diff --git a/plugins/config/repository.yaml b/plugins/config/repository.yaml index 27b431f..a6ae3c6 100644 --- a/plugins/config/repository.yaml +++ b/plugins/config/repository.yaml @@ -2,6 +2,7 @@ repositories: - name: osrf key: D2486D2DD83DB69272AFE98867170598AF249743 + key_url: https://packages.osrfoundation.org/gazebo.gpg linux_distro: ubuntu types: - name: stable @@ -12,6 +13,7 @@ repositories: url: http://packages.osrfoundation.org/gazebo/ubuntu-nightly - name: osrf key: D2486D2DD83DB69272AFE98867170598AF249743 + key_url: https://packages.osrfoundation.org/gazebo.gpg linux_distro: debian types: - name: stable diff --git a/plugins/repository.py b/plugins/repository.py index 3a1235d..64a6b31 100644 --- a/plugins/repository.py +++ b/plugins/repository.py @@ -19,11 +19,13 @@ --version Show gzdev's version """ +import os import pathlib import re import subprocess import sys -from os.path import isfile +import urllib.error +import urllib.request from docopt import docopt @@ -86,6 +88,14 @@ def get_repo_key(repo_name, config): error('No key in repo: ' + repo_name) +def get_repo_key_url(repo_name, config): + for p in config['repositories']: + if p['name'] == repo_name: + return p['key_url'] + + error('No key in repo: ' + repo_name) + + def get_repo_url(repo_name, repo_type, config): for p in config['repositories']: if p['name'] == repo_name and p['linux_distro'].lower() == get_linux_distro(): @@ -102,10 +112,42 @@ def get_sources_list_file_path(repo_name, repo_type): return directory + '/' + filename -def install_key(key): - _check_call(['apt-key', 'adv', - '--keyserver', 'keyserver.ubuntu.com', - '--recv-keys', key]) +def key_filepath(repo_name, repo_type): + return f"/usr/share/keyrings/{repo_name}_{repo_type}.gpg" + + +def assert_key_in_file(key, key_path): + output = subprocess.check_output( + ['gpg', '--show-keys', key_path]) + + print(output.decode("ascii")) + if key not in output.decode("ascii"): + error(f"Key {key} was not found in file {key_path}") + + +def download_key(repo_name, repo_type, key_url): + key_path = key_filepath(repo_name, repo_type) + if os.path.exists(key_path): + warn(f"keyring gpg file already exists in the system: {key_path}\n" + "Overwritting to grab the new one.") + os.remove(key_path) + try: + response = urllib.request.urlopen(key_url) + if response.code == 200: + with open(key_path, "wb") as file: + file.write(response.read()) + else: + error(response.code) + except urllib.error.HTTPError as e: + error(f"HTTPError: {e.code}") + except urllib.error.URLError as e: + error(f"URLError: {e.reason}") + + return key_path + + +def remove_deprecated_apt_key(key): + _check_call(['apt-key', 'del', key]) def run_apt_update(): @@ -120,26 +162,29 @@ def install_repos(project_list, config, linux_distro): def install_repo(repo_name, repo_type, config, linux_distro): url = get_repo_url(repo_name, repo_type, config) key = get_repo_key(repo_name, config) - # if not linux_distro provided, try to guess it - if not linux_distro: - linux_distro = distro.codename() - content = 'deb ' + url + ' ' + linux_distro + ' main\n' - full_path = get_sources_list_file_path(repo_name, repo_type) + key_url = get_repo_key_url(repo_name, config) - if isfile(full_path): - warn('gzdev file with the repositoy already exists in the system\n[' + full_path + ']') - return + try: + key_path = download_key(repo_name, repo_type, key_url) + assert_key_in_file(key, key_path) - install_key(key) + # if not linux_distro provided, try to guess it + if not linux_distro: + linux_distro = distro.codename() + + content = f"deb [signed-by={key_path}] {url} {linux_distro} main" + full_path = get_sources_list_file_path(repo_name, repo_type) + if os.path.isfile(full_path): + warn("gzdev file with the repositoy already exists in the system:" + f"{full_path}. \n Overwritting to use new signed-by.") - try: f = open(full_path, 'w') f.write(content) f.close() - except PermissionError: - print('No permissiong to install ' + full_path + '. Run the script with sudo.') - run_apt_update() + run_apt_update() + except PermissionError: + print('No permissiong to make system file modifications. Run the script with sudo.') def disable_repo(repo_name):