summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--control3
-rw-r--r--source.mk60
2 files changed, 40 insertions, 23 deletions
diff --git a/control b/control
index ac33f5b..eca2bff 100644
--- a/control
+++ b/control
@@ -1,5 +1,6 @@
Maintainer: Patrick McDermott <patrick.mcdermott@libiquity.com>
-Build-Depends: opkhelper-3.0,
+Build-Depends: opkbuild (>= 4.0.1), opkhelper-3.0 (>= 3.1.2),
+ gpg, dirmngr, gpgconf, gpg-agent,
libncurses.5-dev,
libreadline-dev,
libexpat.1-dev,
diff --git a/source.mk b/source.mk
index f946eea..f22deab 100644
--- a/source.mk
+++ b/source.mk
@@ -1,33 +1,49 @@
+z = xz
+tar_z = J
+keys = \
+ 'F40A DB90 2B24 264A A42E 50BF 92ED B04B FF32 5CF3'
non_free_files = \
gdb/doc/gdb.texinfo \
- gdb/doc/gdb.info*
+ gdb/doc/gdb.info* \
+ zlib/
upstream_version = $$(printf '%s\n' '$(OPK_SOURCE_VERSION_UPSTREAM)' | \
- sed 's/^\([0-9a-z.~-][0-9a-z.~-]*\)+sip[1-9][0-9]*.*$$/\1/')
+ sed 's/+sip[1-9][0-9]*.*$$//')
upstream_name = $(OPK_SOURCE)-$(upstream_version)
-upstream_archive = $(upstream_name).tar.bz2
-upstream_url = http://ftp.gnu.org/gnu/$(OPK_SOURCE)/$(upstream_archive)
-source_archive = ../$(OPK_SOURCE)-$(OPK_SOURCE_VERSION_UPSTREAM).orig.tar.bz2
-keys = FF325CF3
+upstream_archive = $(upstream_name).tar.$(z)
+upstream_url = http://ftp.gnu.org/pub/gnu/$(OPK_SOURCE)/$(upstream_archive)
+source_archive = ../$(OPK_SOURCE)-$(OPK_SOURCE_VERSION_UPSTREAM).orig.tar.$(z)
-$(source_archive):
- wget -c "$(upstream_url)"
- set -e; if gpg --version >/dev/null 2>&1; then \
- wget -c "$(upstream_url).sig"; \
- [ -e ../keyring.gpg ] || \
- gpg --keyring ../keyring.gpg --no-default-keyring \
- --recv-keys $(keys) || true; \
- rm -f ../keyring.gpg~; \
- gpg --verify --keyring ../keyring.gpg \
- "$(upstream_archive).sig"; \
- rm -f "$(upstream_archive).sig"; \
- fi
- tar -xjf "$(upstream_archive)"
+GNUPGHOME = gnupghome
+# TODO: When GnuPG is built with TLS support, delete the second "keyserver" line
+# to switch to a non-SKS keyserver. We can't switch yet, because the Web server
+# at keys.openpgp.org redirects (HTTP 301) to HTTPS (and enforces it with HSTS).
+keyserver = hkps://keys.openpgp.org
+keyserver = hkp://pool.sks-keyservers.net
+keyring = ../keyring.gpg
+cleanup = gpgconf --kill all; rm -Rf '$(GNUPGHOME)'; sleep 5
+
+$(keyring):
+ gpg --recv-keys $(keys) || { rm -Rf '$@'; exit 1; }
+ rm -f '$@~'
+
+$(source_archive): $(keyring)
+ wget -c "$(upstream_url)" "$(upstream_url).sig"
+ gpg --verify "$(upstream_archive).sig"
+ tar -x$(tar_z)f "$(upstream_archive)"
rm -f "$(upstream_archive)"
cd "$(upstream_name)"; for file in $(non_free_files); do \
- rm -f "$${file}"; \
+ rm -R "$${file}"; \
done; cd ..
- tar -cjf '$(source_archive)' "$(upstream_name)"
+ tar -c$(tar_z)f "$(source_archive)" "$(upstream_name)"
rm -Rf "$(upstream_name)"
-source: $(source_archive)
+source:
+ install -m 0700 -d '$(GNUPGHOME)'
+ umask 0177; printf 'keyserver $(keyserver)\n' \
+ 1>'$(GNUPGHOME)/dirmngr.conf'
+ umask 0177; printf 'no-default-keyring\nkeyring $(keyring)\nverbose\n' \
+ 1>'$(GNUPGHOME)/gpg.conf'
+ GNUPGHOME='$(GNUPGHOME)' $(MAKE) -f ../source.mk "$(source_archive)" \
+ || { $(cleanup); exit 1; }
+ $(cleanup)