From 09031d90055e80c8101f06951b824f5c7fa96e14 Mon Sep 17 00:00:00 2001
From: Varac <varac@leap.se>
Date: Tue, 20 Mar 2018 20:39:08 +0100
Subject: [PATCH] Bug: Directly deploy leap-archive keyrings
The leap-archive keyring expired March 8th 2018.
We updated it, and published updated installation
docs at https://bitmask.net/en/install/linux.
For jessie, we dont install the leap-archive-keyring
package anymore but directly deploy the keys to
apt's trusted keystore.
- Fixes: https://0xacab.org/leap/bitmask-dev/issues/9279
---
.../site_apt/files/keys/leap-archive.gpg | Bin 20188 -> 21915 bytes
.../files/keys/leap-experimental-archive.gpg | Bin 3423 -> 5177 bytes
.../modules/site_apt/manifests/leap_repo.pp | 14 ++++++++++----
3 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/puppet/modules/site_apt/files/keys/leap-archive.gpg b/puppet/modules/site_apt/files/keys/leap-archive.gpg
index dd7f3be64fafb848c4d6a8f99b926c16b7b6c3fc..dc19f62376ef0a603a888656aa07418b4dcf047c 100644
GIT binary patch
delta 1848
zcmcaJmvQ!L#tq3Vn-{ZLGHs4wv16M2T{2;Ftbjb@W=UQJ#?7^Y%1oPMq~w`4-%yfg
z+PqUio@w)cE-9wXvxQZdHdo8YGj0B^qRO=S8HXg(=KZ1;ESm+?m6<jd>e{hv4$_uq
z+H9;T&$M~HVHL+_OFk8*%~R!6m^SNL#j$Mu;3UH|`HYil{d;>mR!;VLk7F6QI0fWP
z7B=-MR5Gr;%m2T4@;WxtOVQ@thNUI;X7g+g)~H(x%=p44?DFrmip8rrS@YET_C51r
z&-q%A>*jRUPqLuztD)!ix*uzQEuTA^DQD9BJ?vN4OF3<u@u8v2VPl+CZGcW~tZL<x
zIde{yyu9)DMcB^0^RLy5%@QyX&DIe<wI+0x7-Jd7uC~L|eBXXF`}_WIUh~EXk)IP~
z<n@nN`E6Y<Vw4zg>4;074Qtc3Gd~UgHk>oopB4US&o#$IeE&U|GcJV*8vEvkT`sI~
znw|CggZ+uR5N}N#FQ)l&|H5|~Ki!ngl+LZ5!M3?*V@;9rF=o+drrtuv`imlF9{S&x
zM1@GSw3Ws$im<xh_fK2n!eW&RdpMRvN_Q8UbsSRHb>FD_xaeeYN$HQ>s+UWJs}H5O
zy0dyD9r$qX*edbFvMh`B!8`4iq^mynkFk1v^z^n#r@Ks@ob;`xnBIyw&wW4ia-aE%
zcxS$d`0o1)s*ZA=QjuQ0r`*@LIJN%x?pdyj8HC!lzuvn2Xo<#qQ{L9()77z#A2Qzy
zD6iyxrB*t<T{zidX=0byUg4SluGLG<R9Eval|8-l%gQa%X+Je;7e#$%PVz2roc`$b
zPj#M>t%?TSYn}=&|39ZTd+X`9>!;oNoyitcx&AIwL~r<<XLGaOoWGPSG4s{?bI#6b
zYh|-P+$gU}_1*uO=Z;~A2ZQ2lxsP1epGs~xeCV%~;pU|dYD}B8+*KGibGa%oO^#+!
