forked from neil/lxc-templates
Improved apt gpg management
Signed-off-by: Tanya Degurechaff <34323200+TanyaEleventhGoddess@users.noreply.github.com>
This commit is contained in:
Tanya Degurechaff
parent
1ba667a771
commit
52fa9b7360
@ -40,6 +40,7 @@ LOCALSTATEDIR="@LOCALSTATEDIR@"
|
|||||||
LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@"
|
LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@"
|
||||||
# Allows the lxc-cache directory to be set by environment variable
|
# Allows the lxc-cache directory to be set by environment variable
|
||||||
LXC_CACHE_PATH=${LXC_CACHE_PATH:-"$LOCALSTATEDIR/cache/lxc"}
|
LXC_CACHE_PATH=${LXC_CACHE_PATH:-"$LOCALSTATEDIR/cache/lxc"}
|
||||||
|
[ -z "$DOWNLOAD_KEYRING" ] && DOWNLOAD_KEYRING=1
|
||||||
|
|
||||||
find_interpreter()
|
find_interpreter()
|
||||||
{
|
{
|
||||||
@ -347,8 +348,14 @@ openssh-server
|
|||||||
|
|
||||||
# If debian-archive-keyring isn't installed, fetch GPG keys directly
|
# If debian-archive-keyring isn't installed, fetch GPG keys directly
|
||||||
releasekeyring=/usr/share/keyrings/debian-archive-keyring.gpg
|
releasekeyring=/usr/share/keyrings/debian-archive-keyring.gpg
|
||||||
if [ ! -f $releasekeyring ]; then
|
lreleasekeyring=/etc/apt/trusted.gpg.d/debian-archive-$release-stable.gpg
|
||||||
releasekeyring="$cache/archive-key.gpg"
|
if [ -f "$releasekeyring" ]; then
|
||||||
|
apt_gpg_opt="--keyring=${releasekeyring}"
|
||||||
|
elif [ -f "$lreleasekeyring" ]; then
|
||||||
|
apt_gpg_opt="--keyring=${lreleasekeyring}"
|
||||||
|
elif [ "$DOWNLOAD_KEYRING" = 1 ]; then
|
||||||
|
[ ! -d "/etc/apt/trusted.gpg.d" ] && lreleasekeyring="$cache/archive-key.gpg"
|
||||||
|
if [[ "$(id -u)" == "0" ]]; then
|
||||||
case $release in
|
case $release in
|
||||||
"wheezy")
|
"wheezy")
|
||||||
gpgkeyname="archive-key-7.0"
|
gpgkeyname="archive-key-7.0"
|
||||||
@ -358,7 +365,15 @@ openssh-server
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
wget https://ftp-master.debian.org/keys/${gpgkeyname}.asc -O - --quiet \
|
wget https://ftp-master.debian.org/keys/${gpgkeyname}.asc -O - --quiet \
|
||||||
| gpg --import --no-default-keyring --keyring="${releasekeyring}"
|
| gpg --import --no-default-keyring --keyring="${lreleasekeyring}"
|
||||||
|
apt_gpg_opt="--keyring=${lreleasekeyring}"
|
||||||
|
else
|
||||||
|
echo "Must be root (sudo) to save $lreleasekeyring"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ -z "$apt_gpg_opt" ]; then
|
||||||
|
echo "WARNING: No GPG check"
|
||||||
|
apt_gpg_opt='--no-check-gpg'
|
||||||
fi
|
fi
|
||||||
# check the mini debian was not already downloaded
|
# check the mini debian was not already downloaded
|
||||||
try_mksubvolume "$cache/partial-$release-$arch"
|
try_mksubvolume "$cache/partial-$release-$arch"
|
||||||
@ -371,7 +386,7 @@ openssh-server
|
|||||||
echo "Downloading debian minimal ..."
|
echo "Downloading debian minimal ..."
|
||||||
if [ "$interpreter" = "" ] ; then
|
if [ "$interpreter" = "" ] ; then
|
||||||
debootstrap --verbose --variant=minbase --arch="$arch" \
|
debootstrap --verbose --variant=minbase --arch="$arch" \
|
||||||
--include=$packages --keyring="${releasekeyring}" \
|
--include=$packages "${apt_gpg_opt}" \
|
||||||
"$release" "$cache/partial-$release-$arch" "$MIRROR"
|
"$release" "$cache/partial-$release-$arch" "$MIRROR"
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo "Failed to download the rootfs, aborting."
|
echo "Failed to download the rootfs, aborting."
|
||||||
@ -379,7 +394,7 @@ openssh-server
|
|||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
debootstrap --foreign --verbose --variant=minbase --arch="$arch" \
|
debootstrap --foreign --verbose --variant=minbase --arch="$arch" \
|
||||||
--include=$packages --keyring="${releasekeyring}" \
|
--include=$packages "${apt_gpg_opt}" \
|
||||||
"$release" "$cache/partial-$release-$arch" "$MIRROR"
|
"$release" "$cache/partial-$release-$arch" "$MIRROR"
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo "Failed to download the rootfs, aborting."
