diff options
author | Amrith Kumar <amrith@amrith.org> | 2016-10-24 09:46:41 -0400 |
---|---|---|
committer | Amrith Kumar <amrith@amrith.org> | 2016-10-24 10:18:47 -0400 |
commit | e42be7b1de5d439a67ad92c86477ed85502ddb46 (patch) | |
tree | a5c27fe967fdc99c182afd07c2dd5a08097fa6cc | |
parent | a7ad2f174804bf06195205bfa4652346eaa936b2 (diff) | |
download | trove-integration-e42be7b1de5d439a67ad92c86477ed85502ddb46.tar.gz |
Update the Signing Key for Percona Debian and Ubuntu Packages
Attempting to build images fails now with an error because of a change
in the signing key for Percona packages.
Quick summary copied from [1]
Percona .deb packages are signed with a key that uses an algorithm now
considered weak. Starting with the next release, Debian and Ubuntu
packages are signed with a new key that uses the much stronger SHA-512
algorithm. All future package release will also contain the new
algorithm.
It’s important that you add the new key before the next release.
See also [2] in trove.
[1] https://www.percona.com/blog/2016/10/13/new-signing-key-for-percona-debian-and-ubuntu-packages/
[2] https://review.openstack.org/#/c/390342/
Change-Id: I4ca5fccf51e51059d4035f7206609c8afa997c94
4 files changed, 64 insertions, 36 deletions
diff --git a/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key b/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key index ec1d89d..55b5ef8 100755 --- a/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key +++ b/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT # PURPOSE: Setup apt-repo list so that we can connect to Percona's repo @@ -17,17 +17,24 @@ mkdir -p /home/${GUEST_USERNAME}/.gnupg # https://bugs.launchpad.net/percona-server/+bug/907789. Disable # shell errexit so we can interrogate the exit code and take action # based on the exit code. We will reenable it later. -set +e -apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A +function get_key_robust() { + KEY=$1 + set +e + + apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY} + + if [ "$?" -ne "0" ]; + then + echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" + set -e + apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY} + fi -if [ "$?" -ne "0" ]; -then - echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" set -e - apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A -fi +} -set -e +get_key_robust 1C4CBDCDCD2EFD2A +get_key_robust 9334A25F8507EFA5 # Add Percona repo # Creates the Percona sources list diff --git a/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key b/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key index 2a03ad5..cd28925 100755 --- a/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key +++ b/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT # PURPOSE: Setup apt-repo list so that we can connect to Percona's repo @@ -17,17 +17,24 @@ mkdir -p /home/${GUEST_USERNAME}/.gnupg # https://bugs.launchpad.net/percona-server/+bug/907789. Disable # shell errexit so we can interrogate the exit code and take action # based on the exit code. We will reenable it later. -set +e -apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A +function get_key_robust() { + KEY=$1 + set +e + + apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY} + + if [ "$?" -ne "0" ]; + then + echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" + set -e + apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY} + fi -if [ "$?" -ne "0" ]; -then - echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" set -e - apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A -fi +} -set -e +get_key_robust 1C4CBDCDCD2EFD2A +get_key_robust 9334A25F8507EFA5 # Add Percona repo # Creates the percona sources list diff --git a/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key b/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key index c2b686c..d323645 100755 --- a/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key +++ b/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT # PURPOSE: Setup apt-repo list so that we can connect to Percona's repo @@ -19,17 +19,24 @@ fi # https://bugs.launchpad.net/percona-server/+bug/907789. Disable # shell errexit so we can interrogate the exit code and take action # based on the exit code. We will reenable it later. -set +e -apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A +function get_key_robust() { + KEY=$1 + set +e + + apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY} + + if [ "$?" -ne "0" ]; + then + echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" + set -e + apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY} + fi -if [ "$?" -ne "0" ]; -then - echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" set -e - apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A -fi +} -set -e +get_key_robust 1C4CBDCDCD2EFD2A +get_key_robust 9334A25F8507EFA5 # add Percona repo # creates the percona sources list diff --git a/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key b/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key index c2b686c..d323645 100755 --- a/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key +++ b/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT # PURPOSE: Setup apt-repo list so that we can connect to Percona's repo @@ -19,17 +19,24 @@ fi # https://bugs.launchpad.net/percona-server/+bug/907789. Disable # shell errexit so we can interrogate the exit code and take action # based on the exit code. We will reenable it later. -set +e -apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A +function get_key_robust() { + KEY=$1 + set +e + + apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY} + + if [ "$?" -ne "0" ]; + then + echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" + set -e + apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY} + fi -if [ "$?" -ne "0" ]; -then - echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" set -e - apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A -fi +} -set -e +get_key_robust 1C4CBDCDCD2EFD2A +get_key_robust 9334A25F8507EFA5 # add Percona repo # creates the percona sources list |