Update the Signing Key for Percona Debian and Ubuntu Packages

Attempting to build images fails now with an error because of a change
in the signing key for Percona packages.

Quick summary copied from [1]

Percona .deb packages are signed with a key that uses an algorithm now
considered weak. Starting with the next release, Debian and Ubuntu
packages are signed with a new key that uses the much stronger SHA-512
algorithm. All future package release will also contain the new
algorithm.

It’s important that you add the new key before the next release.

See also [2] in trove.

[1] https://www.percona.com/blog/2016/10/13/new-signing-key-for-percona-debian-and-ubuntu-packages/
[2] https://review.openstack.org/#/c/390342/

Change-Id: I4ca5fccf51e51059d4035f7206609c8afa997c94
This commit is contained in:
Amrith Kumar 2016-10-24 09:46:41 -04:00
parent a7ad2f1748
commit e42be7b1de
4 changed files with 64 additions and 36 deletions

View File

@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
# CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT
# PURPOSE: Setup apt-repo list so that we can connect to Percona's repo
@ -17,17 +17,24 @@ mkdir -p /home/${GUEST_USERNAME}/.gnupg
# https://bugs.launchpad.net/percona-server/+bug/907789. Disable
# shell errexit so we can interrogate the exit code and take action
# based on the exit code. We will reenable it later.
set +e
apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A
function get_key_robust() {
KEY=$1
set +e
apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY}
if [ "$?" -ne "0" ];
then
echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
set -e
apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY}
fi
if [ "$?" -ne "0" ];
then
echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
set -e
apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A
fi
}
set -e
get_key_robust 1C4CBDCDCD2EFD2A
get_key_robust 9334A25F8507EFA5
# Add Percona repo
# Creates the Percona sources list

View File

@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
# CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT
# PURPOSE: Setup apt-repo list so that we can connect to Percona's repo
@ -17,17 +17,24 @@ mkdir -p /home/${GUEST_USERNAME}/.gnupg
# https://bugs.launchpad.net/percona-server/+bug/907789. Disable
# shell errexit so we can interrogate the exit code and take action
# based on the exit code. We will reenable it later.
set +e
apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A
function get_key_robust() {
KEY=$1
set +e
apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY}
if [ "$?" -ne "0" ];
then
echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
set -e
apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY}
fi
if [ "$?" -ne "0" ];
then
echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
set -e
apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A
fi
}
set -e
get_key_robust 1C4CBDCDCD2EFD2A
get_key_robust 9334A25F8507EFA5
# Add Percona repo
# Creates the percona sources list

View File

@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
# CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT
# PURPOSE: Setup apt-repo list so that we can connect to Percona's repo
@ -19,17 +19,24 @@ fi
# https://bugs.launchpad.net/percona-server/+bug/907789. Disable
# shell errexit so we can interrogate the exit code and take action
# based on the exit code. We will reenable it later.
set +e
apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A
function get_key_robust() {
KEY=$1
set +e
apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY}
if [ "$?" -ne "0" ];
then
echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
set -e
apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY}
fi
if [ "$?" -ne "0" ];
then
echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
set -e
apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A
fi
}
set -e
get_key_robust 1C4CBDCDCD2EFD2A
get_key_robust 9334A25F8507EFA5
# add Percona repo
# creates the percona sources list

View File

@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
# CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT
# PURPOSE: Setup apt-repo list so that we can connect to Percona's repo
@ -19,17 +19,24 @@ fi
# https://bugs.launchpad.net/percona-server/+bug/907789. Disable
# shell errexit so we can interrogate the exit code and take action
# based on the exit code. We will reenable it later.
set +e
apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A
function get_key_robust() {
KEY=$1
set +e
apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY}
if [ "$?" -ne "0" ];
then
echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
set -e
apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY}
fi
if [ "$?" -ne "0" ];
then
echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
set -e
apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A
fi
}
set -e
get_key_robust 1C4CBDCDCD2EFD2A
get_key_robust 9334A25F8507EFA5
# add Percona repo
# creates the percona sources list