From 8490bc1434b04e0b0176ab612323c86dfa282a62 Mon Sep 17 00:00:00 2001 From: Alexander Grund Date: Sun, 15 Oct 2023 19:12:19 +0200 Subject: [PATCH 1/3] Add wrapper scripts for adding apt repositories and keys - Improve error reporting (previous version always succeeded) - Handle keyserver URLs --- .github/workflows/ci.yml | 15 ++++----------- ci/add-apt-keys.sh | 35 +++++++++++++++++++++++++++++++++++ ci/add-apt-repositories.sh | 25 +++++++++++++++++++++++++ 3 files changed, 64 insertions(+), 11 deletions(-) create mode 100755 ci/add-apt-keys.sh create mode 100755 ci/add-apt-repositories.sh diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d18ffe1..a4af991 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -161,17 +161,10 @@ jobs: SOURCES=(${{join(matrix.sources, ' ')}}) # Add this by default SOURCES+=(ppa:ubuntu-toolchain-r/test) - for key in "${SOURCE_KEYS[@]}"; do - for i in {1..$NET_RETRY_COUNT}; do - keyfilename=$(basename -s .key $key) - curl -sSL --retry ${NET_RETRY_COUNT:-5} "$key" | sudo gpg --dearmor > /etc/apt/trusted.gpg.d/${keyfilename} && break || sleep 10 - done - done - for source in "${SOURCES[@]}"; do - for i in {1..$NET_RETRY_COUNT}; do - sudo add-apt-repository $source && break || sleep 10 - done - done + + ci/add-apt-keys.sh "${SOURCE_KEYS[@]}" + ci/add-apt-repositories.sh "${SOURCES[@]}" + sudo apt-get -o Acquire::Retries=$NET_RETRY_COUNT update if [[ -z "${{matrix.install}}" ]]; then pkgs="${{matrix.compiler}}" diff --git a/ci/add-apt-keys.sh b/ci/add-apt-keys.sh new file mode 100755 index 0000000..e5e8079 --- /dev/null +++ b/ci/add-apt-keys.sh @@ -0,0 +1,35 @@ +#! /bin/bash +# +# Copyright 2023 Alexander Grund +# Distributed under the Boost Software License, Version 1.0. +# (See accompanying file LICENSE_1_0.txt or copy at +# http://www.boost.org/LICENSE_1_0.txt) +# +# Add APT keys +# - Each argument should be a key URL +# - $NET_RETRY_COUNT is the amount of retries attempted + +set -eu + +function do_add_key +{ + key_url=$1 + # If a keyserver URL (e.g. http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x1E9377A2BA9EF27F) + # use the hash as the filename, + # else assume the URL contains a filename, e.g. https://apt.llvm.org/llvm-snapshot.gpg.key + if [[ "$key_url" =~ .*keyserver.*search=0x([A-F0-9]+) ]]; then + keyfilename="${BASH_REMATCH[1]}.key" + else + keyfilename=$(basename -s .key "$key_url") + fi + echo -e "\tDownloading APT key from '$key_url' to '$keyfilename'" + for i in {1..${NET_RETRY_COUNT:-3}}; do + curl -sSL --retry ${NET_RETRY_COUNT:-5} "$key_url" | sudo gpg --dearmor > /etc/apt/trusted.gpg.d/${keyfilename} && return 0 || sleep 10 + done + + return 1 # Failed +} + +for key_url in "$@"; do + do_add_key "$key_url" +done diff --git a/ci/add-apt-repositories.sh b/ci/add-apt-repositories.sh new file mode 100755 index 0000000..073ce9b --- /dev/null +++ b/ci/add-apt-repositories.sh @@ -0,0 +1,25 @@ +#! /bin/bash +# +# Copyright 2023 Alexander Grund, Sam Darwin +# Distributed under the Boost Software License, Version 1.0. +# (See accompanying file LICENSE_1_0.txt or copy at +# http://www.boost.org/LICENSE_1_0.txt) +# +# Add APT keys, i.e. wrapper around add-apt-repository +# - Each argument should be a repository name +# - $NET_RETRY_COUNT is the amount of retries attempted + +set -eu + +function do_add_repository { + name=$1 + echo -e "\tAdding repository $name" + for i in {1..${NET_RETRY_COUNT:-3}}; do + sudo -E apt-add-repository -y "$name" && return 0 || sleep 10; + done + return 1 # Failed +} + +for repo_name in "$@"; do + do_add_repository "$repo_name" +done From f0dde3ff53690f1f89ec126d2ddf98d523f1e159 Mon Sep 17 00:00:00 2001 From: Alexander Grund Date: Sun, 15 Oct 2023 19:14:18 +0200 Subject: [PATCH 2/3] GHA: Download ubuntu-toolchain key by default --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a4af991..3d87f88 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -160,6 +160,7 @@ jobs: SOURCE_KEYS=(${{join(matrix.source_keys, ' ')}}) SOURCES=(${{join(matrix.sources, ' ')}}) # Add this by default + SOURCE_KEYS+=('http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x1E9377A2BA9EF27F') SOURCES+=(ppa:ubuntu-toolchain-r/test) ci/add-apt-keys.sh "${SOURCE_KEYS[@]}" From 54d6a3e52410a3a04c31908e5556492bf535c8dd Mon Sep 17 00:00:00 2001 From: Alexander Grund Date: Sun, 15 Oct 2023 19:29:36 +0200 Subject: [PATCH 3/3] Fix permission error when writing APT key --- ci/add-apt-keys.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/add-apt-keys.sh b/ci/add-apt-keys.sh index e5e8079..3f6e2e1 100755 --- a/ci/add-apt-keys.sh +++ b/ci/add-apt-keys.sh @@ -24,7 +24,7 @@ function do_add_key fi echo -e "\tDownloading APT key from '$key_url' to '$keyfilename'" for i in {1..${NET_RETRY_COUNT:-3}}; do - curl -sSL --retry ${NET_RETRY_COUNT:-5} "$key_url" | sudo gpg --dearmor > /etc/apt/trusted.gpg.d/${keyfilename} && return 0 || sleep 10 + curl -sSL --retry ${NET_RETRY_COUNT:-5} "$key_url" | sudo gpg --dearmor -o "/etc/apt/trusted.gpg.d/${keyfilename}" && return 0 || sleep 10 done return 1 # Failed