Improve apt key security and always install sngrep from official (#416)
* Improve apt key security and always install sngrep from official * Correct PHP GPG key file path
This commit is contained in:
demonspork
GitHub
parent
d1b75cc405
commit
9601ff7db8
|
|
@ -39,41 +39,41 @@ else
|
|||
apt-get -y install apt-transport-https lsb-release ca-certificates
|
||||
|
||||
if [ ."$os_codename" = ."jessie" ]; then
|
||||
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
|
||||
sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
|
||||
wget -O - https://packages.sury.org/php/apt.gpg | gpg --dearmor -o /etc/apt/keyrings/php.gpg
|
||||
sh -c 'echo "deb [signed-by=/etc/apt/keyrings/php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
|
||||
fi
|
||||
if [ ."$os_codename" = ."stretch" ]; then
|
||||
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
|
||||
sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
|
||||
wget -O - https://packages.sury.org/php/apt.gpg | gpg --dearmor -o /etc/apt/keyrings/php.gpg
|
||||
sh -c 'echo "deb [signed-by=/etc/apt/keyrings/php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
|
||||
fi
|
||||
if [ ."$os_codename" = ."buster" ]; then
|
||||
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
|
||||
wget -O - https://packages.sury.org/php/apt.gpg | gpg --dearmor -o /etc/apt/keyrings/php.gpg
|
||||
sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
|
||||
fi
|
||||
if [ ."$os_codename" = ."bullseye" ]; then
|
||||
if [ ."$php_version" = ."8.1" ]; then
|
||||
/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
|
||||
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/trusted.gpg.d/sury-php-8.x.gpg
|
||||
/usr/bin/sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
|
||||
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
|
||||
/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
|
||||
fi
|
||||
if [ ."$php_version" = ."8.2" ]; then
|
||||
/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
|
||||
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/trusted.gpg.d/sury-php-8.x.gpg
|
||||
/usr/bin/sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
|
||||
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
|
||||
/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
|
||||
fi
|
||||
fi
|
||||
if [ ."$os_codename" = ."bookworm" ]; then
|
||||
if [ ."$php_version" = ."8.1" ]; then
|
||||
/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
|
||||
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/trusted.gpg.d/sury-php-8.x.gpg
|
||||
/usr/bin/chmod 644 /etc/apt/trusted.gpg.d/sury-php-8.x.gpg
|
||||
/usr/bin/sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
|
||||
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
|
||||
/usr/bin/chmod 644 /etc/apt/keyrings/sury-php-8.x.gpg
|
||||
/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/sury-php-8.x.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
|
||||
fi
|
||||
if [ ."$php_version" = ."8.2" ]; then
|
||||
/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
|
||||
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/trusted.gpg.d/sury-php-8.x.gpg
|
||||
/usr/bin/chmod 644 /etc/apt/trusted.gpg.d/sury-php-8.x.gpg
|
||||
/usr/bin/sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
|
||||
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
|
||||
/usr/bin/chmod 644 /etc/apt/keyrings/sury-php-8.x.gpg
|
||||
/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/sury-php-8.x.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -28,9 +28,9 @@ fi
|
|||
|
||||
#postgres official repository
|
||||
if [ ."$database_repo" = ."official" ]; then
|
||||
sh -c 'echo "deb [signed-by=/etc/apt/trusted.gpg.d/pgdg.gpg] http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
|
||||
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /etc/apt/trusted.gpg.d/pgdg.gpg
|
||||
chmod 644 /etc/apt/trusted.gpg.d/pgdg.gpg
|
||||
sh -c 'echo "deb [signed-by=/etc/apt/keyrings/pgdg.gpg] http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
|
||||
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /etc/apt/keyrings/pgdg.gpg
|
||||
chmod 644 /etc/apt/keyrings/pgdg.gpg
|
||||
apt-get update && apt-get upgrade -y
|
||||
if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then
|
||||
if [ ."$database_version" = ."latest" ]; then
|
||||
|
|
|
|||
|
|
@ -18,10 +18,8 @@ if [ ."$cpu_architecture" = ."arm" ]; then
|
|||
cd /usr/src/sngrep && make install
|
||||
else
|
||||
#package install
|
||||
if [ ."$os_codename" = ."jessie" ]; then
|
||||
echo "deb http://packages.irontec.com/debian $os_codename main" > /etc/apt/sources.list.d/sngrep.list
|
||||
wget http://packages.irontec.com/public.key -q -O - | apt-key add -
|
||||
fi
|
||||
echo "deb [signed-by=/etc/apt/keyrings/irontec.gpg] http://packages.irontec.com/debian $os_codename main" > /etc/apt/sources.list.d/sngrep.list
|
||||
wget http://packages.irontec.com/public.key -q -O - | gpg --dearmor -o /etc/apt/keyrings/irontec.gpg
|
||||
apt-get update
|
||||
apt-get install -y sngrep
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -19,10 +19,10 @@ if [ ."$cpu_architecture" = ."x86" ]; then
|
|||
echo "deb-src [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
|
||||
fi
|
||||
if [ ."$cpu_architecture" = ."arm" ]; then
|
||||
