Bug 40693: Patch apt-key to accept expired keys for jessie

1c5314b5 · boklm · ad51122f · 1c5314b5 · 1c5314b5
Unverified Commit 1c5314b5 authored 2 years ago by boklm
--- a/projects/mmdebstrap-image/apt-key-allow-expired-key.patch
+++ b/projects/mmdebstrap-image/apt-key-allow-expired-key.patch
+--- o/apt-key	2022-11-30 14:57:12.742026261 +0000
+++ n/apt-key	2022-12-01 08:38:08.170140893 +0000
+@@ -815,11 +815,18 @@
+ 	    create_gpg_home
+ 	fi
+ 	setup_merged_keyring
+	tmpfile=$(mktemp)
+	set +e
+ 	if [ -n "$FORCED_KEYRING" ]; then
+-	    "$GPGV" --homedir "${GPGHOMEDIR}" --keyring "$(dearmor_filename "${FORCED_KEYRING}")" --ignore-time-conflict "$@"
+	    (eval "exec ${GPGSTATUSFD}>$tmpfile"; "$GPGV" --homedir "${GPGHOMEDIR}" --keyring "$(dearmor_filename "${FORCED_KEYRING}")" --ignore-time-conflict "$@")
+ 	else
+-	    "$GPGV" --homedir "${GPGHOMEDIR}" --keyring "${GPGHOMEDIR}/pubring.gpg" --ignore-time-conflict "$@"
+	    (eval "exec ${GPGSTATUSFD}>$tmpfile"; "$GPGV" --homedir "${GPGHOMEDIR}" --keyring "${GPGHOMEDIR}/pubring.gpg" --ignore-time-conflict "$@")
+ 	fi
+	err=$?
+	set -e
+	cat "$tmpfile" | sed 's/^\[GNUPG:\] EXPKEYSIG /\[GNUPG:\] GOODSIG /' >&${GPGSTATUSFD}
+	rm -f "$tmpfile"
+	exit $err
+ 	;;
+     help)
+         usage
--- a/projects/mmdebstrap-image/config
+++ b/projects/mmdebstrap-image/config
@@ -16,6 +16,14 @@ pre: |
  apt-get update -y -q
  apt-get install -y -q debian-archive-keyring ubuntu-keyring mmdebstrap gnupg

+  [% IF c("var/container/suite") == "jessie" -%]
+    apt-get install -y -q patch
+    cd /usr/bin
+    # The gpg key for jessie is expired. We patch apt-key to accept expired keys.
+    patch -p1 < $rootdir/apt-key-allow-expired-key.patch
+    cd $rootdir
+  [% END -%]
+
  export SOURCE_DATE_EPOCH='[% c("timestamp") %]'
  tar -xf [% c('input_files_by_name/mmdebstrap') %]
  ./mmdebstrap/mmdebstrap --mode=unshare [% c("var/container/mmdebstrap_opt") %] [% c("var/container/suite") %] output.tar.gz [% c("var/container/debian_mirror") %]
@@ -56,3 +64,5 @@ input_files:
  - URL: 'https://cdimage.ubuntu.com/ubuntu-base/releases/[% c("var/ubuntu_version") %]/release/ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz'
    filename: 'container-image_ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz'
    sha256sum: e1f9200c99da008a473c9ae7b51e13f5ea05dc4c2e12beb43f0f9cbbbf6216f4
+  - filename: apt-key-allow-expired-key.patch
+    enable: '[% c("var/container/suite") == "jessie" %]'