Message ID | 20180115165759.26127-8-lukeshu@lukeshu.com |
---|---|
State | Not Applicable, archived |
Headers | show |
Series | Backports from Parabola v20180103 | expand |
On 01/15/2018 11:57 AM, Luke Shumaker wrote: > From: Luke Shumaker <lukeshu@parabola.nu> > > This allows signature verification by `makepkg --verifysource`, `git > verify-tag`, and such without requiring the user to manually retrieve > the keys first. > > This is based off of devtools32 commit 009695b (2017-06-27) by > Erich Eckner <git@eckner.net>. There are 2 differences from that > commit: > - In this version, gpg.conf is owned by builduser, not by root > - In this version, we don't keep appending duplicate lines if we > re-use a chroot We use --skipinteg inside the chroot anyway, since 75fdff1811a0487f82c75b2e260da905102b4eea -- but this reminds me I need to submit my patch to disable copying of the keyring altogether.
diff --git a/makechrootpkg.in b/makechrootpkg.in index a6c54cc..d2a0477 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -186,6 +186,7 @@ prepare_chroot() { [[ -r $USER_HOME/$x ]] || continue $install -m 644 "$USER_HOME/$x" "$copydir/build/$x" done + $install -m644 /dev/stdin "$copydir/build/.gnupg/gpg.conf" <<<'keyserver-options auto-key-retrieve' sed -e '/^MAKEFLAGS=/d' -e '/^PACKAGER=/d' -i "$copydir/etc/makepkg.conf" for x in BUILDDIR=/build PKGDEST=/pkgdest SRCPKGDEST=/srcpkgdest SRCDEST=/srcdest LOGDEST=/logdest \
From: Luke Shumaker <lukeshu@parabola.nu> This allows signature verification by `makepkg --verifysource`, `git verify-tag`, and such without requiring the user to manually retrieve the keys first. This is based off of devtools32 commit 009695b (2017-06-27) by Erich Eckner <git@eckner.net>. There are 2 differences from that commit: - In this version, gpg.conf is owned by builduser, not by root - In this version, we don't keep appending duplicate lines if we re-use a chroot --- makechrootpkg.in | 1 + 1 file changed, 1 insertion(+)