diff options
author | bill-auger <mr.j.spam.me@gmail.com> | 2022-08-03 01:10:15 -0400 |
---|---|---|
committer | bill-auger <mr.j.spam.me@gmail.com> | 2022-08-03 01:14:41 -0400 |
commit | 9bb9eaef89782956766e44eedd5343737ad66d0e (patch) | |
tree | 0b954567d4212fd110f874cf868caf2c08ff4960 | |
parent | ec3ea631d5ef3e74244c71f6af2388fea540d5cc (diff) |
throttle keyserver fetches
-rwxr-xr-x | bin/pacman-make-keyring | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/bin/pacman-make-keyring b/bin/pacman-make-keyring index fa55892..9465d82 100755 --- a/bin/pacman-make-keyring +++ b/bin/pacman-make-keyring @@ -118,9 +118,11 @@ $(cachedir)/deps.mk: ${users} $(var)outputdir $(var)cachedir $(var)KEYRING_NAME| export LANG=C +# NOTE: Key fetches tend to fail if fired-off too rapidly, +# (even 2 seconds intervals). 5 seconds intervals has not yet failed. +FETCH_IVL = 5 KEYSERVER = ${keyserver} - -GPG = gpg --quiet --batch --no-tty --no-permission-warning --keyserver ${KEYSERVER} --homedir $(cachedir)/gpghome +GPG = gpg --quiet --batch --no-tty --no-permission-warning --keyserver ${KEYSERVER} --homedir $(cachedir)/gpghome define gpg-init %echo Generating Parabola Keyring keychain master key... @@ -146,7 +148,7 @@ keyid=$(keyid.$(patsubst %.asc,%,$(notdir $@))) $(outputdir)/${KEYRING_NAME}-trusted: ${users} | $(outputdir) $(bin)/pgp-list-keyids | sed -rn 's|^trusted/\S+ (\S+)|\1:4:|p' > $@ $(cachedir)/keys/trusted/%.asc : $(cachedir)/stamp.gpg-init | $(cachedir)/keys/trusted - ${GPG} --recv-keys ${keyid} + sleep ${FETCH_IVL} && ${GPG} --recv-keys ${keyid} printf 'minimize\nquit\ny\n' | ${GPG} --command-fd 0 --edit-key ${keyid} printf 'y\ny\n' | ${GPG} --command-fd 0 --lsign-key ${keyid} ${GPG} --armor --no-emit-version --export ${keyid} > $@ @@ -157,7 +159,7 @@ $(cachedir)/stamp.ownertrust: $(outputdir)/${KEYRING_NAME}-trusted $(cachedir)/d # In 'update-keys', this is the 'packager-keyids' loop $(cachedir)/keys/secondary/%.asc: $(cachedir)/stamp.ownertrust | $(cachedir)/keys/secondary - ${GPG} --recv-keys ${keyid} + sleep ${FETCH_IVL} && ${GPG} --recv-keys ${keyid} printf 'clean\nquit\ny\n' | ${GPG} --command-fd 0 --edit-key ${keyid} ${GPG} --list-keys --with-colons ${keyid} | grep -q '^pub:f:' # make sure it is trusted ${GPG} --armor --no-emit-version --export ${keyid} > $@ @@ -166,7 +168,7 @@ $(cachedir)/keys/secondary/%.asc: $(cachedir)/stamp.ownertrust | $(cachedir)/key $(outputdir)/${KEYRING_NAME}-revoked: ${users} | $(outputdir) $(bin)/pgp-list-keyids | sed -rn 's|^revoked/\S+ ||p' > $@ $(cachedir)/keys/revoked/%.asc : $(cachedir)/stamp.ownertrust | $(cachedir)/keys/revoked - ${GPG} --recv-keys ${keyid} + sleep ${FETCH_IVL} && ${GPG} --recv-keys ${keyid} printf 'clean\nquit\ny\n' | ${GPG} --command-fd 0 --edit-key ${keyid} ! ${GPG} --list-keys --with-colons ${keyid} | grep -q '^pub:f:' # make sure it isn't trusted ${GPG} --armor --no-emit-version --export ${keyid} > $@ |