From 45805557f441f0f3f214359a055548182f9588c4 Mon Sep 17 00:00:00 2001 From: Patrick McDermott <patrick.mcdermott@libiquity.com> Date: Fri, 31 May 2019 18:50:06 -0400 Subject: source.mk: Verify downloaded source archive --- diff --git a/control b/control index 01373e1..201fa74 100644 --- a/control +++ b/control @@ -1,3 +1,3 @@ Maintainer: "P. J. McDermott" <pj@pehjota.net> -Build-Depends: opkbuild (>= 4.0.0), opkhelper-3.0 +Build-Depends: gpg, dirmngr, opkbuild (>= 4.0.0), opkhelper-3.0 Homepage: http://anonscm.debian.org/gitweb/?p=users/clint/fakeroot.git;a=summary diff --git a/source.mk b/source.mk index ea7d0b2..e0cc16c 100644 --- a/source.mk +++ b/source.mk @@ -1,10 +1,33 @@ +upstream_debrev = 1 + upstream_archive = fakeroot_$(OPK_SOURCE_VERSION_UPSTREAM).orig.tar.xz +upstream_dsc = fakeroot_$(OPK_SOURCE_VERSION_UPSTREAM)-$(upstream_debrev).dsc upstream_mirror = http://ftp.debian.org/debian -upstream_url = $(upstream_mirror)/pool/main/f/fakeroot/$(upstream_archive) +upstream_tar_url = $(upstream_mirror)/pool/main/f/fakeroot/$(upstream_archive) +upstream_dsc_url = $(upstream_mirror)/pool/main/f/fakeroot/$(upstream_dsc) source_archive = ../fakeroot-$(OPK_SOURCE_VERSION_UPSTREAM).orig.tar.xz +gpg = GNUPGHOME=gnupghome/ gpg --no-default-keyring --keyring ../keyring.gpg +keys = \ + '7581 EC87 4053 E6C8 0779 1B9B 5592 331E 199D 38A8' +sha256sum_re = \ + ................................................................ + $(source_archive): - wget -c '$(upstream_url)' + wget -c '$(upstream_dsc_url)' '$(upstream_tar_url)' + install -m 0700 -d gnupghome/ + [ -e ../keyring.gpg ] || \ + $(gpg) --keyserver hkp://pool.sks-keyservers.net \ + --recv-keys $(keys); \ + rm -f ../keyring.gpg~; \ + if ! $(gpg) --verify '$(upstream_dsc)'; then \ + rm -Rf gnupghome/; \ + exit 1; \ + fi + rm -Rf gnupghome/ + sed -n 's/^ \($(sha256sum_re)\) .* \($(upstream_archive)\)$$/\1 \2/p' \ + '$(upstream_dsc)' >sha256sums + sha256sum -c sha256sums mv '$(upstream_archive)' '$(source_archive)' source: $(source_archive) -- cgit v0.9.1