File tree Expand file tree Collapse file tree 1 file changed +16
-0
lines changed Expand file tree Collapse file tree 1 file changed +16
-0
lines changed Original file line number Diff line number Diff line change @@ -185,6 +185,9 @@ ENV_DEBIAN:
185185 # Update source list for archived Debian stretch packages.
186186 # Refer: https://unix.stackexchange.com/a/743865/260858
187187 RUN echo "deb http://archive.debian.org/debian stretch main" > /etc/apt/sources.list
188+ # Trust newer Debian signing keys to avoid "unauthenticated packages" error:
189+ COPY +get-deb-signing-keys/keys/deb10-archive-signing-key.gpg /etc/apt/trusted.gpg.d
190+ COPY +get-deb-signing-keys/keys/deb11-archive-signing-key.gpg /etc/apt/trusted.gpg.d
188191 END
189192 DO +DEBIAN_SETUP
190193
@@ -364,6 +367,19 @@ check-format:
364367 COPY --dir .clang-format src test /X/
365368 RUN /X/etc/format-all.sh --dry-run -Werror --verbose
366369
370+ get-deb-signing-keys :
371+ FROM +env.deb12
372+ RUN __install gpg
373+ # Get "Debian 10/buster archive signing key"
374+ RUN gpg --keyserver keyserver.ubuntu.com --recv-keys 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE
375+ RUN gpg --export 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE > deb10-archive-signing-key.gpg
376+ SAVE ARTIFACT deb10-archive-signing-key.gpg /keys/
377+
378+ # Import "Debian 11/bullseye archive signing key"
379+ RUN gpg --keyserver keyserver.ubuntu.com --recv-keys 1F89983E0081FDE018F3CC9673A4F27B8DD47936
380+ RUN gpg --export 1F89983E0081FDE018F3CC9673A4F27B8DD47936 > deb11-archive-signing-key.gpg
381+ SAVE ARTIFACT deb11-archive-signing-key.gpg /keys/
382+
367383# The main "build" target. Options:
368384# • --env=[...] (default "u22")
369385# · Set the environment for the build. Any name of and "env.<name>" targets
You can’t perform that action at this time.
0 commit comments