Multiple changes:

- deb: can use ppa as dependency - deb: cross and regular are using parallel nocheck builds - deb: ephemeral will not pull keyring if no root powers
2026-02-06 12:04:25 +01:00
parent 225157be63
commit 8345f51d2f
11 changed files with 233 additions and 16 deletions
--- a/src/apt/keyring.rs
+++ b/src/apt/keyring.rs
@@ -1,14 +1,21 @@
-//! APT keyring management for mmdebstrap
+//! APT keyring management for mmdebstrap and PPA packages
 //!
-//! Provides a simple function to ensure that archive keyrings are available
-//! for mmdebstrap operations by downloading them from specified URLs.
+//! Provides functions to ensure that archive keyrings are available
+//! for mmdebstrap operations and for PPA packages by downloading them.

 use crate::context;
 use crate::distro_info;
+use serde::Deserialize;
 use std::error::Error;
 use std::path::Path;
 use std::sync::Arc;

+/// Launchpad API response structure for PPA information
+#[derive(Deserialize)]
+struct LaunchpadPpaResponse {
+    signing_key_fingerprint: String,
+}
+
 /// Download a keyring into apt trusted.gpg.d directory, trusting that keyring
 pub async fn download_trust_keyring(
    ctx: Option<Arc<context::Context>>,
@@ -56,3 +63,107 @@ pub async fn download_trust_keyring(
    );
    Ok(())
 }
+
+/// Download and import a PPA key using Launchpad API
+///
+/// # Arguments
+/// * `ctx` - Optional context to use
+/// * `ppa_owner` - PPA owner (username)
+/// * `ppa_name` - PPA name
+///
+/// # Returns
+/// Result indicating success or failure
+pub async fn download_trust_ppa_key(
+    ctx: Option<Arc<context::Context>>,
+    ppa_owner: &str,
+    ppa_name: &str,
+) -> Result<(), Box<dyn Error>> {
+    let ctx = ctx.unwrap_or_else(context::current);
+
+    // Create trusted.gpg.d directory if it doesn't exist
+    let trusted_gpg_d = "/etc/apt/trusted.gpg.d";
+    if !ctx.exists(Path::new(trusted_gpg_d))? {
+        ctx.command("mkdir").arg("-p").arg(trusted_gpg_d).status()?;
+    }
+
+    let key_filename = format!("{}-{}.asc", ppa_owner, ppa_name);
+    let key_path = format!("{}/{}", trusted_gpg_d, key_filename);
+
+    log::debug!(
+        "Retrieving PPA key for {}/{} using Launchpad API",
+        ppa_owner,
+        ppa_name
+    );
+
+    // Get PPA information from Launchpad API to get signing key fingerprint
+    // Use the correct devel API endpoint
+    let api_url = format!(
+        "https://api.launchpad.net/1.0/~{}/+archive/ubuntu/{}",
+        ppa_owner, ppa_name
+    );
+    log::debug!("Querying Launchpad API: {}", api_url);
+
+    let api_response = ctx
+        .command("curl")
+        .arg("-s")
+        .arg("-f")
+        .arg("-H")
+        .arg("Accept: application/json")
+        .arg(&api_url)
+        .output()?;
+
+    if !api_response.status.success() {
+        return Err(format!(
+            "Failed to query Launchpad API for PPA {}/{}",
+            ppa_owner, ppa_name
+        )
+        .into());
+    }
+
+    // Parse the JSON response to extract the signing key fingerprint
+    let api_response_str = String::from_utf8_lossy(&api_response.stdout);
+    let ppa_response: LaunchpadPpaResponse =
+        serde_json::from_str(&api_response_str).map_err(|e| {
+            format!(
+                "Failed to parse JSON response from Launchpad API for {}/{}: {}",
+                ppa_owner, ppa_name, e
+            )
+        })?;
+    let fingerprint = ppa_response.signing_key_fingerprint;
+
+    log::debug!("Found PPA signing key fingerprint: {}", fingerprint);
+
+    // Download the actual key from the keyserver using the fingerprint
+    let keyserver_url = format!(
+        "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x{}",
+        fingerprint
+    );
+    log::debug!("Downloading key from keyserver: {}", keyserver_url);
+
+    let mut curl_cmd = ctx.command("curl");
+    curl_cmd
+        .arg("-s")
+        .arg("-f")
+        .arg("-L")
+        .arg(&keyserver_url)
+        .arg("--output")
+        .arg(&key_path);
+
+    let status = curl_cmd.status()?;
+    if !status.success() {
+        return Err(format!(
+            "Failed to download PPA key from keyserver for fingerprint {}",
+            fingerprint
+        )
+        .into());
+    }
+
+    log::info!(
+        "Successfully downloaded and installed PPA key for {}/{} (fingerprint: {}) to {}",
+        ppa_owner,
+        ppa_name,
+        fingerprint,
+        key_path
+    );
+    Ok(())
+}