summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2019-06-20 10:00:04 +0200
committerErich Eckner <git@eckner.net>2019-06-20 10:00:04 +0200
commit921f80f205f1720d0818590206717de1374b6460 (patch)
tree489e522022c0a4105f80d1804441b34584b552a7
parent57a9c1790f07ccb6eb41db296c41847c3f6f700e (diff)
downloadbuilder-921f80f205f1720d0818590206717de1374b6460.tar.xz
bin/build-packages: receive gpg keys before building and after `makepkg --verifysource` failed
-rwxr-xr-xbin/build-packages72
1 files changed, 44 insertions, 28 deletions
diff --git a/bin/build-packages b/bin/build-packages
index 428a505..1fd0904 100755
--- a/bin/build-packages
+++ b/bin/build-packages
@@ -545,12 +545,51 @@ while [ "${count}" -ne 0 ] && \
find . -maxdepth 1 -type f \( -name '*.pkg.tar.xz' -o -name '*.pkg.tar.xz.sig' \) -exec \
rm {} \;
- success=true
-
echo 'checking-source' > "${tmp_dir}/.ping-build-master"
- if ! CARCH="${arch}" makepkg --verifysource 2>/dev/null; then
- success=false
- fi
+ success=false
+ verifysource_trial=0
+ while [ ${verifysource_trial} -lt 3 ]; do
+ verifysource_trial=$((verifysource_trial + 1))
+ if CARCH="${arch}" makepkg --verifysource 2> "${tmp_dir}/verifysource.log"; then
+ success=true
+ break
+ fi
+ if [ ${verifysource_trial} -eq 1 ]; then
+ # receive specific missing keys
+ missing_keys=$(
+ sed -n '
+ s/^.* FAILED (unknown public key \([0-9A-F]\{16\}\)).*$/0x\1/
+ T
+ p
+ ' "${tmp_dir}/verifysource.log" \;
+ )
+ if [ -n "${missing_keys}" ]; then
+ if gpg --recv-keys "${missing_keys}"; then
+ continue
+ fi
+ fi
+ verifysource_trial=$((verifysource_trial + 1))
+ fi
+ if [ ${verifysource_trial} -eq 2 ]; then
+ if grep -q ' FAILED (unknown public key \([0-9A-F]\{16\}\))' -- "${tmp_dir}/verifysource.log"; then
+ # download the repository key from github
+ # TODO: get the name of the key file from its finger print or
+ # some other information inside the repository
+ if makepkg --printsrcinfo | \
+ sed -n '
+ s,^\ssource = git+\(https://github\.com/[^/[:space:]]\+\)/[^/]*$,\1.gpg,
+ T
+ p
+ ' | \
+ xargs -rn1 curl -s | \
+ gpg --import; then
+ continue
+ fi
+ fi
+ fi
+ break
+ done
+ rm "${tmp_dir}/verifysource.log"
if ${success}; then
echo 'building' > "${tmp_dir}/.ping-build-master"
@@ -879,29 +918,6 @@ while [ "${count}" -ne 0 ] && \
fi
echo 'failure' > "${tmp_dir}/.ping-build-master"
>&2 printf ' failed.\n'
- # receive missing keys
- # shellcheck disable=SC2038
- find . -maxdepth 1 -type f -name '*.build-log' -exec \
- sed -n '
- s/^.* FAILED (unknown public key \([0-9A-F]\{16\}\)).*$/0x\1/
- T
- p
- ' {} \; | \
- xargs -rn1 gpg --recv-keys || \
- true
- if grep -q ' FAILED (unknown public key \([0-9A-F]\{16\}\))' -- ./*.build-log; then
- # download the repository key from github
- # TODO: get the name of the key file from its finger print or
- # some other information inside the repository
- makepkg --printsrcinfo | \
- sed -n '
- s,^\ssource = git+\(https://github\.com/[^/[:space:]]\+\)/[^/]*$,\1.gpg,
- T
- p
- ' | \
- xargs -rn1 curl -s | \
- gpg --import || true
- fi
done
if ! ${success}; then