YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1903 from YunoHost/repo_trusted

Browse source 
helpers/apt: Support apt repositories with [trusted=yes]
This commit is contained in:
Alexandre Aubin 2024-07-15 16:16:22 +02:00 committed by GitHub
commit 9e8c7e704e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 55 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
helpers/helpers.v1.d/apt
View file

@ -471,21 +471,29 @@ ynh_install_extra_repo() {
wget_append="tee" wget_append="tee"
fi fi
# Split the repository into uri, suite and components. if [[ "$key" == "trusted=yes" ]]; then
trusted="--trusted"
else
trusted=""
fi
IFS=', ' read -r -a repo_parts <<< "$repo"
index=0
# Remove "deb " at the beginning of the repo. # Remove "deb " at the beginning of the repo.
repo="${repo#deb }" if [[ "${repo_parts[0]}" == "deb" ]]; then
index=1
# Get the uri fi
local uri="$(echo "$repo" | awk '{ print $1 }')" uri="${repo_parts[$index]}" ; index=$((index+1))
suite="${repo_parts[$index]}" ; index=$((index+1))
# Get the suite
local suite="$(echo "$repo" | awk '{ print $2 }')"
# Get the components # Get the components
local component="${repo##$uri $suite }" if (( "${#repo_parts[@]}" > 0 )); then
component="${repo_parts[*]:$index}"
fi
# Add the repository into sources.list.d # Add the repository into sources.list.d
ynh_add_repo --uri="$uri" --suite="$suite" --component="$component" --name="$name" $append ynh_add_repo --uri="$uri" --suite="$suite" --component="$component" --name="$name" $append $trusted
# Pin the new repo with the default priority, so it won't be used for upgrades. # Pin the new repo with the default priority, so it won't be used for upgrades.
# Build $pin from the uri without http and any sub path # Build $pin from the uri without http and any sub path
@ -498,7 +506,7 @@ ynh_install_extra_repo() {
ynh_pin_repo --package="*" --pin="origin \"$pin\"" $priority --name="$name" $append ynh_pin_repo --package="*" --pin="origin \"$pin\"" $priority --name="$name" $append
# Get the public key for the repo # Get the public key for the repo
if [ -n "$key" ]; then if [ -n "$key" ] && [[ "$key" != "trusted=yes" ]]; then
mkdir --parents "/etc/apt/trusted.gpg.d" mkdir --parents "/etc/apt/trusted.gpg.d"
# Timeout option is here to enforce the timeout on dns query and tcp connect (c.f. man wget) # Timeout option is here to enforce the timeout on dns query and tcp connect (c.f. man wget)
wget --timeout 900 --quiet "$key" --output-document=- | gpg --dearmor | $wget_append /etc/apt/trusted.gpg.d/$name.gpg >/dev/null wget --timeout 900 --quiet "$key" --output-document=- | gpg --dearmor | $wget_append /etc/apt/trusted.gpg.d/$name.gpg >/dev/null
@ -551,6 +559,7 @@ ynh_remove_extra_repo() {
# | arg: -c, --component= - Component of the repository. # | arg: -c, --component= - Component of the repository.
# | arg: -n, --name= - Name for the files for this repo, $app as default value. # | arg: -n, --name= - Name for the files for this repo, $app as default value.
# | arg: -a, --append - Do not overwrite existing files. # | arg: -a, --append - Do not overwrite existing files.
# | arg: -t, --trusted - Add trusted=yes to the repository (not recommended)
# #
# Example for a repo like deb http://forge.yunohost.org/debian/ stretch stable # Example for a repo like deb http://forge.yunohost.org/debian/ stretch stable
# uri suite component # uri suite component
@ -559,13 +568,14 @@ ynh_remove_extra_repo() {
# Requires YunoHost version 3.8.1 or higher. # Requires YunoHost version 3.8.1 or higher.
ynh_add_repo() { ynh_add_repo() {
# Declare an array to define the options of this helper. # Declare an array to define the options of this helper.
local legacy_args=uscna local legacy_args=uscnat
local -A args_array=([u]=uri= [s]=suite= [c]=component= [n]=name= [a]=append) local -A args_array=([u]=uri= [s]=suite= [c]=component= [n]=name= [a]=append [t]=trusted)
local uri local uri
local suite local suite
local component local component
local name local name
local append local append
local trusted
# Manage arguments with getopts # Manage arguments with getopts
ynh_handle_getopts_args "$@" ynh_handle_getopts_args "$@"
name="${name:-$app}" name="${name:-$app}"
@ -576,10 +586,15 @@ ynh_add_repo() {
else else
append="tee" append="tee"
fi fi
if [[ "$trusted" -eq 1 ]]; then
trust="[trusted=yes]"
else
trust=""
fi
mkdir --parents "/etc/apt/sources.list.d" mkdir --parents "/etc/apt/sources.list.d"
# Add the new repo in sources.list.d # Add the new repo in sources.list.d
echo "deb $uri $suite $component" \ echo "deb $trust $uri $suite $component" \
| $append "/etc/apt/sources.list.d/$name.list" | $append "/etc/apt/sources.list.d/$name.list"
} }

