1 files changed, 85 insertions, 26 deletions
diff --git a/libre/parabola-keyring/PKGBUILD b/libre/parabola-keyring/PKGBUILD
index 0a8d57bca..54ab91bf4 100644
--- a/libre/parabola-keyring/PKGBUILD
+++ b/libre/parabola-keyring/PKGBUILD
@@ -1,32 +1,91 @@
-# Maintainer: Parabola automatic package builder <autobuilder@parabola.nu>
+# SPDX-License-Identifier: CC0-1.0
+# Maintainer: Parabola Hackers <dev@lists.parabola.nu>
+
+
+# NOTE: This PKGBUILD does not need to be edited manually.
+#       You do not need to build it, nor `librerelease` it.
+#       The package is built automatically by autobuilder,
+#       upon a `git push` to the 'master' branch of hackers.git.
+#       The autobuilder will modify this PKGBUILD, replacing $pkgver and $_gitrev,
+#       build and publish the package, and commit the modified PKGBUILD to abslibre.
+#
+#       To generate a new keyring:
+#         $ KEY_ID=<YOUR_40_CHAR_KEY_ID> # 'pgp_keyid' in your hackers.git YAML file
+#         $ cd /path/to/hackers.git/
+#         $ gpg --armor --no-emit-version --export $KEY_ID > keys/$KEY_ID.asc
+#         $ git commit -S -m 'update my key' keys/$KEY_ID.asc
+#         $ git push parabola master
+
 
 pkgname=parabola-keyring
-pkgver=20200809
-_gitver=5057dfb01eab12576842b4793db234fcc2dd20c2
+pkgver=20240330
+_gitrev=d0712d0c691950ba35e587c9ed6b6a4b1771ef5f
 pkgrel=1
-pkgdesc='Parabola GNU/Linux-libre PGP keyring'
-arch=('any')
-url='https://git.parabola.nu/hackers.git/'
-license=('GPL')
-makedepends=(parabola-hackers git)
-install=$pkgname.install
-source=("hackers-${_gitver}::git://git.parabola.nu/hackers.git#commit=${_gitver}")
-sha512sums=('SKIP')
-
-
-prepare() {
-	cd "$srcdir"
-	mv {,.}hackers-$_gitver
-	mkdir .cachedir
-  export PARABOLA_HACKERS_YAMLDIR="$PWD/.hackers-$_gitver/users"
-	/usr/lib/parabola-hackers/pacman-make-keyring \
-		V="$pkgver" \
-		cachedir="$PWD/.cachedir"
+pkgdesc="Parabola GNU/Linux-libre PGP keyring"
+arch=(any)
+url=https://wiki.parabola.nu/Parabola_Keyring
+license=(CCPL:zero)
+
+makedepends=(git parabola-hackers)
+install=${pkgname}.install
+source=(hackers-${_gitrev}-git::git://git.parabola.nu/hackers.git#commit=${_gitrev})
+
+sha512sums=(SKIP)
+
+
+build()
+{
+  collect_keyids() # (sed_rx)
+  {
+    export PARABOLA_HACKERS_YAMLDIR="${srcdir}"/hackers-${_gitrev}-git/users
+    /usr/lib/parabola-hackers/pgp-list-keyids | sed --quiet --regexp-extended "$1"
+  }
+
+
+  # prep
+  rm -rf build/ ; mkdir -p build/ ; touch build/parabola{.gpg,-{revoked,trusted}} ;
+  cd "${srcdir}"/build
+
+  # collect key IDs
+  collect_keyids 's|^revoked/\S+ ||p'           >> parabola-revoked # lines like: <KEY_ID>
+  collect_keyids 's|^trusted/\S+ (\S+)|\1:4:|p' >> parabola-trusted # lines like: <KEY_ID>:4:
+
+  # populate keyring file
+  local keys_dir="${srcdir}"/hackers-${_gitrev}-git/keys
+  local key_begin='-----BEGIN PGP PUBLIC KEY BLOCK-----'
+  local key_end='-----END PGP PUBLIC KEY BLOCK-----'
+  local key_id
+  local key_file
+  for key_id in $(cut -d: -f1 parabola-trusted)
+  do  key_file="${keys_dir}"/${key_id}.asc
+
+      if   [[ -f "${key_file}" ]]
+      then if   (( $(grep --count -- "${key_begin}" "${key_file}") == 1 &&
+                   $(grep --count -- "${key_end}"   "${key_file}") == 1 ))
+           then echo "certifying trusted key_id: ${key_id}"
+                cat "${key_file}" >> parabola.gpg # concatenated ASCII keys
+           else echo "invalid key_file: ${key_id}.asc"
+           fi
+      else echo "key_file missing for trusted key_id: ${key_id}"
+      fi
+  done
+
+  # verify collected keys
+  local n_trusted_keys=$(  grep --count    ':'          parabola-trusted)
+  local n_certified_keys=$(grep --count -- "${key_end}" parabola.gpg    )
+  if   (( n_certified_keys ))
+  then echo "certified (${n_certified_keys}/${n_trusted_keys}) keys"
+  elif (( n_trusted_keys ))
+  then echo "ERROR: no keys were certifed" ; return 1 ;
+  else echo "ERROR: no trusted keys found" ; return 1 ;
+  fi
 }
 
-package() {
-	cd "$srcdir"
-	bsdtar xf "$pkgname-$pkgver.tar.gz"
-	cd "$srcdir/$pkgname-$pkgver"
-	make PREFIX=/usr DESTDIR="${pkgdir}" install
+package()
+{
+  cd "${srcdir}"/build
+
+  install -Dm644 parabola-revoked "${pkgdir}"/usr/share/pacman/keyrings/parabola-revoked
+  install -Dm644 parabola-trusted "${pkgdir}"/usr/share/pacman/keyrings/parabola-trusted
+  install -Dm644 parabola.gpg     "${pkgdir}"/usr/share/pacman/keyrings/parabola.gpg
 }