From 707180da4363102766124aefc83c944672e880d3 Mon Sep 17 00:00:00 2001 From: Tagada <36127788+Tagadda@users.noreply.github.com> Date: Fri, 16 Feb 2024 19:17:48 +0100 Subject: [PATCH 1/3] Update sury apt key --- hooks/conf_regen/10-apt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hooks/conf_regen/10-apt b/hooks/conf_regen/10-apt index 93ff053b8..32b939664 100755 --- a/hooks/conf_regen/10-apt +++ b/hooks/conf_regen/10-apt @@ -69,6 +69,12 @@ do_post_regen() { wget --timeout 900 --quiet "https://packages.sury.org/php/apt.gpg" --output-document=- | gpg --dearmor >"/etc/apt/trusted.gpg.d/extra_php_version.gpg" fi + # Update sury apt key if 95BD4743 is present + if apt-key list | grep -q "95BD4743"; then + echo "Updating sury apt key..." + apt-key del 95BD4743; wget -nv -O - "https://packages.sury.org/php/apt.gpg" | apt-key add - + fi + # Make sure php7.4 is the default version when using php in cli if test -e /usr/bin/php$YNH_DEFAULT_PHP_VERSION then From fa64652681dd6178dcd5ab49c1283f758689967c Mon Sep 17 00:00:00 2001 From: Tagada <36127788+Tagadda@users.noreply.github.com> Date: Sat, 17 Feb 2024 20:07:23 +0100 Subject: [PATCH 2/3] regenconf/apt:Purge expired apt keys Co-authored-by: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com> --- hooks/conf_regen/10-apt | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/hooks/conf_regen/10-apt b/hooks/conf_regen/10-apt index 32b939664..da6186a98 100755 --- a/hooks/conf_regen/10-apt +++ b/hooks/conf_regen/10-apt @@ -69,12 +69,9 @@ do_post_regen() { wget --timeout 900 --quiet "https://packages.sury.org/php/apt.gpg" --output-document=- | gpg --dearmor >"/etc/apt/trusted.gpg.d/extra_php_version.gpg" fi - # Update sury apt key if 95BD4743 is present - if apt-key list | grep -q "95BD4743"; then - echo "Updating sury apt key..." - apt-key del 95BD4743; wget -nv -O - "https://packages.sury.org/php/apt.gpg" | apt-key add - - fi - + # Purge expired keys (such as sury 95BD4743) + EXPIRED_KEYS="$(LC_ALL='en_US.UTF-8' apt-key list 2>/dev/null | grep -A1 'expired:' | grep -v 'expired\|^-' | sed 's/\s//g')" + for KEY in $EXPIRED_KEYS; do apt-key del $KEY 2>/dev/null; done # Make sure php7.4 is the default version when using php in cli if test -e /usr/bin/php$YNH_DEFAULT_PHP_VERSION then From 1d9cbde627ab20871199f0eec920e69ee3715ce7 Mon Sep 17 00:00:00 2001 From: Tagada <36127788+Tagadda@users.noreply.github.com> Date: Mon, 19 Feb 2024 18:46:37 +0100 Subject: [PATCH 3/3] hooks/conf_regen/apt: remove expired apt keys before downloading sury's key --- hooks/conf_regen/10-apt | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/hooks/conf_regen/10-apt b/hooks/conf_regen/10-apt index da6186a98..81fa5dd25 100755 --- a/hooks/conf_regen/10-apt +++ b/hooks/conf_regen/10-apt @@ -62,6 +62,10 @@ Pin-Priority: -1 do_post_regen() { regen_conf_files=$1 + # Purge expired keys (such as sury 95BD4743) + EXPIRED_KEYS="$(LC_ALL='en_US.UTF-8' apt-key list 2>/dev/null | grep -A1 'expired:' | grep -v 'expired\|^-' | sed 's/\s//g')" + for KEY in $EXPIRED_KEYS; do apt-key del $KEY 2>/dev/null; done + # Add sury key # We do this only at the post regen and if the key doesn't already exists, because we don't want the regenconf to fuck everything up if the regenconf runs while the network is down if [[ ! -s /etc/apt/trusted.gpg.d/extra_php_version.gpg ]] @@ -69,9 +73,6 @@ do_post_regen() { wget --timeout 900 --quiet "https://packages.sury.org/php/apt.gpg" --output-document=- | gpg --dearmor >"/etc/apt/trusted.gpg.d/extra_php_version.gpg" fi - # Purge expired keys (such as sury 95BD4743) - EXPIRED_KEYS="$(LC_ALL='en_US.UTF-8' apt-key list 2>/dev/null | grep -A1 'expired:' | grep -v 'expired\|^-' | sed 's/\s//g')" - for KEY in $EXPIRED_KEYS; do apt-key del $KEY 2>/dev/null; done # Make sure php7.4 is the default version when using php in cli if test -e /usr/bin/php$YNH_DEFAULT_PHP_VERSION then