Fix integirty checking with gpg

No longer need to use the pacman hook as integrity checking is done by
the script before building.

Also, the temporary file created to test gpg signing will now be
created, signed, and removed in the user's `.local/share` directory.

README.md

@@ -173,12 +173,10 @@ It is recommended to use the script with a prepared config.
 
 # Other Notes
 
-By default, `makechrootpkg` does not verify integrity of files in the PKGBUILD.
+~~By default, `makechrootpkg` does not verify integrity of files in the
-Use the `makechrootpkg_noskipinteg.hook` to modify the `makechrootpkg` script to
+PKGBUILD. Use the `makechrootpkg_noskipinteg.hook` to modify the
-not skip integrity checks.
+`makechrootpkg` script to not skip integrity checks.~~
 
-The hook must be placed in `/etc/pacman.d/hooks/`.
+`update.py` now does integrity checks before building with `makechrootpkg`. It
-
+is no longer necessary to modify the `/usr/bin/makechrootpkg` because the
-Note that the hook only takes effect when `devtools` is updated. If you want to
+integrity checks are done separately.
-activate the hook immediately, you can reinstall `devtools` with
-`pacman -S devtools`.

makechrootpkg_noskipinteg.hook

@@ -1,11 +0,0 @@
-[Trigger]
-Operation = Install
-Operation = Upgrade
-Type = Package
-Target = devtools
-
-[Action]
-Description = Force makechrootpkg to not --skipinteg
-When = PostTransaction
-Exec = /usr/bin/sed -i '/^default_makepkg_args=.*$/s/ --skipinteg//' /usr/bin/makechrootpkg
-Depends = devtools

update.py

@@ -1010,7 +1010,6 @@ def update_pkg_list(
         sys.exit(1)
     for pkg in pkgs:
         pkgdir = os.path.join(other_state["clones_dir"], pkg)
-        log_print(f'Building "{pkg}"...')
         if "ccache_dir" in pkg_state[pkg]:
             cleanup_sccache(other_state["chroot"])
             setup_ccache(other_state["chroot"])
@@ -1021,6 +1020,24 @@ def update_pkg_list(
             else:
                 cleanup_sccache(other_state["chroot"])
 
+        # check integrity
+        log_print(f"Checking files of {pkg} before building it...")
+        try:
+            subprocess.run(
+                (
+                    "/usr/bin/env",
+                    "makepkg",
+                    "--verifysource"
+                ),
+                check=True,
+                cwd=pkgdir,
+            )
+        except:
+            log_print(f"ERROR: Failed to verify pkg \"{pkg}\"")
+            pkg_state[pkg]["build_status"] = "fail"
+            continue
+
+        log_print(f'Building "{pkg}"...')
         command_list = [
             "/usr/bin/env",
             "makechrootpkg",
@@ -1302,7 +1319,11 @@ def test_gpg_passphrase(
 ):
     """Checks if the given gpg passphrase works with the gpg signing key."""
 
-    with tempfile.NamedTemporaryFile() as tempnf:
+    local_share_dir = os.path.join(os.environ["HOME"], ".local", "share")
+    local_share_dir_path = Path(local_share_dir)
+    if not local_share_dir_path.exists():
+        local_share_dir_path.mkdir(parents=True)
+    with tempfile.NamedTemporaryFile(dir=local_share_dir) as tempnf:
         tempnf.write(b"Test file content")
         tempnf.flush()
         try: