diff options
| -rw-r--r-- | .gitignore | 8 | ||||
| -rw-r--r-- | .gnupg/gpg.conf | 196 | ||||
| -rw-r--r-- | .makepkg.conf | 8 | ||||
| -rw-r--r-- | .ssh/authorized_keys | 0 | ||||
| -rw-r--r-- | bin/autobuild.c | 56 | ||||
| -rwxr-xr-x | bin/autobuild.sh | 88 | ||||
| -rwxr-xr-x | bin/setup | 22 |
7 files changed, 378 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..39325fa --- /dev/null +++ b/.gitignore @@ -0,0 +1,8 @@ +/packages/ + +/.ssh/id_* + +/.gnupg/* +!/.gnupg/gpg.conf + +*~ diff --git a/.gnupg/gpg.conf b/.gnupg/gpg.conf new file mode 100644 index 0000000..942678f --- /dev/null +++ b/.gnupg/gpg.conf @@ -0,0 +1,196 @@ +# Options for GnuPG +# Copyright 1998, 1999, 2000, 2001, 2002, 2003, +# 2010 Free Software Foundation, Inc. +# +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the +# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# Unless you specify which option file to use (with the command line +# option "--options filename"), GnuPG uses the file ~/.gnupg/gpg.conf +# by default. +# +# An options file can contain any long options which are available in +# GnuPG. If the first non white space character of a line is a '#', +# this line is ignored. Empty lines are also ignored. +# +# See the man page for a list of options. + +# Uncomment the following option to get rid of the copyright notice + +#no-greeting + +# If you have more than 1 secret key in your keyring, you may want to +# uncomment the following option and set your preferred keyid. + +#default-key 621CC013 + +# If you do not pass a recipient to gpg, it will ask for one. Using +# this option you can encrypt to a default key. Key validation will +# not be done in this case. The second form uses the default key as +# default recipient. + +#default-recipient some-user-id +#default-recipient-self + +# By default GnuPG creates version 4 signatures for data files as +# specified by OpenPGP. Some earlier (PGP 6, PGP 7) versions of PGP +# require the older version 3 signatures. Setting this option forces +# GnuPG to create version 3 signatures. + +#force-v3-sigs + +# Because some mailers change lines starting with "From " to ">From " +# it is good to handle such lines in a special way when creating +# cleartext signatures; all other PGP versions do it this way too. +# To enable full OpenPGP compliance you may want to use this option. + +#no-escape-from-lines + +# When verifying a signature made from a subkey, ensure that the cross +# certification "back signature" on the subkey is present and valid. +# This protects against a subtle attack against subkeys that can sign. +# Defaults to --no-require-cross-certification. However for new +# installations it should be enabled. + +require-cross-certification + + +# If you do not use the Latin-1 (ISO-8859-1) charset, you should tell +# GnuPG which is the native character set. Please check the man page +# for supported character sets. This character set is only used for +# metadata and not for the actual message which does not undergo any +# translation. Note that future version of GnuPG will change to UTF-8 +# as default character set. + +#charset utf-8 + +# Group names may be defined like this: +# group mynames = paige 0x12345678 joe patti +# +# Any time "mynames" is a recipient (-r or --recipient), it will be +# expanded to the names "paige", "joe", and "patti", and the key ID +# "0x12345678". Note there is only one level of expansion - you +# cannot make an group that points to another group. Note also that +# if there are spaces in the recipient name, this will appear as two +# recipients. In these cases it is better to use the key ID. + +#group mynames = paige 0x12345678 joe patti + +# Some old Windows platforms require 8.3 filenames. If your system +# can handle long filenames, uncomment this. + +#no-mangle-dos-filenames + +# Lock the file only once for the lifetime of a process. If you do +# not define this, the lock will be obtained and released every time +# it is needed - normally this is not needed. + +#lock-once + +# GnuPG can send and receive keys to and from a keyserver. These +# servers can be HKP, email, or LDAP (if GnuPG is built with LDAP +# support). +# +# Example HKP keyservers: +# hkp://keys.gnupg.net +# +# Example LDAP keyservers: +# ldap://pgp.surfnet.nl:11370 +# +# Regular URL syntax applies, and you can set an alternate port +# through the