Last active
November 12, 2025 21:51
-
-
Save be-mohand/8a58878849875f61b87359972677b673 to your computer and use it in GitHub Desktop.
Résoudre problème de clés PGP lors d'un sudo apt update
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| # --- Config par défaut (override via options) --- | |
| MYSQL_SERIES="${MYSQL_SERIES:-8.0}" # 8.0 ou 8.4 | |
| ADD_MYSQL_TOOLS="${ADD_MYSQL_TOOLS:-0}" # 1 pour ajouter mysql-tools | |
| SURY_ENABLE="${SURY_ENABLE:-1}" # 1 pour gérer Sury/PHP | |
| MYSQL_ENABLE="${MYSQL_ENABLE:-1}" # 1 pour gérer MySQL repo | |
| # --- Parsing options --- | |
| while [[ "${1:-}" =~ ^- ]]; do | |
| case "$1" in | |
| --mysql-series) MYSQL_SERIES="${2:-8.0}"; shift 2;; | |
| --add-mysql-tools) ADD_MYSQL_TOOLS=1; shift;; | |
| --no-sury) SURY_ENABLE=0; shift;; | |
| --no-mysql) MYSQL_ENABLE=0; shift;; | |
| -h|--help) | |
| cat <<'USAGE' | |
| Usage: fix-apt-keys.sh [options] | |
| Options: | |
| --mysql-series <8.0|8.4> Choisir la série MySQL (défaut: 8.0) | |
| --add-mysql-tools Ajoute aussi le dépôt mysql-tools | |
| --no-sury Ne pas toucher au dépôt Sury/PHP | |
| --no-mysql Ne pas toucher au dépôt MySQL | |
| -h, --help Afficher cette aide | |
| Variables d'env alternatives: | |
| MYSQL_SERIES=8.4 ADD_MYSQL_TOOLS=1 SURY_ENABLE=0 MYSQL_ENABLE=1 ./fix-apt-keys.sh | |
| USAGE | |
| exit 0;; | |
| *) echo "Option inconnue: $1" >&2; exit 1;; | |
| esac | |
| done | |
| # --- Fonctions utilitaires --- | |
| log() { printf '\033[1;34m[fix-apt]\033[0m %s\n' "$*"; } | |
| warn() { printf '\033[1;33m[fix-apt]\033[0m %s\n' "$*"; } | |
| die() { printf '\033[1;31m[fix-apt]\033[0m %s\n' "$*" >&2; exit 1; } | |
| require_root() { | |
| if [[ ${EUID:-$(id -u)} -ne 0 ]]; then | |
| die "Ce script doit être lancé en root (sudo)." | |
| fi | |
| } | |
| detect_codename() { | |
| local codename="" | |
| if command -v lsb_release >/dev/null 2>&1; then | |
| codename="$(lsb_release -sc || true)" | |
| fi | |
| if [[ -z "$codename" ]] && [[ -r /etc/os-release ]]; then | |
| # shellcheck disable=SC1091 | |
| . /etc/os-release | |
| codename="${VERSION_CODENAME:-}" | |
| fi | |
| [[ -z "$codename" ]] && die "Impossible de détecter le codename (bookworm, bullseye...)." | |
| echo "$codename" | |
| } | |
| write_file() { | |
| # $1=path, $2=content | |
| local path="$1" content="$2" | |
| if [[ -f "$path" ]] && [[ "$(cat "$path")" == "$content" ]]; then | |
| log "Aucun changement: $path déjà OK." | |
| else | |
| printf '%s\n' "$content" > "$path" | |
| log "Écrit: $path" | |
| fi | |
| } | |
| # --- Vérifications préalables --- | |
| require_root | |
| DEB_CODENAME="$(detect_codename)" | |
| log "Debian détectée: $DEB_CODENAME" | |
| apt-get update -y >/dev/null || true | |
| apt-get install -y curl gnupg >/dev/null | |
| mkdir -p /etc/apt/keyrings | |
| chmod 0755 /etc/apt/keyrings | |
| # --- Sury/PHP --- | |
| if [[ "$SURY_ENABLE" -eq 1 ]]; then | |
| log "Configuration du dépôt Sury/PHP..." | |
| SURY_KEY="/etc/apt/keyrings/sury-php.gpg" | |
| curl -fsSL https://packages.sury.org/php/apt.gpg \ | |
| | gpg --dearmor -o "$SURY_KEY" | |
| chmod 0644 "$SURY_KEY" | |
| SURY_LIST="/etc/apt/sources.list.d/php.list" | |
| SURY_LINE="deb [signed-by=/etc/apt/keyrings/sury-php.gpg] https://packages.sury.org/php/ ${DEB_CODENAME} main" | |
| write_file "$SURY_LIST" "$SURY_LINE" | |
| # Nettoyage des anciennes clés Sury éventuelles | |
| find /etc/apt/trusted.gpg.d -type f -iname '*sury*' -delete 2>/dev/null || true | |
| fi | |
| # --- MySQL --- | |
| if [[ "$MYSQL_ENABLE" -eq 1 ]]; then | |
| log "Configuration du dépôt MySQL (série: ${MYSQL_SERIES})..." | |
| MYSQL_KEY="/etc/apt/keyrings/mysql.gpg" | |
| MYSQL_LIST="/etc/apt/sources.list.d/mysql.list" | |
| # 1) Purge anciennes clés/réfs | |
| rm -f /etc/apt/trusted.gpg.d/*mysql* /etc/apt/trusted.gpg.d/*MySQL* 2>/dev/null || true | |
| apt-key del B7B3B788A8D3785C 2>/dev/null || true || true | |
| # 2) Import clé par keyserver (clé prolongée) | |
| TMPGNUPG="$(mktemp -d)" | |
| export GNUPGHOME="$TMPGNUPG" | |
| if gpg --keyserver keyserver.ubuntu.com --recv-keys B7B3B788A8D3785C; then | |
| gpg --export --armor B7B3B788A8D3785C | gpg --dearmor -o "$MYSQL_KEY" | |
| log "Clé MySQL importée depuis keyserver.ubuntu.com" | |
| else | |
| warn "Échec keyserver. Tentative via clé 2023 officielle (fallback)." | |
| curl -fsSL https://repo.mysql.com/RPM-GPG-KEY-mysql-2023 | gpg --dearmor -o "$MYSQL_KEY" | |
| fi | |
| chmod 0644 "$MYSQL_KEY" | |
| rm -rf "$TMPGNUPG" | |
| # 3) Construire le contenu du .list | |
| MYSQL_LINES="deb [signed-by=/etc/apt/keyrings/mysql.gpg] https://repo.mysql.com/apt/debian ${DEB_CODENAME} mysql-${MYSQL_SERIES}" | |
| if [[ "$ADD_MYSQL_TOOLS" -eq 1 ]]; then | |
| MYSQL_LINES="${MYSQL_LINES} | |
| deb [signed-by=/etc/apt/keyrings/mysql.gpg] https://repo.mysql.com/apt/debian ${DEB_CODENAME} mysql-tools" | |
| fi | |
| write_file "$MYSQL_LIST" "$MYSQL_LINES" | |
| # 4) Purge des anciennes listes APT MySQL pour repartir propre | |
| rm -rf /var/lib/apt/lists/*mysql* 2>/dev/null || true | |
| fi | |
| # --- Update final --- | |
| log "Exécution de apt-get update..." | |
| apt-get update -y | |
| log "Terminé ✔" |
Author
be-mohand
commented
Nov 12, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment