-
Notifications
You must be signed in to change notification settings - Fork 20
/
gpgvnoexpkeysig
executable file
·54 lines (50 loc) · 2.14 KB
/
gpgvnoexpkeysig
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#!/bin/sh
#
# This script is in the public domain
#
# Author: Johannes Schauer Marin Rodrigues <[email protected]>
#
# This is a wrapper around gpgv as invoked by apt. It turns EXPKEYSIG results
# from gpgv into GOODSIG results. This is necessary for apt to access very old
# timestamps from snapshot.debian.org for which the GPG key is already expired:
#
# Get:1 http://snapshot.debian.org/archive/debian/20150106T000000Z unstable InRelease [242 kB]
# Err:1 http://snapshot.debian.org/archive/debian/20150106T000000Z unstable InRelease
# The following signatures were invalid: EXPKEYSIG 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) <[email protected]>
# Reading package lists...
# W: GPG error: http://snapshot.debian.org/archive/debian/20150106T000000Z unstable InRelease: The following signatures were invalid: EXPKEYSIG 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) <[email protected]>
# E: The repository 'http://snapshot.debian.org/archive/debian/20150106T000000Z unstable InRelease' is not signed.
#
# How to use this script depends on the APT version, in particular of whether your version has this patch https://salsa.debian.org/apt-team/apt/-/commit/12841e8320aa499554ac50b102b222900bb1b879:
#
# 1. On apt 1.0 or lower, call apt with
# -o Apt::Key::gpgvcommand=/usr/libexec/mmdebstrap/gpgvnoexpkeysig
#
# 2. On apt 1.1 or higher, call apt with
# -o Dir::Bin::gpg=/usr/libexec/mmdebstrap/gpgvnoexpkeysig
#
# Scripts doing similar things can be found here:
#
# * debuerreotype as /usr/share/debuerreotype/scripts/.gpgv-ignore-expiration.sh
# * derivative census: salsa.d.o/deriv-team/census/-/blob/master/bin/fakegpgv
set -eu
find_gpgv_status_fd() {
while [ "$#" -gt 0 ]; do
if [ "$1" = '--status-fd' ]; then
echo "$2"
return 0
fi
shift
done
# default fd is stdout
echo 1
}
GPGSTATUSFD="$(find_gpgv_status_fd "$@")"
case $GPGSTATUSFD in
''|*[!0-9]*)
echo "invalid --status-fd argument" >&2
exit 1
;;
esac
# we need eval because we cannot redirect a variable fd
eval 'exec gpgv "$@" '"$GPGSTATUSFD"'>&1 | sed "s/^\[GNUPG:\] EXPKEYSIG /[GNUPG:] GOODSIG /" >&'"$GPGSTATUSFD"