summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrick McDermott <patrick.mcdermott@libiquity.com>2020-12-26 20:57:16 (EST)
committer Patrick McDermott <patrick.mcdermott@libiquity.com>2020-12-26 21:07:58 (EST)
commitc085de3ec742e1b60ecff9d79fb27a06d798b0b1 (patch)
tree80acce930cbf87dedb70e11ceedd58a0ac6d6817
parente147827371f57b75eadbb1cb6e43486b9e261b1a (diff)
source.mk: Rewrite (based on m4's)
Diffstat
-rw-r--r--control1
-rw-r--r--source.mk48
2 files changed, 33 insertions, 16 deletions
diff --git a/control b/control
index 4370ceb..75727b3 100644
--- a/control
+++ b/control
@@ -1,4 +1,5 @@
Maintainer: "P. J. McDermott" <pj@pehjota.net>
Build-Depends: opkhelper-3.0,
+ gpg, dirmngr, gpgconf, gpg-agent,
libz.1-dev,
Homepage: http://curl.haxx.se/
diff --git a/source.mk b/source.mk
index 165d228..fdd6db9 100644
--- a/source.mk
+++ b/source.mk
@@ -1,19 +1,35 @@
-upstream_archive = $(OPK_SOURCE)-$(OPK_SOURCE_VERSION_UPSTREAM).tar.bz2
+z = bz2
+keys = \
+ '914C 533D F9B2 ADA2 204F 586D 78E1 1C6B 279D 5C91'
+
+upstream_archive = $(OPK_SOURCE)-$(OPK_SOURCE_VERSION_UPSTREAM).tar.$(z)
upstream_url = http://curl.haxx.se/download/$(upstream_archive)
-source_archive = ../$(OPK_SOURCE)-$(OPK_SOURCE_VERSION_UPSTREAM).orig.tar.bz2
-keys = '914C 533D F9B2 ADA2 204F 586D 78E1 1C6B 279D 5C91'
+source_archive = ../$(OPK_SOURCE)-$(OPK_SOURCE_VERSION_UPSTREAM).orig.tar.$(z)
+
+GNUPGHOME = gnupghome
+# TODO: When GnuPG is built with TLS support, delete the second "keyserver" line
+# to switch to a non-SKS keyserver. We can't switch yet, because the Web server
+# at keys.openpgp.org redirects (HTTP 301) to HTTPS (and enforces it with HSTS).
+keyserver = hkps://keys.openpgp.org
+keyserver = hkp://pool.sks-keyservers.net
+keyring = ../keyring.gpg
+cleanup = gpgconf --kill all; rm -Rf '$(GNUPGHOME)'; sleep 5
+
+$(keyring):
+ gpg --recv-keys $(keys) || { rm -Rf '$@'; exit 1; }
+ rm -f '$@~'
-$(source_archive):
- wget -c '$(upstream_url)'
- set -e; if gpg --version >/dev/null 2>&1; then \
- wget -c '$(upstream_url).asc'; \
- [ -e ../keyring.gpg ] || \
- gpg --keyring ../keyring.gpg --no-default-keyring \
- --recv-keys $(keys) || true; \
- rm -f ../keyring.gpg~; \
- gpg --verify --keyring ../keyring.gpg \
- '$(upstream_archive).asc'; \
- fi
- mv '$(upstream_archive)' '$@'
+$(source_archive): $(keyring)
+ wget -c "$(upstream_url)" "$(upstream_url).asc"
+ gpg --verify "$(upstream_archive).asc"
+ mv "$(upstream_archive)" "$(source_archive)"
-source: $(source_archive)
+source:
+ install -m 0700 -d '$(GNUPGHOME)'
+ umask 0177; printf 'keyserver $(keyserver)\n' \
+ 1>'$(GNUPGHOME)/dirmngr.conf'
+ umask 0177; printf 'no-default-keyring\nkeyring $(keyring)\nverbose\n' \
+ 1>'$(GNUPGHOME)/gpg.conf'
+ GNUPGHOME='$(GNUPGHOME)' $(MAKE) -f ../source.mk "$(source_archive)" \
+ || { $(cleanup); exit 1; }
+ $(cleanup)
generated by cgit v0.9.1 at 2024-11-22 11:10:22 (EST)