Workaround for KEYEXPIRED apt issue on Debian Jessie (#703)

This commit is contained in:
Michele Locati 2023-02-23 22:27:35 +01:00 committed by GitHub
parent e13908605f
commit 70792b6372
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 42 additions and 22 deletions

View File

@ -633,7 +633,7 @@ buildRequiredPackageLists() {
apk update apk update
;; ;;
debian) debian)
DEBIAN_FRONTEND=noninteractive apt-get update -q invokeAptGetUpdate
;; ;;
esac esac
case "$DISTRO_VERSION" in case "$DISTRO_VERSION" in
@ -1492,7 +1492,7 @@ expandPackagesToBeInstalled() {
resetIFS resetIFS
;; ;;
debian) debian)
expandPackagesToBeInstalled_log="$(DEBIAN_FRONTEND=noninteractive apt-get install -sy --no-install-recommends $@ 2>&1 || printf '\nE: apt-get failed\n')" expandPackagesToBeInstalled_log="$(DEBIAN_FRONTEND=noninteractive apt-get install -sy --no-install-recommends $IPE_APTGET_INSTALLOPTIONS $@ 2>&1 || printf '\nE: apt-get failed\n')"
if test -n "$(printf '%s' "$expandPackagesToBeInstalled_log" | grep -E '^E:')"; then if test -n "$(printf '%s' "$expandPackagesToBeInstalled_log" | grep -E '^E:')"; then
printf 'FAILED TO LIST THE WHOLE PACKAGE LIST FOR\n' >&2 printf 'FAILED TO LIST THE WHOLE PACKAGE LIST FOR\n' >&2
printf '%s ' "$@" >&2 printf '%s ' "$@" >&2
@ -1780,7 +1780,7 @@ installRequiredPackages() {
done done
;; ;;
debian) debian)
DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -qq -y $PACKAGES_PERSISTENT_NEW $PACKAGES_VOLATILE DEBIAN_FRONTEND=noninteractive apt-get install -qqy --no-install-recommends $IPE_APTGET_INSTALLOPTIONS $PACKAGES_PERSISTENT_NEW $PACKAGES_VOLATILE
;; ;;
esac esac
} }
@ -1949,16 +1949,16 @@ installMicrosoftSqlServerODBC() {
if ! test -f /etc/apt/sources.list.d/mssql-release.list; then if ! test -f /etc/apt/sources.list.d/mssql-release.list; then
printf -- '- adding the Microsoft APT source list\n' printf -- '- adding the Microsoft APT source list\n'
curl -sSLf https://packages.microsoft.com/config/debian/$DISTRO_VERSION_NUMBER/prod.list >/etc/apt/sources.list.d/mssql-release.list curl -sSLf https://packages.microsoft.com/config/debian/$DISTRO_VERSION_NUMBER/prod.list >/etc/apt/sources.list.d/mssql-release.list
DEBIAN_FRONTEND=noninteractive apt-get -q update invokeAptGetUpdate
fi fi
printf -- '- installing the APT package\n' printf -- '- installing the APT package\n'
if test $PHP_MAJMIN_VERSION -le 703; then if test $PHP_MAJMIN_VERSION -le 703; then
DEBIAN_FRONTEND=noninteractive ACCEPT_EULA=Y apt-get -qy --no-install-recommends install msodbcsql17 DEBIAN_FRONTEND=noninteractive ACCEPT_EULA=Y apt-get install -qqy --no-install-recommends $IPE_APTGET_INSTALLOPTIONS msodbcsql17
elif test $DISTRO_VERSION_NUMBER -ge 9 && $DISTRO_VERSION_NUMBER -le 11; then elif test $DISTRO_VERSION_NUMBER -ge 9 && $DISTRO_VERSION_NUMBER -le 11; then
# On Debian 9 and 11 we have both msodbcsql17 and msodbcsql18: let's install just one # On Debian 9 and 11 we have both msodbcsql17 and msodbcsql18: let's install just one
DEBIAN_FRONTEND=noninteractive ACCEPT_EULA=Y apt-get -qy --no-install-recommends install msodbcsql18 DEBIAN_FRONTEND=noninteractive ACCEPT_EULA=Y apt-get install -qqy --no-install-recommends $IPE_APTGET_INSTALLOPTIONS msodbcsql18
else else
DEBIAN_FRONTEND=noninteractive ACCEPT_EULA=Y apt-get -qy --no-install-recommends install '^msodbcsql[0-9]+$' DEBIAN_FRONTEND=noninteractive ACCEPT_EULA=Y apt-get install -qqy --no-install-recommends $IPE_APTGET_INSTALLOPTIONS '^msodbcsql[0-9]+$'
fi fi
;; ;;
esac esac
@ -2314,7 +2314,7 @@ EOF
debian@9) debian@9)
installBundledModule_tmp="$(pwd)" installBundledModule_tmp="$(pwd)"
cd /tmp cd /tmp
apt-get download libc-client2007e-dev apt-get download $IPE_APTGET_INSTALLOPTIONS libc-client2007e-dev
dpkg -i --ignore-depends=libssl-dev libc-client2007e-dev* dpkg -i --ignore-depends=libssl-dev libc-client2007e-dev*
rm libc-client2007e-dev* rm libc-client2007e-dev*
cd "$installBundledModule_tmp" cd "$installBundledModule_tmp"
@ -3843,6 +3843,36 @@ removeStringFromList() {
printf '%s' "$removeStringFromList_result" printf '%s' "$removeStringFromList_result"
} }
# Invoke apt-get update
#
# Set:
# IPE_APTGET_INSTALLOPTIONS
invokeAptGetUpdate() {
if test -n "${IPE_APTGETUPDATE_ALREADY:-}"; then
DEBIAN_FRONTEND=noninteractive apt-get update -q
return
fi
IPE_APTGET_INSTALLOPTIONS=''
if !grep -q 'VERSION="8 (jessie)"' /etc/os-release; then
DEBIAN_FRONTEND=noninteractive apt-get update -q
return
fi
invokeAptGetUpdate_tmp="$(mktemp)"
DEBIAN_FRONTEND=noninteractive apt-get update -q 2>"$invokeAptGetUpdate_tmp"
if test -s "$invokeAptGetUpdate_tmp"; then
cat "$invokeAptGetUpdate_tmp" >&2
if grep -qE ' KEYEXPIRED [0-9]' "$invokeAptGetUpdate_tmp"; then
IPE_APTGET_INSTALLOPTIONS='-o APT::Get::AllowUnauthenticated=true'
echo '############' >&2
echo '# WARNING! #' >&2
echo '############' >&2
echo 'apt packages will be installed without checking authenticity!' >&2
fi
fi
rm "$invokeAptGetUpdate_tmp"
IPE_APTGETUPDATE_ALREADY=y
}
# Fix the Let's Encrypt CA certificates on old distros # Fix the Let's Encrypt CA certificates on old distros
fixLetsEncrypt() { fixLetsEncrypt() {
printf '### FIXING LETS ENCRYPT CA CERTIFICATES ###\n' printf '### FIXING LETS ENCRYPT CA CERTIFICATES ###\n'
@ -3868,10 +3898,10 @@ fixLetsEncrypt() {
fi fi
if test $fixCACerts_mustUpdate -eq 1; then if test $fixCACerts_mustUpdate -eq 1; then
printf -- '- refreshing the APT package list\n' printf -- '- refreshing the APT package list\n'
DEBIAN_FRONTEND=noninteractive apt-get update -qq invokeAptGetUpdate
fi fi
printf -- '- installing newer ca-certificates package\n' printf -- '- installing newer ca-certificates package\n'
DEBIAN_FRONTEND=noninteractive apt-get install -qqy --no-install-recommends ca-certificates DEBIAN_FRONTEND=noninteractive apt-get install -qqy --no-install-recommends $IPE_APTGET_INSTALLOPTIONS ca-certificates
fi fi
;; ;;
*) *)
@ -3914,7 +3944,7 @@ cleanup() {
case "$DISTRO" in case "$DISTRO" in
debian) debian)
printf '### RESTORING PREVIOUSLY INSTALLED PACKAGES ###\n' printf '### RESTORING PREVIOUSLY INSTALLED PACKAGES ###\n'
DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --no-upgrade -qqy $PACKAGES_PREVIOUS DEBIAN_FRONTEND=noninteractive apt-get install -qqy --no-install-recommends --no-upgrade $IPE_APTGET_INSTALLOPTIONS $PACKAGES_PREVIOUS
;; ;;
esac esac
fi fi

