From c3ee68bb6442f6f71e2653e44e7220f0837e2250 Mon Sep 17 00:00:00 2001
From: Patrick McDermott <patrick.mcdermott@libiquity.com>
Date: Mon, 01 Jul 2019 02:12:41 -0400
Subject: Initial commit

---
(limited to 'source.mk')

diff --git a/source.mk b/source.mk
new file mode 100644
index 0000000..2fcd765
--- /dev/null
+++ b/source.mk
@@ -0,0 +1,36 @@
+z = xz
+keys = \
+	'7DF8 4374 B1EE 1F97 64BB  E25D 0DDC AA32 78D5 264E' \
+	'7E37 92A9 D8AC F7D6 33BC  1588 ED97 E90E 62AA 7E34'
+
+upstream_archive = $(OPK_SOURCE)-$(OPK_SOURCE_VERSION_UPSTREAM).tar.$(z)
+upstream_url = http://ftp.gnu.org/pub/gnu/$(OPK_SOURCE)/$(upstream_archive)
+source_archive = ../$(OPK_SOURCE)-$(OPK_SOURCE_VERSION_UPSTREAM).orig.tar.$(z)
+
+GNUPGHOME = gnupghome
+# TODO: When GnuPG is built with TLS support, delete the second "keyserver" line
+# to switch to a non-SKS keyserver.  We can't switch yet, because the Web server
+# at keys.openpgp.org redirects (HTTP 301) to HTTPS (and enforces it with HSTS).
+keyserver = hkps://keys.openpgp.org
+keyserver = hkp://pool.sks-keyservers.net
+keyring = ../keyring.gpg
+cleanup = gpgconf --kill all; rm -Rf '$(GNUPGHOME)'; sleep 5
+
+$(keyring):
+	gpg --recv-keys $(keys) || { rm -Rf '$@'; exit 1; }
+	rm -f '$@~'
+
+$(source_archive): $(keyring)
+	wget -c "$(upstream_url)" "$(upstream_url).sig"
+	gpg --verify "$(upstream_archive).sig"
+	mv "$(upstream_archive)" "$(source_archive)"
+
+source:
+	install -m 0700 -d '$(GNUPGHOME)'
+	umask 0177; printf 'keyserver $(keyserver)\n' \
+		1>'$(GNUPGHOME)/dirmngr.conf'
+	umask 0177; printf 'no-default-keyring\nkeyring $(keyring)\nverbose\n' \
+		1>'$(GNUPGHOME)/gpg.conf'
+	GNUPGHOME='$(GNUPGHOME)' $(MAKE) -f ../source.mk "$(source_archive)" \
+		|| { $(cleanup); exit 1; }
+	$(cleanup)
--
cgit v0.9.1