Mercurial > code > home > repos > infra

changeset 178:6ec7cd3615f0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
another try at apt.key, but it doesn't completely work because prime would never upgrade nodejs. I didn't try deleting the host key dirs and building from scratch yet.
author drewp@bigasterisk.com
date Sat, 25 Mar 2023 18:43:42 -0700
parents bf576a059f70
children b63ed77141fd
files apt.py
diffstat 1 files changed, 38 insertions(+), 47 deletions(-) [+]
line wrap: on
line diff
--- a/apt.py	Sat Mar 25 18:42:12 2023 -0700
+++ b/apt.py	Sat Mar 25 18:43:42 2023 -0700
@@ -5,53 +5,42 @@
 
 TZ = 'America/Los_Angeles'
 
+
 def pkg_keys():
     # apt.key(keyserver='keyserver.ubuntu.com', keyid='04EE7237B7D453EC')
     # apt.key(keyserver='keyserver.ubuntu.com', keyid='648ACFD622F3D138')
     # apt.key(keyserver='keyserver.ubuntu.com', keyid='8B48AD6246925553')
     # apt.key(keyserver='keyserver.ubuntu.com', keyid='F24AEA9FB05498B7')
-    if host.name != 'prime':
-        apt.key(keyserver='keyserver.ubuntu.com', keyid='D0392EC59F9583BA')
-    apt.key(src='https://dl.google.com/linux/linux_signing_key.pub')
-    apt.key(src='https://ftp-master.debian.org/keys/archive-key-8-security.asc')
-    apt.key(src='https://ftp-master.debian.org/keys/archive-key-8.asc')
-    apt.key(src='https://ftp-master.debian.org/keys/archive-key-9-security.asc')
-    apt.key(src='https://packages.microsoft.com/keys/microsoft.asc')
-    apt.key(src='https://deb.nodesource.com/gpgkey/nodesource.gpg.key')
-    apt.key(src='https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/Release.key')
-    # Failed to fetch https://repo.steampowered.com/steam/dists/stable/InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F24AEA9FB05498B7 
-'''
+    # if host.name != 'prime':
+    #     apt.key(keyserver='keyserver.ubuntu.com', keyid='D0392EC59F9583BA')
+    # apt.key(src='https://dl.google.com/linux/linux_signing_key.pub')
+    # apt.key(src='https://ftp-master.debian.org/keys/archive-key-8-security.asc')
+    # apt.key(src='https://ftp-master.debian.org/keys/archive-key-8.asc')
+    # apt.key(src='https://ftp-master.debian.org/keys/archive-key-9-security.asc')
+    # apt.key(src='https://packages.microsoft.com/keys/microsoft.asc')
+    # apt.key(src='https://deb.nodesource.com/gpgkey/nodesource.gpg.key')
+
+    apt.key(keyserver='keyserver.ubuntu.com', keyid='1655A0AB68576280')
+
+    files.directory(path='/etc/apt/keyrings/')  # for raspi
+    for url, name in [
+        ('https://repo.steampowered.com/steam/archive/stable/steam.gpg', 'steam.gpg'),
+        ('https://deb.nodesource.com/node_18.x/dists/kinetic/Release.gpg', 'nodesource-kinetic.gpg'),
+        ('http://packages.microsoft.com/ubuntu/22.10/prod/dists/kinetic/Release.gpg', 'ms.gpg'),
+        ('https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Unstable/Release.key',
+         'podman.gpg'),
+        ('https://dl.google.com/linux/linux_signing_key.pub', 'chrome.gpg'),
+        ('https://deb.nodesource.com/gpgkey/nodesource.gpg.key', 'nodesource.gpg'),
+    ]:
+        files.download(src=url, dest=f'/etc/apt/keyrings/{name}')
+    # server.shell(commands=[
+    #     f"curl -fsSL {url} | gpg --dearmor > /etc/apt/keyrings/{name}" for (url, name) in [
+    #         # ('https://deb.nodesource.com/node_18.x/dists/kinetic/Release.gpg', 'nodesource-kinetic.gpg'),
+    #         # ('http://packages.microsoft.com/ubuntu/22.10/prod/dists/kinetic/Release.gpg', 'ms.gpg'),
+    #     ]
+    # ])
 
 
-🚢 ditto(pts/1):/opt# apt update
-Hit:1 http://packages.microsoft.com/repos/code stable InRelease
-Hit:2 http://dl.google.com/linux/chrome/deb stable InRelease                                                                                                                            
-Get:3 https://repo.steampowered.com/steam stable InRelease [2861 B]                                                                                                                     
-Hit:4 http://us.archive.ubuntu.com/ubuntu kinetic InRelease                                                                        
-Get:5 http://us.archive.ubuntu.com/ubuntu kinetic-backports InRelease [99.9 kB] 
-Err:3 https://repo.steampowered.com/steam stable InRelease                                 
-  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F24AEA9FB05498B7
-Get:6 http://us.archive.ubuntu.com/ubuntu kinetic-security InRelease [109 kB]
-Get:8 http://us.archive.ubuntu.com/ubuntu kinetic-updates InRelease [118 kB]
-Get:9 http://us.archive.ubuntu.com/ubuntu kinetic-updates/universe amd64 Packages [205 kB]
-Get:7 https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_22.04  InRelease [1262 B]
-Get:10 http://us.archive.ubuntu.com/ubuntu kinetic-updates/universe i386 Packages [119 kB]
-Get:11 http://us.archive.ubuntu.com/ubuntu kinetic-updates/universe Translation-en [83.1 kB]
-Err:7 https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_22.04  InRelease
-  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4D64390375060AA4
-Reading package lists... Done              
-W: http://packages.microsoft.com/repos/code/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
-W: http://dl.google.com/linux/chrome/deb/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
-W: GPG error: https://repo.steampowered.com/steam stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F24AEA9FB05498B7
-E: The repository 'https://repo.steampowered.com/steam stable InRelease' is not signed.
-N: Updating from such a repository can't be done securely, and is therefore disabled by default.
-N: See apt-secure(8) manpage for repository creation and user configuration details.
-W: GPG error: https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_22.04  InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4D64390375060AA4
-E: The repository 'https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_22.04  InRelease' is not signed.
-N: Updating from such a repository can't be done securely, and is therefore disabled by default.
-N: See apt-secure(8) manpage for repository creation and user configuration details.
-
-'''
 def apt_sources():
     if host.get_fact(Arch) == 'x86_64':
         server.shell(commands=['dpkg --add-architecture i386'])
@@ -61,12 +50,14 @@
         raise SystemExit(f"new files in {host.name} /etc/apt/sources.list.d/ - please remove")
     apt.packages(update=True,
                 cache_time=86400,
-                packages=['tzdata'],
-                force=True,
-                _env={
-                    'TZ': TZ,
-                    'LANG': 'en_US.UTF-8',
-                    'DEBIAN_FRONTEND': 'noninteractive'
-                })
+                 packages=['tzdata'],
+                 force=True,
+                 _env={
+                     'TZ': TZ,
+                     'LANG': 'en_US.UTF-8',
+                     'DEBIAN_FRONTEND': 'noninteractive'
+                 })
+
+
 pkg_keys()
 apt_sources()
\ No newline at end of file