|
echo "Failed to download the rootfs, aborting."
|
||||||
|
|||||||
@ -41,6 +41,7 @@ LOCALSTATEDIR="@LOCALSTATEDIR@"
|
|||||||
LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@"
|
LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@"
|
||||||
# Allows the lxc-cache directory to be set by environment variable
|
# Allows the lxc-cache directory to be set by environment variable
|
||||||
LXC_CACHE_PATH=${LXC_CACHE_PATH:-"$LOCALSTATEDIR/cache/lxc"}
|
LXC_CACHE_PATH=${LXC_CACHE_PATH:-"$LOCALSTATEDIR/cache/lxc"}
|
||||||
|
[ -z "$DOWNLOAD_KEYRING" ] && DOWNLOAD_KEYRING=1
|
||||||
|
|
||||||
find_interpreter()
|
find_interpreter()
|
||||||
{
|
{
|
||||||
@ -330,11 +331,25 @@ kali-archive-keyring
|
|||||||
|
|
||||||
# If kali-archive-keyring isn't installed, fetch GPG keys directly
|
# If kali-archive-keyring isn't installed, fetch GPG keys directly
|
||||||
releasekeyring=/usr/share/keyrings/kali-archive-keyring.gpg
|
releasekeyring=/usr/share/keyrings/kali-archive-keyring.gpg
|
||||||
if [ ! -f $releasekeyring ]; then
|
lreleasekeyring=/etc/apt/trusted.gpg.d/kali-archive-keyring.gpg
|
||||||
releasekeyring="$cache/archive-key.gpg"
|
if [ -f "$releasekeyring" ]; then
|
||||||
|
apt_gpg_opt="--keyring=${releasekeyring}"
|
||||||
|
elif [ -f "$lreleasekeyring" ]; then
|
||||||
|
apt_gpg_opt="--keyring=${lreleasekeyring}"
|
||||||
|
elif [ "$DOWNLOAD_KEYRING" = 1 ]; then
|
||||||
|
[ ! -d "/etc/apt/trusted.gpg.d" ] && lreleasekeyring="$cache/archive-key.gpg"
|
||||||
|
if [[ "$(id -u)" == "0" ]]; then
|
||||||
gpgkeyname="archive-key"
|
gpgkeyname="archive-key"
|
||||||
wget https://archive.kali.org/${gpgkeyname}.asc -O - --quiet \
|
wget https://archive.kali.org/${gpgkeyname}.asc -O - --quiet \
|
||||||
| gpg --import --no-default-keyring --keyring="${releasekeyring}"
|
| gpg --import --no-default-keyring --keyring="${lreleasekeyring}"
|
||||||
|
apt_gpg_opt="--keyring=${lreleasekeyring}"
|
||||||
|
else
|
||||||
|
echo "Must be root (sudo) to save $lreleasekeyring"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ -z "$apt_gpg_opt" ]; then
|
||||||
|
echo "WARNING: No GPG check"
|
||||||
|
apt_gpg_opt='--no-check-gpg'
|
||||||
fi
|
fi
|
||||||
# check the mini kali was not already downloaded
|
# check the mini kali was not already downloaded
|
||||||
try_mksubvolume "$cache/partial-$release-$arch"
|
try_mksubvolume "$cache/partial-$release-$arch"
|
||||||
@ -347,7 +362,7 @@ kali-archive-keyring
|
|||||||
echo "Downloading kali minimal ..."
|
echo "Downloading kali minimal ..."
|
||||||
if [ "$interpreter" = "" ] ; then
|
if [ "$interpreter" = "" ] ; then
|
||||||
debootstrap --verbose --variant=minbase --arch="$arch" \
|
debootstrap --verbose --variant=minbase --arch="$arch" \
|
||||||
--include=$packages --keyring="${releasekeyring}" \
|
--include=$packages "${apt_gpg_opt}" \
|
||||||
"$release" "$cache/partial-$release-$arch" "$MIRROR"
|
"$release" "$cache/partial-$release-$arch" "$MIRROR"
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo "Failed to download the rootfs, aborting."
|
echo "Failed to download the rootfs, aborting."
|
||||||
@ -355,7 +370,7 @@ kali-archive-keyring
|
|||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
debootstrap --foreign --verbose --variant=minbase --arch="$arch" \
|
debootstrap --foreign --verbose --variant=minbase --arch="$arch" \
|
||||||
--include=$packages --keyring="${releasekeyring}" \
|
--include=$packages "${apt_gpg_opt}" \
|
||||||
"$release" "$cache/partial-$release-$arch" "$MIRROR"
|
"$release" "$cache/partial-$release-$arch" "$MIRROR"
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo "Failed to download the rootfs, aborting."
|
echo "Failed to download the rootfs, aborting."
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user