Core Update 166: Drop old 2007 Pakfire key, and remove it from existing installations
Commit Message
It is not necessary to have this key present on IPFire systems anymore,
since it has not been in use for years, and we can expect systems to be
sufficiently up-to-date, so they no longer need to rely on old updates
or add-ons signed with this key.
Also, given the current key was generated in 2018, we should consider a
Pakfire key rollover soon.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
config/rootfiles/common/pakfire | 1 -
config/rootfiles/core/166/filelists/files | 1 +
config/rootfiles/core/166/update.sh | 6 +++++
src/initscripts/system/pakfire | 3 ---
src/pakfire/pakfire-2007.key | 31 -----------------------
5 files changed, 7 insertions(+), 35 deletions(-)
delete mode 100644 src/pakfire/pakfire-2007.key
Comments
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
> On 21 Mar 2022, at 11:44, Peter Müller <peter.mueller@ipfire.org> wrote:
>
> It is not necessary to have this key present on IPFire systems anymore,
> since it has not been in use for years, and we can expect systems to be
> sufficiently up-to-date, so they no longer need to rely on old updates
> or add-ons signed with this key.
>
> Also, given the current key was generated in 2018, we should consider a
> Pakfire key rollover soon.
>
> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
> ---
> config/rootfiles/common/pakfire | 1 -
> config/rootfiles/core/166/filelists/files | 1 +
> config/rootfiles/core/166/update.sh | 6 +++++
> src/initscripts/system/pakfire | 3 ---
> src/pakfire/pakfire-2007.key | 31 -----------------------
> 5 files changed, 7 insertions(+), 35 deletions(-)
> delete mode 100644 src/pakfire/pakfire-2007.key
>
> diff --git a/config/rootfiles/common/pakfire b/config/rootfiles/common/pakfire
> index 0487c58f9..bd5559597 100644
> --- a/config/rootfiles/common/pakfire
> +++ b/config/rootfiles/common/pakfire
> @@ -6,7 +6,6 @@ opt/pakfire/db/rootfiles
> #opt/pakfire/etc
> #opt/pakfire/pakfire.conf
> opt/pakfire/etc/pakfire.conf
> -opt/pakfire/pakfire-2007.key
> opt/pakfire/pakfire-2018.key
> #opt/pakfire/lib
> opt/pakfire/lib/functions.pl
> diff --git a/config/rootfiles/core/166/filelists/files b/config/rootfiles/core/166/filelists/files
> index b77c7fa07..6bb3c8d82 100644
> --- a/config/rootfiles/core/166/filelists/files
> +++ b/config/rootfiles/core/166/filelists/files
> @@ -1,5 +1,6 @@
> etc/inittab.d
> etc/rc.d/init.d/firewall
> +etc/rc.d/init.d/pakfire
> srv/web/ipfire/cgi-bin/connections.cgi
> srv/web/ipfire/cgi-bin/ids.cgi
> usr/lib/firewall/rules.pl
> diff --git a/config/rootfiles/core/166/update.sh b/config/rootfiles/core/166/update.sh
> index 3924039c6..1370555b0 100644
> --- a/config/rootfiles/core/166/update.sh
> +++ b/config/rootfiles/core/166/update.sh
> @@ -34,11 +34,17 @@ done
> # Remove files
> rm -vf \
> /etc/dracut.conf \
> + /opt/pakfire/pakfire-2007.key \
> /usr/bin/mkinitrd \
> /usr/lib/dracut \
> /usr/local/bin/ovpn-ccd-convert \
> /usr/local/bin/rebuild-initrd
>
> +# Delete old 2007 Pakfire key from GPG keyring
> +export GNUPGHOME="/opt/pakfire/etc/.gnupg"
> +gpg --batch --yes --delete-keys 179740DC4D8C47DC63C099C74BDE364C64D96617
> +unset GNUPGHOME
> +
> # Stop services
>
> # Extract files
> diff --git a/src/initscripts/system/pakfire b/src/initscripts/system/pakfire
> index 4fe399403..1305bda48 100644
> --- a/src/initscripts/system/pakfire
> +++ b/src/initscripts/system/pakfire
> @@ -29,9 +29,6 @@ case "${1}" in
> boot_mesg "Setting up Pakfire Package Manager..."
