From 357930d45946303f33210da0871d9685d0255e36 Mon Sep 17 00:00:00 2001 From: Amrith Kumar Date: Mon, 24 Oct 2016 09:39:23 -0400 Subject: [PATCH] Update the Signing Key for Percona Debian and Ubuntu Packages MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Attempting to build images fails now with an error because of a change in the signing key for Percona packages. Quick summary copied from [1] Percona .deb packages are signed with a key that uses an algorithm now considered weak. Starting with the next release, Debian and Ubuntu packages are signed with a new key that uses the much stronger SHA-512 algorithm. All future package release will also contain the new algorithm. It’s important that you add the new key before the next release. [1] https://www.percona.com/blog/2016/10/13/new-signing-key-for-percona-debian-and-ubuntu-packages/ Change-Id: I0420193982ebc5c9922eb388adb85da1423ab3f0 --- .../pre-install.d/10-percona-apt-key | 25 ++++++++++++------- .../pre-install.d/10-percona-apt-key | 25 ++++++++++++------- .../pre-install.d/10-percona-apt-key | 25 ++++++++++++------- .../pre-install.d/10-percona-apt-key | 25 ++++++++++++------- 4 files changed, 64 insertions(+), 36 deletions(-) diff --git a/integration/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key b/integration/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key index ec1d89d561..55b5ef81d6 100755 --- a/integration/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key +++ b/integration/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT # PURPOSE: Setup apt-repo list so that we can connect to Percona's repo @@ -17,17 +17,24 @@ mkdir -p /home/${GUEST_USERNAME}/.gnupg # https://bugs.launchpad.net/percona-server/+bug/907789. Disable # shell errexit so we can interrogate the exit code and take action # based on the exit code. We will reenable it later. -set +e -apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A +function get_key_robust() { + KEY=$1 + set +e + + apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY} + + if [ "$?" -ne "0" ]; + then + echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" + set -e + apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY} + fi -if [ "$?" -ne "0" ]; -then - echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" set -e - apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A -fi +} -set -e +get_key_robust 1C4CBDCDCD2EFD2A +get_key_robust 9334A25F8507EFA5 # Add Percona repo # Creates the Percona sources list diff --git a/integration/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key b/integration/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key index 2a03ad5054..cd28925079 100755 --- a/integration/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key +++ b/integration/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT # PURPOSE: Setup apt-repo list so that we can connect to Percona's repo @@ -17,17 +17,24 @@ mkdir -p /home/${GUEST_USERNAME}/.gnupg # https://bugs.launchpad.net/percona-server/+bug/907789. Disable # shell errexit so we can interrogate the exit code and take action # based on the exit code. We will reenable it later. -set +e -apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A +function get_key_robust() { + KEY=$1 + set +e + + apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY} + + if [ "$?" -ne "0" ]; + then + echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" + set -e + apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY} + fi -if [ "$?" -ne "0" ]; -then - echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" set -e - apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A -fi +} -set -e +get_key_robust 1C4CBDCDCD2EFD2A +get_key_robust 9334A25F8507EFA5 # Add Percona repo # Creates the percona sources list diff --git a/integration/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key b/integration/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key index c2b686c4c0..d323645510 100755 --- a/integration/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key +++ b/integration/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT # PURPOSE: Setup apt-repo list so that we can connect to Percona's repo @@ -19,17 +19,24 @@ fi # https://bugs.launchpad.net/percona-server/+bug/907789. Disable # shell errexit so we can interrogate the exit code and take action # based on the exit code. We will reenable it later. -set +e -apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A +function get_key_robust() { + KEY=$1 + set +e + + apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY} + + if [ "$?" -ne "0" ]; + then + echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" + set -e + apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY} + fi -if [ "$?" -ne "0" ]; -then - echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" set -e - apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A -fi +} -set -e +get_key_robust 1C4CBDCDCD2EFD2A +get_key_robust 9334A25F8507EFA5 # add Percona repo # creates the percona sources list diff --git a/integration/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key b/integration/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key index c2b686c4c0..d323645510 100755 --- a/integration/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key +++ b/integration/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT # PURPOSE: Setup apt-repo list so that we can connect to Percona's repo @@ -19,17 +19,24 @@ fi # https://bugs.launchpad.net/percona-server/+bug/907789. Disable # shell errexit so we can interrogate the exit code and take action # based on the exit code. We will reenable it later. -set +e -apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A +function get_key_robust() { + KEY=$1 + set +e + + apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY} + + if [ "$?" -ne "0" ]; + then + echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" + set -e + apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY} + fi -if [ "$?" -ne "0" ]; -then - echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" set -e - apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A -fi +} -set -e +get_key_robust 1C4CBDCDCD2EFD2A +get_key_robust 9334A25F8507EFA5 # add Percona repo # creates the percona sources list