diff options
author | bill-auger <mr.j.spam.me@gmail.com> | 2023-07-05 18:40:55 -0400 |
---|---|---|
committer | bill-auger <mr.j.spam.me@gmail.com> | 2023-07-08 01:02:09 -0400 |
commit | ca05e4f319cd7da542471fe1e4935a6d21b82beb (patch) | |
tree | d5b0953e938865b19d09c55df5949a6ec57cf46f /libre/parabola-keyring | |
parent | e951a800dd63bfcf81dec5c02b169810c5fd45da (diff) |
[parabola-keyring]: upgrade to v20230704
Diffstat (limited to 'libre/parabola-keyring')
-rw-r--r-- | libre/parabola-keyring/PKGBUILD | 114 | ||||
-rw-r--r-- | libre/parabola-keyring/PKGBUILD.backup | 35 |
2 files changed, 66 insertions, 83 deletions
diff --git a/libre/parabola-keyring/PKGBUILD b/libre/parabola-keyring/PKGBUILD index 086fb5ca9..0a867259a 100644 --- a/libre/parabola-keyring/PKGBUILD +++ b/libre/parabola-keyring/PKGBUILD @@ -2,71 +2,89 @@ # Maintainer: Parabola Hackers <dev@lists.parabola.nu> -# NOTE: This PKGBUILD does not need to be edited manually. -# The package is normally built automatically by autobuilder. -# To generate a new keyring, simply push a new commit to hackers.git. -# eg: $ git commit --allow-empty --message=rebuild -# $ git push parabola master -# The autobuilder will modify this PKGBUILD, -# replacing $pkgver and $_gitver, -# build and publish the package, -# and commit the modified PKGBUILD to abslibre. +# NOTE: This PKGBUILD does not need to be edited manuall. +# You do not need to build it, nor librerelease it. +# The package is built automatically by autobuilder, +# upon a git push to the 'master' branch of hackers.git. +# The autobuilder will modify this PKGBUILD, replacing $pkgver and $_gitrev, +# build and publish the package, and commit the modified PKGBUILD to abslibre. +# To generate a new keyring: +# $ KEY_ID=<YOUR_40_CHAR_KEY_ID> # 'pgp_keyid' in your hackers.git YAML file +# $ cd /path/to/hackers.git/ +# $ gpg --armor --no-emit-version --export $KEY_ID > keys/$KEY_ID.asc +# $ git commit -m 'update my key' keys/$KEY_ID.asc +# $ git push parabola master pkgname=parabola-keyring -pkgver=20230331 -_gitver=d81cb92a9b111bf2207036578487b09ea965d562 +pkgver=20230704 +_gitrev=9f016cda0a6ac0a988584461850dc16a2b646465 pkgrel=1 pkgdesc="Parabola GNU/Linux-libre PGP keyring" arch=(any) url=https://wiki.parabola.nu/Parabola_Keyring -license=(GPL) +license=(CCPL:zero) makedepends=(git parabola-hackers) -makedepends=( ${makedepends[*]/parabola-hackers/parabola-hackers>=20220802-1} ) # in libre-testing -install=$pkgname.install -source=(hackers-${_gitver}::git://git.parabola.nu/hackers.git#commit=${_gitver}) +install=${pkgname}.install +source=(hackers-${_gitrev}-git::git://git.parabola.nu/hackers.git#commit=${_gitrev}) -sha512sums=('SKIP') +sha512sums=(SKIP) -prepare() -{ - # network check - # NOTE: this is the only parabola PKGBUILD, which requires internet access in the build chroot - # the pacman-make-keyring procedure was originally in a mksource() function, - # presumably for that reason; but that o/c removed the requirement only from users - # TODO: it would be great to re-implement this, so that it does not - # there is a WIP on the parabola-hackers.git 'wip-import-keys-from-hackers-git' branch - local net_check_url=https://repo.parabola.nu/check_network_status.txt - local net_err_msg="ERROR: this PKGBUILD requires internet access in the build chroot" - curl ${net_check_url} &> /dev/null || ! echo "${net_err_msg}" || return 1 -} - build() { - mv {,.