Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Does this support adding a ppa using gpg? #98

Open
rschwiebert opened this issue Jun 12, 2022 · 4 comments
Open

Does this support adding a ppa using gpg? #98

rschwiebert opened this issue Jun 12, 2022 · 4 comments

Comments

@rschwiebert
Copy link

What I'd like to do is install souffle on my node. Following the souffle docs, one would do this:

sudo wget https://souffle-lang.github.io/ppa/souffle-key.public -O /usr/share/keyrings/souffle-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/souffle-archive-keyring.gpg] https://souffle-lang.github.io/ppa/ubuntu/ stable main" | sudo tee /etc/apt/sources.list.d/souffle.list
sudo apt update
sudo apt install souffle

I haven't been able to find any examples of Aptfiles that seem to reflect this situation. Advice? Thanks in advance...
@rschwiebert rschwiebert mentioned this issue Apr 17, 2023
Open
@rschwiebert
Copy link
Author

rschwiebert commented Apr 29, 2023
edited
Loading

Finally got a chance to research my problems here. From what I've learned in the code, I see now how it grabs ascii armored keys and stores them. It seems, though, in my case, the key is only available as the unarmored binary. Looks like I may have to use a fork of my own to handle a case like that... Aha, I just found their ascii key version. Might be good here.

@tim-schilling
Copy link

@rschwiebert do you mind elaborating?

@rschwiebert
Copy link
Author

Once I figured out that souffle had a (not easily discovered) direct link I could use in the Aptfile, I found that I could use this. Otherwise I would not have known how to accomplish what is done in the grey box at the top.

@tim-schilling
Copy link

For any future reader here's what I did to install libraries using a gpg keyring. I didn't make it generic since I changed my approach and no longer needed this.

In your fork's compile script before the repos are parsed, pull the keyring down for the package you need. This one is for tailscale. I put it in /app/ which should be $BUILD_DIR too. This should be cleaned up.

topic "Add tailscale keyring"
# Add Tailscale's GPG key
mkdir -p --mode=0755 /app/share/keyrings
curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.noarmor.gpg | tee /app/share/keyrings/tailscale-archive-keyring.gpg >/dev/null

Since we're putting the response into a specific file, we can't use the listed package. https://pkgs.tailscale.com/stable/ubuntu/jammy.tailscale-keyring.list Click this link and you'll find

# Tailscale packages for ubuntu jammy
deb [signed-by=/usr/share/keyrings/tailscale-archive-keyring.gpg] https://pkgs.tailscale.com/stable/ubuntu jammy main

The signed-by needs to point to our /app/ path.

This means that our Aptfile needs to include the following line:

:repo:deb [signed-by=/app/share/keyrings/tailscale-archive-keyring.gpg] https://pkgs.tailscale.com/stable/ubuntu jammy main

Where /app/share/keyrings/tailscale-archive-keyring.gpg matches the earlier filepath in the | tee command.

@EtienneM EtienneM mentioned this issue Oct 8, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tim-schilling @rschwiebert