From d3a75ff459cef39a8f17c5432f95a136b3beb927 Mon Sep 17 00:00:00 2001 From: David Trudgian Date: Sun, 2 Jun 2019 20:40:36 -0500 Subject: [PATCH 1/3] Use hkp:// and port 80 for key retrival on restricted networks --- helpers/config | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/helpers/config b/helpers/config index 229efc4..eb6689c 100755 --- a/helpers/config +++ b/helpers/config @@ -93,17 +93,17 @@ then cp trusted.local.gpg "${LOCAL_APT}/etc/trusted.gpg" else # Trisquel key -apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver keyserver.ubuntu.com --recv-keys B4EFB9F38D8AEBF1 > /dev/null +apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys B4EFB9F38D8AEBF1 > /dev/null # Ubuntu gpg keys -apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver keyserver.ubuntu.com --recv-keys 40976EAF437D05B5 > /dev/null -apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32 > /dev/null +apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 40976EAF437D05B5 > /dev/null +apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3B4FE6ACC0B21F32 > /dev/null # Debian gpg keys -apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver keyserver.ubuntu.com --recv-keys 9D6D8F6BC857C906 > /dev/null -apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553 > /dev/null +apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 9D6D8F6BC857C906 > /dev/null +apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 8B48AD6246925553 > /dev/null fi # Also import the repository key optionally listed in the helper -[ "1$REPOKEY" != "1" ] && apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --recv-keys --keyserver keyserver.ubuntu.com $REPOKEY +[ "1$REPOKEY" != "1" ] && apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 $REPOKEY cat << EOF > ${LOCAL_APT}/etc/apt.sources.list deb-src $MIRROR $UPSTREAM main universe @@ -127,13 +127,13 @@ apt-get source $PACKAGE --download-only -c ${LOCAL_APT}/etc/apt.conf # Import the key for the package uploader # Use the one listed in the helper if available, otherwise download the one listed in the dsc if [ "1$SIGNKEY" != "1" ] ; then - apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --recv-keys --keyserver keyserver.ubuntu.com $SIGNKEY > /dev/null + apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 $SIGNKEY > /dev/null gpgv --keyring ${LOCAL_APT}/etc/trusted.gpg *.dsc else if grep -q "BEGIN PGP SIGNATURE" *.dsc; then KEY=$(gpgv --keyring ${LOCAL_APT}/etc/trusted.gpg *.dsc 2>&1 | grep "key ID" | sed 's/.*key ID //' || true) [ -z "$KEY" ] && KEY=$(gpgv --keyring ${LOCAL_APT}/etc/trusted.gpg *.dsc 2>&1 | egrep ".SA key" | sed 's/.*.SA key //' || true) - apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --recv-keys --keyserver keyserver.ubuntu.com $KEY > /dev/null + apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 $KEY > /dev/null gpgv --keyring ${LOCAL_APT}/etc/trusted.gpg *.dsc else echo WARNING! The dsc file is not gpg signed! From 2f1db96732e9c5b43d275f5c2279208e3f3fd2bb Mon Sep 17 00:00:00 2001 From: David Trudgian Date: Fri, 12 Jul 2019 15:06:55 -0500 Subject: [PATCH 2/3] Switch to hkps:// :443 --- helpers/config | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/helpers/config b/helpers/config index eb6689c..ceb1f8f 100755 --- a/helpers/config +++ b/helpers/config @@ -93,17 +93,17 @@ then cp trusted.local.gpg "${LOCAL_APT}/etc/trusted.gpg" else # Trisquel key -apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys B4EFB9F38D8AEBF1 > /dev/null +apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys B4EFB9F38D8AEBF1 > /dev/null # Ubuntu gpg keys -apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 40976EAF437D05B5 > /dev/null -apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3B4FE6ACC0B21F32 > /dev/null +apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 40976EAF437D05B5 > /dev/null +apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 3B4FE6ACC0B21F32 > /dev/null # Debian gpg keys -apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 9D6D8F6BC857C906 > /dev/null -apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 8B48AD6246925553 > /dev/null +apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 9D6D8F6BC857C906 > /dev/null +apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 8B48AD6246925553 > /dev/null fi # Also import the repository key optionally listed in the helper -[ "1$REPOKEY" != "1" ] && apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 $REPOKEY +[ "1$REPOKEY" != "1" ] && apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --recv-keys --keyserver hkps://keyserver.ubuntu.com:443 $REPOKEY cat << EOF > ${LOCAL_APT}/etc/apt.sources.list deb-src $MIRROR $UPSTREAM main universe @@ -127,13 +127,13 @@ apt-get source $PACKAGE --download-only -c ${LOCAL_APT}/etc/apt.conf # Import the key for the package uploader # Use the one listed in the helper if available, otherwise download the one listed in the dsc if [ "1$SIGNKEY" != "1" ] ; then - apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 $SIGNKEY > /dev/null + apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --recv-keys --keyserver hkps://keyserver.ubuntu.com:443 $SIGNKEY > /dev/null gpgv --keyring ${LOCAL_APT}/etc/trusted.gpg *.dsc else if grep -q "BEGIN PGP SIGNATURE" *.dsc; then KEY=$(gpgv --keyring ${LOCAL_APT}/etc/trusted.gpg *.dsc 2>&1 | grep "key ID" | sed 's/.*key ID //' || true) [ -z "$KEY" ] && KEY=$(gpgv --keyring ${LOCAL_APT}/etc/trusted.gpg *.dsc 2>&1 | egrep ".SA key" | sed 's/.*.SA key //' || true) - apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 $KEY > /dev/null + apt-key --keyring ${LOCAL_APT}/etc/trusted.gpg adv --recv-keys --keyserver hkps://keyserver.ubuntu.com:443 $KEY > /dev/null gpgv --keyring ${LOCAL_APT}/etc/trusted.gpg *.dsc else echo WARNING! The dsc file is not gpg signed! From 5aa2d3a356edcf694c5e32af356932417b1592a2 Mon Sep 17 00:00:00 2001 From: David Trudgian Date: Fri, 19 Jul 2019 01:32:23 +0000 Subject: [PATCH 3/3] Add copyright line --- helpers/config | 1 + 1 file changed, 1 insertion(+) diff --git a/helpers/config b/helpers/config index ceb1f8f..a997be1 100755 --- a/helpers/config +++ b/helpers/config @@ -2,6 +2,7 @@ # # Copyright (C) 2008-2010 Rubén Rodríguez # Copyright (C) 2014 Santiago Rodriguez +# Copyright (C) 2019 David Trudgian # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by