usual method: +# hkp://keyserver.example.net:22742 +# +# If you have problems connecting to a HKP server through a buggy http +# proxy, you can use keyserver option broken-http-proxy (see below), +# but first you should make sure that you have read the man page +# regarding proxies (keyserver option honor-http-proxy) +# +# Most users just set the name and type of their preferred keyserver. +# Note that most servers (with the notable exception of +# ldap://keyserver.pgp.com) synchronize changes with each other. Note +# also that a single server name may actually point to multiple +# servers via DNS round-robin. hkp://keys.gnupg.net is an example of +# such a "server", which spreads the load over a number of physical +# servers. To see the IP address of the server actually used, you may use +# the "--keyserver-options debug". + +keyserver hkp://keys.gnupg.net +#keyserver http://http-keys.gnupg.net +#keyserver mailto:pgp-public-keys@keys.nl.pgp.net + +# Common options for keyserver functions: +# +# include-disabled = when searching, include keys marked as "disabled" +# on the keyserver (not all keyservers support this). +# +# no-include-revoked = when searching, do not include keys marked as +# "revoked" on the keyserver. +# +# verbose = show more information as the keys are fetched. +# Can be used more than once to increase the amount +# of information shown. +# +# use-temp-files = use temporary files instead of a pipe to talk to the +# keyserver. Some platforms (Win32 for one) always +# have this on. +# +# keep-temp-files = do not delete temporary files after using them +# (really only useful for debugging) +# +# honor-http-proxy = if the keyserver uses HTTP, honor the http_proxy +# environment variable +# +# broken-http-proxy = try to work around a buggy HTTP proxy +# +# auto-key-retrieve = automatically fetch keys as needed from the keyserver +# when verifying signatures or when importing keys that +# have been revoked by a revocation key that is not +# present on the keyring. +# +# no-include-attributes = do not include attribute IDs (aka "photo IDs") +# when sending keys to the keyserver. + +#keyserver-options auto-key-retrieve + +# Uncomment this line to display photo user IDs in key listings and +# when a signature from a key with a photo is verified. + +#show-photos + +# Use this program to display photo user IDs +# +# %i is expanded to a temporary file that contains the photo. +# %I is the same as %i, but the file isn't deleted afterwards by GnuPG. +# %k is expanded to the key ID of the key. +# %K is expanded to the long OpenPGP key ID of the key. +# %t is expanded to the extension of the image (e.g. "jpg"). +# %T is expanded to the MIME type of the image (e.g. "image/jpeg"). +# %f is expanded to the fingerprint of the key. +# %% is %, of course. +# +# If %i or %I are not present, then the photo is supplied to the +# viewer on standard input. If your platform supports it, standard +# input is the best way to do this as it avoids the time and effort in +# generating and then cleaning up a secure temp file. +# +# The default program is "xloadimage -fork -quiet -title 'KeyID 0x%k' stdin" +# On Mac OS X and Windows, the default is to use your regular JPEG image +# viewer. +# +# Some other viewers: +# photo-viewer "qiv %i" +# photo-viewer "ee %i" +# photo-viewer "display -title 'KeyID 0x%k'" +# +# This one saves a copy of the photo ID in your home directory: +# photo-viewer "cat > ~/photoid-for-key-%k.%t" +# +# Use your MIME handler to view photos: +# photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG" + diff --git a/.makepkg.conf b/.makepkg.conf new file mode 100644 index 0000000..b7245f8 --- /dev/null +++ b/.makepkg.conf @@ -0,0 +1,8 @@ +PKGDEST="${HOME}/packages/pkgdest" +SRCDEST="${HOME}/packages/srcdest" +SRCPKGDEST="${HOME}/packages/srcpkgdest" +LOGDEST="${HOME}/packages/logdest" +BUILDDIR="${HOME}/packages/builddir" + +PACKAGER="Parabola automatic package builder <dev@lists.parabolagnulinux.org>" +GPGKEY=$({ sed -nr 's/^\s*default-key\s+//p' "${HOME}/.gnupg/gpg.conf"; gpg --list-keys|sed -rn 's:^pub\s[^/]*/(\S*)\s.