rpi-img-builder
rpi-img-builder copied to clipboard
Apt-key add runs when /apt-key is empty
When running sudo make DIST=testing REPO=Debian RPI=2
with https://github.com/TheSin-/rpi-img-builder/commit/645f78d904503ef02767664beba59268dbb11cfa checked out, the following lines of the postinstall
script fail:
https://github.com/TheSin-/rpi-img-builder/blob/728790f8ec04818ffad4460163ca1c2b37bf638d/postinstall#L64-L69
Specifically line 67 apt-key --keyring /etc/apt/trusted.gpg.d/${i%.*}.gpg add ${i}
is running despite the contents of /apt-keys
being empty.
This results in the command being run as follows: apt-key --keyring /etc/apt/trusted.gpg.d/*.gpg add *.asc
.
The error message in full:
Usage: apt-key [--keyring file] [command] [arguments]
Manage apt's list of trusted keys
apt-key add <file> - add the key contained in <file> ('-' for stdin)
apt-key del <keyid> - remove the key <keyid>
apt-key export <keyid> - output the key <keyid>
apt-key exportall - output all trusted keys
apt-key update - update keys using the keyring package
apt-key net-update - update keys using the network
apt-key list - list keys
apt-key finger - list fingerprints
apt-key adv - pass advanced options to gpg (download key)
If no specific keyring file is given the command applies to all keyring files.
rootfs.mak:112: recipe for target '/home/cgmcintyre/devel/router/rpi-img-builder/rootfs' failed
make[1]: *** [/home/cgmcintyre/devel/router/rpi-img-builder/rootfs] Error 1
Makefile:21: recipe for target 'build-rootfs' failed
make: *** [build-rootfs] Error 2
thanks for reporting this, are you sure there wasn't an error before this during the download of the asc? It looks like I need to put a verification the file exists, I'll look into this as soon as I have time.
No worries, thanks for creating this tool ^^
I haven't checked - there is no asc in the directory so there probably was a problem downloading it.
A quick 2 line fix I'm using is to check if the /apt-keys is empty.
# Make sure all apt keys are installed
cd /apt-keys > /dev/null
if [ -e *.asc ]; then
for i in *.asc; do
apt-key --keyring /etc/apt/trusted.gpg.d/${i%.*}.gpg add ${i}
done
fi
cd - > /dev/null
yeah that's what I was planning, but I assume the asc was moved and it's now int eh keyring but I need to check this so that apt verifications doesn't fail later once the system is built and it's enforced. Don't like when things just change on me ;)