}hackers-${_gitver} - mkdir .cachedir - export PARABOLA_HACKERS_YAMLDIR="${PWD}"/.hackers-${_gitver}/users - - # NOTE: the current 'parabola-hackers' package does not yet recognize - # the 'keyserver' env-var - the keyserver is still hard-coded; - # and it is now invalid - 'parabola-hackers' must be rebuilt for this; - # but that build currently has a problem - the autobuilder handles - # this now, via an un-published kludge in the autobuild.sh script - # TODO: remove this note and the version constraint, - # after 'parabola-hackers' has been rebuilt - # NOTE: the rebuilt 'parabola-hackers' is now in [libre-testing] - /usr/lib/parabola-hackers/pacman-make-keyring \ - V=${pkgver} \ - keyserver=hkp://pgp.cyberbits.eu:11371 \ - cachedir="${PWD}/.cachedir" + collect_keyids() # (sed_rx) + { + export PARABOLA_HACKERS_YAMLDIR="${srcdir}"/hackers-${_gitrev}-git/users + /usr/lib/parabola-hackers/pgp-list-keyids | sed --quiet --regexp-extended "$1" + } + + + # prep + rm -rf build/ ; mkdir -p build/ ; touch build/parabola{.gpg,-{revoked,trusted}} ; + cd "${srcdir}"/build + + # collect key IDs + collect_keyids 's|^revoked/\S+ ||p' >> parabola-revoked # lines like: <KEY_ID> + collect_keyids 's|^trusted/\S+ (\S+)|\1:4:|p' >> parabola-trusted # lines like: <KEY_ID>:4: + + # populate keyring file + local keys_dir="${srcdir}"/hackers-${_gitrev}-git/keys + local key_begin='-----BEGIN PGP PUBLIC KEY BLOCK-----' + local key_end='-----END PGP PUBLIC KEY BLOCK-----' + local key_id + local key_file + for key_id in $(cut -d: -f1 parabola-trusted) + do key_file="${keys_dir}"/${key_id}.asc + + if [[ -f "${key_file}" ]] + then if (( $(grep --count -- "${key_begin}" "${key_file}") == 1 && + $(grep --count -- "${key_end}" "${key_file}") == 1 )) + then echo "certifying trusted key_id: ${key_id}" + cat "${key_file}" >> parabola.gpg # concatenated ASCII keys + else echo "invalid key_file: ${key_id}.asc" + fi + else echo "key_file missing for trusted key_id: ${key_id}" + fi + done + + # verify collected keys + local n_trusted_keys=$( grep --count ':' parabola-trusted) + local n_certified_keys=$(grep --count -- "${key_end}" parabola.gpg ) + if (( n_certified_keys )) + then echo "certified (${n_certified_keys}/${n_trusted_keys}) keys" + elif (( n_trusted_keys )) + then echo "ERROR: no keys were certifed" ; return 1 ; + else echo "ERROR: no trusted keys found" ; return 1 ; + fi } package() { - bsdtar xf ${pkgname}-${pkgver}.tar.gz - cd ${pkgname}-${pkgver} + cd "${srcdir}"/build - make PREFIX=/usr DESTDIR="${pkgdir}" install + install -Dm644 parabola-revoked "${pkgdir}"/usr/share/pacman/keyrings/parabola-revoked + install -Dm644 parabola-trusted "${pkgdir}"/usr/share/pacman/keyrings/parabola-trusted + install -Dm644 parabola.gpg "${pkgdir}"/usr/share/pacman/keyrings/parabola.gpg } diff --git a/libre/parabola-keyring/PKGBUILD.backup b/libre/parabola-keyring/PKGBUILD.backup deleted file mode 100644 index 996f35d52..000000000 --- a/libre/parabola-keyring/PKGBUILD.backup +++ /dev/null @@ -1,35 +0,0 @@ -# Maintainer: Parabola automatic package builder <autobuilder@parabola.nu> - -pkgname=parabola-keyring -pkgver=20191127 -_gitver=89066299c593bd574bda1c97f2a5c9be3bb833cf -pkgrel=1 -pkgdesc='Parabola GNU/Linux-libre PGP keyring' -arch=('any') -url='https://git.parabola.nu/hackers.git/' -license=('GPL') -install=$pkgname.install -source=(https://repo.parabola.nu/other/$pkgname/$pkgname-$pkgver.tar.gz{,.sig}) -sha512sums=('7955ba2afc61f2918025816494859faf2ed27ebdc609d492aae23f3b51744b29a2e4056823f1d4d6ae04837793a3cf24c431f0025b5ca719aa6b7ee64d4638ad' - 'SKIP') -validpgpkeys=('D3EAD7F9D076EB9AF650149DA170D6A0B669E21A') # Parabola automatic package builder <dev@lists.parabolagnulinux.org> - -mkdepends=('parabola-hackers') -mksource=("hackers-${_gitver}::git://git.parabola.nu/hackers.git#commit=${_gitver}") -mkmd5sums=('SKIP') - -mksource() { - cd "$srcdir" - mv {,.}hackers-$_gitver - mkdir .cachedir - /usr/lib/parabola-hackers/pacman-make-keyring \ - V="$pkgver" \ - PARABOLA_HACKERS_YAMLDIR="$PWD/.hackers-$_gitver/users" \ - cachedir="$PWD/.cachedir" - bsdtar xf "$pkgname-$pkgver.tar.gz" -} - -package() { - cd "$srcdir/$pkgname-$pkgver" - make PREFIX=/usr DESTDIR="${pkgdir}" install -} |