forked from evolix/ansible-roles
33 lines
1 KiB
Bash
33 lines
1 KiB
Bash
#!/bin/sh
|
|
|
|
# Move apt repository key from /etc/apt/trusted.gpg.d/ to /etc/apt/keyrings/ and add "signed-by" tag in source list
|
|
#
|
|
# Example: move-apt-keyrings.sh http://repo.mongodb.org/apt/debian mongodb-server-[0-9\\.]+.asc
|
|
|
|
repository_pattern=$1
|
|
key=$2
|
|
|
|
found_files=$(grep --files-with-matches --recursive --extended-regexp "${repository_pattern}" "/etc/apt/sources.list.d/*.list")
|
|
|
|
old_key_file="/etc/apt/trusted.gpg.d/${key}"
|
|
new_key_file="/etc/apt/keyrings/${key}"
|
|
|
|
for file in ${found_files}; do
|
|
if ! grep --quiet "signed-by" "${file}"; then
|
|
signed_by="signed-by=${new_key_file}"
|
|
if grep --quiet "deb(-src)? \[" "${file}"; then
|
|
sed -i "s@deb\(-src\)\? \[\([^]]\+\)\]@deb\1 [\2 ${signed_by}]@" "${file}"
|
|
else
|
|
sed -i "s@deb\(-src\)\? @deb\1 [${signed_by}] @" "${file}"
|
|
fi
|
|
fi
|
|
done
|
|
|
|
if [ -f "${old_key_file}" ] && [ ! -f "${new_key_file}" ]; then
|
|
mv "${old_key_file}" "${new_key_file}"
|
|
fi
|
|
if [ -f "${new_key_file}" ]; then
|
|
chmod 644 "${new_key_file}"
|
|
chown root: "${new_key_file}"
|
|
fi
|