> gpg --import /opt/pakfire/pakfire-2018.key &>/dev/null
> evaluate_retval
> -
> - # Try to import the old key, too
> - gpg --import /opt/pakfire/pakfire-2007.key &>/dev/null
> ;;
>
> *)
> diff --git a/src/pakfire/pakfire-2007.key b/src/pakfire/pakfire-2007.key
> deleted file mode 100644
> index ced120ad8..000000000
> --- a/src/pakfire/pakfire-2007.key
> +++ /dev/null
> @@ -1,31 +0,0 @@
> ------BEGIN PGP PUBLIC KEY BLOCK-----
> -
> -mQGiBEYssZ8RBACcbHcYW+gPbjPFxv4ImlK1FgXV3s65Nnu7V9kghB7AZXterMVM
> -rZ87sNEw6J3JT32k0e9iBukA1QrshPg3c/mL+2/lMvvxsUW19rj/8ZBCCnP1Svgq
> -9q0OSJfadbm9b6Ndj06D/3EM+VpY5aI7XgNenh7ZcDbY9m8YDPdu0OF9uwCgltJS
> -+Pzjr16bJ/VnI549LfIG2KkEAJZWQmLQSXbl4VVEOSyaaJN8ugGBnZtnaL6IBE9K
> -0FHoZU3GaEOP6L3IUHUzyWsrpC/G44hGPC3xIbr5VG3sJ6hUc3J2rjx1clFdyN6A
> -bte9EWk1HkRFdaMfDn86vhIjn7znHU4cbvQLIpgB12+y2P/ydqLwyuyf6rV1JEWk
> -pSXpA/91LnlvICvqompSmrpLKpb+DSe59tr/r5GI36VNnqWt32InmF0N2ceLwG1F
> -K62M4Tf5/OZOg5m3uoTTHWf355+7NJjyPzT+DYbsuK56TNd/cFPeVdisdteeuINj
> -3DIC/8H9Y7mvYMAoSNtdA74JrdzGiqH2zSTB/oa/nwDXFekrq7Q2TWljaGFlbCBU
> -cmVtZXIgKFBha2ZpcmUgU2lnbmluZyBLZXkpIDxwYWtzQGlwZmlyZS5vcmc+iFoE
> -ExECABoFAkYssZ8CGwMCCwIDFQIDAxYCAQIeAQIXgAAKCRBL3jZMZNlmF0pBAJ95
> -S5xzasjMQLpvOWA9E4JG3YJasQCfbNpdZXbZHr7Io7hLR9iJ+OhybfuIawQQEQIA
> -KwUCRi3ByAWDAeKFAB4aaHR0cDovL3d3dy5jYWNlcnQub3JnL2Nwcy5waHAACgkQ
> -0rsNAWXQ/VjJhQCfUQh+9wPAlyQVb9gYZ5zgHfqDY1MAn2T/VXH2+acwC4O3oV1W
> -Ni36NNRpuQINBEYsuJoQCAC6wq4ZMtWRGF/GeTd9l7boo40ulBth8Wr+IBK38XYv
> -5s+WLiTuuTCM8Thq4eY3MOfO+VXhjQen1S2e8WiZq+c55pDDAKXvBFmVNKcgkK7C
> -1AW85kY86aspoAK3/vi2pghlXAysTKSoW+WfoCbASDheEJopOkIMehdroraI2zTM
> -y8AEk+TnbRPzoFNBEYwr3J1GlkegtU3mIPpALDfpL4+HoCgS+7SfAvIlG//C+4W/
> -oI/VOYHDdM5zR1av/pVZGpUK4Ao/JBxXMaqsbiP43KytbNuMRsZ+sFDs/ZtmHf1z
> -6AQ8mnxU0klT4ppU8Nl3hSVcvRacm6wBTvvGEqjkApkPAAMFCACKWJVpzcVAdOMP
> -aB08qJ+GPSSgxspaSoFPjVN307Pr1Di/ZriC/UVNrq/eUHEIvC1zIx+t3O109qVH
> -RMWbfCj+4/OBHJ4Ik3Nc5/8v6zaGwixJrkjohF8QLwodqazrjc+W3VsQ5jwfPpLe
> -DFpd3xHhj5zhXQKN0tCCk435Q/58aMQCK75St3/ymP6NGaE2s7dsXU/BwndgfxJu
> -Yz8LEK6phJ2t0jBiJJgcjWkoBkq8MhI6wKW6uDU4B/KKGHHLuZHg1ZKum8ASMcti
> -S980DlSJyfLJnUIio5F/u/csug8bHKq5pA1x+wmsUBhuH66aosNJuz35Bl4nW365
> -PoahYtQBiEkEGBECAAkFAkYsuJsCGwwACgkQS942TGTZZheq7ACfTrW5OaZOhrwt
> -Jr+xgdjSFRrT14cAnjkEj51RQsP7LS5UTm+yce2olHDp
> -=hYb3
> ------END PGP PUBLIC KEY BLOCK-----
> --
> 2.34.1
@@ -6,7 +6,6 @@ opt/pakfire/db/rootfiles
#opt/pakfire/etc
#opt/pakfire/pakfire.conf
opt/pakfire/etc/pakfire.conf
-opt/pakfire/pakfire-2007.key
opt/pakfire/pakfire-2018.key
#opt/pakfire/lib
opt/pakfire/lib/functions.pl
@@ -1,5 +1,6 @@
etc/inittab.d
etc/rc.d/init.d/firewall
+etc/rc.d/init.d/pakfire
srv/web/ipfire/cgi-bin/connections.cgi
srv/web/ipfire/cgi-bin/ids.cgi
usr/lib/firewall/rules.pl
@@ -34,11 +34,17 @@ done
# Remove files
rm -vf \
/etc/dracut.conf \
+ /opt/pakfire/pakfire-2007.key \
/usr/bin/mkinitrd \
/usr/lib/dracut \
/usr/local/bin/ovpn-ccd-convert \
/usr/local/bin/rebuild-initrd
+# Delete old 2007 Pakfire key from GPG keyring
+export GNUPGHOME="/opt/pakfire/etc/.gnupg"
+gpg --batch --yes --delete-keys 179740DC4D8C47DC63C099C74BDE364C64D96617
+unset GNUPGHOME
+
# Stop services
# Extract files
@@ -29,9 +29,6 @@ case "${1}" in
boot_mesg "Setting up Pakfire Package Manager..."
