In #5262, copilot raised the following issue:
This workflow uses apt-key add -, which is deprecated on modern Ubuntu and may break as the runner images evolve. Prefer adding the repo key via gpg --dearmor into /etc/apt/keyrings/ and referencing it with signed-by= in the deb entry.
Copilot's suggested change
wget -qO - https://research.cs.wisc.edu/htcondor/ubuntu/HTCondor-Release.gpg.key | sudo apt-key add -
echo "deb http://research.cs.wisc.edu/htcondor/ubuntu/8.9/focal focal contrib" | sudo tee -a /etc/apt/sources.list
echo "deb-src http://research.cs.wisc.edu/htcondor/ubuntu/8.9/focal focal contrib" | sudo tee -a /etc/apt/sources.list
sudo apt-get -o Acquire::Retries=3 update
sudo apt-get -o Acquire::Retries=3 install minihtcondor
sudo systemctl start condor
sudo systemctl enable condor
- name: install pegasus
run: |
wget -qO - https://download.pegasus.isi.edu/pegasus/gpg.txt | sudo apt-key add -
echo "deb https://download.pegasus.isi.edu/pegasus/ubuntu noble main" | sudo tee -a /etc/apt/sources.list
to
sudo mkdir -p /etc/apt/keyrings
wget -qO- https://research.cs.wisc.edu/htcondor/ubuntu/HTCondor-Release.gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/htcondor-archive-keyring.gpg > /dev/null
echo "deb [signed-by=/etc/apt/keyrings/htcondor-archive-keyring.gpg] http://research.cs.wisc.edu/htcondor/ubuntu/8.9/focal focal contrib" | sudo tee /etc/apt/sources.list.d/htcondor.list > /dev/null
sudo apt-get -o Acquire::Retries=3 update
sudo apt-get -o Acquire::Retries=3 install minihtcondor
sudo systemctl start condor
sudo systemctl enable condor
- name: install pegasus
run: |
sudo mkdir -p /etc/apt/keyrings
wget -qO- https://download.pegasus.isi.edu/pegasus/gpg.txt | gpg --dearmor | sudo tee /etc/apt/keyrings/pegasus-archive-keyring.gpg > /dev/null
echo "deb [signed-by=/etc/apt/keyrings/pegasus-archive-keyring.gpg] https://download.pegasus.isi.edu/pegasus/ubuntu noble main" | sudo tee /etc/apt/sources.list.d/pegasus.list > /dev/null
I dont know enough about this to implement the change, but it seemed important
In #5262, copilot raised the following issue:
This workflow uses
apt-key add -, which is deprecated on modern Ubuntu and may break as the runner images evolve. Prefer adding the repo key viagpg --dearmor into /etc/apt/keyrings/and referencing it withsigned-by=in the deb entry.Copilot's suggested change
to
I dont know enough about this to implement the change, but it seemed important