z-P~;_!^9rKBFxCeU^h9>PP$%9kwwncTIWUeJN?>!Gt*#ch?OadNiLn0Q`pm~3ps67
zy%1oSp8s~?*R83G=L=rrS#NAMzg{o*hj!hMRW%Xs>|Y3QpK`iwBA9Hj%pm3FzhYaD
zUY?W*)7$uu?9ZHCe8cUdn#{#EjeU_k3KF-w-ZEXQUod;w4#u-rmv#R8bNR`eT-`|u
zN<C^;_oqp_ug%q8b&>Pay2BNrCK<`ecYo&b@4p-&_>ry3tYV$hkC>k;8sgi#mvl}0
zme>|`*1ug}$V&W4Jy-t5$OZ$WX6p{aC9S<d4f7amnI_03E<beRo4cJIH@ESBQJ>R7
z_qVqg9oh8PskA=pOUj>!ldpxYAAZ+7|LK>Ax$^rsgA&pT4xMv9xu1i}U0zbBHaup1
zVXsBes&5QkKdb96t>#mG<8mY8ef!-13rsh8h_rqU{&KnLN@c;86#@#)mmWIq6|`)s
zYIq<o96asqLyeVNuV#M{TV!eWwT|J*t7%pjYy95)i($R*H9u`mLH(gg!qXStdB0-T
z_4#+7u&r&h>YDjD|Ko;}-k*Y0zg|7N^oY=2zJll-rz&Uv&iKAf^nKG2bG0LrG(Cl%
zmZzt5yi^X{C~{+;IuCp8Po8JWJzn?iR^N%5XWF>$p2VuFi(*&5Umq!KeP!GC!hO|q
zn-Y?rTXb2@-_WxwbVKf}<O&|n`R27;>KTpZ$=^A9er3q5;!Ba1_w2lpsIrFbZP$Id
zOM<=M-AyW<JZaiH$LOVyS{&odot@54=N*sR?B^lGRIkb+!N|qH&&m`ibm%UVG!H8$
z<3r;H<n(e`i~oO6+)K~ZODux7^}g!6taH@Nh-+TdYRA<qXO*-W7b+#kt@kVM=)I}u
zFqz9fm3hmx5?`C|wx?{A%GiD%P-W%0p&DS_=AC&xlUJPKz4?k_z70=&Z|awqyxSOB
zFZzv3qImkXE9*l$91q(~>9*IMF#Xo<Q_~Jc%$&j=|6_J5x3#}-VC;$yYHJKn)=ah8
zzr^PHibLOaq`LoFZ=R(&>Ao0G=ZSQ8<#=iFl~HYscg>UgvKi%qllB=!=DC+ewe|Eq
zdh4@F<Nm9Y&uZ`5{czIasgba&`y$@tUvi>oXH<OzYs}PbC)iJ4-C3)@*~@-?{Hw(;
z4uqEk<osNpzW(4$m3NE*f0u1nPMG0-C6s->N9C*E&Pye}xjovp(Z{Q^Zf=*aKpT69
z$Jy4tYrHWQ;?s|WUst^;{$Uqa&cB=+Yo32Q!1Y2VE!%j#$F01sgl4l(i`{*dG_LI6
zm)LkCAl%XaNBz<$H#yVG4*w>ueDa#{dHB8=OtQ&e13GgKw8#}?PAHiF&~?V$-`-D)
z%nv1rxv$?``@(D&x4!<(Z%HX-lbG&ZzSSi8wf2FK{1dC7!$pr|_Z+-Z*YW(qsq>s~
z9acR2<jA#fV$9OLvw|*scexn4-7cy2)1&$EiJ=TnuJE@M+^csvthMdFah|Q*;~y$d
xAN|$Te00F^zl8SI*t{S9jnOWX{s=ER`0K=DQKKKHuI=8u#Ycl_bDUQg69A)1SrGsL
delta 171
zcmbQen(@wD#tq3Vlfyk^Hy>b=V%i+V;>5JMP)3<)^G{(Zrp=LD3XGednyN5uw&Ij$
z++4w}!n9dJOrB};6gdl)$+tKXHc#hOVcKjiA<wj#&qAJQ^DRMnrp>$g<(W2zNvSez
zzM&+}wAn{no@ukLraaT;_bPTQo3nMRI5ulqC9!NS@sMHK{M<=}X|lhE>gH}c8K%vK
