|
Server : Apache System : Linux ecngx264.inmotionhosting.com 4.18.0-553.77.1.lve.el8.x86_64 #1 SMP Wed Oct 8 14:21:00 UTC 2025 x86_64 User : lonias5 ( 3576) PHP Version : 7.3.33 Disable Function : NONE Directory : /usr/lib/influxdata-archive-keyring/ |
Upload File : |
#!/usr/bin/sh
set -e
# NOTICE: This file was installed by "influxdata-archive-keyring".
# This package is optional; InfluxData software will continue to
# work without it. If you prefer to rely on rpm to download keys
# automatically, you can safely uninstall this package and
# configure 'gpgkey' to point to:
#
# https://repos.influxdata.com/influxdata-archive.key
#
# This package is intended to make key rotation seamless
# as gpg keys expire.
get_rpm_version() {
# rpm - fedora, centos, etc
# rpm-ndb - suse
for package in \
rpm \
rpm-ndb
do
if rpm -q "${package}" 1>/dev/null 2>&1 ; then
# Unfortunately, `rpm -q` writes "package is not installed" to `stdout`
# instead of `stderr`. So, this ensures that the package exists before
# retrieving the package version.
rpm -q --queryformat '%{VERSION}' "${package}"
return 0
fi
done
# no known package provides `rpm`
exit 1
}
is_subkey_supported() {
get_rpm_version | (
IFS='.' read -r major \
minor \
patch
# shellcheck disable=SC1083
[ "${major}" -gt 4 ] || \
{ [ "${major}" -eq 4 ] && [ "${minor}" -gt 12 ]; } || \
{ [ "${major}" -eq 4 ] && [ "${minor}" -eq 12 ] && [ "${patch}" -ge 90 ]; }
)
}
is_compat() {
case "${1}" in
*_compat.asc) return 0 ;;
*) return 1 ;;
esac
}
repo_matches_checksum() {
# 1 -> directory
# 2 -> target
# 6262c97fa - 2025-10-07 - influxdata.repo
# b35f8a03e - 2025-10-07 - influxdata_compat.repo
# 30e721391 - 2025-12-08 - docs.influxdata.com instructions non-compat
# 913a4e2da - 2025-12-08 - docs.influxdata.com instructions compat
# 1b71f42ac - 2025-12-08 - influxdata.repo (updated message)
# 8ed43565c - 2025-12-08 - influxdata_compat.repo (updated message)
# 3453e3fff - 2025-12-22 - docs.influxdata.com new instructions non-compat
# 674160c21 - 2025-12-22 - docs.influxdata.com new instructions compat (old)
# 109f8a41f - 2025-12-22 - docs.influxdata.com new instructions compat (new)
# d15095311 - 2025-12-22 - docs.influxdata.com new instructions compat (both)
for checksum in \
6262c97fab67eb921370e1de1aebe345880bfac3cdebb4e576f088a4897c9e90 \
b35f8a03e20e6942e0eb4f1cfc2114c44bbf936d496dad6695f793426fc71258 \
30e721391fecdb9d95b4af59752ac2abecfef365f430bab3167335b118828344 \
913a4e2da14829360b22bc825163e8c390edbf79ba0d8beeaef8d093780e9e10 \
1b71f42ac0f9a8f6947a7af1542dfaebb7205156c98338ea744128c3be88d6c9 \
8ed43565c67a98a58797422d8b80aa6b4daf1956a2cb191bf48c408a78a1d92a \
3453e3fff4d33f93b2b99ff5ad210003eebc9eea2cde2f22b5b330a53143a095 \
674160c21aa54798897790aef05476190b07495958f4f6be1bbc71bde4c7e82e \
109f8a41fa17abef49400d59ad08c1fc042ac3c07d4a1a5fe9a98d805decc4f8 \
d15095311441cca8247e0493d3d1cd36171796a1928285593c21861b4f962119
do
if sha256sum "${1}/${2}" | grep -q "${checksum}" ; then
return 0
fi
done
return 1
}
repo_can_be_upgraded() {
# 1 -> directory
# 2 -> target
if [ ! -d "${1}" ] ; then
return 1
fi
STAMP_DIR="/var/lib/influxdata-archive-keyring"
STAMP_OTHER="$STAMP_DIR/stamp.other_repo"
if [ ! -f "${1}/${2}" ] ; then
if grep -qr repos.influxdata.com "${1}" ; then
if [ ! -f "$STAMP_OTHER" ]; then
test -d "$STAMP_DIR" && touch "$STAMP_OTHER"
cat <<EOF 1>&2 || true
W: Not updating "${1}/${2}".
W: The influxdata-archive-keyring package manages the "${2}" file,
W: but another file configures the system to use "repos.influxdata.com". To
W: have influxdata-archive-keyring manage "repos.influxdata.com", remove the
W: other file and run:
W: /usr/lib/influxdata-archive-keyring/influxdata-keyring upgrade
EOF
fi
return 1
fi
rm -f "$STAMP_OTHER"
return 0
fi
STAMP_OUR="$STAMP_DIR/stamp.influxdata_repo"
if ! repo_matches_checksum "${1}" "${2}" ; then
if [ ! -f "$STAMP_OUR" ]; then
test -d "$STAMP_DIR" && touch "$STAMP_OUR"
cat <<EOF 1>&2 || true
W: Not updating "${1}/${2}" which has been modified.
W: This file is managed by influxdata-archive-keyring, but it contains
W: modifications. To restore managed behavior, remove this file and run:
W: /usr/lib/influxdata-archive-keyring/influxdata-keyring upgrade
EOF
fi
return 1
fi
rm -f "$STAMP_OUR"
return 0
}
repo_can_be_removed() {
# 1 -> directory
# 2 -> target
if [ ! -f "${1}/${2}" ] ; then
return 1
fi
if ! repo_matches_checksum "${1}" "${2}" ; then
echo 'I: Not removing "'"${1}/${2}"'" (has modifications)' 1>&2
return 1
fi
return 0
}
repo_upgrade() {
# 1 -> directory
# 2 -> target
if ! is_subkey_supported ; then
cp -v /usr/share/influxdata-archive-keyring/influxdata_compat.repo "${1}/${2}"
else
cp -v /usr/share/influxdata-archive-keyring/influxdata.repo "${1}/${2}"
fi
}
if [ "${1}" = upgrade ] ; then
for key in /usr/share/influxdata-archive-keyring/keyrings/*.asc ; do
# "key" expands to the original glob pattern if no matching
# files are found. Therefore, this ensures that the file
# actually exists before importing it into rpmkeys.
if [ -f "${key}" ] ; then
# If this version of rpm does not support subkeys, only
# import the compatibility keys. The compatibility keys
# were created by exporting the public signing keys
# from the master key.
if ! is_subkey_supported ; then
if is_compat "${key}" ; then
rpmkeys -v --import "${key}"
fi
else
if ! is_compat "${key}" ; then
rpmkeys -v --import "${key}"
fi
fi
fi
done
if repo_can_be_upgraded /etc/zypp/repos.d influxdata.repo ; then
repo_upgrade /etc/zypp/repos.d influxdata.repo
fi
if repo_can_be_upgraded /etc/yum.repos.d influxdata.repo ; then
repo_upgrade /etc/yum.repos.d influxdata.repo
fi
fi
if [ "${1}" = remove ] ; then
if repo_can_be_removed /etc/zypp/repos.d influxdata.repo ; then
rm -v /etc/zypp/repos.d/influxdata.repo
fi
if repo_can_be_removed /etc/yum.repos.d influxdata.repo ; then
rm -v /etc/yum.repos.d/influxdata.repo
fi
fi