From 5e7442b37e1ab3c6dd463f2f73b068222f9ca9fa Mon Sep 17 00:00:00 2001 From: Bryce Larson Date: Wed, 10 Feb 2021 14:26:58 +0000 Subject: [PATCH] apt-key is deprecated on debian10+ and ubuntu20+ --- bootstrap-salt.sh | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index 3e5e2d3..cfba9e4 100644 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -1362,7 +1362,7 @@ __check_dpkg_architecture() { fi __REPO_ARCH="$DPKG_ARCHITECTURE" - __REPO_ARCH_DEB='deb' + __REPO_ARCH_DEB='deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg]' __return_code=0 case $DPKG_ARCHITECTURE in @@ -1381,7 +1381,7 @@ __check_dpkg_architecture() { # Saltstack official repository does not yet have arm64 metadata, # use amd64 repositories on arm64, since all pkgs are arch-independent __REPO_ARCH="amd64" - __REPO_ARCH_DEB="deb [arch=$__REPO_ARCH]" + __REPO_ARCH_DEB="deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=$__REPO_ARCH]" warn_msg="Support for arm64 packages is experimental and might rely on architecture-independent packages from the amd64 repository." fi error_msg="" @@ -1989,7 +1989,7 @@ __apt_key_fetch() { tempfile="$(__temp_gpg_pub)" __fetch_url "$tempfile" "$url" || return 1 - apt-key add "$tempfile" || return 1 + cp -f "$tempfile" /usr/share/keyrings/salt-archive-keyring.gpg && chmod 644 /usr/share/keyrings/salt-archive-keyring.gpg || return 1 rm -f "$tempfile" return 0 @@ -2941,7 +2941,7 @@ __install_saltstack_ubuntu_repository() { SALTSTACK_UBUNTU_URL="${HTTP_VAL}://${_REPO_URL}/${__PY_VERSION_REPO}/ubuntu/${UBUNTU_VERSION}/${__REPO_ARCH}/${STABLE_REV}" echo "$__REPO_ARCH_DEB $SALTSTACK_UBUNTU_URL $UBUNTU_CODENAME main" > /etc/apt/sources.list.d/saltstack.list - __apt_key_fetch "$SALTSTACK_UBUNTU_URL/SALTSTACK-GPG-KEY.pub" || return 1 + __apt_key_fetch "$SALTSTACK_UBUNTU_URL/salt-archive-keyring.gpg" || return 1 __wait_for_apt apt-get update || return 1 } @@ -3030,8 +3030,12 @@ install_ubuntu_stable_deps() { if [ "${_UPGRADE_SYS}" -eq $BS_TRUE ]; then if [ "${_INSECURE_DL}" -eq $BS_TRUE ]; then - __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && - apt-key update && apt-get update || return 1 + if [ "$DISTRO_MAJOR_VERSION" -ge 20 ]; then + __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && apt-get update || return 1 + else + __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && + apt-key update && apt-get update || return 1 + fi fi __apt_get_upgrade_noinput || return 1 @@ -3380,7 +3384,7 @@ __install_saltstack_debian_repository() { SALTSTACK_DEBIAN_URL="${HTTP_VAL}://${_REPO_URL}/${__PY_VERSION_REPO}/debian/${DEBIAN_RELEASE}/${__REPO_ARCH}/${STABLE_REV}" echo "$__REPO_ARCH_DEB $SALTSTACK_DEBIAN_URL $DEBIAN_CODENAME main" > "/etc/apt/sources.list.d/saltstack.list" - __apt_key_fetch "$SALTSTACK_DEBIAN_URL/SALTSTACK-GPG-KEY.pub" || return 1 + __apt_key_fetch "$SALTSTACK_DEBIAN_URL/salt-archive-keyring.gpg" || return 1 __wait_for_apt apt-get update || return 1 } @@ -3398,8 +3402,12 @@ install_debian_deps() { if [ "${_UPGRADE_SYS}" -eq $BS_TRUE ]; then # Try to update GPG keys first if allowed if [ "${_INSECURE_DL}" -eq $BS_TRUE ]; then - __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && - apt-key update && apt-get update || return 1 + if [ "$DISTRO_MAJOR_VERSION" -ge 10 ]; then + __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && apt-get update || return 1 + else + __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && + apt-key update && apt-get update || return 1 + fi fi __apt_get_upgrade_noinput || return 1