*:\1:p'; }|sed 1q) diff --git a/.ssh/authorized_keys b/.ssh/authorized_keys new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/.ssh/authorized_keys diff --git a/bin/autobuild.c b/bin/autobuild.c new file mode 100644 index 0000000..86d164c --- /dev/null +++ b/bin/autobuild.c @@ -0,0 +1,56 @@ +/* Copyright (C) 2014 Luke Shumaker <lukeshu@sbcglobal.net> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#define _GNU_SOURCE /* for unsetenv(3) */ +#include <alloca.h> /* for alloca(3) */ +#include <errno.h> /* for errno */ +#include <error.h> /* for error(3) */ +#include <pwd.h> /* for getpwuid(3) */ +#include <stdio.h> /* for printf(3) */ +#include <stdlib.h> /* for unsetenv(3) */ +#include <string.h> /* for strlen(3), strcpy(3) */ +#include <unistd.h> /* for dup2(3), geteuid(3), execl(3) */ + +void +usage(const char *cmd) +{ + printf("Usage: %s PACKAGE\n", cmd); + printf("This command should be run from the git directory of the package source."); +} + +int +main(int argc, char **argv) +{ + if (argc != 2) { + dup2(2,1); + usage(argv[0]); + return 1; + } + + const char *home = getpwuid(geteuid())->pw_dir; + const char *script_suffix = "/bin/autobuild.sh"; + char *script = alloca(strlen(home)+strlen(script_suffix)); + strcpy(script, home); + strcpy(&(script[strlen(home)]), script_suffix); + + unsetenv("IFS"); + unsetenv("PATH"); + unsetenv("LD_PRELOAD"); + unsetenv("BASH_ENV"); + + execl(script, script, argv[1], NULL); + error(127, errno, "%s", script); +} diff --git a/bin/autobuild.sh b/bin/autobuild.sh new file mode 100755 index 0000000..ccf52ea --- /dev/null +++ b/bin/autobuild.sh @@ -0,0 +1,88 @@ +#!/bin/bash +# Copyright (C) 2014 Luke Shumaker <lukeshu@sbcglobal.net> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# Get the date as the *very* first thing +newpkgver_date=$(LC_ALL=C date -u +%Y%m%d) + +################################################################################ +. "$(librelib messages)" +setup_traps + +# Option parsing +if [[ $# != 1 ]]; then + die "%q takes exactly 1 argument" "$0" +fi +PACKAGE=$1 +package_re='^[^/]+/[^/]+$' +if ! [[ $PACKAGE =~ $package_re ]]; then + die "PACKAGE must be in the format REPO/PKGBASE: %s" "$PACKAGE" +fi + +# init +lock 9 "${HOME}/packages/lockdir/${PACKAGE}" "Waiting for previous run of %q to finish" "$0" + +. "$(librelib conf)" || exit 1 +load_files libretools || exit 1 +check_vars libretools WORKDIR ABSLIBRERECV ABSLIBRESEND || exit 1 + +if [[ $PWD != *.git ]]; then + die "should be run as a hook from a git repository" +fi +newgitver=$(git log -n1 --format='%H' master -- blacklist.txt) + +# Get the ABSLibre tree +gitget -f -p "$ABSLIBRESEND" checkout "$ABSLIBRERECV" "$WORKDIR/abslibre" +if [[ -f "${WORKDIR}/abslibre/${PACKAGE}/PKGBUILD" ]]; then + die "package does not exist in abslibre.git: %s" "$PACKAGE" +fi +cd "$WORKDIR/abslibre/${PACKAGE}" + +# Figure out info about the last version +oldgitver=$(sed -n 's/^_gitver=//p' PKGBUILD) +oldpkgver=$(sed -n 's/^pkgver=//p' PKGBUILD) +oldpkgver_date=${oldpkgver%%.*} +oldpkgver_rel=${oldpkgver#${oldpkgver_date}}; oldpkgver_rel=${oldpkgver_rel#.} oldpkgver_rel=${oldpkgver_rel:-0} + +# Make sure we actually have changes +if [[ "$newgitver" == "$oldgitver" ]]; then + msg 'blacklist.txt has not changed, nothing to do' + exit 0 +fi + +# Handle doing multiple versions in the same day +if [[ "$newpkgver_date" == "$oldpkgver_date" ]]; then + declare -i newpkgver_rel=${oldpkgver_rel}+1 + newpkgver=${newpkgver_date}.${newpkgver_rel} +else + newpkgver=${newpkgver_date} +fi + +# Update the PKGBUILD +sed -i -e 's|^pkgver=.*|pkgver=${newpkgver}|' \ + -e 's|^_gitver=.*|_gitver=${newgitver}|' \ + -e 's|^pkgrel=.*|pkgrel=1|' \ + PKGBUILD +updpkgsums +git add PKGBUILD +git commit -m 'Update libre/your-freedom' + +# Build the new package +makepkg +librestage libre + +# Publish the updates +git push +librerelease diff --git a/bin/setup b/bin/setup new file mode 100755 index 0000000..ea6b92c --- /dev/null +++ b/bin/setup @@ -0,0 +1,22 @@ +#!/usr/bin/make -f + +CFLAGS += -std=c99 -Wall -Wextra -Werror + +all: $(HOME)/bin/autobuild $(HOME)/.ssh/id_rsa $(HOME)/.ssh/id_rsa.pub $(HOME)/.gnupg/secring.gpg + +$(HOME)/bin/autobuild: $(HOME)/bin/autobuild.c + $(CC) $(CPPFLAGS) $(CFLAGS) -c $< -o $@ && chmod 6755 $@ + +$(HOME)/.ssh/id_rsa $(HOME)/.ssh/id_rsa.pub: + ssh-keygen -N '' -f $@ + +$(HOME)/.gnupg/secring.gpg: + printf '%s\n' \ + 'Key-Type: default' \ + 'Subkey-Type: default' \ + 'Name-Real: Parabola automatic package builder' \ + 'Name-Email: dev@lists.parabolagnulinux.org' \ + 'Expire-Date: 0' \ + | gpg --gen-key --batch + +.DELETE_ON_ERROR: |