From patchwork Tue May 31 09:40:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Allan McRae X-Patchwork-Id: 2064 Return-Path: Delivered-To: patchwork@archlinux.org Received: from mail.archlinux.org [95.216.189.61] by patchwork.archlinux.org with IMAP (fetchmail-6.4.30) for (single-drop); Tue, 31 May 2022 09:40:51 +0000 (UTC) Received: from mail.archlinux.org by mail.archlinux.org with LMTP id xnw9L6LilWKL8AgAK+/4rw (envelope-from ) for ; Tue, 31 May 2022 09:40:50 +0000 Received: from lists.archlinux.org (lists.archlinux.org [95.217.236.249]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.archlinux.org (Postfix) with ESMTPS id B37C11061A8D; Tue, 31 May 2022 09:40:49 +0000 (UTC) Received: from lists.archlinux.org (localhost [IPv6:::1]) by lists.archlinux.org (Postfix) with ESMTP id 901AF104E1C7; Tue, 31 May 2022 09:40:49 +0000 (UTC) X-Original-To: pacman-dev@lists.archlinux.org Delivered-To: pacman-dev@lists.archlinux.org Received: from mail.archlinux.org (mail.archlinux.org [95.216.189.61]) by lists.archlinux.org (Postfix) with ESMTPS id 75BFC104E1B6 for ; Tue, 31 May 2022 09:40:47 +0000 (UTC) From: Allan McRae DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=archlinux.org; s=dkim-rsa; t=1653990046; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=F8fzMranZk0cTwfyRArdWnHCI+HbD84D7TPRf8E0S9c=; b=mgz+IfkjMKKkXjeldHRJdhoPWBaXpXNzYHPsB1Q+2Sjl+bMBCvS5IOuI2ZxhQGgHA1UNX9 dO0zN9/JeYdVB4B3uaj61NugRCVfqYmAqxKZX0QN5eRf5VWqM3W0vJbRGcdfZgsegBZQVb ZxMsnMCl0TSTMaZbdCxqaqLudE4PrQprRMD1P/VdHTb6MWHCgJF/2BxSdJp5PG2NsT7Rg/ H1Vwofpu/NpajVL40pNeejurPcFJiEiPv2zuLznivk7fLG9P6HkD4vT8wIGlORiTuO6tlt 1Jg6FID1OU1UARioT4I6BlFwMofGaWivuGx+oR1v32D8TZjv2CgX61NvdWfPbRNC2CHFMO GxEWKSY0jlQYkocfeQVK99nPHrUn8Kzmmb/QocdCFlCZxCotLHwLG00Y3RhWwdpMAsA5/k 7l1TdVeIGw11PHXG0HkZMmz0swYkjV0iXDmWYBDg6O7/jyzew3Nm5ho8ece0vkAslZ0aAt Jdn8zzC6+xNk7dcuUFzvB9fFzZntJFrGYiQJu7xmmo8CkImLS+vFv0enqMAasRXHfReWS6 dmQgqkad9Q0lMmS5BkrDIYPrvp7qCJt6LZj8zWDI8WnG7MGc/vHixZM4JygFTsE+xyMuN8 17Vd7fjNNSrgg3zl9C9GFTAdA8HYmBkLRO2yWR849+4BDydwhPK1Y= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=archlinux.org; s=dkim-ed25519; t=1653990046; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=F8fzMranZk0cTwfyRArdWnHCI+HbD84D7TPRf8E0S9c=; b=XE6J9OfycdSFx6BwgShECWzGhsmNrFmk5Hbv+TmvGIgk4Y9yx+AHCs7VjD2wVYlgKIlzg3 ElrsyHIjvEF8k6Cw== To: pacman-dev@lists.archlinux.org Subject: [PATCH] makepkg: add source signing PGP keys to package if available Date: Tue, 31 May 2022 19:40:36 +1000 Message-Id: <20220531094036.10838-1-allan@archlinux.org> X-Mailer: git-send-email 2.36.1 MIME-Version: 1.0 X-BeenThere: pacman-dev@lists.archlinux.org X-Mailman-Version: 2.1.39 Precedence: list List-Id: Discussion list for pacman development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: pacman-dev-bounces@lists.archlinux.org Sender: "pacman-dev" Authentication-Results: mail.archlinux.org; dkim=pass header.d=archlinux.org header.s=dkim-rsa header.b=mgz+Ifkj; dkim=pass header.d=archlinux.org header.s=dkim-ed25519 header.b=XE6J9Ofy; spf=pass (mail.archlinux.org: domain of pacman-dev-bounces@lists.archlinux.org designates 95.217.236.249 as permitted sender) smtp.mailfrom=pacman-dev-bounces@lists.archlinux.org; dmarc=pass (policy=none) header.from=archlinux.org X-Rspamd-Server: mail.archlinux.org X-Spamd-Result: default: False [-2.61 / 15.00]; DWL_DNSWL_MED(-2.00)[archlinux.org:dkim]; MID_CONTAINS_FROM(1.00)[]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; DMARC_POLICY_ALLOW(-0.50)[archlinux.org,none]; R_MISSING_CHARSET(0.50)[]; RCVD_IN_DNSWL_MED(-0.40)[95.217.236.249:from,95.216.189.61:received]; R_DKIM_ALLOW(-0.20)[archlinux.org:s=dkim-rsa,archlinux.org:s=dkim-ed25519]; MAILLIST(-0.20)[mailman]; R_SPF_ALLOW(-0.20)[+ip4:95.217.236.249:c]; MIME_GOOD(-0.10)[text/plain]; HAS_LIST_UNSUB(-0.01)[]; MIME_TRACE(0.00)[0:+]; NEURAL_HAM(-0.00)[-1.000]; ASN(0.00)[asn:24940, ipnet:95.217.0.0/16, country:DE]; RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; PREVIOUSLY_DELIVERED(0.00)[pacman-dev@lists.archlinux.org]; FROM_HAS_DN(0.00)[]; DKIM_TRACE(0.00)[archlinux.org:+]; TO_DN_NONE(0.00)[]; FROM_NEQ_ENVFROM(0.00)[allan@archlinux.org,pacman-dev-bounces@lists.archlinux.org]; RCPT_COUNT_ONE(0.00)[1]; FORGED_SENDER_MAILLIST(0.00)[] X-Rspamd-Queue-Id: B37C11061A8D Arch Linux is adding source signing PGP keys to their package source tree alongside PKGBUILDs in the form keys/pgp/$fingerprint.asc. As the PGP keyserver infrastructure is a mess, this helps other people validate sources in a PKGBUILD. Add the keys to source packages if found alongside the PKGBUILD. Signed-off-by: Allan McRae --- I won't be committing this until the relevant Arch devtools patch is accepted so that the keys/pgp/ path is finalised. scripts/makepkg.sh.in | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 69757d03..bddcbe03 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -705,6 +705,16 @@ create_srcpackage() { done pkgname=(${pkgname_backup[@]}) + # add a copy of source PGP signing public keys if availabe in keys/pgp/.asc + local key + for key in ${validpgpkeys[@]}; do + if [[ -f keys/pgp/$key.asc ]]; then + mkdir -p "${srclinks}/${pkgbase}/keys/pgp/" + ln -s "${startdir}/keys/pgp/$key.asc" "${srclinks}/${pkgbase}/keys/pgp/" + fi + done + + local fullver=$(get_full_version) local pkg_file="$SRCPKGDEST/${pkgbase}-${fullver}${SRCEXT}"