34
helpers/helpers.v2.1.d/apt
View file

@ -199,14 +199,30 @@ ynh_apt_install_dependencies_from_extra_repository() {
# =========================================== # ===========================================
# Split the repository into uri, suite and components. # Split the repository into uri, suite and components.
repo="${repo#deb }" IFS=', ' read -r -a repo_parts <<< "$repo"
local uri="$(echo "$repo" | awk '{ print $1 }')" index=0
local suite="$(echo "$repo" | awk '{ print $2 }')"
local component="${repo##$uri $suite }" # Remove "deb " at the beginning of the repo.
if [[ "${repo_parts[0]}" == "deb" ]]; then
index=1
fi
uri="${repo_parts[$index]}" ; index=$((index+1))
suite="${repo_parts[$index]}" ; index=$((index+1))
# Get the components
if (( "${#repo_parts[@]}" > 0 )); then
component="${repo_parts[*]:$index}"
fi
if [[ "$key" == "trusted=yes" ]]; then
trust="[trusted=yes]"
else
trust=""
fi
# Add the new repo in sources.list.d # Add the new repo in sources.list.d
mkdir --parents "/etc/apt/sources.list.d" mkdir --parents "/etc/apt/sources.list.d"
echo "deb $uri $suite $component" > "/etc/apt/sources.list.d/$app.list" echo "deb $trust $uri $suite $component" > "/etc/apt/sources.list.d/$app.list"
# Pin the new repo with the default priority, so it won't be used for upgrades. # Pin the new repo with the default priority, so it won't be used for upgrades.
# Build $pin from the uri without http and any sub path # Build $pin from the uri without http and any sub path
@ -221,9 +237,11 @@ Pin: origin $pin
Pin-Priority: 995 Pin-Priority: 995
EOF EOF
mkdir --parents "/etc/apt/trusted.gpg.d" if [ -n "$key" ] && [[ "$key" != "trusted=yes" ]]; then
# Timeout option is here to enforce the timeout on dns query and tcp connect (c.f. man wget) mkdir --parents "/etc/apt/trusted.gpg.d"
wget --timeout 900 --quiet "$key" --output-document=- | gpg --dearmor > /etc/apt/trusted.gpg.d/$app.gpg # Timeout option is here to enforce the timeout on dns query and tcp connect (c.f. man wget)
wget --timeout 900 --quiet "$key" --output-document=- | gpg --dearmor > /etc/apt/trusted.gpg.d/$app.gpg
fi
# Update the list of package with the new repo NB: we use -o # Update the list of package with the new repo NB: we use -o
# Dir::Etc::sourcelist to only refresh this repo, because # Dir::Etc::sourcelist to only refresh this repo, because