rpi-img-builder icon indicating copy to clipboard operation
rpi-img-builder copied to clipboard

Published 20 hours ago verified publisher icon TheSin-

Apt-key add runs when /apt-key is empty

Open cgmcintyr opened this issue 6 years ago • 3 comments

When running sudo make DIST=testing REPO=Debian RPI=2 with https://github.com/TheSin-/rpi-img-builder/commit/645f78d904503ef02767664beba59268dbb11cfa checked out, the following lines of the postinstall script fail:

https://github.com/TheSin-/rpi-img-builder/blob/728790f8ec04818ffad4460163ca1c2b37bf638d/postinstall#L64-L69

Specifically line 67 apt-key --keyring /etc/apt/trusted.gpg.d/${i%.*}.gpg add ${i} is running despite the contents of /apt-keys being empty.

This results in the command being run as follows: apt-key --keyring /etc/apt/trusted.gpg.d/*.gpg add *.asc.

The error message in full:

Usage: apt-key [--keyring file] [command] [arguments]

Manage apt's list of trusted keys

  apt-key add <file>          - add the key contained in <file> ('-' for stdin)
  apt-key del <keyid>         - remove the key <keyid>
  apt-key export <keyid>      - output the key <keyid>
  apt-key exportall           - output all trusted keys
  apt-key update              - update keys using the keyring package
  apt-key net-update          - update keys using the network
  apt-key list                - list keys
  apt-key finger              - list fingerprints
  apt-key adv                 - pass advanced options to gpg (download key)

If no specific keyring file is given the command applies to all keyring files.
rootfs.mak:112: recipe for target '/home/cgmcintyre/devel/router/rpi-img-builder/rootfs' failed
make[1]: *** [/home/cgmcintyre/devel/router/rpi-img-builder/rootfs] Error 1
Makefile:21: recipe for target 'build-rootfs' failed
make: *** [build-rootfs] Error 2

cgmcintyr avatar Feb 23 '18 13:02 cgmcintyr

thanks for reporting this, are you sure there wasn't an error before this during the download of the asc? It looks like I need to put a verification the file exists, I'll look into this as soon as I have time.

TheSin- avatar Feb 23 '18 14:02 TheSin-

No worries, thanks for creating this tool ^^

I haven't checked - there is no asc in the directory so there probably was a problem downloading it.

A quick 2 line fix I'm using is to check if the /apt-keys is empty.

# Make sure all apt keys are installed
cd /apt-keys > /dev/null
if [ -e *.asc ]; then
  for i in *.asc; do
    apt-key --keyring /etc/apt/trusted.gpg.d/${i%.*}.gpg add ${i}
  done
fi
cd - > /dev/null

cgmcintyr avatar Feb 23 '18 15:02 cgmcintyr

yeah that's what I was planning, but I assume the asc was moved and it's now int eh keyring but I need to check this so that apt verifications doesn't fail later once the system is built and it's enforced. Don't like when things just change on me ;)

TheSin- avatar Feb 23 '18 15:02 TheSin-