archlinux: create a keyring package to install binary repository automatically

archlinux/PKGBUILD

@@ -1,9 +1,9 @@
 #!/bin/bash
 # Maintainer: Olivier Medoc <o_medoc@yahoo.fr>
 # shellcheck disable=SC2034
-pkgname=(qubes-vm-core qubes-vm-networking)
+pkgname=(qubes-vm-core qubes-vm-networking qubes-vm-keyring)
 pkgver=$(cat version)
-pkgrel=13
+pkgrel=14
 epoch=
 pkgdesc="The Qubes core files for installation inside a Qubes VM."
 arch=("x86_64")
@@ -24,6 +24,9 @@ source=(
     PKGBUILD-qubes-pacman-options.conf
     PKGBUILD-qubes-repo-3.2.conf
     PKGBUILD-qubes-repo-4.0.conf
+    PKGBUILD-keyring-keys
+    PKGBUILD-keyring-trusted
+    PKGBUILD-keyring-revoked
 )
 
 noextract=()
@@ -129,4 +132,16 @@ package_qubes-vm-networking() {
 
 }
 
+package_qubes-vm-keyring() {
+    pkgdesc="Qubes OS Binary Repository Activation package and Keyring"
+    install=PKGBUILD-keyring.install
+
+    # Install keyring (will be activated through the .install file)
+    install -dm755 ${pkgdir}/usr/share/pacman/keyrings/
+    install -m0644 PKGBUILD-keyring-keys ${pkgdir}/usr/share/pacman/keyrings/qubesos-vm.gpg
+    install -m0644 PKGBUILD-keyring-trusted ${pkgdir}/usr/share/pacman/keyrings/qubesos-vm-trusted
+    install -m0644 PKGBUILD-keyring-revoked ${pkgdir}/usr/share/pacman/keyrings/qubesos-vm-revoked
+
+}
+
 # vim:set ts=2 sw=2 et:

archlinux/PKGBUILD-keyring-keys

@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFM0TnYBCADNyamUtA9e0/oUu4AeAgt1JYDtq3zCQSX7pHpY1zkGtulppSOe
+gkCgW2db+FlKeUNHQ+JX0uv8Ny0SjQBZO0yNxDLfPuqJzM/VjUIdLTJS0FEpxzT1
+Oiz0WRdcbeHtQ8SmEfmRStaB9PTNZ97FogFFONvQ6r/ICNldqfe+Qq72D/p6FqNM
+mW16dZokQEOgJpOb/L7dHNrta1ye8CurrEbXIt7B+4NnUpvzFmnQ+OxsC3AUbvI5
+PbaQyu8ivhoofnpgj66PojlFYMaL8mUaScL2VM5Ljx72zVA5+MUmk8O02O2X8Rdc
++5boRi2h7oyCASBYK3x+WayaDTNWx3o8+sSdABEBAAG0N09saXZpZXIgTUVET0Mg
+KFF1YmVzLU9TIHNpZ25pbmcga2V5KSA8b19tZWRvY0B5YWhvby5mcj6JAT4EEwEC
+ACgCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJW+jhsBQkHiFDrAAoJECBD
+56zBgzucHCwH/RLCCM1PJ50jEMJg7ZBrwkv5cvKePD1iGhPFOZ1gBtMTYfl7zJO7
+gOuOgQ+TKjfIFM/ijQBFMRmByrQ0ZkGNIqY7JB3shZ5EsCeb7cgyw7hEyj4S3O6e
+K+CVVy4CBAyXILVr/En8xU41K1qQpEiHkvqk0E05sEkYcN4Ggvw5JUNWpZO7fl6I
+tLvTBf5aPqiLqWN08fjdmVJ/5l+LCdMyJxUdsQV0pkzcv9l8ouB/0ig8HikoC+dW
+HuWbk9uj1CU0c4C8tTbOszjKAbEZ5msZ2NUxPM1vqKaac8IbWkSJBqlYFcb3PSMk
+LmFtXN/0hAcf8KbziODQgKcyuEBi3b5d6wy5AQ0EUzROdgEIAOG22xrDqJkCrEx8
+QFnZYSwxV2lI9fDyCT/kaHPa/5YOV/Xa01RLM27UPbV/UKkKN+M6+mFj26e+E25p
+2R/e1Wk9HDrbu7NDXozGcKDlTIAmQ4yjNVb/G1850/SO1vuPDfNzMD81F18XzYCa
+eyUV88HjXTbJSeJAbjWNvTkoMK4wY6PlHfyT0G0i4svfL/mZCGM8KagNouGHuG8s
+5JKwlC1BZnmfDuB4exP7cSNEDWwnBn98rx13DMLkGJu1xGnLqdGJw6WpP4a1IG7A
+9NDE2VetAS/ElMbMqfyuqiAxhtnuGdxstDaU7gW4VMTjAOMtO9LLY20EipsSBUrg
+7U1ync0AEQEAAYkBJQQYAQIADwIbDAUCVvo4nQUJB4hRJAAKCRAgQ+eswYM7nLWy
+CAC6enhJbXKGchqgfh+CeKsvWg97JG8yjW4W/9RL9Vto8ppgNzIKbA7AKgqOiy5l
+TToLaxK+Z1JE72lsWUnALmz1Oa7M7M9J1ptfD8TMj1/D3cj2Lnrg7qTaEEL5Nw+t
+FRNXeUjsuWt+iW7eYiGtI+eSWBokH945Ig32vf88n0t3F8whDRzv5fy1yF35aMRS
+HS5gDJv5t2BnPtehMhr5EOHbUH3UFevA79Hf4bUlOOo7eTTmSPMDcWFUA9MMKoE5
+pkHwoimXiNJy3e8TZ4uSTBH8XcXA/5mYSXbWKBX4Y5JznOBTtkjGsbL7dua3zDbF
+BGNH5RhiY1/bJ+m4zxU8bDWq
+=ofdo
+-----END PGP PUBLIC KEY BLOCK-----

archlinux/PKGBUILD-keyring-trusted

@@ -0,0 +1 @@
+D85EE12F967851CCF433515A2043E7ACC1833B9C:4:

archlinux/PKGBUILD-keyring.install

@@ -0,0 +1,18 @@
+post_upgrade() {
+	if usr/bin/pacman-key -l >/dev/null 2>&1; then
+		usr/bin/pacman-key --populate archlinux
+	fi
+	release=$(echo "$1" | cut -d '.' -f 1,2)
+
+	if ! [ -h /etc/pacman.d/99-qubes-repository-${release}.conf ] ; then
+            ln -s /etc/pacman.d/99-qubes-repository-${release}.conf.disabled /etc/pacman.d/99-qubes-repository-${release}.conf 
+        fi
+
+}
+
+post_install() {
+	if [ -x usr/bin/pacman-key ]; then
+		post_upgrade "$1"
+	fi
+}
+