Changeset 2188


Ignore:
Timestamp:
Mar 3, 2017, 4:07:33 AM (3 years ago)
Author:
bruno
Message:

Add support for additional signed deb repositories

File:
1 edited

Legend:

Unmodified
Added
Removed
  • devel/pb-modules/lib/ProjectBuilder/Distribution.pm

    r2187 r2188  
    677677            my $dest = "/etc/apt/sources.list.d/$bn";
    678678            return if (pb_distro_compare_repo("$ENV{'PBTMP'}/$bn",$dest) == 1);
    679             pb_system("sudo mv $ENV{'PBTMP'}/$bn /etc/apt/sources.list.d","Adding apt repository");
     679            pb_system("sudo mv $ENV{'PBTMP'}/$bn $dest","Adding apt repository $dest");
     680            # Check whether GPG keys for this repo are already known and if
     681            # not add them
     682            open(REPO,"$dest") || confess "Unable to open $dest";
     683            my $debrepo;
     684            while (<REPO>) {
     685                if (/^deb\s/) {
     686                    $debrepo = $_;
     687                    chomp($debrepo);
     688                    $debrepo =~ s|^deb ([^\s]+)\s([^\s]+)\s([^\s]+)|$1/dists/$2|;
     689                    last;
     690                }
     691            }
     692            close(REPO);
     693            return if (not defined $debrepo);
     694
     695            pb_system("wget -O $ENV{'PBTMP'}/Release $debrepo/Release","Downloading $debrepo/Release");
     696            pb_system("wget -O $ENV{'PBTMP'}/Release.gpg $debrepo/Release.gpg","Downloading $debrepo/Release.gpg");
     697            my $signature;
     698            open(SIGN,"LANGUAGE=C LANG=C gpg --verify $ENV{'PBTMP'}/Release.gpg $ENV{'PBTMP'}/Release 2>&1 |") || confess "Unable to verify GPG signature from Release.gpg\n";
     699            while(<SIGN>) {
     700                chomp();
     701                if (/^gpg: .*key ID/) {
     702                    $signature = $_;
     703                    $signature =~ s/^gpg: .*key ID ([A-Z0-9]+)/$1/;
     704                    #TODO: create a pbkeyserver conf var for that
     705                    pb_system("gpg --recv-keys --keyserver hkp://pgp.mit.edu $signature","Importing GPG signature for $signature");
     706                    $signature = undef;
     707                    last;
     708                }
     709            }
     710            close(SIGN);
     711            open(SIGN,"LANGUAGE=C LANG=C gpg --verify $ENV{'PBTMP'}/Release.gpg $ENV{'PBTMP'}/Release 2>&1 |") || confess "Unable to verify GPG signature from $debrepo/Release.gpg\n";
     712            while(<SIGN>) {
     713                chomp();
     714                if (/^gpg: Good signature/) {
     715                    $signature = $_;
     716                    $signature =~ s/^gpg: Good signature from "([^\"]+)"/$1/;
     717                }
     718            }
     719            close(SIGN);
     720
     721            return if (not defined $signature);
     722            pb_log(3, "GnuPG repo verify returned: $signature\n");
     723            unlink("$ENV{'PBTMP'}/apt.sig");
     724            pb_system("gpg -a --export -o $ENV{'PBTMP'}/apt.sig \'$signature\'","Exporting GnuPG signature of $signature");
     725            pb_system("sudo apt-key add $ENV{'PBTMP'}/apt.sig","Adding GnuPG signature of $signature to APT key ring");
    680726            pb_system("sudo apt-get update","Updating apt repository");
    681727        } else {
Note: See TracChangeset for help on using the changeset viewer.