From 921f80f205f1720d0818590206717de1374b6460 Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Thu, 20 Jun 2019 10:00:04 +0200 Subject: bin/build-packages: receive gpg keys before building and after `makepkg --verifysource` failed --- bin/build-packages | 72 +++++++++++++++++++++++++++++++++--------------------- 1 file changed, 44 insertions(+), 28 deletions(-) (limited to 'bin/build-packages') diff --git a/bin/build-packages b/bin/build-packages index 428a505..1fd0904 100755 --- a/bin/build-packages +++ b/bin/build-packages @@ -545,12 +545,51 @@ while [ "${count}" -ne 0 ] && \ find . -maxdepth 1 -type f \( -name '*.pkg.tar.xz' -o -name '*.pkg.tar.xz.sig' \) -exec \ rm {} \; - success=true - echo 'checking-source' > "${tmp_dir}/.ping-build-master" - if ! CARCH="${arch}" makepkg --verifysource 2>/dev/null; then - success=false - fi + success=false + verifysource_trial=0 + while [ ${verifysource_trial} -lt 3 ]; do + verifysource_trial=$((verifysource_trial + 1)) + if CARCH="${arch}" makepkg --verifysource 2> "${tmp_dir}/verifysource.log"; then + success=true + break + fi + if [ ${verifysource_trial} -eq 1 ]; then + # receive specific missing keys + missing_keys=$( + sed -n ' + s/^.* FAILED (unknown public key \([0-9A-F]\{16\}\)).*$/0x\1/ + T + p + ' "${tmp_dir}/verifysource.log" \; + ) + if [ -n "${missing_keys}" ]; then + if gpg --recv-keys "${missing_keys}"; then + continue + fi + fi + verifysource_trial=$((verifysource_trial + 1)) + fi + if [ ${verifysource_trial} -eq 2 ]; then + if grep -q ' FAILED (unknown public key \([0-9A-F]\{16\}\))' -- "${tmp_dir}/verifysource.log"; then + # download the repository key from github + # TODO: get the name of the key file from its finger print or + # some other information inside the repository + if makepkg --printsrcinfo | \ + sed -n ' + s,^\ssource = git+\(https://github\.com/[^/[:space:]]\+\)/[^/]*$,\1.gpg, + T + p + ' | \ + xargs -rn1 curl -s | \ + gpg --import; then + continue + fi + fi + fi + break + done + rm "${tmp_dir}/verifysource.log" if ${success}; then echo 'building' > "${tmp_dir}/.ping-build-master" @@ -879,29 +918,6 @@ while [ "${count}" -ne 0 ] && \ fi echo 'failure' > "${tmp_dir}/.ping-build-master" >&2 printf ' failed.\n' - # receive missing keys - # shellcheck disable=SC2038 - find . -maxdepth 1 -type f -name '*.build-log' -exec \ - sed -n ' - s/^.* FAILED (unknown public key \([0-9A-F]\{16\}\)).*$/0x\1/ - T - p - ' {} \; | \ - xargs -rn1 gpg --recv-keys || \ - true - if grep -q ' FAILED (unknown public key \([0-9A-F]\{16\}\))' -- ./*.build-log; then - # download the repository key from github - # TODO: get the name of the key file from its finger print or - # some other information inside the repository - makepkg --printsrcinfo | \ - sed -n ' - s,^\ssource = git+\(https://github\.com/[^/[:space:]]\+\)/[^/]*$,\1.gpg, - T - p - ' | \ - xargs -rn1 curl -s | \ - gpg --import || true - fi done if ! ${success}; then -- cgit v1.2.3-54-g00ecf