Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-36273

Debian/Ubuntu "all debs" setup_repository script still uses deprecated apt-key tool

Details

    • Bug
    • Status: Confirmed (View Workflow)
    • Major
    • Resolution: Unresolved
    • 10.6, 11.4
    • 10.6, 11.4
    • Packaging, Scripts & Clients
    • None
    • Actually affects pretty much all contemporary Debian and Ubuntu releases

    Description

      Currently when trying to set up a local apt repository using the "all deb packages" tarball and the included setup-repository script there's a warning about "apt-key add" being deprecated, and about to be removed completely in the future.

      New approach is to not register package signing keys globally, but to have them explicitly listed as [signed-by=...path_to_gpg_keyfile...] in the repository entries in apt sources list files.

      Proposed patch (also includes fixes from MDEV-26276):

      --- old/setup_repository	2025-03-11 14:57:57.241921883 +0000
      		 
      +++ new/setup_repository	2025-03-11 15:24:49.137054071 +0000
      		 
      @@ -1,6 +1,7 @@
      		 
       #!/usr/bin/env bash
      		 
       
       file=/etc/apt/sources.list.d/mariadb.list
      		 
      +keybase=MariaDB-C74CD1D8-public
      		 
       install_cmd='apt-get update && apt-get install mariadb-server'
      		 
       
       err() {
      		 
      @@ -24,19 +25,19 @@
      		 
         err 'Could not find a "Packages" file. Please change to the top level directory of the unpacked archive and re-run this script.'
      		 
       fi
      		 
       
      +if ! gpg --yes --dearmor -o "$dir/$keybase.gpg" "$dir/$keybase.asc";then
      		 
      +  err 'Could not convert signing key.'
      		 
      +fi
      		 
      +
      		 
       if [[ -e $file ]] ; then
      		 
      -  err 'File "%s" already exists. Rename it and re-run this script, or manually create a new .repo file.' "$file"
      		 
      +  err 'File "%s" already exists. Rename it and re-run this script, or manually create a new .list file.' "$file"
      		 
       fi
      		 
       
       if ! cat > "$file" <<EoF
      		 
      -deb file://$dir ./
      		 
      +deb [signed-by=$dir/$keybase.gpg] file://$dir ./
      		 
       EoF
      		 
         then
      		 
         err 'Could not create "%s". Please investigate and re-run this script.' "$file"
      		 
       fi
      		 
       
      -if ! apt-key add MariaDB-C74CD1D8-public.asc;then
      		 
      -  err 'Could not import signing key.'
      		 
      -fi
      		 
      -
      		 
       printf 'Repository file successfully created! Please install MariaDB Server with this command:\n\n   %s\n\n' "$install_cmd"

      As an alternative to make things even easier we could also consider to bundle the public key directly in gpg instead of asc format, which would make things work even on systems where the gpg tool is not installed.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-36272 setup_repository script for Debian platforms not working when following README instructions

          • Major - Major loss of function.
          • Confirmed

          Activity

            People

              dbart Daniel Bartholomew
              hholzgra Hartmut Holzgraefe
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.