blob: 65e633498851f964e6e8d9acc939a4a156649be6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
z = gz
keys = \
'357D CB0E EC95 A01A EBA1 F0D2 DE63 B9C7 04EB E9EF'
debrev = 4
pool = https://ftp.debian.org/debian/pool/main/s/stress/
deb_tar = $(OPK_SOURCE)_$(OPK_SOURCE_VERSION_UPSTREAM).orig.tar.$(z)
deb_dsc = $(OPK_SOURCE)_$(OPK_SOURCE_VERSION_UPSTREAM)-$(debrev).dsc
source_archive = ../$(OPK_SOURCE)-$(OPK_SOURCE_VERSION_UPSTREAM).orig.tar.$(z)
GNUPGHOME = gnupghome
# TODO: When GnuPG is built with TLS support, delete the second "keyserver" line
# to switch to a non-SKS keyserver. We can't switch yet, because the Web server
# at keys.openpgp.org redirects (HTTP 301) to HTTPS (and enforces it with HSTS).
keyserver = hkps://keys.openpgp.org
keyserver = hkp://pool.sks-keyservers.net
keyring = ../keyring.gpg
cleanup = gpgconf --kill all; rm -Rf '$(GNUPGHOME)'; sleep 5
dsc_sed = \
/^Checksums-Sha256:$$/,/^[^ ]/{ \
s/ \([0-9a-f][0-9a-f]*\) [0-9][0-9]* \($(deb_tar)\)$$/\1 \2/p;\
};
$(keyring):
gpg --recv-keys $(keys) || { rm -Rf '$@'; exit 1; }
rm -f '$@~'
$(source_archive): $(keyring)
wget -c '$(pool)/$(deb_dsc)' '$(pool)/$(deb_tar)'
gpg --verify '$(deb_dsc)'
sed -n '$(dsc_sed)' '$(deb_dsc)' | sha256sum -c -
mv '$(deb_tar)' '$(source_archive)'
source:
install -m 0700 -d '$(GNUPGHOME)'
umask 0177; printf 'keyserver $(keyserver)\n' \
1>'$(GNUPGHOME)/dirmngr.conf'
umask 0177; printf 'no-default-keyring\nkeyring $(keyring)\nverbose\n' \
1>'$(GNUPGHOME)/gpg.conf'
GNUPGHOME='$(GNUPGHOME)' $(MAKE) -f ../source.mk "$(source_archive)" \
|| { $(cleanup); exit 1; }
$(cleanup)
|