cZgNbUxm{HlH$U|eV%qE;9Ky6&Hc*2J06n!eBLDyZ
diff --git a/puppet/modules/site_apt/files/keys/leap-experimental-archive.gpg b/puppet/modules/site_apt/files/keys/leap-experimental-archive.gpg
index 5cc9064b1c922960bf442dad40a68bc4c95aea1c..19e6ba1fc0bb43f5ed7df16b9d7f5fdd4ebb6cd0 100644
GIT binary patch
delta 1695
zcmcaFwNqn5Ak*YYEOPZB?;T=TIa&N&pEGcA3N+V9T{SDwym^0z0K>*ZkFxEqTP@t4
zb?#<D%?x|@?qgfpzN+oNr<r#=WA8qL*2xhExN9|byttt}lWE7_rd>g+9oD_8dam#5
zS32*_GTj`}UDucnT8rK;ys%x)w_MYV<E4}P!GM^IU)RIu9AYy*=K65?sd|^GKYq2w
z9$Qu-S;K$#>#KsIB@3L{wsJB#1y4Me5qEFx14na<Htw}I=P`FlWtYU8_nNtKxxaI~
z8M#`%JmcjuvnMkzc)Hy4b$wvV<?-$d>&%V1EDVv?+N~x{f5Q+XzCy<JZ-+ZuYQ?@>
z-{*!2tojANKeb<KbJ=OA`<f|7>c#T<o#ye61A^=;);=uqJ@ndc&hc$sEoR$4J-+!-
zwJ7k+J-@3B_W4%}3Z*)@&b&H#M@{x2e|=%grn3j`rOldQ`EWfy>zj*=uihOy8*9>0
zcj)KDE9<nL$f-X%zkAQe-(2EHJ=>l3E|}4LrN!pw>41Q%CYD<-o?iCo?CmZY35hvZ
zj-QRF7g79kv)@Uir+(wIC$A@m6kSQx?e}{9Yvr6@Cl|h%W12N(!trC;53GM(FH#JB
zum5+`n;jcoY|)6&+4DMXuGxl1o3GiJ>DERt=w5ZpQ*zSX$;oVPy|(Ab^_ACO2_`St
zYFpW1y5G3#S*GXur3$O2EqiNi?Q*N?S4wkA?X%!m=b8g@;@JldaRfOie@<F-J3fbf
zuA`9lzlil;vs{c;s4e@k*@G#Iss5QRD<@0r4t3-dqV<IT4@Yru={>Hk2PS=W+?#!M
zXREcJZMjvl14AU&gNp3Mll}G|K6cC@zcaDlvuAzQ7TbHzisrtb>!*6f_3k(0#qN!j
z5l)4#3gT>6o_|pgH}~4A{^0N#vEPpii)<9LG<|ex2LC7Zur)P&=jxU71vo<%n!mUe
z@`&@dKnCx@f)l5j7MwWowEBm8$Cj4?S~X$wu6=*bm~Nhu{q(waEu*!|#s^Qr;tNy0
z-T3<V_~O|)FK&D~KJ&SY_?h?9YjRlT%$BYAVwT?3eR0Ke#rXyQMBb|R9FOv8?umW3
zBl=Iq^uK<soIeZlE2}1G6wE9ruYbgN)a)wXttidqHqN(HJ7m_(ml1Y%(GR@1T<dCt
z&$kSXmyE%?8)dUz`0QD;m*FAr^5VC#ZEFe{|3<UM9KBFde6jh$iRA0=9tM4Q-0u*%
zMD3n^pR>Ed``sbAJ7Vp&ntYP@d}Y<gHLbq(pUaQ0wA(h7eMPrI^`}?iJI}WJ^UdO`
zZ)Ex7-fM8o>eb>uxf`GS^}E6`>!B_Kr`q&mnHFNp7-vh{*Gu2=-M)Qdn(4Z&+itZ@
z{r26ns?_AiMcbwK0vdc8btbJmGvQHly>IWF<FC)(ifZ@}bEm<QBbnRc*!_d4e;)a+
ze7`n7ym*rMud-*A0l@~Iu~W=g*87(06&UyPuMd)Wu0Q`yxZ9i+t=`ew#6Fz7e&*@2
