From 26b75403fb7b4b71b07fe61b7c7c306ff7ba7a4e Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Mon, 25 Apr 2022 20:50:36 +0000 Subject: [PATCH] Add Ubuntu's 2018 Archive Signing Key to reprepro We're trying to start mirroring Ubuntu 22.04 LTS packages, and their indices are now signed with the 2018 Archive Signing Key which we haven't yet imported. Add it. Change-Id: I88cabf8a703ef0086e58b8f6cd65bf54321f7998 --- .../roles/reprepro/files/keys/ubuntu-2018.asc | 29 +++++++++++++++++++ .../files/ubuntu-ports/config/updates | 8 ++--- .../reprepro/files/ubuntu/config/updates | 8 ++--- playbooks/roles/reprepro/tasks/ubuntu.yaml | 1 + 4 files changed, 38 insertions(+), 8 deletions(-) create mode 100644 playbooks/roles/reprepro/files/keys/ubuntu-2018.asc diff --git a/playbooks/roles/reprepro/files/keys/ubuntu-2018.asc b/playbooks/roles/reprepro/files/keys/ubuntu-2018.asc new file mode 100644 index 0000000000..d4a243732b --- /dev/null +++ b/playbooks/roles/reprepro/files/keys/ubuntu-2018.asc @@ -0,0 +1,29 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFufwdoBEADv/Gxytx/LcSXYuM0MwKojbBye81s0G1nEx+lz6VAUpIUZnbkq +dXBHC+dwrGS/CeeLuAjPRLU8AoxE/jjvZVp8xFGEWHYdklqXGZ/gJfP5d3fIUBtZ +HZEJl8B8m9pMHf/AQQdsC+YzizSG5t5Mhnotw044LXtdEEkx2t6Jz0OGrh+5Ioxq +X7pZiq6Cv19BohaUioKMdp7ES6RYfN7ol6HSLFlrMXtVfh/ijpN9j3ZhVGVeRC8k +KHQsJ5PkIbmvxBiUh7SJmfZUx0IQhNMaDHXfdZAGNtnhzzNReb1FqNLSVkrS/Pns +AQzMhG1BDm2VOSF64jebKXffFqM5LXRQTeqTLsjUbbrqR6s/GCO8UF7jfUj6I7ta +LygmsHO/JD4jpKRC0gbpUBfaiJyLvuepx3kWoqL3sN0LhlMI80+fA7GTvoOx4tpq +VlzlE6TajYu+jfW3QpOFS5ewEMdL26hzxsZg/geZvTbArcP+OsJKRmhv4kNo6Ayd +yHQ/3ZV/f3X9mT3/SPLbJaumkgp3Yzd6t5PeBu+ZQk/mN5WNNuaihNEV7llb1Zhv +Y0Fxu9BVd/BNl0rzuxp3rIinB2TX2SCg7wE5xXkwXuQ/2eTDE0v0HlGntkuZjGow +DZkxHZQSxZVOzdZCRVaX/WEFLpKa2AQpw5RJrQ4oZ/OfifXyJzP27o03wQARAQAB +tEJVYnVudHUgQXJjaGl2ZSBBdXRvbWF0aWMgU2lnbmluZyBLZXkgKDIwMTgpIDxm +dHBtYXN0ZXJAdWJ1bnR1LmNvbT6JAjgEEwEKACIFAlufwdoCGwMGCwkIBwMCBhUI +AgkKCwQWAgMBAh4BAheAAAoJEIcZINGZG8k8LHMQAKS2cnxz/5WaoCOWArf5g6UH +beOCgc5DBm0hCuFDZWWv427aGei3CPuLw0DGLCXZdyc5dqE8mvjMlOmmAKKlj1uG +g3TYCbQWjWPeMnBPZbkFgkZoXJ7/6CB7bWRht1sHzpt1LTZ+SYDwOwJ68QRp7DRa +Zl9Y6QiUbeuhq2DUcTofVbBxbhrckN4ZteLvm+/nG9m/ciopc66LwRdkxqfJ32Cy +q+1TS5VaIJDG7DWziG+Kbu6qCDM4QNlg3LH7p14CrRxAbc4lvohRgsV4eQqsIcdF +kuVY5HPPj2K8TqpY6STe8Gh0aprG1RV8ZKay3KSMpnyV1fAKn4fM9byiLzQAovC0 +LZ9MMMsrAS/45AvC3IEKSShjLFn1X1dRCiO6/7jmZEoZtAp53hkf8SMBsi78hVNr +BumZwfIdBA1v22+LY4xQK8q4XCoRcA9G+pvzU9YVW7cRnDZZGl0uwOw7z9PkQBF5 +KFKjWDz4fCk+K6+YtGpovGKekGBb8I7EA6UpvPgqA/QdI0t1IBP0N06RQcs1fUaA +QEtz6DGy5zkRhR4pGSZn+dFET7PdAjEK84y7BdY4t+U1jcSIvBj0F2B7LwRL7xGp +SpIKi/ekAXLs117bvFHaCvmUYN7JVp1GMmVFxhIdx6CFm3fxG8QjNb5tere/YqK+ +uOgcXny1UlwtCUzlrSaP +=9AdM +-----END PGP PUBLIC KEY BLOCK----- diff --git a/playbooks/roles/reprepro/files/ubuntu-ports/config/updates b/playbooks/roles/reprepro/files/ubuntu-ports/config/updates