apt actually expects single exported keys in the trusted
directory, not keyrings. recent gpg2 versions (like that in
Debian Stretch) switch to a different default keyring format
which apt does not handle at all, so the old hack will break
soon.
by changing the key format in this repository from armored
exported public key to binary exported public key, which
both apt in Debian Jessie and apt in Debian Stretch
understand, we can just install those two files directly
in the trusted dir.
bonus: the package content does not change based on gpg
version or configuration anymore.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
CC: dietmar@proxmox.com
CC: w.bumiller@proxmox.com
DEBS=${DST_DEB} ${HDR_DEB} ${FW_DEB} ${PVE_DEB} ${VIRTUAL_HDR_DEB} ${LINUX_TOOLS_DEB}
DEBS=${DST_DEB} ${HDR_DEB} ${FW_DEB} ${PVE_DEB} ${VIRTUAL_HDR_DEB} ${LINUX_TOOLS_DEB}
-PVE_RELEASE_KEYS= \
- proxmox-ve/proxmox-release-4.x.pubkey \
- proxmox-ve/proxmox-release-5.x.pubkey
-
all: check_gcc ${DEBS}
${PVE_DEB} pve: proxmox-ve/control proxmox-ve/postinst ${PVE_RELEASE_KEYS}
all: check_gcc ${DEBS}
${PVE_DEB} pve: proxmox-ve/control proxmox-ve/postinst ${PVE_RELEASE_KEYS}
mkdir -p proxmox-ve/data/DEBIAN
mkdir -p proxmox-ve/data/usr/share/doc/${PVEPKG}/
mkdir -p proxmox-ve/data/etc/apt/trusted.gpg.d
mkdir -p proxmox-ve/data/DEBIAN
mkdir -p proxmox-ve/data/usr/share/doc/${PVEPKG}/
mkdir -p proxmox-ve/data/etc/apt/trusted.gpg.d
- gpg2 --no-default-keyring --keyring ./proxmox-ve/data/etc/apt/trusted.gpg.d/proxmox-ve.gpg --import ${PVE_RELEASE_KEYS}
+ install -m 0644 proxmox-ve/proxmox-release-4.x.pubkey proxmox-ve/data/etc/apt/trusted.gpg.d/proxmox-ve-release-4.x.gpg
+ install -m 0644 proxmox-ve/proxmox-release-5.x.pubkey proxmox-ve/data/etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg
sed -e 's/@KVNAME@/${KVNAME}/' -e 's/@KERNEL_VER@/${KERNEL_VER}/' -e 's/@RELEASE@/${RELEASE}/' -e 's/@PKGREL@/${PKGREL}/' <proxmox-ve/control >proxmox-ve/data/DEBIAN/control
sed -e 's/@KVNAME@/${KVNAME}/' <proxmox-ve/postinst >proxmox-ve/data/DEBIAN/postinst
chmod 0755 proxmox-ve/data/DEBIAN/postinst
sed -e 's/@KVNAME@/${KVNAME}/' -e 's/@KERNEL_VER@/${KERNEL_VER}/' -e 's/@RELEASE@/${RELEASE}/' -e 's/@PKGREL@/${PKGREL}/' <proxmox-ve/control >proxmox-ve/data/DEBIAN/control
sed -e 's/@KVNAME@/${KVNAME}/' <proxmox-ve/postinst >proxmox-ve/data/DEBIAN/postinst
chmod 0755 proxmox-ve/data/DEBIAN/postinst
# cleanup - remove Proxmox Release Key key from /etc/apt/trusted.gpg
/usr/bin/apt-key --keyring /etc/apt/trusted.gpg del 9887F95A >/dev/null 2>&1 || /bin/true
# cleanup - remove Proxmox Release Key key from /etc/apt/trusted.gpg
/usr/bin/apt-key --keyring /etc/apt/trusted.gpg del 9887F95A >/dev/null 2>&1 || /bin/true
+ # cleanup - remove old stretch-incompatible variant of installing release key
+ rm -f /etc/apt/trusted.gpg.d/proxmox-ve.gpg /etc/apt/trusted.gpg.d/proxmox-ve.gpg~
+
# setup kernel links for installation CD (rescue boot)
mkdir -p /boot/pve
ln -sf /boot/vmlinuz-@KVNAME@ /boot/pve/vmlinuz
# setup kernel links for installation CD (rescue boot)
mkdir -p /boot/pve
ln -sf /boot/vmlinuz-@KVNAME@ /boot/pve/vmlinuz