wget --http-user=signalwire --http-password=$switch_token -O - https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/freeswitch_archive_g0.pub | apt-key add -
|
||||
wget --http-user=signalwire --http-password=$switch_token -O /usr/share/keyrings/signalwire-freeswitch-repo.gpg https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/freeswitch_archive_g0.pub
|
||||
echo "machine freeswitch.signalwire.com login signalwire password $switch_token" > /etc/apt/auth.conf
|
||||
echo "deb https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
|
||||
echo "deb-src https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
|
||||
echo "deb [signed-by=/etc/apt/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
|
||||
echo "deb-src [signed-by=/etc/apt/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
|
||||
fi
|
||||
|
||||
apt-get update
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ if [ ."$cpu_architecture" = ."x86" ]; then
|
|||
echo "deb-src [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
|
||||
fi
|
||||
if [ ."$cpu_architecture" = ."arm" ]; then
|
||||
wget -O - https://files.freeswitch.org/repo/deb/rpi/debian-release/freeswitch_archive_g0.pub | apt-key add -
|
||||
echo "deb http://files.freeswitch.org/repo/deb/rpi/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
|
||||
echo "deb-src http://files.freeswitch.org/repo/deb/rpi/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
|
||||
wget --http-user=signalwire --http-password=$switch_token -O /usr/share/keyrings/signalwire-freeswitch-repo.gpg https://files.freeswitch.org/repo/deb/rpi/debian-release/freeswitch_archive_g0.pub
|
||||
echo "deb [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] http://files.freeswitch.org/repo/deb/rpi/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
|
||||
echo "deb-src [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] http://files.freeswitch.org/repo/deb/rpi/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -34,8 +34,8 @@ cd "$(dirname "$0")"
|
|||
if [ ."$php_version" = ."8.2" ]; then
|
||||
#add a repo for php 8.x
|
||||
/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
|
||||
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/trusted.gpg.d/sury-php-8.x.gpg
|
||||
/usr/bin/sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
|
||||
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
|
||||
/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
|
||||
/usr/bin/apt-get update
|
||||
|
||||
#install php 8.2
|
||||
|
|
@ -50,8 +50,8 @@ fi
|
|||
if [ ."$php_version" = ."8.1" ]; then
|
||||
#add a repo for php 7.x
|
||||
/usr/bin/apt -y install apt-transport-https lsb-release ca-certificates curl wget gnupg2
|
||||
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/trusted.gpg.d/sury-php-8.x.gpg
|
||||
/usr/bin/sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
|
||||
/usr/bin/wget -qO- https://packages.sury.org/php/apt.gpg | gpg --dearmor > /etc/apt/keyrings/sury-php-8.x.gpg
|
||||
/usr/bin/sh -c 'echo "deb [signed-by=/etc/apt/keyrings/php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
|
||||
/usr/bin/apt-get update
|
||||
|
||||
#install php 8.1
|
||||
|
|
|
|||
|
|
@ -19,10 +19,10 @@ if [ ."$cpu_architecture" = ."x86" ]; then
|
|||
echo "deb-src [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ ${os_codename_debian} main" >> /etc/apt/sources.list.d/freeswitch.list
|
||||
fi
|
||||
if [ ."$cpu_architecture" = ."arm" ]; then
|
||||
wget --http-user=signalwire --http-password=$switch_token -O - https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/freeswitch_archive_g0.pub | apt-key add -
|
||||
wget --http-user=signalwire --http-password=$switch_token -O /usr/share/keyrings/signalwire-freeswitch-repo.gpg https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/freeswitch_archive_g0.pub
|
||||
echo "machine freeswitch.signalwire.com login signalwire password $switch_token" > /etc/apt/auth.conf
|
||||
echo "deb https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/ ${os_codename_debian} main" > /etc/apt/sources.list.d/freeswitch.list
|
||||
echo "deb-src https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/ ${os_codename_debian} main" >> /etc/apt/sources.list.d/freeswitch.list
|
||||
echo "deb [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/ ${os_codename_debian} main" > /etc/apt/sources.list.d/freeswitch.list
|
||||
echo "deb-src [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/rpi/debian-release/ ${os_codename_debian} main" >> /etc/apt/sources.list.d/freeswitch.list
|
||||
fi
|
||||
|
||||
apt-get update
|
||||
|
|
|
|||
|
|
@ -24,8 +24,8 @@ fi
|
|||
|
||||
#postgres official repository
|
||||
if [ ."$database_repo" = ."official" ]; then
|
||||
sh -c 'echo "deb [signed-by=/etc/apt/trusted.gpg.d/pgdg.gpg] http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
|
||||
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /etc/apt/trusted.gpg.d/pgdg.gpg
|
||||
sh -c 'echo "deb [signed-by=/etc/apt/keyrings/pgdg.gpg] http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
|
||||
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /etc/apt/keyrings/pgdg.gpg
|
||||
apt-get update && apt-get upgrade -y
|
||||
if [ ."$database_host" = ."127.0.0.1" ] || [ ."$database_host" = ."::1" ] ; then
|
||||
if [ ."$database_version" = ."latest" ]; then
|
||||
|
|
|
|||
Loading…
Reference in New Issue