Update the Signing Key for Percona Debian and Ubuntu Packages

Attempting to build images fails now with an error because of a change in the signing key for Percona packages. Quick summary copied from [1] Percona .deb packages are signed with a key that uses an algorithm now considered weak. Starting with the next release, Debian and Ubuntu packages are signed with a new key that uses the much stronger SHA-512 algorithm. All future package release will also contain the new algorithm. It’s important that you add the new key before the next release. See also [2] in trove. [1] https://www.percona.com/blog/2016/10/13/new-signing-key-for-percona-debian-and-ubuntu-packages/ [2] https://review.openstack.org/#/c/390342/ Change-Id: I4ca5fccf51e51059d4035f7206609c8afa997c94
author: Amrith Kumar <amrith@amrith.org> 2016-10-24 09:46:41 -0400
committer: Amrith Kumar <amrith@amrith.org> 2016-10-24 10:18:47 -0400
commit: e42be7b1de5d439a67ad92c86477ed85502ddb46 (patch)
tree: a5c27fe967fdc99c182afd07c2dd5a08097fa6cc
parent: a7ad2f174804bf06195205bfa4652346eaa936b2 (diff)
download: trove-integration-e42be7b1de5d439a67ad92c86477ed85502ddb46.tar.gz
4 files changed, 64 insertions, 36 deletions
diff --git a/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key b/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key
index ec1d89d..55b5ef8 100755
--- a/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key
+++ b/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 # CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT
 # PURPOSE: Setup apt-repo list so that we can connect to Percona's repo
@@ -17,17 +17,24 @@ mkdir -p /home/${GUEST_USERNAME}/.gnupg
 # https://bugs.launchpad.net/percona-server/+bug/907789.  Disable
 # shell errexit so we can interrogate the exit code and take action
 # based on the exit code. We will reenable it later.
-set +e
-apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A
+function get_key_robust() {
+    KEY=$1
+    set +e
+
+    apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY}
+
+    if [ "$?" -ne "0" ];
+    then
+        echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
+        set -e
+        apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY}
+    fi
 
-if [ "$?" -ne "0" ];
-then
-    echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
     set -e
-    apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A
-fi
+}
 
-set -e
+get_key_robust 1C4CBDCDCD2EFD2A
+get_key_robust 9334A25F8507EFA5
 
 # Add Percona repo
 # Creates the Percona sources list
diff --git a/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key b/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key
index 2a03ad5..cd28925 100755
--- a/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key
+++ b/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 # CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT
 # PURPOSE: Setup apt-repo list so that we can connect to Percona's repo
@@ -17,17 +17,24 @@ mkdir -p /home/${GUEST_USERNAME}/.gnupg
 # https://bugs.launchpad.net/percona-server/+bug/907789.  Disable
 # shell errexit so we can interrogate the exit code and take action
 # based on the exit code. We will reenable it later.
-set +e
-apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A
+function get_key_robust() {
+    KEY=$1
+    set +e
+
+    apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY}
+
+    if [ "$?" -ne "0" ];
+    then
+        echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
+        set -e
+        apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY}
+    fi
 
-if [ "$?" -ne "0" ];
-then
-    echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
     set -e
-    apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A
-fi
+}
 
-set -e
+get_key_robust 1C4CBDCDCD2EFD2A
+get_key_robust 9334A25F8507EFA5
 
 # Add Percona repo
 # Creates the percona sources list
diff --git a/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key b/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key
index c2b686c..d323645 100755
--- a/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key
+++ b/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 # CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT
 # PURPOSE: Setup apt-repo list so that we can connect to Percona's repo
@@ -19,17 +19,24 @@ fi
 # https://bugs.launchpad.net/percona-server/+bug/907789.  Disable
 # shell errexit so we can interrogate the exit code and take action
 # based on the exit code. We will reenable it later.
-set +e
-apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A
+function get_key_robust() {
+    KEY=$1
+    set +e
+
+    apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY}
+
+    if [ "$?" -ne "0" ];
+    then
+        echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
+        set -e
+        apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY}
+    fi
 
-if [ "$?" -ne "0" ];
-then
-    echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
     set -e
-    apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A
-fi
+}
 
-set -e
+get_key_robust 1C4CBDCDCD2EFD2A
+get_key_robust 9334A25F8507EFA5
 
 # add Percona repo
 # creates the percona sources list
diff --git a/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key b/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key
index c2b686c..d323645 100755
--- a/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key
+++ b/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 # CONTEXT: GUEST during PRE-CONSTRUCTION as ROOT
 # PURPOSE: Setup apt-repo list so that we can connect to Percona's repo
@@ -19,17 +19,24 @@ fi
 # https://bugs.launchpad.net/percona-server/+bug/907789.  Disable
 # shell errexit so we can interrogate the exit code and take action
 # based on the exit code. We will reenable it later.
-set +e
-apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A
+function get_key_robust() {
+    KEY=$1
+    set +e
+
+    apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY}
+
+    if [ "$?" -ne "0" ];
+    then
+        echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
+        set -e
+        apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY}
+    fi
 
-if [ "$?" -ne "0" ];
-then
-    echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
     set -e
-    apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 1C4CBDCDCD2EFD2A
-fi
+}
 
-set -e
+get_key_robust 1C4CBDCDCD2EFD2A
+get_key_robust 9334A25F8507EFA5
 
 # add Percona repo
 # creates the percona sources list
author	Amrith Kumar <amrith@amrith.org>	2016-10-24 09:46:41 -0400
committer	Amrith Kumar <amrith@amrith.org>	2016-10-24 10:18:47 -0400
commit	e42be7b1de5d439a67ad92c86477ed85502ddb46 (patch)
tree	a5c27fe967fdc99c182afd07c2dd5a08097fa6cc
parent	a7ad2f174804bf06195205bfa4652346eaa936b2 (diff)
download	trove-integration-e42be7b1de5d439a67ad92c86477ed85502ddb46.tar.gz