Fix integirty checking with gpg

No longer need to use the pacman hook as integrity checking is done by
the script before building.

Also, the temporary file created to test gpg signing will now be
created, signed, and removed in the user's `.local/share` directory.

diff --git a/README.md b/README.md
index 46d58094140bd73de726cd3ddbdac1157a75ada1..e88efb0ee7226bb94d98363b65b89acffb7110bc 100644 (file)
--- a/README.md
+++ b/README.md
@@ -173,12 +173,10 @@ It is recommended to use the script with a prepared config.
 
 # Other Notes
 
-By default, `makechrootpkg` does not verify integrity of files in the PKGBUILD.
-Use the `makechrootpkg_noskipinteg.hook` to modify the `makechrootpkg` script to
-not skip integrity checks.
+~~By default, `makechrootpkg` does not verify integrity of files in the
+PKGBUILD. Use the `makechrootpkg_noskipinteg.hook` to modify the
+`makechrootpkg` script to not skip integrity checks.~~
 
-The hook must be placed in `/etc/pacman.d/hooks/`.
-
-Note that the hook only takes effect when `devtools` is updated. If you want to
-activate the hook immediately, you can reinstall `devtools` with
-`pacman -S devtools`.
+`update.py` now does integrity checks before building with `makechrootpkg`. It
+is no longer necessary to modify the `/usr/bin/makechrootpkg` because the
+integrity checks are done separately.

diff --git a/makechrootpkg_noskipinteg.hook b/makechrootpkg_noskipinteg.hook
deleted file mode 100644 (file)
index 90902da..0000000
--- a/makechrootpkg_noskipinteg.hook
+++ /dev/null
@@ -1,11 +0,0 @@
-[Trigger]
-Operation = Install
-Operation = Upgrade
-Type = Package
-Target = devtools
-
-[Action]
-Description = Force makechrootpkg to not --skipinteg
-When = PostTransaction
-Exec = /usr/bin/sed -i '/^default_makepkg_args=.*$/s/ --skipinteg//' /usr/bin/makechrootpkg
-Depends = devtools

diff --git a/update.py b/update.py
index e9ca8c9d37643e65a6ee42bd4e829edaa6bf12b5..1268c7dfd2cd5068641e36fb29e216e718a35a26 100755 (executable)
--- a/update.py
+++ b/update.py
@@ -1010,7 +1010,6 @@ def update_pkg_list(
         sys.exit(1)
     for pkg in pkgs:
         pkgdir = os.path.join(other_state["clones_dir"], pkg)
-        log_print(f'Building "{pkg}"...')
         if "ccache_dir" in pkg_state[pkg]:
             cleanup_sccache(other_state["chroot"])
             setup_ccache(other_state["chroot"])
@@ -1021,6 +1020,24 @@ def update_pkg_list(
             else:
                 cleanup_sccache(other_state["chroot"])
 
+        # check integrity
+        log_print(f"Checking files of {pkg} before building it...")
+        try:
+            subprocess.run(
+                (
+                    "/usr/bin/env",
+                    "makepkg",
+                    "--verifysource"
+                ),
+                check=True,
+                cwd=pkgdir,
+            )
+        except:
+            log_print(f"ERROR: Failed to verify pkg \"{pkg}\"")
+            pkg_state[pkg]["build_status"] = "fail"
+            continue
+
+        log_print(f'Building "{pkg}"...')
         command_list = [
             "/usr/bin/env",
             "makechrootpkg",
@@ -1302,7 +1319,11 @@ def test_gpg_passphrase(
 ):
     """Checks if the given gpg passphrase works with the gpg signing key."""
 
-    with tempfile.NamedTemporaryFile() as tempnf:
+    local_share_dir = os.path.join(os.environ["HOME"], ".local", "share")
+    local_share_dir_path = Path(local_share_dir)
+    if not local_share_dir_path.exists():
+        local_share_dir_path.mkdir(parents=True)
+    with tempfile.NamedTemporaryFile(dir=local_share_dir) as tempnf:
         tempnf.write(b"Test file content")
         tempnf.flush()
         try: