diff options
author | Amrith Kumar <amrith@amrith.org> | 2016-10-24 09:39:23 -0400 |
---|---|---|
committer | Amrith Kumar <amrith@amrith.org> | 2016-10-24 09:39:23 -0400 |
commit | 357930d45946303f33210da0871d9685d0255e36 (patch) | |
tree | 87e25d0d88d9edd1f7d6b5e6a2981c3cb74ea338 | |
parent | 0afac6bef191fa40a750eea981daea9524102653 (diff) | |
download | trove-357930d45946303f33210da0871d9685d0255e36.tar.gz |
Update the Signing Key for Percona Debian and Ubuntu Packages
Attempting to build images fails now with an error because of a change
in the signing key for Percona packages.
Quick summary copied from [1]
Percona .deb packages are signed with a key that uses an algorithm now
considered weak. Starting with the next release, Debian and Ubuntu
packages are signed with a new key that uses the much stronger SHA-512
algorithm. All future package release will also contain the new
algorithm.
It’s important that you add the new key before the next release.
[1] https://www.percona.com/blog/2016/10/13/new-signing-key-for-percona-debian-and-ubuntu-packages/
Change-Id: I0420193982ebc5c9922eb388adb85da1423ab3f0
4 files changed, 64 insertions, 36 deletions
diff --git a/integration/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key b/integration/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key index ec1d89d5..55b5ef81 100755 --- a/integration/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key +++ b/integration/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT # PURPOSE: Setup apt-repo list so that we can connect to Percona's repo @@ -17,17 +17,24 @@ mkdir -p /home/${GUEST_USERNAME}/.gnupg # https://bugs.launchpad.net/percona-server/+bug/907789. Disable # shell errexit so we can interrogate the exit code and take action # based on the exit code. We will reenable it later. -set +e -apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A +function get_key_robust() { + KEY=$1 + set +e + + apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY} + + if [ "$?" -ne "0" ]; + then + echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" + set -e + apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY} + fi -if [ "$?" -ne "0" ]; -then - echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" set -e - apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A -fi +} -set -e +get_key_robust 1C4CBDCDCD2EFD2A +get_key_robust 9334A25F8507EFA5 # Add Percona repo # Creates the Percona sources list diff --git a/integration/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key b/integration/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key index 2a03ad50..cd289250 100755 --- a/integration/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key +++ b/integration/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT # PURPOSE: Setup apt-repo list so that we can connect to Percona's repo @@ -17,17 +17,24 @@ mkdir -p /home/${GUEST_USERNAME}/.gnupg # https://bugs.launchpad.net/percona-server/+bug/907789. Disable # shell errexit so we can interrogate the exit code and take action # based on the exit code. We will reenable it later. -set +e -apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A +function get_key_robust() { + KEY=$1 + set +e + + apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY} + + if [ "$?" -ne "0" ]; + then + echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" + set -e + apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY} + fi -if [ "$?" -ne "0" ]; -then - echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" set -e - apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A -fi +} -set -e +get_key_robust 1C4CBDCDCD2EFD2A +get_key_robust 9334A25F8507EFA5 # Add Percona repo # Creates the percona sources list diff --git a/integration/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key b/integration/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key index c2b686c4..d3236455 100755 --- a/integration/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key +++ b/integration/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT # PURPOSE: Setup apt-repo list so that we can connect to Percona's repo @@ -19,17 +19,24 @@ fi # https://bugs.launchpad.net/percona-server/+bug/907789. Disable # shell errexit so we can interrogate the exit code and take action # based on the exit code. We will reenable it later. -set +e -apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A +function get_key_robust() { + KEY=$1 + set +e + + apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY} + + if [ "$?" -ne "0" ]; + then + echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" + set -e + apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY} + fi -if [ "$?" -ne "0" ]; -then - echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" set -e - apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A -fi +} -set -e +get_key_robust 1C4CBDCDCD2EFD2A +get_key_robust 9334A25F8507EFA5 # add Percona repo # creates the percona sources list diff --git a/integration/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key b/integration/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key index c2b686c4..d3236455 100755 --- a/integration/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key +++ b/integration/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT # PURPOSE: Setup apt-repo list so that we can connect to Percona's repo @@ -19,17 +19,24 @@ fi # https://bugs.launchpad.net/percona-server/+bug/907789. Disable # shell errexit so we can interrogate the exit code and take action # based on the exit code. We will reenable it later. -set +e -apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A +function get_key_robust() { + KEY=$1 + set +e + + apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY} + + if [ "$?" -ne "0" ]; + then + echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" + set -e + apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY} + fi -if [ "$?" -ne "0" ]; -then - echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" set -e - apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A -fi +} -set -e +get_key_robust 1C4CBDCDCD2EFD2A +get_key_robust 9334A25F8507EFA5 # add Percona repo # creates the percona sources list |