blob: 54ab91bf4097a531ab2c240c2c7bf615fe083606 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
# SPDX-License-Identifier: CC0-1.0
# Maintainer: Parabola Hackers <dev@lists.parabola.nu>
# NOTE: This PKGBUILD does not need to be edited manually.
# You do not need to build it, nor `librerelease` it.
# The package is built automatically by autobuilder,
# upon a `git push` to the 'master' branch of hackers.git.
# The autobuilder will modify this PKGBUILD, replacing $pkgver and $_gitrev,
# build and publish the package, and commit the modified PKGBUILD to abslibre.
#
# To generate a new keyring:
# $ KEY_ID=<YOUR_40_CHAR_KEY_ID> # 'pgp_keyid' in your hackers.git YAML file
# $ cd /path/to/hackers.git/
# $ gpg --armor --no-emit-version --export $KEY_ID > keys/$KEY_ID.asc
# $ git commit -S -m 'update my key' keys/$KEY_ID.asc
# $ git push parabola master
pkgname=parabola-keyring
pkgver=20240330
_gitrev=d0712d0c691950ba35e587c9ed6b6a4b1771ef5f
pkgrel=1
pkgdesc="Parabola GNU/Linux-libre PGP keyring"
arch=(any)
url=https://wiki.parabola.nu/Parabola_Keyring
license=(CCPL:zero)
makedepends=(git parabola-hackers)
install=${pkgname}.install
source=(hackers-${_gitrev}-git::git://git.parabola.nu/hackers.git#commit=${_gitrev})
sha512sums=(SKIP)
build()
{
collect_keyids() # (sed_rx)
{
export PARABOLA_HACKERS_YAMLDIR="${srcdir}"/hackers-${_gitrev}-git/users
/usr/lib/parabola-hackers/pgp-list-keyids | sed --quiet --regexp-extended "$1"
}
# prep
rm -rf build/ ; mkdir -p build/ ; touch build/parabola{.gpg,-{revoked,trusted}} ;
cd "${srcdir}"/build
# collect key IDs
collect_keyids 's|^revoked/\S+ ||p' >> parabola-revoked # lines like: <KEY_ID>
collect_keyids 's|^trusted/\S+ (\S+)|\1:4:|p' >> parabola-trusted # lines like: <KEY_ID>:4:
# populate keyring file
local keys_dir="${srcdir}"/hackers-${_gitrev}-git/keys
local key_begin='-----BEGIN PGP PUBLIC KEY BLOCK-----'
local key_end='-----END PGP PUBLIC KEY BLOCK-----'
local key_id
local key_file
for key_id in $(cut -d: -f1 parabola-trusted)
do key_file="${keys_dir}"/${key_id}.asc
if [[ -f "${key_file}" ]]
then if (( $(grep --count -- "${key_begin}" "${key_file}") == 1 &&
$(grep --count -- "${key_end}" "${key_file}") == 1 ))
then echo "certifying trusted key_id: ${key_id}"
cat "${key_file}" >> parabola.gpg # concatenated ASCII keys
else echo "invalid key_file: ${key_id}.asc"
fi
else echo "key_file missing for trusted key_id: ${key_id}"
fi
done
# verify collected keys
local n_trusted_keys=$( grep --count ':' parabola-trusted)
local n_certified_keys=$(grep --count -- "${key_end}" parabola.gpg )
if (( n_certified_keys ))
then echo "certified (${n_certified_keys}/${n_trusted_keys}) keys"
elif (( n_trusted_keys ))
then echo "ERROR: no keys were certifed" ; return 1 ;
else echo "ERROR: no trusted keys found" ; return 1 ;
fi
}
package()
{
cd "${srcdir}"/build
install -Dm644 parabola-revoked "${pkgdir}"/usr/share/pacman/keyrings/parabola-revoked
install -Dm644 parabola-trusted "${pkgdir}"/usr/share/pacman/keyrings/parabola-trusted
install -Dm644 parabola.gpg "${pkgdir}"/usr/share/pacman/keyrings/parabola.gpg
}
|