From 9f43bb32afca91fc5c62d48803dcd39b3486c0b6 Mon Sep 17 00:00:00 2001 From: Robin Candau Date: Thu, 9 Jan 2025 20:37:58 +0100 Subject: [PATCH] rebuild-todo: Add the --import-keys option Allows to import PGP keys for packages source verification into the user's keyring before rebuilding packages (including support for offloaded builds). --- Makefile | 3 ++- package/pkggrep | 56 ++++++++++++++++++++++++++++++++++++++++++++ package/rebuild-todo | 23 +++++++++++++++++- 3 files changed, 80 insertions(+), 2 deletions(-) create mode 100755 package/pkggrep diff --git a/Makefile b/Makefile index 2abcd88..0eb11d3 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,8 @@ BASH_SCRIPTS = \ aur/review \ package/parse-submodules \ package/pkgsearch \ - package/rebuild-todo + package/rebuild-todo \ + package/pkggrep PYTHON_SCRIPTS = \ package/staging2testing \ diff --git a/package/pkggrep b/package/pkggrep new file mode 100755 index 0000000..87a3819 --- /dev/null +++ b/package/pkggrep @@ -0,0 +1,56 @@ +#!/bin/bash + +# SPDX-License-Identifier: GPL-2.0 + +set -eou pipefail + +PROGNAME="${BASH_SOURCE[0]##*/}" + +usage() { + cat <<- _EOF_ + Usage: ${PROGNAME} [OPTIONS] expression + + Does a full search on all files currently in the repository. + This is useful if one wants to search for a symbol instead of a soname. + For sonames please use 'sogrep'. + + OPTIONS + -h, --help Show this help text + + Examples: + $ ${PROGNAME} _ZN3fmt3v116detail10locale_refC1ISt6localeEERKT_ +_EOF_ +} + +if ! ((${#})); then + usage + exit 0 +fi + +SEARCH_EXPRESSION="" +SEARCH_HOST="build.archlinux.org" + +while ((${#})); do + key="${1}" + case ${key} in + -h|--help) + usage + exit 0 + ;; + --) + shift + break + ;; + -*) + echo "invalid argument: $key" + usage + exit 1 + ;; + *) + SEARCH_EXPRESSION="${key}" + ;; + esac + shift +done + +ssh "${SEARCH_HOST}" "parallel \"rg --files-with-matches --search-zip -- '${SEARCH_EXPRESSION}' {} && pacman -Qpq {}\" ::: /srv/ftp/pool/*/*.zst" diff --git a/package/rebuild-todo b/package/rebuild-todo index f05c62c..1db7210 100755 --- a/package/rebuild-todo +++ b/package/rebuild-todo @@ -27,7 +27,8 @@ usage() { -e, --edit Edit PKGBUILD before building. Default when todo type is "Task" -o, --offload Use offloaded builds -h, --help Show this help text - --dry-run Show the offload-build and commitpkg being ran + -d, --dry-run Show the offload-build and commitpkg being ran + --import-keys Import PGP keys for packages source verification into the user's keyring --no-build Don't build PKGBUILD --no-publish Don't run commitpkg after building --no-bump Don't bump pkgrel before building (default bumps pkgrel) @@ -63,6 +64,7 @@ STDIN=0 NO_BUMP=0 NO_BUILD=0 PACKAGES=0 +IMPORT_KEYS=0 NO_PUBLISH=0 EDIT_PKGBUILD=0 CONTINUE=0 @@ -112,6 +114,9 @@ while ((${#})); do -d|--dry-run) DRY=1 ;; + --import-keys) + IMPORT_KEYS=1 + ;; --testing|--staging) REPO="$key" ;; @@ -219,6 +224,22 @@ read <&1 pkgctl repo clone "${packages[@]}" +if ((IMPORT_KEYS)); then + echo "Importing PGP keys..." + # Only add paths that actually have key(s) to import and ignore paths that don't, don't exit on error + key_paths=($(find "${packages[@]/%//keys/pgp}" -type f 2>/dev/null || true)) + + if [[ "${#key_paths[@]}" -ne 0 ]]; then + if [[ -z "$OFFLOAD" ]]; then + cat "${key_paths[@]}" | gpg --import + else + cat "${key_paths[@]}" | ssh build.archlinux.org gpg --import + fi + else + echo "No PGP key to import" + fi +fi + for pkg in "${packages[@]}"; do pushd "$pkg" &>/dev/null