
will abstrat all necessary knowledge about the test runner.
We also remove the results file generation support, and let our caller
handle it as it simplifies the code overall.
Change-Id: Iad884429b00a94d5f3c9c3b37db31a523ab3c701
These are used by the tests themselves. We distinguish between core
and system dependencies for functionality we really want to check
which goes into Depends, and dependencies for stacks that are optional
and their missing presence will still emit an error due to the commands
not being available, these we add as Suggests.
Change-Id: I051dd388dab0a4a5c5f51f48dda54013298ba537
The templates does not really contain any passwords, but the file
generated from it will, so having the template have restricted
permissions means the generated one will inherit them.
Change-Id: I0ed38509e2c17eb4fd174722a0d01d31f4ef2816
Sipwise Jenkins Builder
Michael Prokop
Guillem Jover
Mykola Malkov
Alexander Lutay