diff options
| author | Patrick McDermott <patrick.mcdermott@libiquity.com> | 2021-01-06 07:46:48 (EST) |
|---|---|---|
| committer | Patrick McDermott <patrick.mcdermott@libiquity.com> | 2021-01-06 07:46:48 (EST) |
| commit | 6c9576208e46cb971695d7dbf8128ac6fbbdc8be (patch) | |
| tree | 971958c67bbe5c394e544b03e0ba5d721dc109b0 | |
| parent | 86214520a76597ba1659273b0f4ed7f3dae1737a (diff) | |
source.mk: Use HTTPS and GnuPG
| -rw-r--r-- | control | 2 | ||||
| -rw-r--r-- | source.mk | 35 |
2 files changed, 33 insertions, 4 deletions
@@ -2,4 +2,6 @@ Maintainer: Patrick McDermott <patrick.mcdermott@libiquity.com> Build-Depends: opkbuild (>= 4.2.1), opkhelper-3.0 (>= 3.1.3), + busybox (>= 1.32.0-1), + gpg, dirmngr, gpgconf, gpg-agent, Homepage: https://www.smartmontools.org/ @@ -1,10 +1,37 @@ -upstream_sf_base = http://downloads.sourceforge.net/project/$(OPK_SOURCE) +z = gz +keys = \ + '847A F8F7 2DF4 C7B4 9238 2C94 BF0B 339C 64BC AA8B' + +upstream_sf_base = https://downloads.sourceforge.net/project/$(OPK_SOURCE) upstream_path = $(OPK_SOURCE)/$(OPK_SOURCE_VERSION_UPSTREAM) upstream_archive = $(OPK_SOURCE)-$(OPK_SOURCE_VERSION_UPSTREAM).tar.gz upstream_url = $(upstream_sf_base)/$(upstream_path)/$(upstream_archive) source_archive = ../$(OPK_SOURCE)-$(OPK_SOURCE_VERSION_UPSTREAM).orig.tar.gz -$(source_archive): - wget -O '$@' '$(upstream_url)' +GNUPGHOME = gnupghome +# TODO: When GnuPG is built with TLS support, delete the second "keyserver" line +# to switch to a non-SKS keyserver. We can't switch yet, because the Web server +# at keys.openpgp.org redirects (HTTP 301) to HTTPS (and enforces it with HSTS). +keyserver = hkps://keys.openpgp.org +keyserver = hkp://pool.sks-keyservers.net +keyring = ../keyring.gpg +cleanup = gpgconf --kill all; rm -Rf '$(GNUPGHOME)'; sleep 5 + +$(keyring): + gpg --recv-keys $(keys) || { rm -Rf '$@'; exit 1; } + rm -f '$@~' + +$(source_archive): $(keyring) + wget -c '$(upstream_url)' '$(upstream_url).asc' + gpg --verify '$(upstream_archive).asc' + mv '$(upstream_archive)' '$(source_archive)' -source: $(source_archive) +source: + install -m 0700 -d '$(GNUPGHOME)' + umask 0177; printf 'keyserver $(keyserver)\n' \ + 1>'$(GNUPGHOME)/dirmngr.conf' + umask 0177; printf 'no-default-keyring\nkeyring $(keyring)\nverbose\n' \ + 1>'$(GNUPGHOME)/gpg.conf' + GNUPGHOME='$(GNUPGHOME)' $(MAKE) -f ../source.mk '$(source_archive)' \ + || { $(cleanup); exit 1; } + $(cleanup) |