From d9d016ac1c21f6f967e0e9c3e6615ab6d04d4a4b Mon Sep 17 00:00:00 2001 From: Tom J Nowell Date: Fri, 14 Jun 2024 21:01:25 +0100 Subject: [PATCH] 2709: Fix an expired Nginx signing key --- .../nginx/apt-keys/nginx-archive-keyring.gpg | Bin 0 -> 8537 bytes .../core/nginx/apt-keys/nginx_signing.key | 28 ------------------ provision/core/nginx/provision.sh | 11 +++++-- 3 files changed, 8 insertions(+), 31 deletions(-) create mode 100644 provision/core/nginx/apt-keys/nginx-archive-keyring.gpg delete mode 100644 provision/core/nginx/apt-keys/nginx_signing.key diff --git a/provision/core/nginx/apt-keys/nginx-archive-keyring.gpg b/provision/core/nginx/apt-keys/nginx-archive-keyring.gpg new file mode 100644 index 0000000000000000000000000000000000000000..8f9e9bf8e2a0c5a4195d71cef359f6109e8cb532 GIT binary patch literal 8537 zcma)=Ra9MDvu+peuyA*G5AH6(3GPmCcXubaB)EHUcM0wi+${uHI0V*7&OQ6y+=u_P z{Wz=5HXeHW#;9JE1&IP}sl|i?0R%MkdM}bMF=H{vEIN=wlYY@;#2Ij2QWQ`#0ilqX z`MJY^2$@?9hVM~Gvh=pc4lnrG`#5(mc9l*fj?ZB(1s+khuQ94^YH9@2sU6|msA($* z`Y?21{kt1)0-=<}h(MGhx={g3L4UGi6w^geM)zIv zLey4}AdQ|-&dB-|^pH;P(5t$ah2jp*ZK}g0jy=lu9_h|Uh3$SYd2LHzkHqw$alSN` zFBe4iOVg6)64XB;^rKrY8-1V5qU{-RWVDBAfR9g7%pPKksN2*3@YrM9SDwCoRyo8k zgqgk0%KyFzBOq{;bKu!^S}ZAhZ2v?UWdQwpsFsX4O7N{#eD5f*eV0|F`F}&2J(r6ngTAi>ctTdBY?C1ADG8zw-5ip7k z`^e3q9sPqwz)HZqAuT8u*HEdM$*!hdBtC`IH3*qG%5$H<+S(oR9k-o!9vsWSz$ZHsyVkh9rc7#D@R?s+7^*c%n39Utb5LrWU@y zmha%sPFZRn$XqlYic*P@Z>MnQ6XR?`dMzxqiloo)oul1=w+{F+b)%Vl6q}5{TY!&z zLw3rG!bLuE&ukuv^b@mS{Zy5|o|Z(*WhVgXI2m9g&~Di>HsoK-MlItm(}k8RMlZR5 z^*w!AIJ|3iVkl zd09;COXj5zF5aZ`bkeCx=8PetQ3F+TLp=GA67SQEDc%to(20c9*fBjS&Ke)5Yht6` z6^tY0*bm^TbQ0BNuF?U<3~opAK^K4Oh2omZIo&`Je2tXaNurfd5p|i{Js>$})ZJh?n8g39&T78I&DO*8TDUzlwrL zOc{&pfG24dYE7|gL~oKoa*G%#K{iWPdS{mH7RvotMB6mIW^-W?IVNjKHNFpPvK0Vs2XrXYh{FE;Hc`zRB zLRy}gj&$8{Ozyi2UycbP{%Q2B+x|L(WqJ2R)azAX6Q(OQrz%p_Q$anwu(^qkT6u@g z(}K4G`jM0AqDsJWio-sq1TXt)*i&5X zs}b3?5Uo@}a)-1=gDgylkeH8XfycM{H#IGR*N;MpUFJaV(yFSv?hxO#UeiC+gc$!& z`=_EQ2=@z_p$B2b?u#Y7<%BytBWgIF?}gRibGn1!XldZ-=oc|yc)NmZ4drK|`@v6Z z5Gw48CMLRBPr;AY0XE1>ElJwNyNMwE3MW}q9OmkB~C@!AvSGp(8P{lQDC^7w`-Z?~XCvAXgi%DC#4X>mhb?O$E zY11~Egv4E6`WiG$q>2q>FY(e#xK%HwIj<=bce9od1%bRI$1?