View File

@ -325,7 +325,7 @@ testExtensionFor() {
printf ' - Docker image: %s\n' "$testExtensionFor_Image" printf ' - Docker image: %s\n' "$testExtensionFor_Image"
testExtensionFor_out="$(mktemp)" testExtensionFor_out="$(mktemp)"
testExtensionFor_start=$(date +%s) testExtensionFor_start=$(date +%s)
if $(docker run --rm --volume "$CI_BUILD_DIR:/app" --env CI=true --env IPE_FIX_CACERTS=1 --env IPE_ASPELL_LANGUAGES='en fr' --workdir /app "$testExtensionFor_Image" sh -c "./scripts/fix-jessie-keyring && ./install-php-extensions $1 && php ./scripts/check-installed-extension.php $1" >"$testExtensionFor_out" 2>&1); then if $(docker run --rm --volume "$CI_BUILD_DIR:/app" --env CI=true --env IPE_FIX_CACERTS=1 --env IPE_ASPELL_LANGUAGES='en fr' --workdir /app "$testExtensionFor_Image" sh -c "./install-php-extensions $1 && php ./scripts/check-installed-extension.php $1" >"$testExtensionFor_out" 2>&1); then
testExtensionFor_end=$(date +%s) testExtensionFor_end=$(date +%s)
testExtensionFor_delta=$(expr $testExtensionFor_end - $testExtensionFor_start) testExtensionFor_delta=$(expr $testExtensionFor_end - $testExtensionFor_start)
rm -rf "$testExtensionFor_out" rm -rf "$testExtensionFor_out"

View File

@ -1,10 +0,0 @@
#!/bin/sh
# Let's set a sane environment
set -o errexit
set -o nounset
if grep -q 'VERSION="8 (jessie)"' /etc/os-release; then
echo 'Fix Debian Jessie keyring'
echo 'APT::Get::AllowUnauthenticated "true";' >/etc/apt/apt.conf.d/99-install-php-extensions
fi