index dd61cb607f..dd3e7e13b0 100755 --- a/playbooks/roles/reprepro/files/ubuntu-ports/config/updates +++ b/playbooks/roles/reprepro/files/ubuntu-ports/config/updates @@ -4,7 +4,7 @@ Components: main universe UDebComponents: main Architectures: amd64 source GetInRelease: no -VerifyRelease: 437D05B5|C0B21F32 +VerifyRelease: 437D05B5|C0B21F32|991BC93C Name: ubuntu-security Method: http://security.ubuntu.com/ubuntu @@ -12,7 +12,7 @@ Components: main universe UDebComponents: main Architectures: amd64 source GetInRelease: no -VerifyRelease: 437D05B5|C0B21F32 +VerifyRelease: 437D05B5|C0B21F32|991BC93C Name: ubuntu-ports Method: http://ports.ubuntu.com/ubuntu-ports @@ -20,7 +20,7 @@ Components: main universe UDebComponents: main Architectures: arm64 source GetInRelease: no -VerifyRelease: 437D05B5|C0B21F32 +VerifyRelease: 437D05B5|C0B21F32|991BC93C Name: ubuntu-ports-security Method: http://ports.ubuntu.com/ubuntu-ports @@ -28,4 +28,4 @@ Components: main universe UDebComponents: main Architectures: arm64 source GetInRelease: no -VerifyRelease: 437D05B5|C0B21F32 +VerifyRelease: 437D05B5|C0B21F32|991BC93C diff --git a/playbooks/roles/reprepro/files/ubuntu/config/updates b/playbooks/roles/reprepro/files/ubuntu/config/updates index dd61cb607f..dd3e7e13b0 100755 --- a/playbooks/roles/reprepro/files/ubuntu/config/updates +++ b/playbooks/roles/reprepro/files/ubuntu/config/updates @@ -4,7 +4,7 @@ Components: main universe UDebComponents: main Architectures: amd64 source GetInRelease: no -VerifyRelease: 437D05B5|C0B21F32 +VerifyRelease: 437D05B5|C0B21F32|991BC93C Name: ubuntu-security Method: http://security.ubuntu.com/ubuntu @@ -12,7 +12,7 @@ Components: main universe UDebComponents: main Architectures: amd64 source GetInRelease: no -VerifyRelease: 437D05B5|C0B21F32 +VerifyRelease: 437D05B5|C0B21F32|991BC93C Name: ubuntu-ports Method: http://ports.ubuntu.com/ubuntu-ports @@ -20,7 +20,7 @@ Components: main universe UDebComponents: main Architectures: arm64 source GetInRelease: no -VerifyRelease: 437D05B5|C0B21F32 +VerifyRelease: 437D05B5|C0B21F32|991BC93C Name: ubuntu-ports-security Method: http://ports.ubuntu.com/ubuntu-ports @@ -28,4 +28,4 @@ Components: main universe UDebComponents: main Architectures: arm64 source GetInRelease: no -VerifyRelease: 437D05B5|C0B21F32 +VerifyRelease: 437D05B5|C0B21F32|991BC93C diff --git a/playbooks/roles/reprepro/tasks/ubuntu.yaml b/playbooks/roles/reprepro/tasks/ubuntu.yaml index f3eab67c07..33b7bf425c 100644 --- a/playbooks/roles/reprepro/tasks/ubuntu.yaml +++ b/playbooks/roles/reprepro/tasks/ubuntu.yaml @@ -6,6 +6,7 @@ _keys: - { key_id: '40976EAF437D05B5', file: 'ubuntu.asc' } - { key_id: '3B4FE6ACC0B21F32', file: 'ubuntu-2012.asc' } + - { key_id: '871920D1991BC93C', file: 'ubuntu-2018.asc' } - name: Deploy Ubuntu Keys include_tasks: utils/keys.yaml