From 301c60d8243f0677a79e578b569e300c200bffb0 Mon Sep 17 00:00:00 2001 From: Kayla Washburn-Love Date: Tue, 12 Mar 2024 13:58:40 -0600 Subject: [PATCH] chore(dogfood): add fish and helix ppa packages to dogfood (#12568) --- dogfood/Dockerfile | 41 ++++----- dogfood/files/etc/apt/preferences.d/ppa | 20 +++-- dogfood/files/etc/apt/sources.list.d/ppa.list | 8 +- .../files/usr/share/keyrings/fish-shell.gpg | Bin 0 -> 371 bytes dogfood/files/usr/share/keyrings/helix.gpg | Bin 0 -> 1155 bytes dogfood/update-keys.sh | 82 ++++++++++-------- 6 files changed, 89 insertions(+), 62 deletions(-) create mode 100644 dogfood/files/usr/share/keyrings/fish-shell.gpg create mode 100644 dogfood/files/usr/share/keyrings/helix.gpg diff --git a/dogfood/Dockerfile b/dogfood/Dockerfile index b6655ec2ae..c2899a48c0 100644 --- a/dogfood/Dockerfile +++ b/dogfood/Dockerfile @@ -96,22 +96,34 @@ COPY files / ARG DEBIAN_FRONTEND="noninteractive" RUN apt-get update --quiet && apt-get install --yes \ + ansible \ apt-transport-https \ apt-utils \ + asciinema \ bash \ bash-completion \ bats \ bind9-dnsutils \ build-essential \ ca-certificates \ + cargo \ cmake \ + containerd.io \ crypto-policies \ curl \ + docker-ce \ + docker-ce-cli \ + docker-compose-plugin \ fd-find \ file \ + fish \ + gettext-base \ git \ gnupg \ + google-cloud-sdk \ + google-cloud-sdk-datastore-emulator \ graphviz \ + helix \ htop \ httpie \ inetutils-tools \ @@ -119,50 +131,39 @@ RUN apt-get update --quiet && apt-get install --yes \ iputils-ping \ iputils-tracepath \ jq \ + kubectl \ language-pack-en \ less \ + libssl-dev \ lsb-release \ man \ meld \ + ncdu \ + neovim \ net-tools \ openjdk-11-jdk-headless \ openssh-server \ openssl \ - libssl-dev \ + packer \ pkg-config \ + postgresql-13 \ python3 \ python3-pip \ rsync \ + screen \ shellcheck \ strace \ sudo \ tcptraceroute \ termshark \ traceroute \ + unzip \ vim \ wget \ xauth \ zip \ - ncdu \ - cargo \ - asciinema \ zsh \ - ansible \ - neovim \ - google-cloud-sdk \ - google-cloud-sdk-datastore-emulator \ - kubectl \ - postgresql-13 \ - containerd.io \ - docker-ce \ - docker-ce-cli \ - docker-compose-plugin \ - packer \ - fish \ - unzip \ - zstd \ - screen \ - gettext-base && \ + zstd && \ # Delete package cache to avoid consuming space in layer apt-get clean && \ # Configure FIPS-compliant policies diff --git a/dogfood/files/etc/apt/preferences.d/ppa b/dogfood/files/etc/apt/preferences.d/ppa index ca3732cd83..9e8e85724f 100644 --- a/dogfood/files/etc/apt/preferences.d/ppa +++ b/dogfood/files/etc/apt/preferences.d/ppa @@ -8,6 +8,21 @@ Package: ansible-base Pin: origin ppa.launchpad.net Pin-Priority: 500 +# Fish +Package: fish +Pin: origin ppa.launchpad.net +Pin-Priority: 500 + +# Git +Package: git +Pin: origin ppa.launchpad.net +Pin-Priority: 500 + +# Helix +Package: helix +Pin: origin ppa.launchpad.net +Pin-Priority: 500 + # Neovim Package: neovim Pin: origin ppa.launchpad.net @@ -17,8 +32,3 @@ Pin-Priority: 500 Package: neovim-runtime Pin: origin ppa.launchpad.net Pin-Priority: 500 - -# Git -Package: git -Pin: origin ppa.launchpad.net -Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/sources.list.d/ppa.list b/dogfood/files/etc/apt/sources.list.d/ppa.list index fcb27d2bd7..a0d67bd178 100644 --- a/dogfood/files/etc/apt/sources.list.d/ppa.list +++ b/dogfood/files/etc/apt/sources.list.d/ppa.list @@ -1,3 +1,9 @@ deb [signed-by=/usr/share/keyrings/ansible.gpg] https://ppa.launchpadcontent.net/ansible/ansible/ubuntu jammy main -deb [signed-by=/usr/share/keyrings/neovim.gpg] https://ppa.launchpadcontent.net/neovim-ppa/stable/ubuntu jammy main + +deb [signed-by=/usr/share/keyrings/fish-shell.gpg] https://ppa.launchpadcontent.net/fish-shell/release-3/ubuntu/ jammy main + deb [signed-by=/usr/share/keyrings/git-core.gpg] https://ppa.launchpadcontent.net/git-core/ppa/ubuntu jammy main + +deb [signed-by=/usr/share/keyrings/helix.gpg] https://ppa.launchpadcontent.net/maveonair/helix-editor/ubuntu/ jammy main + +deb [signed-by=/usr/share/keyrings/neovim.gpg] https://ppa.launchpadcontent.net/neovim-ppa/stable/ubuntu jammy main diff --git a/dogfood/files/usr/share/keyrings/fish-shell.gpg b/dogfood/files/usr/share/keyrings/fish-shell.gpg new file mode 100644 index 0000000000000000000000000000000000000000..58ed31417d174aa9af164185a087044442ff9de0 GIT binary patch literal 371 zcmV-(0gV2}jRaB@HlYCo0I^imuEf@EC7SG5Us&{JOvi~Jq2S6_4t`8Yim4!)MoUQW0AY4IOR6TIeubeTC`N9`^%%*ui(92d&Y06o=zRSG zEu0ObJTtM-Uv`iOG^@0|YnIQc2)@Hy!bZS49GICtXVVGPgQP{00GS?Oks6y zV`y+;WFSybK_F&tav(-&b7&xQXk~0{AZ=l3ZggR3Ze?y7>PL} z)`;!)Y%C*iYH`*R+)TdSNrSwYvNA)VtlDyDBy7BV5$y;&Ujmd=`KJMt^Jc$W^uqCwyGULbHXcyS^i>AHHuYNG$;&v R69qdjViXA|p;^rN_OJ1#m;?X- literal 0 HcmV?d00001 diff --git a/dogfood/files/usr/share/keyrings/helix.gpg b/dogfood/files/usr/share/keyrings/helix.gpg new file mode 100644 index 0000000000000000000000000000000000000000..c4dd02d15798f43b248bee6f410611ad0bca0a43 GIT binary patch literal 1155 zcmV-}1bq9(!A%5Xwc5`C5CE4itXv#3slfO%wf2hb>@W(TpZ;YlmqGui0=fV8D9uz4 zy82A9)DgP%UyS?d=DM+J#6J8IGL|^P)h-#8^Ew|ji6e+XcVA^YT{=BV&0nRh@cFga z&(|7~FSj`2%e?Nk2Z7ohqn7B+_%09|2TF z4N7KhxFc{2Lc>nt)z@srM!VOo{wu_?F5$;*rHdyO63{IfK&$mlD|AQ;t(^`)!t^vz zg4PmvWaaHZWrJWXxk4DlW4%!?7i4y`?yS^uLhe=}dq-Bru!+XnS6ke$u;N%~^7=%& zHb2#vzz34`rh$+vjIY&+2QrMavxck!AqY?21PvE2+X))6$)j9|>WFtP=~>vVJTzqa zj!byoDQ~i3EsV}hH`o$_o0tg6=+a0;H1Osxce*PSZN^O9i*aPkNL^ZeBCz2{n7Dhu zAo-4gO+G?KW`FIV(fr&6(L0^7irDcBFHK*%3#}%cOrN&2k0Z|J3Lo;GcjVQ8;FD=}W?Eg&_C;o}9B%2{ z6Tqcyjo1N_b*5^|ISrs=pzZ<$)ms4Q{3Bc#1swb=bsIBxc0P(D+e+s3A$T!O6l%S> z5%BgB328KkYh?ft0RREbAWUI(ZewV0VPqgsP(dJOZ*m|;VPa`vZXiu%baZTGa>Bum z1QP)Y05}#Q1Se!GpV#rBVf-Z|<271Or4`r6RRscLwc5`D8v_Lk2?z%Q1{Dek2nzxP z76JnS0v-VZ7k~f?2@o|}Po)*t$W_Az5C43HCF5zm?W(DWw>B42OTlaAFEY9_0-&N% zXE0MnN0R-ScDX4G@^gi`VEuS24PnFTl4Yjr9qt-m@BRV8-S&Jta}ITTBr&h}nL9~e z2r4Qp24@fX{8sTvp{aJv;7bN8dMXS800H&SWIn- z9BxT}(Q?XjdI_3_HsT!^-#g^Md2J;jZ=T(6Us8P0 z9|A_at&EAxM`eQX5gjK6>>Hm1cG`QU4ANRAAz465%QW?ac`{B&y203Kfs+vC0U6S0 z@sy@|>S7nx=4%TT;t-5h&-kM2G{xBC%Z24JoTlvKFmR+$wVL(AHjzVI4|UJj0nw4G zs(o@F(wkAhx;@e8M~&qFMKs=#GR}EB2pHsEK*NDu24)nV8JYO1TtWLkYuJ8+x$@%h^E9mK%#4Uyoa?!Eaf`otT+2>PASPH&+S V0`>VKtRbLq5b~iSUfIkILVJ2Z9MAv& literal 0 HcmV?d00001 diff --git a/dogfood/update-keys.sh b/dogfood/update-keys.sh index c2dac58e4b..32ce65e5ca 100755 --- a/dogfood/update-keys.sh +++ b/dogfood/update-keys.sh @@ -16,51 +16,61 @@ gpg_flags=( ) pushd "$PROJECT_ROOT/dogfood/files/usr/share/keyrings" -# Upstream Docker signing key -curl "${curl_flags[@]}" "https://download.docker.com/linux/ubuntu/gpg" | - gpg "${gpg_flags[@]}" --output="docker.gpg" - -# Google Cloud signing key -curl "${curl_flags[@]}" "https://packages.cloud.google.com/apt/doc/apt-key.gpg" | - gpg "${gpg_flags[@]}" --output="google-cloud.gpg" - -# Google Linux Software repository signing key (Chrome) -curl "${curl_flags[@]}" "https://dl.google.com/linux/linux_signing_key.pub" | - gpg "${gpg_flags[@]}" --output="google-chrome.gpg" - -# Microsoft