From 240856956606585113f4c76fc55d3a5645f7230a Mon Sep 17 00:00:00 2001
From: Steven DuChene <steven.a.duchene@hp.com>
Date: Thu, 27 Mar 2014 15:49:43 -0600
Subject: [PATCH] Add ability to add extra apt keys

Adds an environment variable DIB_ADD_APT_KEYS pointing to a folder of
apt repo GPG keys. Each key will be verified and installed with apt-key
to the apt keyring.

Change-Id: I4b15347a76aa3241e741931bb94f17598641ae42
---
 elements/dpkg/README.md                     |  4 +++
 elements/dpkg/extra-data.d/01-copy-apt-keys | 37 +++++++++++++++++++++
 elements/dpkg/pre-install.d/02-add-apt-keys | 33 ++++++++++++++++++
 3 files changed, 74 insertions(+)
 create mode 100755 elements/dpkg/extra-data.d/01-copy-apt-keys
 create mode 100755 elements/dpkg/pre-install.d/02-add-apt-keys

diff --git a/elements/dpkg/README.md b/elements/dpkg/README.md
index c4e725914..b204d425d 100644
--- a/elements/dpkg/README.md
+++ b/elements/dpkg/README.md
@@ -6,3 +6,7 @@ HTTP proxy when installing packages. These customisations live here, where they
 can be used by any dpkg based element.
 
 The dpkg specific version of install-packages is also kept here.
+
+If an extra or updated apt key is needed then define DIB\_ADD\_APT\_KEYS with
+the path to a folder. Any key files inside will be added to the key ring before
+any apt-get commands take place.
diff --git a/elements/dpkg/extra-data.d/01-copy-apt-keys b/elements/dpkg/extra-data.d/01-copy-apt-keys
new file mode 100755
index 000000000..27607e004
--- /dev/null
+++ b/elements/dpkg/extra-data.d/01-copy-apt-keys
@@ -0,0 +1,37 @@
+#!/bin/bash
+#
+# Copyright 2014 Hewlett-Packard Development Company, L.P.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+set -eu
+set -o pipefail
+
+DIB_ADD_APT_KEYS=${DIB_ADD_APT_KEYS:-""}
+if [ -z "${DIB_ADD_APT_KEYS}" ]; then
+    echo "DIB_ADD_APT_KEYS is not set - not importing keys"
+    exit 0
+fi
+
+DIR=${TMP_MOUNT_PATH}/tmp/apt_keys
+if [ -e ${DIR} ]; then
+    echo "${DIR} already exists!"
+    exit 1
+fi
+sudo mkdir -p ${DIR}
+
+# Copy to DIR
+for KEY in $(find ${DIB_ADD_APT_KEYS} -type f); do
+    sudo cp -L ${KEY} ${DIR}
+done
diff --git a/elements/dpkg/pre-install.d/02-add-apt-keys b/elements/dpkg/pre-install.d/02-add-apt-keys
new file mode 100755
index 000000000..592105587
--- /dev/null
+++ b/elements/dpkg/pre-install.d/02-add-apt-keys
@@ -0,0 +1,33 @@
+#!/bin/bash
+#
+# Copyright 2014 Hewlett-Packard Development Company, L.P.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+set -eu
+set -o pipefail
+
+KEY_DIRECTORY=/tmp/apt_keys
+if [ ! -d "${KEY_DIRECTORY}" ]; then
+    exit 0
+fi
+
+for KEY in ${KEY_DIRECTORY}/*; do
+    if ! file -b "${KEY}" | grep -q 'PGP public key block'; then
+        echo "Skipping ${KEY}, not a valid GPG public key"
+        continue
+    fi
+
+    apt-key add ${KEY}
+done