This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Evergreen ILS". The branch, rel_3_13 has been updated via 7d2ab9256f91c260b7d9bd83a7c33cb934424533 (commit) from 7d87cf9fafb85907cbdad05234be2eddb15736d7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7d2ab9256f91c260b7d9bd83a7c33cb934424533 Author: Jason Boyer <> Date: Mon Feb 3 16:23:48 2025 -0500 LP2097313: Keep PostgreSQL's key in another pocket It's not considered good practice to use /etc/apt/trusted.gpg.d/ to store locally managed keys because this causes them to be trusted to sign any package in any repository. For our use-case (see [1]) /etc/apt/keyrings is preferred. [1] https://wiki.debian.org/DebianRepository/UseThirdParty#line-16 Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org> Signed-off-by: Chris Sharp <csharp@georgialibraries.org> diff --git a/Open-ILS/src/extras/install/Makefile.debian b/Open-ILS/src/extras/install/Makefile.debian index a74c1dc443..752e455ba8 100644 --- a/Open-ILS/src/extras/install/Makefile.debian +++ b/Open-ILS/src/extras/install/Makefile.debian @@ -34,15 +34,16 @@ debian_sys_config: # Adding this for installing versions from PostgreSQL community apt source debian_postgresql_repo: if test -z "$$(grep -R postgresql.org /etc/apt/)" ; then \ + mkdir -p --mode 0755 /etc/apt/keyrings ; \ + wget --quiet -O /etc/apt/keyrings/pgdg.asc https://www.postgresql.org/media/keys/ACCC4CF8.asc ; \ if test "$(RELEASE_CODENAME)" = "buster" ; then \ $(APT_TOOL) install apt-transport-https ; \ - echo "deb [signed-by=/etc/apt/trusted.gpg.d/pgdg.asc] https://apt-archive.postgresql.org/pub/repos/apt/ $(RELEASE_CODENAME)-pgdg main" \ + echo "deb [signed-by=/etc/apt/keyrings/pgdg.asc] https://apt-archive.postgresql.org/pub/repos/apt/ $(RELEASE_CODENAME)-pgdg main" \ > /etc/apt/sources.list.d/pgdg.list; \ else \ - echo "deb [signed-by=/etc/apt/trusted.gpg.d/pgdg.asc] http://apt.postgresql.org/pub/repos/apt/ $(RELEASE_CODENAME)-pgdg main" \ + echo "deb [signed-by=/etc/apt/keyrings/pgdg.asc] http://apt.postgresql.org/pub/repos/apt/ $(RELEASE_CODENAME)-pgdg main" \ > /etc/apt/sources.list.d/pgdg.list; \ fi ; \ - wget --quiet -O /etc/apt/trusted.gpg.d/pgdg.asc https://www.postgresql.org/media/keys/ACCC4CF8.asc ; \ $(APT_TOOL) update ; \ fi ----------------------------------------------------------------------- Summary of changes: Open-ILS/src/extras/install/Makefile.debian | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) hooks/post-receive -- Evergreen ILS