&XG=jlnAlhKHW&fV- zsn@)1x5iuvc#YsiN5mX>D*twjGYER9T+(}Qo))S^h26;jPQqicXu0at5A_^sXO6E- zj^l~ZkpC}h%U*W-P-_*C^qCuWW76+6vLEyj|4@^+|3mGcNLgw{iqRhP~UV^k1+FROP5$R)+Dl;O@F#r1}g>#K$#Wa4Zu$cj_+c z=xf$qrsP0#SKGI_M>(EAV?X?zLUdlkZT`pGN>T0;5V&;lYHO zh5x-t1O7@;`|^UZ)Q`M!kf!+-9WDXWG@ypLNkH`5r+j@4X6@{{m<@IPr}_Sp zz!%1+GKQd%x7f~g=S$>{jwI`{fvS8`=V(rEm8i@}BpFy;B^J31xUcQ|vzbN#9M-$v z;(z>7#=o=U)q_9o(mtI5atLaLslaxN4DX+JRv7iuf2w7u{jei#L05HFExPnfUD?2r zZ>Wp$L#pKLd5rbOU;WoH-x>6YA73dZ9&XOLeQG1}#QWy92{RtdrD_J8j4A$%py&s( z*=Q!lM|iIYF@VqHR;ibjQj(M#d8uQSYg=?mkcLi--R6kJKnjDP?fRAi*M+yMREX_K z@rH((e6~w>A45JlVcp&mgg@BA-~`yFBJ7QixC0|58o*So?#vGF!7g8Y&58;$!8#l7 z+amy2K|(NiCx<0%>N&eq$xgLMJ=Neee>$2-cF;NHlz2h-?%Hz8l?T8=gYeZd2CR zH>WsK<o^0<|wZ+!6@88 zo}}o;4C;Hq#^JV?HJEQ?lVN6*O*bT6scgBdv#*q!9x5o>T;m# z3ctpx_Cy-aaHuG_CLa6 z)=^&VIpdbMVv3_XvXIW>(p5%5eClfA0`=C;-xGOHbq~7@7=`i*zD8z2pg=1rahU#Y zEpJ%&hy-mB_-|8Hka^myJWkkd%dk1Ynn_vdlTP|udMAosk!AGC3p0h#8}9w{rMIal zM`o$itU7F}vgK_pnbvm^u2H_$@5+!ON>`(V+z7@)PQy#!ubD>-DZyd%=}C0>Tn7F`_>x}Y)=!6N+v5VW{pMJG+MGW!d~A}tbmNF?EjCs z(f{w}_P4h|2>9^eEas1sWq7g6%njBGx@RY(#AOv z`Ql*Oftah(+cEw4yW72(=}fM8L)QtPWn>Y^D1c56>$49|K~OO}N|I8#3f2b9D5P{g z@-If$D~&rwvYwn}J&Jd+gTZ5Hb2~fJzmUe=W1yeVr3H+$Oi#RvyRl$3ork}17^CPX zJ0QGvL_=u)1_%!j`Hk*BLi_DI|DkiMd~Jq7ATA|X_?zqc4%{nN#?dpr;bKsR%(do> zG-|__`g4v?l3^?!g{h}FQL1njth{UQCB-NF`E4k8nY~7ojm!e_8Aq-SU9JXE$-j67 z24uc;Wg(QP6n@`tl`L-@+o~%2d2Ro>1itL_XdNmvjW@cqF`CofF$ANk*O5JUOL+1dwQ3CWL3Scp?l>q*d&i(1M^p747d^~Q zbiPBuji@X+Z`wK`fVKo*^XdEAkI*33Lyp9{6~}xqRJZ_ifu=352qcpgirFMEHe%e^ zm+yrlS_P~BLJJrTDa&Svu~P^ru)h>M@LPZ@DB+01by59Wdj6v-O8tTMk17gD!@Y@c zMY1B`J+NHs)vndpDT?J|K9hidsmEcJ?&$%LWi#^}xC*mLk7;^h$&=0JRj?PjR{O;4 z=Q+RQJQ<8!!sn{Zy=QjUu zVT6IyGHrf@LBJy+75h7Nx&&}wErJf}Pmwe~jV>Crzrz4(yj^MszO@+wYaviGp#a>h zn&e()5wE2!LpkUA%DCGfjh%VV86xNmtcZsT%+j1wTFaMivXes&IlBfMhRKmv`R-OS zYIwez3LD_h{A5fa75)yA#yyTp?@TmAyYZYs>7_V3f{4WESA`yS@Q;pcTG=Rzp+eH3 z)}@k_qP5wD+$aLpkgR`5+9oRSg~GT2YHtwnOK zM>`kZ=c?HSRd6|jrVPjj@CRaF>T)$q97~5uXB4pSC(+!z8OD!%ZKcxBZsWz;sYM=N z$6s{Xyfa2HMhZ_i+3n3Yvr^m^(j4%+ldN3;`reWC<(h0iFai%IFJ~Nupad&WL3{VG0 z2#oiqpm@ox+71`DWEirZA;)>k&)dhZ`18XCLJaJU^eW;1GKw0uLCN6B5T)dhR@dXB zLSc?mTCTp}A%ohFxoxOu$x4D$ZpMVJ^jt)#Bt&^z0mFq1WiZZjefA&Z(yg zSDUJ@wzvPlTi*|{6Pa=T*!oi56!97K7A&Sl_ z=V+H$uS`Q4i9n1s%uP-%W2953GeE6%M91!OA0-V9ME@T;dh>ti{J1(rV!