heroku-buildpack-apt icon indicating copy to clipboard operation
heroku-buildpack-apt copied to clipboard

Published 20 hours ago verified publisher icon heroku

Add support for specifying a custom key to be added to the trusted keys

Open amiel opened this issue 7 years ago • 11 comments

This should resolve #33

Add a key with the following format:

:key:name:url

For example:

:key:nginx:https://nginx.org/keys/nginx_signing.key
:key:confluent:http://packages.confluent.io/deb/4.1/archive.key

I tested this with the following Aptfile (this is @catkhuu's example and the package I got stuck on without having a key):

:key:nginx:https://nginx.org/keys/nginx_signing.key
:repo:deb http://nginx.org/packages/ubuntu/ xenial nginx
nginx-nr-agent
:key:confluent:http://packages.confluent.io/deb/4.1/archive.key
:repo:deb [arch=amd64] http://packages.confluent.io/deb/4.0 stable main
confluent-kafka-2.11
confluent-schema-registry

amiel avatar Oct 25 '18 23:10 amiel

I'm not sure if the tests will pass without resolving https://github.com/heroku/heroku-buildpack-apt/issues/16.

amiel avatar Oct 26 '18 00:10 amiel

Thanks for fixing this. Do we plan to merge it soon into master? I am using amiels repo for now

kiranpraneeth avatar Jan 10 '19 02:01 kiranpraneeth

any news on a merge into master?

ckhall avatar Aug 07 '19 23:08 ckhall

This has been open for over a year, are there plans to merge it? I'm using amiel's repo for now as well.

dursk avatar Dec 04 '19 18:12 dursk

This has been open for over two years now; I'm using amiel's repo as well eg.

https://github.com/heroku/heroku-buildpack-apt/issues/33#issuecomment-433245494

benpbolton avatar Jan 14 '21 18:01 benpbolton

I resolved the conflicts in my fork: https://github.com/4ormat/heroku-buildpack-apt/tree/keys

buildpack: https://github.com/4ormat/heroku-buildpack-apt#keys

granth avatar Jan 15 '21 16:01 granth

I'd also like to see this. I've re-resolved the conflicts with the latest master in this fork: https://github.com/elkrange/heroku-buildpack-apt/commit/6cb682208dd8bb41b790cea9f761d22f0d4dc561 (the only conflict was around the context with the if for adding repos).

adamchainz avatar Jan 19 '21 17:01 adamchainz

@edmorley do you think there's a chance this would be accepted if conflicts were resolved?

dentarg avatar Apr 25 '21 14:04 dentarg

@dentarg Hi! I'm not against the idea of adding support for this (it seems useful), however:

  • this buildpack's testing story is pretty lacking, which makes any change high risk
  • this buildpack isn't really owned by any team (it's an "unofficial" buildpack sadly, even though IMO it's an important buildpack)
  • focus at the moment is on Cloud Native Buildpacks (https://buildpacks.io) which would eventually make this buildpack redundant

edmorley avatar Apr 29 '21 08:04 edmorley

Ok, I've pushed an updated branch, so this should be mergeable. Thanks to @granth for dealing with the conflicts, although I have not tested the conflict-resolved version. Is someone actively using this that could test it?

amiel avatar May 01 '21 00:05 amiel

@schneems @edmorley any chance we can find a way to get this (or something like it) live? maybe an opt-in experimental feature?

e.g. I wanted to install tailscale and wanted to configure

:repo:deb [signed-by=/usr/share/keyrings/tailscale-archive-keyring.gpg] https://pkgs.tailscale.com/stable/ubuntu jammy main # HEROKU_STACK
tailscale

bf4 avatar Mar 03 '25 18:03 bf4