Skip to content

Instantly share code, notes, and snippets.

@be-mohand

be-mohand/fix-apt-keys.sh

Last active November 12, 2025 21:51
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save be-mohand/8a58878849875f61b87359972677b673 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save be-mohand/8a58878849875f61b87359972677b673 to your computer and use it in GitHub Desktop.
Download ZIP
Résoudre problème de clés PGP lors d'un sudo apt update
Raw
fix-apt-keys.sh
#!/usr/bin/env bash
set -euo pipefail
# --- Config par défaut (override via options) ---
MYSQL_SERIES="${MYSQL_SERIES:-8.0}" # 8.0 ou 8.4
ADD_MYSQL_TOOLS="${ADD_MYSQL_TOOLS:-0}" # 1 pour ajouter mysql-tools
SURY_ENABLE="${SURY_ENABLE:-1}" # 1 pour gérer Sury/PHP
MYSQL_ENABLE="${MYSQL_ENABLE:-1}" # 1 pour gérer MySQL repo
# --- Parsing options ---
while [[ "${1:-}" =~ ^- ]]; do
case "$1" in
--mysql-series) MYSQL_SERIES="${2:-8.0}"; shift 2;;
--add-mysql-tools) ADD_MYSQL_TOOLS=1; shift;;
--no-sury) SURY_ENABLE=0; shift;;
--no-mysql) MYSQL_ENABLE=0; shift;;
-h|--help)
cat <<'USAGE'
Usage: fix-apt-keys.sh [options]
Options:
--mysql-series <8.0|8.4> Choisir la série MySQL (défaut: 8.0)
--add-mysql-tools Ajoute aussi le dépôt mysql-tools
--no-sury Ne pas toucher au dépôt Sury/PHP
--no-mysql Ne pas toucher au dépôt MySQL
-h, --help Afficher cette aide
Variables d'env alternatives:
MYSQL_SERIES=8.4 ADD_MYSQL_TOOLS=1 SURY_ENABLE=0 MYSQL_ENABLE=1 ./fix-apt-keys.sh
USAGE
exit 0;;
*) echo "Option inconnue: $1" >&2; exit 1;;
esac
done
# --- Fonctions utilitaires ---
log() { printf '\033[1;34m[fix-apt]\033[0m %s\n' "$*"; }
warn() { printf '\033[1;33m[fix-apt]\033[0m %s\n' "$*"; }
die() { printf '\033[1;31m[fix-apt]\033[0m %s\n' "$*" >&2; exit 1; }
require_root() {
if [[ ${EUID:-$(id -u)} -ne 0 ]]; then
die "Ce script doit être lancé en root (sudo)."
fi
}
detect_codename() {
local codename=""
if command -v lsb_release >/dev/null 2>&1; then
codename="$(lsb_release -sc || true)"
fi
if [[ -z "$codename" ]] && [[ -r /etc/os-release ]]; then
# shellcheck disable=SC1091
. /etc/os-release
codename="${VERSION_CODENAME:-}"
fi
[[ -z "$codename" ]] && die "Impossible de détecter le codename (bookworm, bullseye...)."
echo "$codename"
}
write_file() {
# $1=path, $2=content
local path="$1" content="$2"
if [[ -f "$path" ]] && [[ "$(cat "$path")" == "$content" ]]; then
log "Aucun changement: $path déjà OK."
else
printf '%s\n' "$content" > "$path"
log "Écrit: $path"
fi
}
# --- Vérifications préalables ---
require_root
DEB_CODENAME="$(detect_codename)"
log "Debian détectée: $DEB_CODENAME"
apt-get update -y >/dev/null || true
apt-get install -y curl gnupg >/dev/null
mkdir -p /etc/apt/keyrings
chmod 0755 /etc/apt/keyrings
# --- Sury/PHP ---
if [[ "$SURY_ENABLE" -eq 1 ]]; then
log "Configuration du dépôt Sury/PHP..."
