[pve-devel] [PATCH manager] aplinfo: see trusted keys as build product, always assembly
Thomas Lamprecht
t.lamprecht at proxmox.com
Wed Oct 16 11:05:36 CEST 2019
Don't track the binary trustedkeys.gpg but see it just as normal
build product with the armored keys as source.
This ensures we always ship those from TRUSTED_KEYS variable, not
more, not less.
Instead of the "gpg import+export in temporary home dir" just
de-armor and concatenate them our self, that's what happens anyway.
This could be even simplified by just using base64 -d on the pubkeys,
after the non base64 stuff was trimmed, that would omit our need for
gpg here completely.
Thanks to Wolfgang B. for giving the idea to just do simple stuff :)
Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---
aplinfo/Makefile | 26 ++++++--------------------
aplinfo/trustedkeys.gpg | Bin 3602 -> 0 bytes
2 files changed, 6 insertions(+), 20 deletions(-)
delete mode 100644 aplinfo/trustedkeys.gpg
diff --git a/aplinfo/Makefile b/aplinfo/Makefile
index 4b33bf1d..acd66372 100644
--- a/aplinfo/Makefile
+++ b/aplinfo/Makefile
@@ -19,26 +19,12 @@ update:
wget http://download.proxmox.com/images/aplinfo-pve-6.dat -O aplinfo.dat.tmp
mv aplinfo.dat.tmp aplinfo.dat
-# Default list of GPG keys allowed to sign aplinfo, generated with:
-# gpg --import-options show-only --import trustedkeys.gpg
-# pub rsa4096 2016-08-29 [SC] [expires: 2026-08-27]
-# 359E95965E2C3D643159CD300D9A1950E2EF0603
-# uid Proxmox Virtual Environment 5.x Release Key <proxmox-release at proxmox.com>
-#
-# pub rsa4096 2018-11-19 [SC] [expires: 2028-11-16]
-# 353479F83781D7F8ED5F5AC57BF2812E8A6E88E0
-# uid Proxmox Virtual Environment 6.x Release Key <proxmox-release at proxmox.com>
-#
-# pub rsa2048 2008-08-15 [SC] [expires: 2023-08-12]
-# 694CFF26795A29BAE07B4EB585C25E95A16EB94D
-# uid Turnkey Linux Release Key <release at turnkeylinux.com>
-trustedkeys.gpg: ${TRUSTED_KEYS}
- rm -Rf tempgpg
- mkdir tempgpg
- chmod 700 tempgpg
- gpg --fingerprint --batch --no-tty --homedir tempgpg --import ${TRUSTED_KEYS}
- gpg --batch --no-tty --homedir tempgpg --export > trustedkeys.gpg
+%.gpg: %.pubkey
+ gpg --dearmor -o $@ $<
+
+trustedkeys.gpg: ${TRUSTED_KEYS:.pubkey=.gpg}
+ cat $^ > $@
.PHONY: clean
clean:
- rm -rf *~ aplinfo.dat.gz aplinfo.dat.asc tempgpg
+ rm -rf *~ aplinfo.dat.gz aplinfo.dat.asc tempgpg *.gpg
diff --git a/aplinfo/trustedkeys.gpg b/aplinfo/trustedkeys.gpg
deleted file mode 100644
index 4711807d8117b701aa55ef71ba8c3c0d853d9098..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 3602
zcmb7`S2!G8yM|{*4`Gbnf+3=Wh;E23dT-H38PUrqF+`6t2vMR(38J^?61|tvOSBLZ
zqC|ucg5giT?0+A8M|&Txbv^6kx!(6)cP8j2zDe&$G!P8vE=9~P^_vDlZ4yrDSz3jW
z;uFUkVd08fMTHNK6t9A06Y4^!soA*LipM0^PJ<jR)vxB3al_8+Ty^LZ7xVdNXgKYI
zm#@8KZSJX+7r%SE%c71x_IQ;pPNo;zn^mkW0^Y=b&R$SpB=CMlISI+dt>OkHn;T_U
z2ywRiCECs4sNKM)?sxD5`JuF8Tt&stelC`iliLw{kz~-+mu8Eh_Ibn6(q#~Y&D751
z at aE~i?>yCvy68}qk9ZOHEG~IUw$E6{DcGM}Ul`8yvIF+(;QI*7f^h>iI(e8KG}~SS
zFzQ=XGCp>_>-J-6WS at 4qq$o#S+;C{!TedxCtz9aJI_T1x1sP3ZXkT83bpSyfNK|QM
zvzbGzL`};Il1mvO0w9^OvIJ>$?p^+p$P9&QkAb#NH0M;m1fQ_4#yCrP9NKgxqOcE0
zbl9CeB(j&o at 08#E9t4d+*EjeM5+l&FK<6*j7)dXQnRk<7DPj|e=3<8a@^PD1dt);o
z4c^2!8u9(aqQX(4c;D5273qh%B8*J)97S|ZQ+x6nUQ{}qugRZk`8VnXI*l-WY2Go<
zcT^buB}?e=$l$_7d|h!*BQn*m-1F^Q?w0-u|K6RM2Xj(aT@{?0n$-r55~PV6lk7=B
zKF^mdBvj_|w0Qy{OYZxs5G#Bx(JjG#)|vce03{FrY*5ohdic9}__G;1A$@#pT-lV}
z{hW{<?rsQoA2v||e>Q!DE5gPb!KQ&gu}ORW4f7-aUdsK?S-{T2O$H5;#is%i19%8P
ze<lpXghxOE8N&k*k&+M-;emjJG{hj18>INOAUq)G77#=i3b;W6zL~|KyKz8>2UDWB
z;;xX>8j7M6pn{N+ws>y~Cy7{x8$TOqivL)j>$<(AK$GFymlA%6+I12N2i1*72!)RR
z3?|!he^jnd4;sHze{ZKY`L*cu<?<Ot0H7DA!#9X6pr6!!m|m-X&#t1h9M||f=|N)8
zFWEHsR?d^`hTAoLEN`csm>tQa4=9+w(6Yf$qgTV8Ufa~-om;!<(12ibs6<_Jhk8Z8
zZEQ}9Ji}+W<aU7Yoiv_4qDZl_Q+u?9QVD4Bw55zUv6h{}O{lD>V$7)E0q!hWNfpe<
zxj(Tmqt6B17n7uT6QL}!Me=a#!zloFZ7-U5Yi=e|7AsW%%5tUYuEGuf;!{R$mnVkF
z2 at MTR5nadgCSPO4m616@yQJ^DRm$(reV;dKw+ZvHB(~`{&uz9aH>w<Bjew^B(C at Kx
zo;kz<YEiEn_Bk&G!|u(UO+AW6oh!<x*=2x!ExT9G+_}dD-FEJqc6d`7i2jCX9)Hv{
z#$%`iHS at n@c{0 at D?B}hB|Fh at jwgr=1=oTE6<W3q<!T4lkiyoJEG&g%T)}>Y)%dRL&
zHBJxP;%U9O%g7wywv>fo;iFrJu;TV_sB^KPM8 at CkOT5Sy>(2n|;Jwh{XP$WZs0FnX
zF>(bDi`GYKUe$7^3QIQ+HpSs|19m_8vOgmz$(#4L*M#A|tT6Cy@@Ij+W&Vbf`H|n%
zZ#b3LS6R`820xZnnTDV>+LIyCBOhGbTyhvL{m#hivfaM71;fTY0?r)jrI><InldVZ
zZS|hchg=ebT_K&lm3qTyTMlW(E3>D%FITd-RG6^z at Raik4=uB%K4jtcF8Xk31v4@=
zWWdL(tMewDW`C$RkVg?(($ov8^t<;;fx}vak?*8?Iu#$69a^mI!S2nMkO>|;N_VdK
z*%X=MDV=Yrf?yEr9-O8)wYO^{d5_mv>`(dqa>dFQTR`12?DWVe?ar6 at c9>-Mxf<p>
zgT6$)C80uQeFxo8p4v--2Z+n1M&G_?W0vF<F(8V3oQI1*@{dhVLJyl{v7-uuEdKZ}
zhA_|L6ayaG?XMal#`aLkyt}NK6r;}c+*m^LDiDUA!?F{P&4UQ<c-Bs#clCLVe^-j$
zTZd0H>o;WCpO&DkPY8(Yd>_xV$L#I}dIy&4<8Jd_6jp~n_dZirC%SXk2)tk+&nXZe
zQhm+XEyU?nXH0*zVora>qAxZhx$nw(Ds3mWTeera=q2?&I2;q5Uv+Nd`no-1draLh
zd(W%W#p=r6HWh$SJ+QBa=N6`EIrllJ?u)b$#_^>|>NGu!O=$#+Egcx8xhq_mxYG+P
