From 396953fe408a22d946a3101615462e5ad54a487c Mon Sep 17 00:00:00 2001 From: Patrick McDermott Date: Tue, 05 Jan 2021 01:54:57 -0500 Subject: Initial commit --- (limited to 'source.mk') diff --git a/source.mk b/source.mk new file mode 100644 index 0000000..1c6fa0a --- /dev/null +++ b/source.mk @@ -0,0 +1,37 @@ +z = xz +keys = \ + 'E1F0 36B1 FEE7 221F C778 ECEF B0B5 E886 96AF E6CB' + +upstream_archive = $(OPK_SOURCE)-$(OPK_SOURCE_VERSION_UPSTREAM).tar +upstream_url = https://www.kernel.org/pub/software/scm/git/$(upstream_archive) +source_archive = ../$(OPK_SOURCE)-$(OPK_SOURCE_VERSION_UPSTREAM).orig.tar.$(z) + +GNUPGHOME = gnupghome +# TODO: When GnuPG is built with TLS support, delete the second "keyserver" line +# to switch to a non-SKS keyserver. We can't switch yet, because the Web server +# at keys.openpgp.org redirects (HTTP 301) to HTTPS (and enforces it with HSTS). +keyserver = hkps://keys.openpgp.org +keyserver = hkp://pool.sks-keyservers.net +keyring = ../keyring.gpg +cleanup = gpgconf --kill all; rm -Rf '$(GNUPGHOME)'; sleep 5 + +$(keyring): + gpg --recv-keys $(keys) || { rm -Rf '$@'; exit 1; } + rm -f '$@~' + +$(source_archive): $(keyring) + wget -c '$(upstream_url).$(z)' '$(upstream_url).sign' + unxz -c '$(upstream_archive).$(z)' 1>'$(upstream_archive)' + gpg --verify '$(upstream_archive).sign' + rm '$(upstream_archive)' + mv '$(upstream_archive).$(z)' '$(source_archive)' + +source: + install -m 0700 -d '$(GNUPGHOME)' + umask 0177; printf 'keyserver $(keyserver)\n' \ + 1>'$(GNUPGHOME)/dirmngr.conf' + umask 0177; printf 'no-default-keyring\nkeyring $(keyring)\nverbose\n' \ + 1>'$(GNUPGHOME)/gpg.conf' + GNUPGHOME='$(GNUPGHOME)' $(MAKE) -f ../source.mk '$(source_archive)' \ + || { $(cleanup); exit 1; } + $(cleanup) -- cgit v0.9.1