From 7ee8c9c672fed744c0b62a9f316fce91e5eddba5 Mon Sep 17 00:00:00 2001 From: Olivier MEDOC Date: Mon, 30 Oct 2017 16:31:05 +0100 Subject: [PATCH] archlinux: create a keyring package to install binary repository automatically --- archlinux/PKGBUILD | 19 +++++++++++++++++-- archlinux/PKGBUILD-keyring-keys | 30 ++++++++++++++++++++++++++++++ archlinux/PKGBUILD-keyring-revoked | 0 archlinux/PKGBUILD-keyring-trusted | 1 + archlinux/PKGBUILD-keyring.install | 18 ++++++++++++++++++ 5 files changed, 66 insertions(+), 2 deletions(-) create mode 100644 archlinux/PKGBUILD-keyring-keys create mode 100644 archlinux/PKGBUILD-keyring-revoked create mode 100644 archlinux/PKGBUILD-keyring-trusted create mode 100644 archlinux/PKGBUILD-keyring.install diff --git a/archlinux/PKGBUILD b/archlinux/PKGBUILD index 65058a1..ca38636 100644 --- a/archlinux/PKGBUILD +++ b/archlinux/PKGBUILD @@ -1,9 +1,9 @@ #!/bin/bash # Maintainer: Olivier Medoc # shellcheck disable=SC2034 -pkgname=(qubes-vm-core qubes-vm-networking) +pkgname=(qubes-vm-core qubes-vm-networking qubes-vm-keyring) pkgver=$(cat version) -pkgrel=13 +pkgrel=14 epoch= pkgdesc="The Qubes core files for installation inside a Qubes VM." arch=("x86_64") @@ -24,6 +24,9 @@ source=( PKGBUILD-qubes-pacman-options.conf PKGBUILD-qubes-repo-3.2.conf PKGBUILD-qubes-repo-4.0.conf + PKGBUILD-keyring-keys + PKGBUILD-keyring-trusted + PKGBUILD-keyring-revoked ) noextract=() @@ -129,4 +132,16 @@ package_qubes-vm-networking() { } +package_qubes-vm-keyring() { + pkgdesc="Qubes OS Binary Repository Activation package and Keyring" + install=PKGBUILD-keyring.install + + # Install keyring (will be activated through the .install file) + install -dm755 ${pkgdir}/usr/share/pacman/keyrings/ + install -m0644 PKGBUILD-keyring-keys ${pkgdir}/usr/share/pacman/keyrings/qubesos-vm.gpg + install -m0644 PKGBUILD-keyring-trusted ${pkgdir}/usr/share/pacman/keyrings/qubesos-vm-trusted + install -m0644 PKGBUILD-keyring-revoked ${pkgdir}/usr/share/pacman/keyrings/qubesos-vm-revoked + +} + # vim:set ts=2 sw=2 et: diff --git a/archlinux/PKGBUILD-keyring-keys b/archlinux/PKGBUILD-keyring-keys new file mode 100644 index 0000000..33b9077 --- /dev/null +++ b/archlinux/PKGBUILD-keyring-keys @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQENBFM0TnYBCADNyamUtA9e0/oUu4AeAgt1JYDtq3zCQSX7pHpY1zkGtulppSOe +gkCgW2db+FlKeUNHQ+JX0uv8Ny0SjQBZO0yNxDLfPuqJzM/VjUIdLTJS0FEpxzT1 +Oiz0WRdcbeHtQ8SmEfmRStaB9PTNZ97FogFFONvQ6r/ICNldqfe+Qq72D/p6FqNM +mW16dZokQEOgJpOb/L7dHNrta1ye8CurrEbXIt7B+4NnUpvzFmnQ+OxsC3AUbvI5 +PbaQyu8ivhoofnpgj66PojlFYMaL8mUaScL2VM5Ljx72zVA5+MUmk8O02O2X8Rdc ++5boRi2h7oyCASBYK3x+WayaDTNWx3o8+sSdABEBAAG0N09saXZpZXIgTUVET0Mg +KFF1YmVzLU9TIHNpZ25pbmcga2V5KSA8b19tZWRvY0B5YWhvby5mcj6JAT4EEwEC +ACgCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJW+jhsBQkHiFDrAAoJECBD +56zBgzucHCwH/RLCCM1PJ50jEMJg7ZBrwkv5cvKePD1iGhPFOZ1gBtMTYfl7zJO7 +gOuOgQ+TKjfIFM/ijQBFMRmByrQ0ZkGNIqY7JB3shZ5EsCeb7cgyw7hEyj4S3O6e +K+CVVy4CBAyXILVr/En8xU41K1qQpEiHkvqk0E05sEkYcN4Ggvw5JUNWpZO7fl6I +tLvTBf5aPqiLqWN08fjdmVJ/5l+LCdMyJxUdsQV0pkzcv9l8ouB/0ig8HikoC+dW +HuWbk9uj1CU0c4C8tTbOszjKAbEZ5msZ2NUxPM1vqKaac8IbWkSJBqlYFcb3PSMk +LmFtXN/0hAcf8KbziODQgKcyuEBi3b5d6wy5AQ0EUzROdgEIAOG22xrDqJkCrEx8 +QFnZYSwxV2lI9fDyCT/kaHPa/5YOV/Xa01RLM27UPbV/UKkKN+M6+mFj26e+E25p +2R/e1Wk9HDrbu7NDXozGcKDlTIAmQ4yjNVb/G1850/SO1vuPDfNzMD81F18XzYCa +eyUV88HjXTbJSeJAbjWNvTkoMK4wY6PlHfyT0G0i4svfL/mZCGM8KagNouGHuG8s +5JKwlC1BZnmfDuB4exP7cSNEDWwnBn98rx13DMLkGJu1xGnLqdGJw6WpP4a1IG7A +9NDE2VetAS/ElMbMqfyuqiAxhtnuGdxstDaU7gW4VMTjAOMtO9LLY20EipsSBUrg +7U1ync0AEQEAAYkBJQQYAQIADwIbDAUCVvo4nQUJB4hRJAAKCRAgQ+eswYM7nLWy +CAC6enhJbXKGchqgfh+CeKsvWg97JG8yjW4W/9RL9Vto8ppgNzIKbA7AKgqOiy5l +TToLaxK+Z1JE72lsWUnALmz1Oa7M7M9J1ptfD8TMj1/D3cj2Lnrg7qTaEEL5Nw+t +FRNXeUjsuWt+iW7eYiGtI+eSWBokH945Ig32vf88n0t3F8whDRzv5fy1yF35aMRS +HS5gDJv5t2BnPtehMhr5EOHbUH3UFevA79Hf4bUlOOo7eTTmSPMDcWFUA9MMKoE5 +pkHwoimXiNJy3e8TZ4uSTBH8XcXA/5mYSXbWKBX4Y5JznOBTtkjGsbL7dua3zDbF +BGNH5RhiY1/bJ+m4zxU8bDWq +=ofdo +-----END PGP PUBLIC KEY BLOCK----- diff --git a/archlinux/PKGBUILD-keyring-revoked b/archlinux/PKGBUILD-keyring-revoked new file mode 100644 index 0000000..e69de29 diff --git a/archlinux/PKGBUILD-keyring-trusted b/archlinux/PKGBUILD-keyring-trusted new file mode 100644 index 0000000..a608c62 --- /dev/null +++ b/archlinux/PKGBUILD-keyring-trusted @@ -0,0 +1 @@ +D85EE12F967851CCF433515A2043E7ACC1833B9C:4: diff --git a/archlinux/PKGBUILD-keyring.install b/archlinux/PKGBUILD-keyring.install new file mode 100644 index 0000000..c02da49 --- /dev/null +++ b/archlinux/PKGBUILD-keyring.install @@ -0,0 +1,18 @@ +post_upgrade() { + if usr/bin/pacman-key -l >/dev/null 2>&1; then + usr/bin/pacman-key --populate archlinux + fi + release=$(echo "$1" | cut -d '.' -f 1,2) + + if ! [ -h /etc/pacman.d/99-qubes-repository-${release}.conf ] ; then + ln -s /etc/pacman.d/99-qubes-repository-${release}.conf.disabled /etc/pacman.d/99-qubes-repository-${release}.conf + fi + +} + +post_install() { + if [ -x usr/bin/pacman-key ]; then + post_upgrade "$1" + fi +} +