zB{e>@T;ukH?QVQj9l|V^T5eZ=`@!JGu0TrB-3s>lk=11iPPM_q;0&sKmO}mya1#6f
z!O8F+ILXkm<BN)*&cwqO&i1X%`U8)`1Y+G|)(Jp=2Je5FMev7Npx?y$4J^>Vi1ptm
zlL#=NP>s%8$ERqS(-3xCdTVBxm0F$IgER>i>!1SU?QG-seDX3kZnH>6hKve_1f6SE
zcJZz>EkjA7T^Z}^O2JMWmq#Zho0yx;QhZ|p)aPX=tJ)HGR61d3ls<7fUf}Meac-vc
z8Zl)F^Utrah|TwYb`}>qIlZMB`?x|2vtB#o;h9ZmweJn#9lqL0y5v$Jw^2XQ?%e<Z
z$XhjgsaeOxC^5=U>rdxnKF19gNb4xy)nid9brS9Xiow28Jl~9Dd#1y)9Zpj#lcmSn
z-8mZmEplBZruMo6x*WAbo)Le8r=@z*s<ppJyvxD<u6u8Oa(Vvd%DX;@oc4NRlG=mP
zE;Ii|=NEX+vpc5Ay)!lZ&8KtH9|hV6dbG?#<w+Gxco66})s`no$DgsdURuiKjpkd9
z{vE%BkvGUFTl*_5c38heCAoSb_~jU>NC>=&vfQl9o0R1(0tz)B_}c50!ld-oj6{yO
z8Urf}QA0gj1T*Ug+o#XIE71z%63E$XI;vA=hPg+?+di^%Bk6C`b8UO7Y6R?Gc6~tH
zt~$M&jAJWDO2UT;EUAX8Ni)F0j^6{*#8|;#NPFQNw>YG|x)wYk`<^_(*|L-0MECH1
zD~fU7oG!CJ^+j^vaVL^pX8TBX!K(ve?SL at lAq&Yr!+&HN)k?t at 7N}+4d3j))3A~A~
zT5QGg``g=R<6Ri9rPwF8rV}KqBD`13JD=B?s at EEy7i<klZRZeVLa;3?qq~`UW?JD3
zWvwaGW?9+ipS2rxi<7L>d2$}JJlY$II*W(lXOFA~tU0n9>V18Cmb%Wobg{B3{+v8c
z<B~I;6TBMUyKz2r{-Mzw(;~N3lOy)(C^qAMLj)mXZp;q;X~ST|!#oJHZ3Vn>^>(Wx
zN<YI at 1hS*f at UwGrIEL1#zCn9#!mK*8IdCgCJ92&G7Lz5bjK;FyIG<em(XCQ={$ogI
z)~k~#86X&h*%fp1RvzMbvVx>T#<o&36bRlp(#*)$7dgIHAv4~S{robeF1aRF<)$ms
z8NB=N#)=sFBHdkntAeJJyYIi`;lI-0^Ecx9C-K)DfXw({AP7K608(=?t^K0~ZeP=8
zY9EI#GK~>kTgl024$>;dG+e6NV(;@D8()RbEapiK(v}du?A$!~U@>r4_V&+Lk~Lvv
z(@~kyiB)@@L$wrCHZk7wPd!JWTB6mn;YV|l>2^1BAF~3ovT{wrz4PMp1-9Ra<>a?O
zDI<A~5-v<6gU}%kPTlneyS1m`a1yVo?N|EWyzZCX4pK97D)Amj&(vJ_TH13RMi`+~
z&<Agrf at dlCMVA=jDXPy4xox^!3OUH0EVrH?|KNCj%0nJ68lNjEcUh!D6B5QSeev~;
zGzv_uBu5gbsxbrb5KiynC4JKjy|btdj+70;2#z}~I?<KflPtKR*LVS~U6Vs9$wmBF
zyhzfMYDNF9hw5)Vs>N{UKlOAS0UD{(>&a~8h^`gie}01KZ)<m^IcA2yBuF%c68w*0
zr18`eUcR+b4d5cGu?$7*DdS{epcvczV;SNL8(oe0#}!b3mQA at RmPMW9TVY1|!NQA;
zw8sj&d`rxGm`|(uKUHor1(FID2uqnnbk)YDe8RvM2#RABcDV+!_fLJ`^7mq!KI&J;
zY=b3Eu5|N*-SKd!xm?UibgJ&pnhc?|0f|im5;w<zgfr`dl0z1Sb*c2}F%RR)>g8ci
z*xMC1E9#o}b|8^Li*eq${%ay8U!IM9BUS><nl{Z at Zu^y-!Gw%no0hfS3FA74jvWjk
z;K?*c!{Kd)p9oTegl_qPr>094fn-Yxn)qm-^gs1*5rF=z;y(;$7QzoD{Og_gG$3NU
ze<3`w$LeK)d#e`a7twVvqlG+G29XwvL7m9mR~xeFg1Vq#RMQr(fkQrrWBD+{dTK}1
zWeXs)t_~Nkx2UNnbg6?^H~d2}5zT6K#q(@M!a8B5TUlI!W<_pEIb`9 at n$W{VTfFZo
zl?)*aIWC~0&4RA&u)^fEO0#gsJ5?VE=$z=cT1}{5Xhvt4_~_g&j#pI`;cV|I;{1|2
zp77Z=lsyV^DSsr8y^+vTWdfr#ww(}~9Y5&}70#-luC#qywH94311wV}7P|CSCVf3~
z*VK#ak`U{_Kq=I$Vd$$wV5<0<cq8*EWOc(}Ao6uw09HDf(MxsD<8xJa+tyCV>9GC=
Rix++R=8o1)=mCG?e*oAxmBj!6
--
2.20.1
More information about the pve-devel
mailing list