Update the Signing Key for Percona Debian and Ubuntu Packages

Attempting to build images fails now with an error because of a change in the signing key for Percona packages. Quick summary copied from [1] Percona .deb packages are signed with a key that uses an algorithm now considered weak. Starting with the next release, Debian and Ubuntu packages are signed with a new key that uses the much stronger SHA-512 algorithm. All future package release will also contain the new algorithm. It’s important that you add the new key before the next release. [1] https://www.percona.com/blog/2016/10/13/new-signing-key-for-percona-debian-and-ubuntu-packages/ Change-Id: I0420193982ebc5c9922eb388adb85da1423ab3f0
author: Amrith Kumar <amrith@amrith.org> 2016-10-24 09:39:23 -0400
committer: Amrith Kumar <amrith@amrith.org> 2016-10-24 09:39:23 -0400
commit: 357930d45946303f33210da0871d9685d0255e36 (patch)
tree: 87e25d0d88d9edd1f7d6b5e6a2981c3cb74ea338
parent: 0afac6bef191fa40a750eea981daea9524102653 (diff)
download: trove-357930d45946303f33210da0871d9685d0255e36.tar.gz
4 files changed, 64 insertions, 36 deletions
diff --git a/integration/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key b/integration/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key
index ec1d89d5..55b5ef81 100755
--- a/integration/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key
+++ b/integration/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 # CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT
 # PURPOSE: Setup apt-repo list so that we can connect to Percona's repo
@@ -17,17 +17,24 @@ mkdir -p /home/${GUEST_USERNAME}/.gnupg
 # https://bugs.launchpad.net/percona-server/+bug/907789.  Disable
 # shell errexit so we can interrogate the exit code and take action
 # based on the exit code. We will reenable it later.
-set +e
-apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A
+function get_key_robust() {
+    KEY=$1
+    set +e
+
+    apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY}
+
+    if [ "$?" -ne "0" ];
+    then
+        echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
+        set -e
+        apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY}
+    fi
 
-if [ "$?" -ne "0" ];
-then
-    echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
     set -e
-    apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A
-fi
+}
 
-set -e
+get_key_robust 1C4CBDCDCD2EFD2A
+get_key_robust 9334A25F8507EFA5
 
 # Add Percona repo
 # Creates the Percona sources list
diff --git a/integration/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key b/integration/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key
index 2a03ad50..cd289250 100755
--- a/integration/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key
+++ b/integration/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 # CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT
 # PURPOSE: Setup apt-repo list so that we can connect to Percona's repo
@@ -17,17 +17,24 @@ mkdir -p /home/${GUEST_USERNAME}/.gnupg
 # https://bugs.launchpad.net/percona-server/+bug/907789.  Disable
 # shell errexit so we can interrogate the exit code and take action
 # based on the exit code. We will reenable it later.
-set +e
-apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A
+function get_key_robust() {
+    KEY=$1
+    set +e
+
+    apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY}
+
+    if [ "$?" -ne "0" ];
+    then
+        echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
+        set -e
+        apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY}
+    fi
 
-if [ "$?" -ne "0" ];
-then
-    echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
     set -e
-    apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A
-fi
+}
 
-set -e
+get_key_robust 1C4CBDCDCD2EFD2A
+get_key_robust 9334A25F8507EFA5
 
 # Add Percona repo
 # Creates the percona sources list
diff --git a/integration/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key b/integration/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key
index c2b686c4..d3236455 100755
--- a/integration/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key
+++ b/integration/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 # CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT
 # PURPOSE: Setup apt-repo list so that we can connect to Percona's repo
@@ -19,17 +19,24 @@ fi
 # https://bugs.launchpad.net/percona-server/+bug/907789.  Disable
 # shell errexit so we can interrogate the exit code and take action
 # based on the exit code. We will reenable it later.
-set +e
-apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A
+function get_key_robust() {
+    KEY=$1
+    set +e
+
+    apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY}
+
+    if [ "$?" -ne "0" ];
+    then
+        echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
+        set -e
+        apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY}
+    fi
 
-if [ "$?" -ne "0" ];
-then
-    echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
     set -e
-    apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A
-fi
+}
 
-set -e
+get_key_robust 1C4CBDCDCD2EFD2A
+get_key_robust 9334A25F8507EFA5
 
 # add Percona repo
 # creates the percona sources list
diff --git a/integration/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key b/integration/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key
index c2b686c4..d3236455 100755
--- a/integration/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key
+++ b/integration/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 # CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT
 # PURPOSE: Setup apt-repo list so that we can connect to Percona's repo
@@ -19,17 +19,24 @@ fi
 # https://bugs.launchpad.net/percona-server/+bug/907789.  Disable
 # shell errexit so we can interrogate the exit code and take action
 # based on the exit code. We will reenable it later.
-set +e
-apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A
+function get_key_robust() {
+    KEY=$1
+    set +e
+
+    apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY}
+
+    if [ "$?" -ne "0" ];
+    then
+        echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
+        set -e
+        apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY}
+    fi
 
-if [ "$?" -ne "0" ];
-then
-    echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
     set -e
-    apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A
-fi
+}
 
-set -e
+get_key_robust 1C4CBDCDCD2EFD2A
+get_key_robust 9334A25F8507EFA5
 
 # add Percona repo
 # creates the percona sources list
author	Amrith Kumar <amrith@amrith.org>	2016-10-24 09:39:23 -0400
committer	Amrith Kumar <amrith@amrith.org>	2016-10-24 09:39:23 -0400
commit	357930d45946303f33210da0871d9685d0255e36 (patch)
tree	87e25d0d88d9edd1f7d6b5e6a2981c3cb74ea338
parent	0afac6bef191fa40a750eea981daea9524102653 (diff)
download	trove-357930d45946303f33210da0871d9685d0255e36.tar.gz