Fix integirty checking with gpg

No longer need to use the pacman hook as integrity checking is done by
the script before building.

Also, the temporary file created to test gpg signing will now be
created, signed, and removed in the user's `.local/share` directory.
This commit is contained in:
Stephen Seo 2023-03-17 15:20:16 +09:00
parent ed27852353
commit c764942ed1
3 changed files with 29 additions and 21 deletions

View file

@ -173,12 +173,10 @@ It is recommended to use the script with a prepared config.
# Other Notes
By default, `makechrootpkg` does not verify integrity of files in the PKGBUILD.
Use the `makechrootpkg_noskipinteg.hook` to modify the `makechrootpkg` script to
not skip integrity checks.
~~By default, `makechrootpkg` does not verify integrity of files in the
PKGBUILD. Use the `makechrootpkg_noskipinteg.hook` to modify the
`makechrootpkg` script to not skip integrity checks.~~
The hook must be placed in `/etc/pacman.d/hooks/`.
Note that the hook only takes effect when `devtools` is updated. If you want to
activate the hook immediately, you can reinstall `devtools` with
`pacman -S devtools`.
`update.py` now does integrity checks before building with `makechrootpkg`. It
is no longer necessary to modify the `/usr/bin/makechrootpkg` because the
integrity checks are done separately.

View file

@ -1,11 +0,0 @@
[Trigger]
Operation = Install
Operation = Upgrade
Type = Package
Target = devtools
[Action]
Description = Force makechrootpkg to not --skipinteg
When = PostTransaction
Exec = /usr/bin/sed -i '/^default_makepkg_args=.*$/s/ --skipinteg//' /usr/bin/makechrootpkg
Depends = devtools

View file

@ -1010,7 +1010,6 @@ def update_pkg_list(
sys.exit(1)
for pkg in pkgs:
pkgdir = os.path.join(other_state["clones_dir"], pkg)
log_print(f'Building "{pkg}"...')
if "ccache_dir" in pkg_state[pkg]:
cleanup_sccache(other_state["chroot"])
setup_ccache(other_state["chroot"])
@ -1021,6 +1020,24 @@ def update_pkg_list(
else:
cleanup_sccache(other_state["chroot"])
# check integrity
log_print(f"Checking files of {pkg} before building it...")
try:
subprocess.run(
(
"/usr/bin/env",
"makepkg",
"--verifysource"
),
check=True,
cwd=pkgdir,
)
except:
log_print(f"ERROR: Failed to verify pkg \"{pkg}\"")
pkg_state[pkg]["build_status"] = "fail"
continue
log_print(f'Building "{pkg}"...')
command_list = [
"/usr/bin/env",
"makechrootpkg",
@ -1302,7 +1319,11 @@ def test_gpg_passphrase(
):
"""Checks if the given gpg passphrase works with the gpg signing key."""
with tempfile.NamedTemporaryFile() as tempnf:
local_share_dir = os.path.join(os.environ["HOME"], ".local", "share")
local_share_dir_path = Path(local_share_dir)
if not local_share_dir_path.exists():
local_share_dir_path.mkdir(parents=True)
with tempfile.NamedTemporaryFile(dir=local_share_dir) as tempnf:
tempnf.write(b"Test file content")
tempnf.flush()
try: