Core Update 166: Drop old 2007 Pakfire key, and remove it from existing installations

It is not necessary to have this key present on IPFire systems anymore, since it has not been in use for years, and we can expect systems to be sufficiently up-to-date, so they no longer need to rely on old updates or add-ons signed with this key. Also, given the current key was generated in 2018, we should consider a Pakfire key rollover soon. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-09 18:45:54 +02:00 · 2022-03-21 11:44:48 +00:00
parent 1af1ea5585
commit 219a998412
5 changed files with 7 additions and 35 deletions
--- a/config/rootfiles/common/pakfire
+++ b/config/rootfiles/common/pakfire
@@ -6,7 +6,6 @@ opt/pakfire/db/rootfiles
 #opt/pakfire/etc
 #opt/pakfire/pakfire.conf
 opt/pakfire/etc/pakfire.conf
-opt/pakfire/pakfire-2007.key
 opt/pakfire/pakfire-2018.key
 #opt/pakfire/lib
 opt/pakfire/lib/functions.pl
--- a/config/rootfiles/core/166/filelists/files
+++ b/config/rootfiles/core/166/filelists/files
@@ -1,5 +1,6 @@
 etc/inittab.d
 etc/rc.d/init.d/firewall
+etc/rc.d/init.d/pakfire
 srv/web/ipfire/cgi-bin/connections.cgi
 srv/web/ipfire/cgi-bin/ids.cgi
 usr/lib/firewall/rules.pl
--- a/config/rootfiles/core/166/update.sh
+++ b/config/rootfiles/core/166/update.sh
@@ -34,11 +34,17 @@ done
 # Remove files
 rm -vf \
 	/etc/dracut.conf \
+	/opt/pakfire/pakfire-2007.key \
 	/usr/bin/mkinitrd \
 	/usr/lib/dracut \
 	/usr/local/bin/ovpn-ccd-convert \
 	/usr/local/bin/rebuild-initrd

+# Delete old 2007 Pakfire key from GPG keyring
+export GNUPGHOME="/opt/pakfire/etc/.gnupg"
+gpg --batch --yes --delete-keys 179740DC4D8C47DC63C099C74BDE364C64D96617
+unset GNUPGHOME
+
 # Stop services

 # Extract files
--- a/src/initscripts/system/pakfire
+++ b/src/initscripts/system/pakfire
@@ -29,9 +29,6 @@ case "${1}" in
 		boot_mesg "Setting up Pakfire Package Manager..."
 		gpg --import /opt/pakfire/pakfire-2018.key &>/dev/null
 		evaluate_retval
-
-		# Try to import the old key, too
-		gpg --import /opt/pakfire/pakfire-2007.key &>/dev/null
 		;;

 	*)
--- a/src/pakfire/pakfire-2007.key
+++ b/src/pakfire/pakfire-2007.key
@@ -1,31 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQGiBEYssZ8RBACcbHcYW+gPbjPFxv4ImlK1FgXV3s65Nnu7V9kghB7AZXterMVM
-rZ87sNEw6J3JT32k0e9iBukA1QrshPg3c/mL+2/lMvvxsUW19rj/8ZBCCnP1Svgq
-9q0OSJfadbm9b6Ndj06D/3EM+VpY5aI7XgNenh7ZcDbY9m8YDPdu0OF9uwCgltJS
-+Pzjr16bJ/VnI549LfIG2KkEAJZWQmLQSXbl4VVEOSyaaJN8ugGBnZtnaL6IBE9K
-0FHoZU3GaEOP6L3IUHUzyWsrpC/G44hGPC3xIbr5VG3sJ6hUc3J2rjx1clFdyN6A
-bte9EWk1HkRFdaMfDn86vhIjn7znHU4cbvQLIpgB12+y2P/ydqLwyuyf6rV1JEWk
-pSXpA/91LnlvICvqompSmrpLKpb+DSe59tr/r5GI36VNnqWt32InmF0N2ceLwG1F
-K62M4Tf5/OZOg5m3uoTTHWf355+7NJjyPzT+DYbsuK56TNd/cFPeVdisdteeuINj
-3DIC/8H9Y7mvYMAoSNtdA74JrdzGiqH2zSTB/oa/nwDXFekrq7Q2TWljaGFlbCBU
-cmVtZXIgKFBha2ZpcmUgU2lnbmluZyBLZXkpIDxwYWtzQGlwZmlyZS5vcmc+iFoE
-ExECABoFAkYssZ8CGwMCCwIDFQIDAxYCAQIeAQIXgAAKCRBL3jZMZNlmF0pBAJ95
-S5xzasjMQLpvOWA9E4JG3YJasQCfbNpdZXbZHr7Io7hLR9iJ+OhybfuIawQQEQIA
-KwUCRi3ByAWDAeKFAB4aaHR0cDovL3d3dy5jYWNlcnQub3JnL2Nwcy5waHAACgkQ
-0rsNAWXQ/VjJhQCfUQh+9wPAlyQVb9gYZ5zgHfqDY1MAn2T/VXH2+acwC4O3oV1W
-Ni36NNRpuQINBEYsuJoQCAC6wq4ZMtWRGF/GeTd9l7boo40ulBth8Wr+IBK38XYv
-5s+WLiTuuTCM8Thq4eY3MOfO+VXhjQen1S2e8WiZq+c55pDDAKXvBFmVNKcgkK7C
-1AW85kY86aspoAK3/vi2pghlXAysTKSoW+WfoCbASDheEJopOkIMehdroraI2zTM
-y8AEk+TnbRPzoFNBEYwr3J1GlkegtU3mIPpALDfpL4+HoCgS+7SfAvIlG//C+4W/
-oI/VOYHDdM5zR1av/pVZGpUK4Ao/JBxXMaqsbiP43KytbNuMRsZ+sFDs/ZtmHf1z
-6AQ8mnxU0klT4ppU8Nl3hSVcvRacm6wBTvvGEqjkApkPAAMFCACKWJVpzcVAdOMP
-aB08qJ+GPSSgxspaSoFPjVN307Pr1Di/ZriC/UVNrq/eUHEIvC1zIx+t3O109qVH
-RMWbfCj+4/OBHJ4Ik3Nc5/8v6zaGwixJrkjohF8QLwodqazrjc+W3VsQ5jwfPpLe
-DFpd3xHhj5zhXQKN0tCCk435Q/58aMQCK75St3/ymP6NGaE2s7dsXU/BwndgfxJu
-Yz8LEK6phJ2t0jBiJJgcjWkoBkq8MhI6wKW6uDU4B/KKGHHLuZHg1ZKum8ASMcti
-S980DlSJyfLJnUIio5F/u/csug8bHKq5pA1x+wmsUBhuH66aosNJuz35Bl4nW365
-PoahYtQBiEkEGBECAAkFAkYsuJsCGwwACgkQS942TGTZZheq7ACfTrW5OaZOhrwt
-Jr+xgdjSFRrT14cAnjkEj51RQsP7LS5UTm+yce2olHDp
-=hYb3
-----END PGP PUBLIC KEY BLOCK-----