|a0 zRqX-fm)Q)ggAY5LpG<4Sp+{g1RI3UJY%&uP&8|I{A(4>b15}#dK(?K3?LUl%)|g#A$pOiS#!AgG5EO+ zF=6OmNxu7^^Z${2Arl~=Zpm|ZAO}K7-PQTmBt^#R5H!sCw_XjkE3|%XhHzuYnBjHE z{+4ZX+t9Usv$%CP z-A8ZhH~7#s&ZrH1UJS~Yj-Rs~poPyy5nXR5n@RQi-(DMnn^UfHwYTC)yFtU~Fg9Gn zOs1>pZ;~^x<84>AEikrhVAIW;!lEF|uNXQ@6Klv!WL}rhwMS;I>!$54Z{e5M{xG@JclNa|cF>!HdDcXpcSu6IlSsp+grK{$ zSkV+-7IqAN&gwo3nQ7?D1e;%82N|^Xq>>d}V1-@Qjp+LReeWvk&?|{l6k03}jrUYm zfwi^-OwNxw$_bE0f1-TZQq#5#Ms8pkcc8@Q_S_FFYN|}-)&yv@R{cMNv{vyOh=QJ? zhDg2OmyxCWiE2x=EWd7?m~kC6_s}gCg1fB2h3@bv-@+M5>6ZdEg)Ew02F`L}N!6J5 zQNxG8%XRgJg(WPYWo5FDQ?3i@Nawvfs>qo}du~SVIM|-mO&Jk+d48l{@*YAfB$ip_KE_}e83lXJ? z?1laGPJI+Q&!l5;AM+5I9{WVR*LyMI(xj&wOB0@Q!P4~7PMTw*4C^x-Q3n<=&WVH+ zMba@>&0Si6i-s;Va;Gs;c7aB0RwaT-ci+-lk{yQ9kTbXn;v|pM9!Ui`Y|KDVe5(5= z{M<|fS72+%Y@`7V_r1*Aq%+0d@VtlC%o5IUoTF({@kfbC#^ebmy$>>R^9vop0ce!XIHcq+71L|-T{LGCmiGhdmr>SzB`6V^TVWVB;wjdM z!m{UiHqHvhTDmclk5Fojkm^r+NU?e!>}Q|AwRdr=Iue7O3HPgS z<|Y}n#j7I%zcS&U#?j_Rgo%9aiv)$nR+KDl4pyJ{FHeKp$Mlq) zl%v$_djnf!^-`N!St!nTPY?Ei$?=AGclL`Nu5+d{vNQ1*>jO%kuOOuT>#-&f`j%hr zg)w-x#GLaL*vLB#6m{^y(WYsp=$kAwEALC0w6EmX6dsKGmJKQmF&X3)X$aMIm$=%M zhok*vyALJ0mfUUdN_{o;BRoVovm|!r;fsH*COY_{0QLKEmYemLl`%kydYR*HI~++R z4RUnMDyvuH-d7}?@Co7gApQG8qy6)Injm7!Q?ZDzH;)zJ%a6rBSVgo@L555X%iQBh zMbxN=dVEM;(nTCENpc*FueQYFEC${rc$?41BAym|J({yRbUAj2lV~Y+#K=Gw^)*qI zxmBlz?Ne6LJ~BwJnCO$1Oty+FmCbya`x9kKXh~uCXf1Yp<3YEgVtVdHO6`tSAhtvV2pw{>M;7@V9V8SYb|JZqQqfH9C|sa+#Rtz}2x zT+U~XcHStff=R#|O8~M~<~gPLWJcNGRJ+i*r(qsP@81uDLi>YewUYR(0a|RjL|61j zD1liy09KQkI&<_*<4RiMl<1my&5bf0{jBpduMQYH`AH#3Z1S#)q7(xev$jW(T8jY{ zl`YC&XHP>jfNN_CEUT;B;Pw7UYs{Br`J5-+kzcm{WdUn!VXwiPfsHnYyXXH)MkY$wy zlcJC=?Z8bzjdYJ&H1{$L&luYW>m6i@AookFv??0VcG|LV!#LJ*<7D9xwRzr$mr^(u z9&keTqnXW>Cedx`pfaU+()@y|aG!bfcJ zzqv1kI7(b^VjT%(qP89Z@RELrB$S01DvaQju+0n38^ zD9B#$DeeP#%T^pd1bhSKeV=*pRo3<`!$~Wb>ftZfFnXu6!;3_0n5DX0IYHU31Cl1a znXBHUy3#6a)|Aun%>~9efg=wIx_06osP-TC_m9xpRv^~KR$gt3Jy#-P1}3dnVd2_k zdV~?