gpg --import /opt/pakfire/pakfire-2018.key &>/dev/null
evaluate_retval
-
- # Try to import the old key, too
- gpg --import /opt/pakfire/pakfire-2007.key &>/dev/null
;;
*)
deleted file mode 100644
@@ -1,31 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQGiBEYssZ8RBACcbHcYW+gPbjPFxv4ImlK1FgXV3s65Nnu7V9kghB7AZXterMVM
-rZ87sNEw6J3JT32k0e9iBukA1QrshPg3c/mL+2/lMvvxsUW19rj/8ZBCCnP1Svgq
-9q0OSJfadbm9b6Ndj06D/3EM+VpY5aI7XgNenh7ZcDbY9m8YDPdu0OF9uwCgltJS
-+Pzjr16bJ/VnI549LfIG2KkEAJZWQmLQSXbl4VVEOSyaaJN8ugGBnZtnaL6IBE9K
-0FHoZU3GaEOP6L3IUHUzyWsrpC/G44hGPC3xIbr5VG3sJ6hUc3J2rjx1clFdyN6A
-bte9EWk1HkRFdaMfDn86vhIjn7znHU4cbvQLIpgB12+y2P/ydqLwyuyf6rV1JEWk
-pSXpA/91LnlvICvqompSmrpLKpb+DSe59tr/r5GI36VNnqWt32InmF0N2ceLwG1F
-K62M4Tf5/OZOg5m3uoTTHWf355+7NJjyPzT+DYbsuK56TNd/cFPeVdisdteeuINj
-3DIC/8H9Y7mvYMAoSNtdA74JrdzGiqH2zSTB/oa/nwDXFekrq7Q2TWljaGFlbCBU
-cmVtZXIgKFBha2ZpcmUgU2lnbmluZyBLZXkpIDxwYWtzQGlwZmlyZS5vcmc+iFoE
-ExECABoFAkYssZ8CGwMCCwIDFQIDAxYCAQIeAQIXgAAKCRBL3jZMZNlmF0pBAJ95
-S5xzasjMQLpvOWA9E4JG3YJasQCfbNpdZXbZHr7Io7hLR9iJ+OhybfuIawQQEQIA
-KwUCRi3ByAWDAeKFAB4aaHR0cDovL3d3dy5jYWNlcnQub3JnL2Nwcy5waHAACgkQ
-0rsNAWXQ/VjJhQCfUQh+9wPAlyQVb9gYZ5zgHfqDY1MAn2T/VXH2+acwC4O3oV1W
-Ni36NNRpuQINBEYsuJoQCAC6wq4ZMtWRGF/GeTd9l7boo40ulBth8Wr+IBK38XYv
-5s+WLiTuuTCM8Thq4eY3MOfO+VXhjQen1S2e8WiZq+c55pDDAKXvBFmVNKcgkK7C
-1AW85kY86aspoAK3/vi2pghlXAysTKSoW+WfoCbASDheEJopOkIMehdroraI2zTM
-y8AEk+TnbRPzoFNBEYwr3J1GlkegtU3mIPpALDfpL4+HoCgS+7SfAvIlG//C+4W/
-oI/VOYHDdM5zR1av/pVZGpUK4Ao/JBxXMaqsbiP43KytbNuMRsZ+sFDs/ZtmHf1z
-6AQ8mnxU0klT4ppU8Nl3hSVcvRacm6wBTvvGEqjkApkPAAMFCACKWJVpzcVAdOMP
-aB08qJ+GPSSgxspaSoFPjVN307Pr1Di/ZriC/UVNrq/eUHEIvC1zIx+t3O109qVH
-RMWbfCj+4/OBHJ4Ik3Nc5/8v6zaGwixJrkjohF8QLwodqazrjc+W3VsQ5jwfPpLe
-DFpd3xHhj5zhXQKN0tCCk435Q/58aMQCK75St3/ymP6NGaE2s7dsXU/BwndgfxJu
-Yz8LEK6phJ2t0jBiJJgcjWkoBkq8MhI6wKW6uDU4B/KKGHHLuZHg1ZKum8ASMcti
-S980DlSJyfLJnUIio5F/u/csug8bHKq5pA1x+wmsUBhuH66aosNJuz35Bl4nW365
-PoahYtQBiEkEGBECAAkFAkYsuJsCGwwACgkQS942TGTZZheq7ACfTrW5OaZOhrwt
-Jr+xgdjSFRrT14cAnjkEj51RQsP7LS5UTm+yce2olHDp
-=hYb3
------END PGP PUBLIC KEY BLOCK-----