feat: support add apt key via download or from a server

2022-07-27 20:14:37 -07:00 · 2022-07-27 20:14:37 -07:00 · d204be83ac
parent 5183c0d6d4
commit d204be83ac
8 changed files with 48 additions and 42 deletions
--- a/cspell.config.yaml
+++ b/cspell.config.yaml
@ -12,6 +12,9 @@ words:
  - aarch
  - aminya
  - applellvm
+  - bazel
+  - copr
+  - vbatts
  - buildtools
  - caxa
  - ccache
--- a/dist/setup_cpp.js
+++ b/dist/setup_cpp.js
--- a/dist/setup_cpp.js.map
+++ b/dist/setup_cpp.js.map
--- a/dist/setup_cpp.mjs
+++ b/dist/setup_cpp.mjs
--- a/dist/setup_cpp.mjs.map
+++ b/dist/setup_cpp.mjs.map
--- a/src/bazel/bazel.ts
+++ b/src/bazel/bazel.ts
@ -1,4 +1,4 @@
-import { setupAptPack } from "../utils/setup/setupAptPack"
+import { addAptKeyViaDownload, setupAptPack } from "../utils/setup/setupAptPack"
 import { setupBrewPack } from "../utils/setup/setupBrewPack"
 import { setupChocoPack } from "../utils/setup/setupChocoPack"
 import { isArch } from "../utils/env/isArch"
@ -26,14 +26,13 @@ export async function setupBazel(version: string, _setupDir: string, _arch: stri
        return setupDnfPack("bazel4", undefined)
      } else if (isUbuntu()) {
        // https://bazel.build/install/ubuntu
+        const keyFileName = await addAptKeyViaDownload(
+          "bazel-archive-keyring.gpg",
+          "https://bazel.build/bazel-release.pub.gpg"
+        )
        execSudo("bash", [
          "-c",
-          "wget -qO - https://bazel.build/bazel-release.pub.gpg | gpg --dearmor >bazel-archive-keyring.gpg > /dev/null",
-        ])
-        execSudo("bash", ["-c", "mv bazel-archive-keyring.gpg /usr/share/keyrings"])
-        execSudo("bash", [
-          "-c",
-          'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/bazel-archive-keyring.gpg] https://storage.googleapis.com/bazel-apt stable jdk1.8" | sudo tee /etc/apt/sources.list.d/bazel.list',
+          `echo "deb [arch=amd64 signed-by=${keyFileName}] https://storage.googleapis.com/bazel-apt stable jdk1.8" | tee /etc/apt/sources.list.d/bazel.list`,
        ])
        return setupAptPack("bazel", version, [], true)
      }
--- a/src/nala/nala.ts
+++ b/src/nala/nala.ts
@ -2,7 +2,7 @@ import { dirname } from "path"
 import which from "which"
 import { isUbuntu } from "../utils/env/isUbuntu"
 import { execSudo } from "../utils/exec/sudo"
-import { setupAptPack } from "../utils/setup/setupAptPack"
+import { addAptKeyViaDownload, setupAptPack } from "../utils/setup/setupAptPack"

 let binDir: string | undefined

@ -22,15 +22,11 @@ export async function setupNala(version: string, _setupDir: string, _arch: strin
  }

  // https://github.com/volitank/nala#-installation
-  await setupAptPack("wget")
-  execSudo("/bin/bash", [
-    "-c",
-    `wget -qO - https://deb.volian.org/volian/scar.key | tee /etc/apt/trusted.gpg.d/volian-archive-scar-unstable.gpg > /dev/null`,
-  ])
-  execSudo("/bin/bash", [
-    "-c",
-    `echo "deb http://deb.volian.org/volian/ scar main" | tee /etc/apt/sources.list.d/volian-archive-scar-unstable.list`,
-  ])
+  const keyFileName = await addAptKeyViaDownload(
+    "volian-archive-scar-unstable.gpg",
+    "https://deb.volian.org/volian/scar.key"
+  )
+  execSudo("/bin/bash", ["-c", `echo "deb http://deb.volian.org/volian/ scar main" | tee ${keyFileName}`])

  try {
    if (version !== "legacy") {
--- a/src/utils/setup/setupAptPack.ts
+++ b/src/utils/setup/setupAptPack.ts
@ -2,7 +2,6 @@
 import { InstallationInfo } from "./setupBin"
 import { execSudo } from "../exec/sudo"
 import { info } from "@actions/core"
-import { warning } from "../io/io"
 import { isGitHubCI } from "../env/isCI"
 import { addEnv, cpprc_path, setupCppInProfile } from "../env/addEnv"
 import { appendFileSync, existsSync } from "fs"
@ -18,10 +17,10 @@ export async function setupAptPack(
  repositories: string[] = [],
  update = false
 ): Promise<InstallationInfo> {
-  info(`Installing ${name} ${version ?? ""} via apt`)
-
  const apt: string = getApt()

+  info(`Installing ${name} ${version ?? ""} via ${apt}`)
+
  process.env.DEBIAN_FRONTEND = "noninteractive"

  if (!didUpdate || update) {
@ -80,8 +79,8 @@ async function initApt(apt: string) {
    "ca-certificates",
    "gnupg",
  ])
-  addAptKey(["3B4FE6ACC0B21F32", "40976EAF437D05B5"], "setup-cpp-ubuntu-archive.gpg")
-  addAptKey(["1E9377A2BA9EF27F"], "setup-cpp-launchpad-toolchain.gpg")
+  addAptKeyViaServer(["3B4FE6ACC0B21F32", "40976EAF437D05B5"], "setup-cpp-ubuntu-archive.gpg")
+  addAptKeyViaServer(["1E9377A2BA9EF27F"], "launchpad-toolchain.gpg")
  if (apt === "nala") {
    // enable utf8 otherwise it fails because of the usage of ASCII encoding
    await addEnv("LANG", "C.UTF-8")
@ -89,24 +88,33 @@ async function initApt(apt: string) {
  }
 }

-function addAptKey(keys: string[], name: string) {
-  try {
-    if (!existsSync(`/root/.gnupg/${name}`)) {
-      for (const key of keys) {
-        execSudo("gpg", [
-          "--no-default-keyring",
-          "--keyring",
-          name,
-          "--keyserver",
-          "keyserver.ubuntu.com",
-          "--recv-keys",
-          key,
-        ])
-      }
+export function addAptKeyViaServer(keys: string[], name: string, server = "keyserver.ubuntu.com") {
+  const fileName = `/etc/apt/trusted.gpg.d/${name}`
+  if (!existsSync(fileName)) {
+    for (const key of keys) {
+      execSudo("gpg", [
+        "--no-default-keyring",
+        "--keyring",
+        `gnupg-ring:${fileName}`,
+        "--keyserver",
+        server,
+        "--recv-keys",
+        key,
+      ])
+      execSudo("chmod", ["644", fileName])
    }
-  } catch (err) {
-    warning(`Failed to add keys: ${err}`)
  }
+  return fileName
+}
+
+export async function addAptKeyViaDownload(name: string, url: string) {
+  const fileName = `/etc/apt/trusted.gpg.d/${name}`
+  if (!existsSync(fileName)) {
+    await setupAptPack("curl", undefined)
+    execSudo("bash", ["-c", `curl -s ${url} | gpg --no-default-keyring --keyring gnupg-ring:${fileName} --import`])
+    execSudo("chmod", ["644", fileName])
+  }
+  return fileName
 }

 export function updateAptAlternatives(name: string, path: string) {