comp:getrepokeys
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
comp:getrepokeys [2008-07-16 0736] – angelegt werner | comp:getrepokeys [2008-08-09 1723] (aktuell) – Grund für Failure werner | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
+ | ====== Importieren von GPG-Schlüsseln ====== | ||
+ | ===== Der Grund ===== | ||
+ | |||
+ | Am 2008-01-23 hat sich das openSUSE-Projekt entschieden, | ||
+ | |||
+ | Der openSUSE-Builder Bernhard Walle hat auf seiner Website unter | ||
+ | http:// | ||
+ | |||
+ | Das Script wurde erweitert, so dass es jetzt auch die Sources liest, die apt und zypper benutzen. Und es importierte die Keys nicht nur in die RPM-Datenbank, | ||
+ | |||
+ | ===== Das Script ===== | ||
+ | |||
+ | <code bash> | ||
+ | #!/bin/bash | ||
+ | |||
+ | # new 2008-04-23: added switch between zypper and smart repositories | ||
+ | # new 2008-07-xx: added switch to apt sources (in a certain format) | ||
+ | PARA=$(echo " | ||
+ | case " | ||
+ | z|zy|zyp|zypp|zyppe|zypper) | ||
+ | URLSOURCE=" | ||
+ | ;; | ||
+ | a|ap|apt) | ||
+ | URLSOURCE=" | ||
+ | ;; | ||
+ | *) | ||
+ | URLSOURCE=" | ||
+ | ;; | ||
+ | esac | ||
+ | |||
+ | TEMPREPO="/ | ||
+ | TEMPKEY="/ | ||
+ | OTHERKEyRING="/ | ||
+ | |||
+ | # the base URL we search on | ||
+ | # new: use more than one base URL for your repositories: | ||
+ | URLLIST=" | ||
+ | URLLIST=" | ||
+ | URLLIST=" | ||
+ | |||
+ | for SOS_URL in $URLLIST; do | ||
+ | echo " | ||
+ | SOS_LEN=$(expr length " | ||
+ | # only URLs containing $SOS_URL please: | ||
+ | if [ " | ||
+ | URLTAB=$(smart channel --show | \ | ||
+ | grep ^baseurl | ||
+ | cut -d' ' -f3 | \ | ||
+ | grep " | ||
+ | sort) | ||
+ | elif [ " | ||
+ | for DAT in / | ||
+ | URLTAB=$(grep ^[^#] " | ||
+ | cut -d' ' -f 2-3 | \ | ||
+ | tr -d ' ' | ||
+ | grep " | ||
+ | sort) | ||
+ | done | ||
+ | # this is valid if you have entries that are separated by a single blank and either the | ||
+ | # second column ends with a slash or the third begins with it | ||
+ | # when your lines are tab separated, use "cut -f 2-3" in the second step | ||
+ | # when there is a blank, but no slash between cols 2+3, use tr ' ' '/' | ||
+ | else | ||
+ | | ||
+ | fi | ||
+ | |||
+ | for URL in $URLTAB; do | ||
+ | # make sure we have a trailing slash | ||
+ | echo " | ||
+ | |||
+ | # inside the directory should be a .repo file | ||
+ | # so we try to find its name | ||
+ | # substring handling is somewhat #+@%$&# in bash... | ||
+ | URLAST=${URL#" | ||
+ | URLAST=$(echo " | ||
+ | |||
+ | # ...finally... | ||
+ | rm -f " | ||
+ | wget -q " | ||
+ | # REPO file exists and is not zero sized? | ||
+ | if [ ! -f " | ||
+ | echo "Error getting REPO file for $URLAST from $URL" | ||
+ | continue | ||
+ | fi | ||
+ | |||
+ | # now we read the URL of the keyfile from the repo file | ||
+ | KEYURL=$(grep ^gpgkey " | ||
+ | if [ -z " | ||
+ | echo "No key for $URLAST detected" | ||
+ | continue | ||
+ | fi | ||
+ | |||
+ | # download it... | ||
+ | rm -f " | ||
+ | wget -q " | ||
+ | if [ ! -f " | ||
+ | echo "Error getting keyfile $KEYURL for $URLAST" | ||
+ | continue | ||
+ | fi | ||
+ | |||
+ | # identify it, maybe it is already there | ||
+ | KEYID=$(gpg " | ||
+ | INSTALLEDKEYS=$(LANG=C rpm -q " | ||
+ | RPMINSTALL=0 | ||
+ | echo $INSTALLEDKEYS | grep 'is not installed' | ||
+ | # look at PGP/GPG keys here | ||
+ | GPGINST1=0 | ||
+ | gpg --list-keys " | ||
+ | GPGINST2=0 | ||
+ | if [ -f " | ||
+ | gpg --list-keys --no-default-keyring --keyring " | ||
+ | " | ||
+ | else | ||
+ | GPGINST=5 | ||
+ | fi | ||
+ | |||
+ | # so, at the very end, import it - or not :-) | ||
+ | echo -n " | ||
+ | if [ $RPMINSTALL -eq 1 ]; then | ||
+ | echo -n "RPM database: new" | ||
+ | rpm --import " | ||
+ | else | ||
+ | echo -n "RPM database: OK" | ||
+ | fi | ||
+ | if [ $GPGINST1 -eq 1 ]; then | ||
+ | echo -n ", default GPG keyring: new" | ||
+ | gpg --import " | ||
+ | else | ||
+ | echo -n ", default GPG keyring: OK" | ||
+ | fi | ||
+ | if [ $GPGINST2 -eq 1 ]; then | ||
+ | echo ", RPM keyring: new." | ||
+ | gpg --no-options --no-default-keyring --keyring " | ||
+ | --import " | ||
+ | elif [ $GPGINST2 -ne 5 ]; then | ||
+ | echo ", RPM keyring: OK." | ||
+ | else | ||
+ | echo " | ||
+ | fi | ||
+ | done | ||
+ | done | ||
+ | </ | ||
+ | |||
+ | ===== Hinweise ===== | ||
+ | |||
+ | Der Code hat den Vorteil, dass ein nicht vorhandener Key durch den temporären Key abgefangen wird und nicht wie bei bwalles Script zum Abbruch führt... | ||
+ | |||
+ | Dieses Script bearbeitet alle Repositories, | ||
+ | |||
+ | **Achtung**: | ||
+ | |||
+ | **2008-04-19**: | ||
+ | |||
+ | **2008-04-23**: | ||
+ | |||
+ | **2008-06-22** Unter der kurzen, leicht zu merkenden URL | ||
+ | http:// | ||
+ | |||
+ | **2008-06-27** So, nach etlicher Beobachtung ;-) habe ich das Verarbeiten der Keys umgestellt, siehe den jetzigen Code :-) Damit werden die Keys in beide Keyrings gefüttert, sogar nachträglich. Und in einem der beiden nützen sie sogar :-) |