setup-cpp/packages/setup-apt/src/apt-key.ts

import { execRoot, execRootSync } from "admina"
import { warning } from "ci-log"
import { execa } from "execa"
import { pathExists } from "path-exists"
import { installAptPack } from "./install.js"

function initGpg() {
  execRootSync("gpg", ["-k"])
}

/**
 * Add an apt key via a keyserver
 * @param keys The keys to add
 * @param name The name of the key
 * @param server The keyserver to use (Defaults to `keyserver.ubuntu.com`)
 * @returns The file name of the key that was added or `undefined` if it failed
 */
export async function addAptKeyViaServer(keys: string[], name: string, server = "keyserver.ubuntu.com") {
  try {
    const fileName = `/etc/apt/trusted.gpg.d/${name}`
    if (!(await pathExists(fileName))) {
      initGpg()

      await Promise.all(
        keys.map(async (key) => {
          await execRoot("gpg", [
            "--no-default-keyring",
            "--keyring",
            `gnupg-ring:${fileName}`,
            "--keyserver",
            server,
            "--recv-keys",
            key,
          ])
          await execRoot("chmod", ["644", fileName])
        }),
      )
    }
    return fileName
  } catch (err) {
    warning(`Failed to add apt key via server ${server}: ${err}`)
    return undefined
  }
}

/**
 * Add an apt key via a download
 * @param name The name of the key
 * @param url The URL of the key
 * @returns The file name of the key that was added
 */
export async function addAptKeyViaDownload(name: string, url: string) {
  const fileName = `/etc/apt/trusted.gpg.d/${name}`
  if (!(await pathExists(fileName))) {
    initGpg()
    await installAptPack([{ name: "curl" }, { name: "ca-certificates" }], undefined)
    await execa("curl", ["-s", url, "-o", `/tmp/${name}`])
    execRootSync("gpg", ["--no-default-keyring", "--keyring", `gnupg-ring:${fileName}`, "--import", `/tmp/${name}`])
    execRootSync("chmod", ["644", fileName])
  }
  return fileName
}
refactor: refactor and add docs for setup-apt functions 2024-08-16 17:13:47 +08:00			`import { execRoot, execRootSync } from "admina"`
			`import { warning } from "ci-log"`
			`import { execa } from "execa"`
			`import { pathExists } from "path-exists"`
			`import { installAptPack } from "./install.js"`

			`function initGpg() {`
			`execRootSync("gpg", ["-k"])`
			`}`

			`/**`
			`* Add an apt key via a keyserver`
			`* @param keys The keys to add`
			`* @param name The name of the key`
			* @param server The keyserver to use (Defaults to `keyserver.ubuntu.com`)
			* @returns The file name of the key that was added or `undefined` if it failed
			`*/`
			`export async function addAptKeyViaServer(keys: string[], name: string, server = "keyserver.ubuntu.com") {`
			`try {`
			const fileName = `/etc/apt/trusted.gpg.d/${name}`
			`if (!(await pathExists(fileName))) {`
			`initGpg()`

			`await Promise.all(`
			`keys.map(async (key) => {`
			`await execRoot("gpg", [`
			`"--no-default-keyring",`
			`"--keyring",`
			`gnupg-ring:${fileName}`,
			`"--keyserver",`
			`server,`
			`"--recv-keys",`
			`key,`
			`])`
			`await execRoot("chmod", ["644", fileName])`
			`}),`
			`)`
			`}`
			`return fileName`
			`} catch (err) {`
			warning(`Failed to add apt key via server ${server}: ${err}`)
			`return undefined`
			`}`
			`}`

			`/**`
			`* Add an apt key via a download`
			`* @param name The name of the key`
			`* @param url The URL of the key`
			`* @returns The file name of the key that was added`
			`*/`
			`export async function addAptKeyViaDownload(name: string, url: string) {`
			const fileName = `/etc/apt/trusted.gpg.d/${name}`
			`if (!(await pathExists(fileName))) {`
			`initGpg()`
			`await installAptPack([{ name: "curl" }, { name: "ca-certificates" }], undefined)`
			await execa("curl", ["-s", url, "-o", `/tmp/${name}`])
			execRootSync("gpg", ["--no-default-keyring", "--keyring", `gnupg-ring:${fileName}`, "--import", `/tmp/${name}`])
			`execRootSync("chmod", ["644", fileName])`
			`}`
			`return fileName`
			`}`