From 917c97b52a025fa86f96f672ff4608632ba6a0b8 Mon Sep 17 00:00:00 2001 From: Patrick McDermott Date: Sun, 30 Jun 2019 21:59:07 -0400 Subject: source.mk: Rewrite and use xz --- diff --git a/control b/control index 02c2fb7..a18bfee 100644 --- a/control +++ b/control @@ -1,3 +1,5 @@ Maintainer: "P. J. McDermott" -Build-Depends: opkhelper-3.0, libsigsegv-dev +Build-Depends: opkbuild (>= 4.0.0), opkhelper-3.0, + gpg, dirmngr, gpgconf, gpg-agent, + libsigsegv-dev Homepage: https://www.gnu.org/software/m4/ diff --git a/source.mk b/source.mk index 8634694..ca6b0df 100644 --- a/source.mk +++ b/source.mk @@ -1,18 +1,35 @@ -upstream_archive = m4-$(OPK_SOURCE_VERSION_UPSTREAM).tar.bz2 -upstream_url = http://ftp.gnu.org/gnu/m4/$(upstream_archive) -source_archive = ../m4-$(OPK_SOURCE_VERSION_UPSTREAM).orig.tar.bz2 -keys = 2527436A 2983D606 +z = xz +keys = \ + '71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A' -$(source_archive): - wget '$(upstream_url)' - set -e; if gpg --version >/dev/null 2>&1; then \ - wget '$(upstream_url).sig'; \ - [ -e ../keyring.gpg ] || \ - gpg --keyring ../keyring.gpg --no-default-keyring \ - --recv-keys $(keys) || true; \ - gpg --verify --keyring ../keyring.gpg \ - '$(upstream_archive).sig'; \ - fi - mv '$(upstream_archive)' '$(source_archive)' +upstream_archive = $(OPK_SOURCE)-$(OPK_SOURCE_VERSION_UPSTREAM).tar.$(z) +upstream_url = http://ftp.gnu.org/pub/gnu/$(OPK_SOURCE)/$(upstream_archive) +source_archive = ../$(OPK_SOURCE)-$(OPK_SOURCE_VERSION_UPSTREAM).orig.tar.$(z) -source: $(source_archive) +GNUPGHOME = gnupghome +# TODO: When GnuPG is built with TLS support, delete the second "keyserver" line +# to switch to a non-SKS keyserver. We can't switch yet, because the Web server +# at keys.openpgp.org redirects (HTTP 301) to HTTPS (and enforces it with HSTS). +keyserver = hkps://keys.openpgp.org +keyserver = hkp://pool.sks-keyservers.net +keyring = ../keyring.gpg +cleanup = gpgconf --kill all; rm -Rf '$(GNUPGHOME)'; sleep 5 + +$(keyring): + gpg --recv-keys $(keys) || { rm -Rf '$@'; exit 1; } + rm -f '$@~' + +$(source_archive): $(keyring) + wget -c "$(upstream_url)" "$(upstream_url).sig" + gpg --verify "$(upstream_archive).sig" + mv "$(upstream_archive)" "$(source_archive)" + +source: + install -m 0700 -d '$(GNUPGHOME)' + umask 0177; printf 'keyserver $(keyserver)\n' \ + 1>'$(GNUPGHOME)/dirmngr.conf' + umask 0177; printf 'no-default-keyring\nkeyring $(keyring)\nverbose\n' \ + 1>'$(GNUPGHOME)/gpg.conf' + GNUPGHOME='$(GNUPGHOME)' $(MAKE) -f ../source.mk "$(source_archive)" \ + || { $(cleanup); exit 1; } + $(cleanup) -- cgit v0.9.1