SURY_KEY="/etc/apt/keyrings/sury-php.gpg"
curl -fsSL https://packages.sury.org/php/apt.gpg \
| gpg --dearmor -o "$SURY_KEY"
chmod 0644 "$SURY_KEY"
SURY_LIST="/etc/apt/sources.list.d/php.list"
SURY_LINE="deb [signed-by=/etc/apt/keyrings/sury-php.gpg] https://packages.sury.org/php/ ${DEB_CODENAME} main"
write_file "$SURY_LIST" "$SURY_LINE"
# Nettoyage des anciennes clés Sury éventuelles
find /etc/apt/trusted.gpg.d -type f -iname '*sury*' -delete 2>/dev/null || true
fi
# --- MySQL ---
if [[ "$MYSQL_ENABLE" -eq 1 ]]; then
log "Configuration du dépôt MySQL (série: ${MYSQL_SERIES})..."
MYSQL_KEY="/etc/apt/keyrings/mysql.gpg"
MYSQL_LIST="/etc/apt/sources.list.d/mysql.list"
# 1) Purge anciennes clés/réfs
rm -f /etc/apt/trusted.gpg.d/*mysql* /etc/apt/trusted.gpg.d/*MySQL* 2>/dev/null || true
apt-key del B7B3B788A8D3785C 2>/dev/null || true || true
# 2) Import clé par keyserver (clé prolongée)
TMPGNUPG="$(mktemp -d)"
export GNUPGHOME="$TMPGNUPG"
if gpg --keyserver keyserver.ubuntu.com --recv-keys B7B3B788A8D3785C; then
gpg --export --armor B7B3B788A8D3785C | gpg --dearmor -o "$MYSQL_KEY"
log "Clé MySQL importée depuis keyserver.ubuntu.com"
else
warn "Échec keyserver. Tentative via clé 2023 officielle (fallback)."
curl -fsSL https://repo.mysql.com/RPM-GPG-KEY-mysql-2023 | gpg --dearmor -o "$MYSQL_KEY"
fi
chmod 0644 "$MYSQL_KEY"
rm -rf "$TMPGNUPG"
# 3) Construire le contenu du .list
MYSQL_LINES="deb [signed-by=/etc/apt/keyrings/mysql.gpg] https://repo.mysql.com/apt/debian ${DEB_CODENAME} mysql-${MYSQL_SERIES}"
if [[ "$ADD_MYSQL_TOOLS" -eq 1 ]]; then
MYSQL_LINES="${MYSQL_LINES}
deb [signed-by=/etc/apt/keyrings/mysql.gpg] https://repo.mysql.com/apt/debian ${DEB_CODENAME} mysql-tools"
fi
write_file "$MYSQL_LIST" "$MYSQL_LINES"
# 4) Purge des anciennes listes APT MySQL pour repartir propre
rm -rf /var/lib/apt/lists/*mysql* 2>/dev/null || true
fi
# --- Update final ---
log "Exécution de apt-get update..."
apt-get update -y
log "Terminé ✔"
@be-mohand
Copy link
Author

be-mohand commented Nov 12, 2025 

sudo tee /usr/local/sbin/fix-apt-keys.sh > /dev/null <<'EOF'
[COLLE LE SCRIPT ICI]
EOF
sudo chmod +x /usr/local/sbin/fix-apt-keys.sh

# 2) Lancer (série MySQL 8.0 par défaut)
sudo /usr/local/sbin/fix-apt-keys.sh

# Exemples :
# MySQL 8.4 (LTS) + ajouter mysql-tools
sudo MYSQL_SERIES=8.4 ADD_MYSQL_TOOLS=1 /usr/local/sbin/fix-apt-keys.sh
# ou avec options
sudo /usr/local/sbin/fix-apt-keys.sh --mysql-series 8.4 --add-mysql-tools
# Ne gérer que MySQL (ignorer Sury)
sudo /usr/local/sbin/fix-apt-keys.sh --no-sury```

@be-mohand
Copy link
Author

be-mohand commented Nov 12, 2025 

apt-cache policy php | sed -n '1,10p'
grep -R "repo.mysql.com" /etc/apt/sources.list.d
grep -R "packages.sury.org" /etc/apt/sources.list.d```

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment