rebuild-todo: Add the --import-keys option

Allows to import PGP keys for packages source verification into the user's keyring before rebuilding packages (including support for offloaded builds).
archlinux · Jan 9, 2025 · 9f43bb3 · 9f43bb3
1 parent bd8075b
commit 9f43bb3
Show file tree

Hide file tree

Showing 3 changed files with 80 additions and 2 deletions.
diff --git a/Makefile b/Makefile
@@ -9,7 +9,8 @@ BASH_SCRIPTS = \
 	aur/review	\
 	package/parse-submodules \
 	package/pkgsearch \
-	package/rebuild-todo
+	package/rebuild-todo \
+	package/pkggrep
 
 PYTHON_SCRIPTS = \
 	package/staging2testing \

diff --git a/package/pkggrep b/package/pkggrep
@@ -0,0 +1,56 @@
+#!/bin/bash
+
+# SPDX-License-Identifier: GPL-2.0
+
+set -eou pipefail
+
+PROGNAME="${BASH_SOURCE[0]##*/}"
+
+usage() {
+    cat <<- _EOF_
+		Usage: ${PROGNAME} [OPTIONS] expression
+		
+		Does a full search on all files currently in the repository.
+		This is useful if one wants to search for a symbol instead of a soname.
+		For sonames please use 'sogrep'.
+		
+		OPTIONS
+		    -h, --help             Show this help text
+
+		Examples:
+		    $ ${PROGNAME} _ZN3fmt3v116detail10locale_refC1ISt6localeEERKT_
+_EOF_
+}
+
+if ! ((${#})); then
+    usage
+    exit 0
+fi
+
+SEARCH_EXPRESSION=""
+SEARCH_HOST="build.archlinux.org"
+
+while ((${#})); do
+    key="${1}"
+    case ${key} in
+        -h|--help)
+            usage
+            exit 0
+        ;;
+        --)
+            shift
+            break
+        ;;
+        -*)
+            echo "invalid argument: $key"
+            usage
+            exit 1
+        ;;
+        *)
+            SEARCH_EXPRESSION="${key}"
+        ;;
+    esac
+    shift
+done
+
+ssh "${SEARCH_HOST}" "parallel \"rg --files-with-matches --search-zip -- '${SEARCH_EXPRESSION}' {} && pacman -Qpq {}\" ::: /srv/ftp/pool/*/*.zst"
diff --git a/package/rebuild-todo b/package/rebuild-todo
@@ -27,7 +27,8 @@ usage() {
 		    -e, --edit      Edit PKGBUILD before building. Default when todo type is "Task"
 		    -o, --offload   Use offloaded builds
 		    -h, --help      Show this help text
-		    --dry-run       Show the offload-build and commitpkg being ran
+		    -d, --dry-run   Show the offload-build and commitpkg being ran
+		    --import-keys   Import PGP keys for packages source verification into the user's keyring
 		    --no-build      Don't build PKGBUILD
 		    --no-publish    Don't run commitpkg after building
 		    --no-bump       Don't bump pkgrel before building (default bumps pkgrel)
@@ -63,6 +64,7 @@ STDIN=0
 NO_BUMP=0
 NO_BUILD=0
 PACKAGES=0
+IMPORT_KEYS=0
 NO_PUBLISH=0
 EDIT_PKGBUILD=0
 CONTINUE=0
@@ -112,6 +114,9 @@ while ((${#})); do
         -d|--dry-run)
             DRY=1
         ;;
+        --import-keys)
+            IMPORT_KEYS=1
+        ;;
         --testing|--staging)
             REPO="$key"
         ;;
@@ -219,6 +224,22 @@ read <&1
 
 pkgctl repo clone "${packages[@]}"
 
+if ((IMPORT_KEYS)); then
+	echo "Importing PGP keys..."
+	# Only add paths that actually have key(s) to import and ignore paths that don't, don't exit on error 
+	key_paths=($(find "${packages[@]/%//keys/pgp}" -type f 2>/dev/null || true))
+
+	if [[ "${#key_paths[@]}" -ne 0 ]]; then
+		if [[ -z "$OFFLOAD" ]]; then
+			cat "${key_paths[@]}" | gpg --import
+		else
+			cat "${key_paths[@]}" | ssh build.archlinux.org gpg --import
+		fi
+	else
+		echo "No PGP key to import"
+	fi
+fi
+
 for pkg in "${packages[@]}"; do
     pushd "$pkg" &>/dev/null