repository signing key (Edge) -curl "${curl_flags[@]}" "https://packages.microsoft.com/keys/microsoft.asc" | - gpg "${gpg_flags[@]}" --output="microsoft.gpg" - -# Upstream PostgreSQL signing key -curl "${curl_flags[@]}" "https://www.postgresql.org/media/keys/ACCC4CF8.asc" | - gpg "${gpg_flags[@]}" --output="postgresql.gpg" - -# NodeSource signing key -curl "${curl_flags[@]}" "https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key" | - gpg "${gpg_flags[@]}" --output="nodesource.gpg" - -# Yarnpkg signing key -curl "${curl_flags[@]}" "https://dl.yarnpkg.com/debian/pubkey.gpg" | - gpg "${gpg_flags[@]}" --output="yarnpkg.gpg" # Ansible PPA signing key curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x6125e2a8c77f2818fb7bd15b93c4a3fd7bb9c367" | gpg "${gpg_flags[@]}" --output="ansible.gpg" -# Neovim signing key -curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x9dbb0be9366964f134855e2255f96fcf8231b6dd" | - gpg "${gpg_flags[@]}" --output="neovim.gpg" +# Upstream Docker signing key +curl "${curl_flags[@]}" "https://download.docker.com/linux/ubuntu/gpg" | + gpg "${gpg_flags[@]}" --output="docker.gpg" -# Hashicorp signing key -curl "${curl_flags[@]}" "https://apt.releases.hashicorp.com/gpg" | - gpg "${gpg_flags[@]}" --output="hashicorp.gpg" +# Fish signing key +curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x59fda1ce1b84b3fad89366c027557f056dc33ca5" | + gpg "${gpg_flags[@]}" --output="fish-shell.gpg" + +# Git-Core signing key +curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xE1DD270288B4E6030699E45FA1715D88E1DF1F24" | + gpg "${gpg_flags[@]}" --output="git-core.gpg" # GitHub CLI signing key curl "${curl_flags[@]}" "https://cli.github.com/packages/githubcli-archive-keyring.gpg" | gpg "${gpg_flags[@]}" --output="github-cli.gpg" -# Git-Core signing key -curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xE1DD270288B4E6030699E45FA1715D88E1DF1F24" | - gpg "${gpg_flags[@]}" --output="git-core.gpg" +# Google Linux Software repository signing key (Chrome) +curl "${curl_flags[@]}" "https://dl.google.com/linux/linux_signing_key.pub" | + gpg "${gpg_flags[@]}" --output="google-chrome.gpg" + +# Google Cloud signing key +curl "${curl_flags[@]}" "https://packages.cloud.google.com/apt/doc/apt-key.gpg" | + gpg "${gpg_flags[@]}" --output="google-cloud.gpg" + +# Hashicorp signing key +curl "${curl_flags[@]}" "https://apt.releases.hashicorp.com/gpg" | + gpg "${gpg_flags[@]}" --output="hashicorp.gpg" + +# Helix signing key +curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x27642b9fd7f1a161fc2524e3355a4fa515d7c855" | + gpg "${gpg_flags[@]}" --output="helix.gpg" + +# Microsoft repository signing key (Edge) +curl "${curl_flags[@]}" "https://packages.microsoft.com/keys/microsoft.asc" | + gpg "${gpg_flags[@]}" --output="microsoft.gpg" + +# Neovim signing key +curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x9dbb0be9366964f134855e2255f96fcf8231b6dd" | + gpg "${gpg_flags[@]}" --output="neovim.gpg" + +# NodeSource signing key +curl "${curl_flags[@]}" "https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key" | + gpg "${gpg_flags[@]}" --output="nodesource.gpg" + +# Upstream PostgreSQL signing key +curl "${curl_flags[@]}" "https://www.postgresql.org/media/keys/ACCC4CF8.asc" | + gpg "${gpg_flags[@]}" --output="postgresql.gpg" + +# Yarnpkg signing key +curl "${curl_flags[@]}" "https://dl.yarnpkg.com/debian/pubkey.gpg" | + gpg "${gpg_flags[@]}" --output="yarnpkg.gpg" + popd