}h+CT*pbs4Hn)z-+{>{uGaQde&{4;Zmgu?xThxyh|L5_DAE)V0=ld~pBr~Vbm z&iajUE`@9VM;TOYm&KCUh~nfi^+NA;AMwjdus?)pv2_2igzSrgo`RE+NwLZ|6 z7g=jriiwRgK2*7Zqf!RdK9`4khs-flG#NP>uz;M4CZDT@dQmcEaZOoXHH#|%7e9$a zOnhRJLK4~)0=Ea6NI{wL*m&@c?FME7qFOeuN!iSH^KrlDELWwuR5zi(BF(+J2n*)V zR2)I=(1Yv-@ek-Jn1$_@Aig^iS|Iu8sDlXe-_-uYkgFwl^M~3$>uEs{Jm8CYxZu5K zeKz&+=yc5YLdZ|#J62Gx$6W0~y zra-Ydt1*5Hb`mTnkTV}RPpJ11Ts>;ll^bR?uR;*HTwkop?KZ*aTT zP2twIMcslixI&fVTNCJzPalMCdXttA#;}!@*E%y?G)Rurv2H@IYv`z6mY->;<>eBA z^^UCY*x+?6yTPmy5W%OAo9ZS?jU-fJAwX=&9LwKM*j1#d!_PUnXBpF<{I3K z2DW7}S>?6)k#(%$fTWPUBgenPUs&;74+nlfBklP<$U449?ADr^fB%!lO0T1GY{NxT)0HR>E0&ljFzQiZNvD2h5g9?QY|=r}xy`NFvk z!dNguT=yp&py$<4OLWHdY#GdlwCY#KY6F$&wi{Y3(GK`s(C%11T;HA0D_UFiu0eIr zy}5<_^s5#xF`TC7?Jp&S%p@1L>Ar8yQ$wMHO>-_Dv9Nh1I`situnPgV8(iSzGleLIl!tY_;IR4WX>kD^ja1)Nv$M=-XLfOukMZ&-~U9*BPwGG z`%w92aZErNd}w`Xp-E@-Si>0j7K&t0g=CE~BLMcJpvdK|jG91ue~s+Fo-FsT%=Q0U zPlqKSfhFLYud=@T#wZ%~r(pQz6EAjXH8op@C#I%8G!!{&-?6~f<0q`X@N=MVr3_^G zkb;wvlf;gbjBbuGr*H-*{gpyx=J^PlijA8(u|Jz$*eSNAd&{4s3TI>tA8LT zw`0=CrhmUNsk;MI$W&yTc<=b?W%1N+v$30SAMNEon3g6#*B@RcpJz9^U$>D=%f(G0 zo6*1mySJBrClVt)c)q`s9K7pG+h1#7yT_oB#C@u5AD)(g!%k0P< zhq*`eLu{DnHIzeOAy^?S;S}=GA&jG@G`M3oM|zmJq0bm6?^f*A>+SW{#~O+_dz!5O zhz@}C*(cV?stN;zaxH^|)T3E>^m1#gAi}Yj5J1EoN+O(a8FiJCrG=ZyR?A8jhen`u zY}pR;&>ld(aP5L;j-Z!#rE~myH!|6AJ^GDMNq)dCeCNuU?tCz<9Bn}QJf&ciRx eXU@LBMjcBtAfygRQk4Ls8mW8lNXqXK<@;Y18pl8Y literal 0 HcmV?d00001 diff --git a/provision/core/nginx/apt-keys/nginx_signing.key b/provision/core/nginx/apt-keys/nginx_signing.key deleted file mode 100644 index d2258b8fb..000000000 --- a/provision/core/nginx/apt-keys/nginx_signing.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2.0.22 (GNU/Linux) - -mQENBE5OMmIBCAD+FPYKGriGGf7NqwKfWC83cBV01gabgVWQmZbMcFzeW+hMsgxH -W6iimD0RsfZ9oEbfJCPG0CRSZ7ppq5pKamYs2+EJ8Q2ysOFHHwpGrA2C8zyNAs4I -QxnZZIbETgcSwFtDun0XiqPwPZgyuXVm9PAbLZRbfBzm8wR/3SWygqZBBLdQk5TE -fDR+Eny/M1RVR4xClECONF9UBB2ejFdI1LD45APbP2hsN/piFByU1t7yK2gpFyRt -97WzGHn9MV5/TL7AmRPM4pcr3JacmtCnxXeCZ8nLqedoSuHFuhwyDnlAbu8I16O5 -XRrfzhrHRJFM1JnIiGmzZi6zBvH0ItfyX6ttABEBAAG0KW5naW54IHNpZ25pbmcg -a2V5IDxzaWduaW5nLWtleUBuZ2lueC5jb20+iQE+BBMBAgAoAhsDBgsJCAcDAgYV -CAIJCgsEFgIDAQIeAQIXgAUCV2K1+AUJGB4fQQAKCRCr9b2Ce9m/YloaB/9XGrol -kocm7l/tsVjaBQCteXKuwsm4XhCuAQ6YAwA1L1UheGOG/aa2xJvrXE8X32tgcTjr -KoYoXWcdxaFjlXGTt6jV85qRguUzvMOxxSEM2Dn115etN9piPl0Zz+4rkx8+2vJG -F+eMlruPXg/zd88NvyLq5gGHEsFRBMVufYmHtNfcp4okC1klWiRIRSdp4QY1wdrN -1O+/oCTl8Bzy6hcHjLIq3aoumcLxMjtBoclc/5OTioLDwSDfVx7rWyfRhcBzVbwD -oe/PD08AoAA6fxXvWjSxy+dGhEaXoTHjkCbz/l6NxrK3JFyauDgU4K4MytsZ1HDi -MgMW8hZXxszoICTTiQEcBBABAgAGBQJOTkelAAoJEKZP1bF62zmo79oH/1XDb29S -YtWp+MTJTPFEwlWRiyRuDXy3wBd/BpwBRIWfWzMs1gnCjNjk0EVBVGa2grvy9Jtx -JKMd6l/PWXVucSt+U/+GO8rBkw14SdhqxaS2l14v6gyMeUrSbY3XfToGfwHC4sa/ -Thn8X4jFaQ2XN5dAIzJGU1s5JA0tjEzUwCnmrKmyMlXZaoQVrmORGjCuH0I0aAFk -RS0UtnB9HPpxhGVbs24xXZQnZDNbUQeulFxS4uP3OLDBAeCHl+v4t/uotIad8v6J -SO93vc1evIje6lguE81HHmJn9noxPItvOvSMb2yPsE8mH4cJHRTFNSEhPW6ghmlf -Wa9ZwiVX5igxcvaIRgQQEQIABgUCTk5b0gAKCRDs8OkLLBcgg1G+AKCnacLb/+W6 -cflirUIExgZdUJqoogCeNPVwXiHEIVqithAM1pdY/gcaQZmIRgQQEQIABgUCTk5f -YQAKCRCpN2E5pSTFPnNWAJ9gUozyiS+9jf2rJvqmJSeWuCgVRwCcCUFhXRCpQO2Y -Va3l3WuB+rgKjsQ= -=EWWI ------END PGP PUBLIC KEY BLOCK----- diff --git a/provision/core/nginx/provision.sh b/provision/core/nginx/provision.sh index ee162bf55..7d0f74a8b 100644 --- a/provision/core/nginx/provision.sh +++ b/provision/core/nginx/provision.sh @@ -13,15 +13,20 @@ function nginx_register_apt_sources() { fi } vvv_add_hook register_apt_sources nginx_register_apt_sources - function nginx_register_apt_keys() { # Before running `apt-get update`, we should add the public keys for # the packages that we are installing from non standard sources via # our appended apt source.list + if vvv_apt_keys_has '573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62'; then + # Retrieve the Nginx signing key from nginx.org + vvv_info " * Replacing expired Nginx signing key..." + apt-key add /srv/provision/core/nginx/apt-keys/nginx-archive-keyring.gpg + fi + if ! vvv_apt_keys_has 'nginx'; then # Retrieve the Nginx signing key from nginx.org - vvv_info " * Applying Nginx signing key..." - apt-key add /srv/provision/core/nginx/apt-keys/nginx_signing.key + vvv_info " * Adding Nginx signing key..." + apt-key add /srv/provision/core/nginx/apt-keys/nginx-archive-keyring.gpg fi } vvv_add_hook register_apt_keys nginx_register_apt_keys