z`E%!OYX4leC1P_Yiz5?HCsQbkFe4X(J(D!^<OC+kdND<obI$e-)vH~s{w<t#5LT|R
zGDR`TZD8f(|GC5#IW_fv<^RJyH~2<_g6oNz9ba5uMGNy3s=Q>dyBjF?Chv8=5KsO-
z@uPwamv2oAn$MqGF(vh%;g{mg6Yf{cR9a;xq5NsRhQv92X8W$}kCDf^c}?rt`VX1v
zecN<+x_|$fyz1R+JDk*tV>@;Cxpl36tn)28-ZbQH3D4i%DVG9!cn#MTzl*!5Vt;a@
z$1R)N(r%Y$>Mc86T{%JS?y2B;!Jj;tPm8R)9DZ~P_t_~qIb|yogV*plbDrd%_jcaW
z;#@)NsZxS^f=4ga9D1m=y>3a~spE6K{?)HbjS~G3F3Gd{+N-=H*S9YJ(>-<Lf41{m
z7k;SfmNE*6nD5<H_HTi*^$oGxtLAT!yJr5N{m88gS<N<i@BXuJ&Q)Hb9sR>NxG(8-
z`{iv-KN#5}|M|{tX-$~8`f&IE-+_NC-*|H`%F=IN+{AohYSdigCXb@nEv_F8;${f#
z{m*;errxUe?*02u-LzR*a~U>2a_FArtWbVju|6cdtt(vodK3TO6oEz0n&K*^>Ro<%
z<oAzzyypWpXubKB?tSH)SSr($4G&pPuMPY*UG?nK`4c-B52?+F_U2u|QTbr=mEX~a
z?fR#5t-g8b$#0Gxmy^0q=TDw)tv31hTFha^k^+l_2;EKJ&F92M9CuCMGjH9OgBNQx
zW{T}Ax+rij^p%PF93?~7Fl*_fV*j6eCBIMGd`Q}|MI!&em&4IDk)a1SpJJQJ1^^yP
BOU?iQ
delta 22
ecmdm~abIdfAk*eaEQw5;O*kc(HZS3w$_4;o0tb@-
diff --git a/puppet/modules/site_apt/manifests/leap_repo.pp b/puppet/modules/site_apt/manifests/leap_repo.pp
index 1e18b441..d3ab463d 100644
--- a/puppet/modules/site_apt/manifests/leap_repo.pp
+++ b/puppet/modules/site_apt/manifests/leap_repo.pp
@@ -21,13 +21,19 @@ class site_apt::leap_repo {
}
}
+ file {
+ '/etc/apt/trusted.gpg.d/leap-archive.gpg':
+ ensure => present,
+ source => 'puppet:///modules/site_apt/keys/leap-archive.gpg';
+ '/etc/apt/trusted.gpg.d/leap-experimental-archive.gpg':
+ ensure => present,
+ source => 'puppet:///modules/site_apt/keys/leap-experimental-archive.gpg'
+ }
+
+
apt::sources_list { 'leap.list':
content => "deb [signed-by=${archive_key}] ${::site_apt::apt_url_platform_basic} ${::site_apt::apt_platform_component} ${::site_apt::apt_platform_codename}\n",
before => Exec[refresh_apt]
}
- package { 'leap-archive-keyring':
- ensure => latest
- }
-
}
--
GitLab