diff --git a/Makefile b/Makefile index 6ea53db..a71cc7d 100644 --- a/Makefile +++ b/Makefile @@ -2,6 +2,7 @@ SHELL = /bin/bash PREFIX ?= /usr/local BUILD_DIR ?= build KEYRING_TARGET_DIR ?= $(PREFIX)/share/pacman/keyrings/ +RELEASE ?= SCRIPT_TARGET_DIR ?= $(PREFIX)/bin SYSTEMD_SYSTEM_UNIT_DIR ?= $(shell pkgconf --variable systemd_system_unit_dir systemd) WKD_FQDN ?= archlinux.org @@ -9,6 +10,7 @@ WKD_BUILD_DIR ?= $(BUILD_DIR)/wkd KEYRING_FILE=archlinux.gpg KEYRING_REVOKED_FILE=archlinux-revoked KEYRING_TRUSTED_FILE=archlinux-trusted +PROJECT=archlinux-keyring WKD_SYNC_SCRIPT=archlinux-keyring-wkd-sync WKD_SYNC_SERVICE_IN=archlinux-keyring-wkd-sync.service.in WKD_SYNC_SERVICE=archlinux-keyring-wkd-sync.service @@ -51,6 +53,18 @@ wkd_sync_service: wkd_sync/$(WKD_SYNC_SERVICE_IN) clean: rm -rf $(BUILD_DIR) $(WKD_BUILD_DIR) +release: clean build + $(if $(RELEASE),,$(error RELEASE was not specified!)) + @glab auth status -h gitlab.archlinux.org + @git tag -s $(RELEASE) -m "release version $(RELEASE)" + @git push origin refs/tags/$(RELEASE) + @mkdir -p $(BUILD_DIR)/$(PROJECT)-$(RELEASE)/ + @cp $(BUILD_DIR)/{$(KEYRING_FILE),$(KEYRING_REVOKED_FILE),$(KEYRING_TRUSTED_FILE)} $(BUILD_DIR)/$(PROJECT)-$(RELEASE)/ + @tar cvfz $(BUILD_DIR)/$(PROJECT)-$(RELEASE).tar.gz -C $(BUILD_DIR)/ $(PROJECT)-$(RELEASE)/ + @gpg -o $(BUILD_DIR)/$(PROJECT)-$(RELEASE).tar.gz.sig --default-key "$(shell git config --local --get user.signingkey)" -s $(BUILD_DIR)/$(PROJECT)-$(RELEASE).tar.gz + # NOTE: we specify GITLAB_HOST, because otherwise glab YOLO uses whatever is specified by the `host` key in its config and silently breaks all links... + GITLAB_HOST=gitlab.archlinux.org glab release create $(RELEASE) ./build/$(PROJECT)-$(RELEASE).tar.gz* --name=$(RELEASE) --notes="release version $(RELEASE)" + install: build wkd_sync_service install -vDm 644 build/{$(KEYRING_FILE),$(KEYRING_REVOKED_FILE),$(KEYRING_TRUSTED_FILE)} -t $(DESTDIR)$(KEYRING_TARGET_DIR) install -vDm 755 wkd_sync/$(WKD_SYNC_SCRIPT) -t $(DESTDIR)$(SCRIPT_TARGET_DIR) @@ -69,4 +83,4 @@ uninstall: rm -v $(DESTDIR)$(SYSTEMD_TIMER_DIR)/$(WKD_SYNC_TIMER) rmdir -pv --ignore-fail-on-non-empty $(DESTDIR)$(SYSTEMD_TIMER_DIR) -.PHONY: all lint fmt check test clean install uninstall wkd wkd_inspect +.PHONY: all lint fmt check test clean install release uninstall wkd wkd_inspect diff --git a/build/archlinux-revoked b/build/archlinux-revoked new file mode 100644 index 0000000..e69de29 diff --git a/build/archlinux-trusted b/build/archlinux-trusted new file mode 100644 index 0000000..9af5bcc --- /dev/null +++ b/build/archlinux-trusted @@ -0,0 +1,3 @@ +2B9D22B41F2AF1042BFCE73A3CA0B9DF1BE7CE09:4: +597244DBEA52EC6EFE5F36A4FDD42A59FD43C07B:4: +9E646BB0630C8FD18ACD15541B93E6A766CD229D:4: diff --git a/build/archlinux.gpg b/build/archlinux.gpg new file mode 100644 index 0000000..e08d75b --- /dev/null +++ b/build/archlinux.gpg @@ -0,0 +1,86 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +xjMEZNlVYBYJKwYBBAHaRw8BAQdAqrHl4S2UIU1DVv75VVqxYWzMXIj6DUYOEdx5 +9S54zibNO0tldmluIE11w7FveiAoQ2liZXJTZWN1cml0eSBFbmdpbmVlcikgPGtt +dW5vekBjb25kb3Jicy5uZXQ+wpAEExYIADgWIQQrnSK0HyrxBCv85zo8oLnfG+fO +CQUCZNlVYAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA8oLnfG+fOCS2Y +AP9NkmVFAljJiYFLtc7o1xB3xT/qtfJKw95khnhQFLqd5AEAsb5vlZ/bDvb56Yge +a+O/ar+qpq1q+cGvnUx2/OGPJg7CdQQQFggAHRYhBFlyRNvqUuxu/l82pP3UKln9 +Q8B7BQJk9L04AAoJEP3UKln9Q8B7tsUBAI3bUgjtoc57+lpT+Nfa/JDfddLejElW +mZBITOnpHtT9AQDPBcKJwR4BXdPvXKYizEUq758weamJJK+YC/OHFQGHBM07S2V2 +aW4gTXXDsW96IChDeWJlclNlY3VyaXR5IEVuZ2luZWVyKSA8a211bm96QGNvbmRv +cmJzLm5ldD7CwGYEExYIAM4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4ACGQEW +IQQrnSK0HyrxBCv85zo8oLnfG+fOCQUCZOd3g0MUgAAAAAAQACpwcm9vZkBhcmlh +ZG5lLmlkaHR0cHM6Ly9tYXN0b2Rvbi5jZW50YXVyaWNvcmV4Lm5ldC9Aa211bm96 +ThSAAAAAABAANXByb29mQGFyaWFkbmUuaWRodHRwczovL3QubWUvRXJyb3I0MDRI +YWNrZXJOb3RGb3VuZD9wcm9vZj1QZWxvY29uY2hhMwAKCRA8oLnfG+fOCTTjAP9f +6xcZSQeJ1uoudcekhEAs9aPZnfExnSWFC0agXDOV5QD/eqjVyUJGyyEPM9yiDOFv +Xuy7F54UKlzGeEEGAiJAcADCdQQQFggAHRYhBFlyRNvqUuxu/l82pP3UKln9Q8B7 +BQJk9L0xAAoJEP3UKln9Q8B7VRoA/3W2b2yzRIw/jz6HKGrCKPBZ4YSFqDU0WHau +wcm9kkjrAQCsbcVMj1+nrYqLPqt2EaGoI0vL7HNqkDFtZBJ1sOXgA84zBGTZVm8W +CSsGAQQB2kcPAQEHQFdn0G+sy9PxbV67iR8YmLpVtAv0VXSR+bv7LXWeFwmqwngE +GBYIACAWIQQrnSK0HyrxBCv85zo8oLnfG+fOCQUCZNlWbwIbIAAKCRA8oLnfG+fO +CcclAP9vH93UilCUalYkdkg0IIimuOrYJAFE3PoYzM3Yfh9VSAD/b750y/y65soK +AhwaVWI0mD+2ktStLv5GQQVsD9aYqALOOARk2Va/EgorBgEEAZdVAQUBAQdARB6y +g2ApZUudIRWiTyl30XISWQZjXMMpeyJlpVhxNGQDAQgHwngEGBYIACAWIQQrnSK0 +HyrxBCv85zo8oLnfG+fOCQUCZNlWvwIbDAAKCRA8oLnfG+fOCU8IAP43YS3bfntH +ouOiZk7UuxLbHeXQl6YkBTgO0W+uKTPtrwD8CBgI2PEDktTsoBkDQxKzGJRmCRwn +aK1yIipT/mwQEQ/GMwRk74e+FgkrBgEEAdpHDwEBB0DRmBzOdoNSNtQoyh3Q7VM8 +DDPO3/Svh6UGE7Dsxtdbic0uIChDb25kb3JCUyBNYXN0ZXIgS2V5KSA8Y29udGFj +dG9AY29uZG9yYnMubmV0PsKQBBMWCAA4FiEEWXJE2+pS7G7+Xzak/dQqWf1DwHsF +AmTvh74CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ/dQqWf1DwHsavAEA +nrULtiu3Y7DozXJrc3qig9nBfUmy5MrqCM0F4h0gvNABAPR+lv2nK1qj8RnXwv8W +W2DQ0Ay/hENwAqVyUE9x8kcGzjMEZO+KdRYJKwYBBAHaRw8BAQdAYbnrkxnt+czK +37JQ26fC0VrmdCfCSHn2xoECi99TBOHCeAQYFggAIBYhBFlyRNvqUuxu/l82pP3U +Kln9Q8B7BQJk74p1AhsgAAoJEP3UKln9Q8B7gNkA/ROCE7kfkv47989kajklGJjP +hQwMbPvgsbE+nSAk740/AQC2RDCFK2O12nTpgLWlhgTmRdrUtMphW+nJGLJ/atGi +B844BGTvijUSCisGAQQBl1UBBQEBB0BZDz+DYUKdCrEn4YYk77LKruz8oExl0Iu0 +Hh+M/lHeSQMBCAfCeAQYFggAIBYhBFlyRNvqUuxu/l82pP3UKln9Q8B7BQJk74o1 +AhsMAAoJEP3UKln9Q8B79DUA/AyMo+fm7r+pzyJJk1uZWgTgSA4BhLpZNUBytVXu +sXp9AP9n6mXXMx8Ki4OIc7hmaUWN40vZ5e5kFkKT+VaERW7/DcaTBGTJlSETBSuB +BAAjBCMEADIOqFyLQXzfaJ/cY4mZbtdoCdbSyIeR/KG2AtYXXPHaeSPf69kg8jKH +Sq92AkWi57zva5MKCfBu2mNFl8o+Dv3NAL6LC5w71C6AXsUAelR7TJFnvboGwdHG +QeeBCSa/qXWiVIpjsmU9F90DJkkYUwa4gIZ1P55PSg34mRMjDG/LmRI5zVBKZXN1 +cyBNYXJ0aW4gT3J0ZWdhIE1hcnRpbmV6IChTeXNhZG1pbi9CYWNrZW5kIERldmVs +b3BlcikgPGpvcnRlZ2FAY29uZG9yYnMubmV0PsLAEwQTEwoAOBYhBJ5ka7BjDI/R +is0VVBuT5qdmzSKdBQJkyegfAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ +EBuT5qdmzSKdD/wCCQHcb/w21KKkRkZ8HXBARcKmYtdv7/ivSBoC7L5jsgJZbiJ6 +f2lhvMOojtRnK+7s+QoUPqgsDwXt3AUETYhN3udpXwII1I7xDut5yMAgoBEVDamm +g2aK5VWFJTRvyjtWyfAU+oiWCNq7o9dI7d0/BzkA+0foBNysntr90Do/Ie10gxdH +t2XCdQQQFggAHRYhBFlyRNvqUuxu/l82pP3UKln9Q8B7BQJk9MSHAAoJEP3UKln9 +Q8B7Yu4A/212jMoLDU9SkO98vILe8pzsQWolKQNhGHI1iZz6DvS2AQC0poP2EsZV +jsTtLv4wfHdOE59zPuCn2ZNHOtn/80WzCcJ1BBAWCAAdFiEEK50itB8q8QQr/Oc6 +PKC53xvnzgkFAmTamuwACgkQPKC53xvnzglqmQEA90Gox/7Wkf7qoT4ma7t8aPsp +bwot2bs2qC0mAjH1lIgBALgH7rJse0XLY8vJPdv966Aols9R4JsBrQF3wwAMYLgN +zVpKZXN1cyBNYXJ0aW4gT3J0ZWdhIE1hcnRpbmV6IChTeXNhZG1pbi9CYWNrZW5k +IERldmVsb3BlcikgPG1hcnRpbi5vcnRlZ2EuYXJhc2hpQGdtYWlsLmNvbT7CwBME +ExMKADgWIQSeZGuwYwyP0YrNFVQbk+anZs0inQUCZMnp0QIbAwULCQgHAgYVCgkI +CwIEFgIDAQIeAQIXgAAKCRAbk+anZs0indBjAgkBGFbgUf7gtpK6pwkX4DcNWUAz +jjp6s2lRbHQhkat6I7nn0gr7Vgp0OUxeCJqDbpdVco0zZAauweEDBT350vF8LgUC +B07VsXWg9P0BIqWNepwV/Lj63Zf/ye/UExOXm716wI/tVn3FRGKsimSUnBg1wO1F +YxlJfjGswGeR2f7HTwTAubNNwnUEEBYIAB0WIQRZckTb6lLsbv5fNqT91CpZ/UPA +ewUCZPTEgQAKCRD91CpZ/UPAe0rYAQCl6lPg73DMmTeAUV1Uqi2nyMjNIefvEtUY +2uabv8FvMwD9FiFMI0yDbmocc/sYuHcQqZhxzBJDlOYymnjw9OAv+QPCdQQQFggA +HRYhBCudIrQfKvEEK/znOjygud8b584JBQJk2prsAAoJEDygud8b584JLUsA/jgR +XXhniU635eJUVTOYG6OrrSbj9u9ONsHvu0P0u816AQCN5SQ+iLcm0fFYEwodwkPT +sudZLSGqt2U/EWX12nlTCM1ZSmVzdXMgTWFydGluIE9ydGVnYSBNYXJ0aW5leiAo +U3lzYWRtaW4vQmFja2VuZCBEZXZlbG9wZXIpIDxtYXJ0aW5vcnRlZ2FAY2llbmNp +YXMudW5hbS5teD7CwBQEExMKADgWIQSeZGuwYwyP0YrNFVQbk+anZs0inQUCZMnp +fwIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAbk+anZs0inZqDAgkByLGd ++av82alglrShLrBgHrX2l6STeAzN4toFfdVdse6zen8o89wEirQ1uMZ7pXulzAdb +ap30irjfMf8u0YMJWdgCCQEK/0TNGltdCsw21zd8eJH+9sJEh4/gtWdBhxMiYWHv +6euWavTUWXiDLggwQXTJ2kUzDBMt0DXwKmNVYnKxos+iB8J1BBAWCAAdFiEEWXJE +2+pS7G7+Xzak/dQqWf1DwHsFAmT0xIgACgkQ/dQqWf1DwHsBCAEA9U7+hsnnIAPC +L3hR3xlUbrP4QoAKEnODzDMliNecqckBAPhTZWbJrnhrpZH7JDKcDJqfwZFWItz7 +QY2thvcjUYIHwnUEEBYIAB0WIQQrnSK0HyrxBCv85zo8oLnfG+fOCQUCZNqa7AAK +CRA8oLnfG+fOCS0rAQCJXdLjaSluAAs2/llUmSyNMEiHrewhW/1xMGT+flLeJwD+ +IbKRpqVSnxdv1Zf1l7V4twaNTR9Szn+y79/iAXKi3QrOlwRkyZUhEgUrgQQAIwQj +BAG1EFibPYiRvzU2DYNDW819tK896ACcEaB4Fdyk3+iWQI/L9mWScptx+XcgpByU +UWLn47Gf3ACXtyNSIQnYjmHBegAbPkHv6yP5hwWr6uDRhxepZm2DOq0dcSW8HxwW +5rVeVVfn97yeWUUiZKxajL5LHTF+TCemfqOSy9sAJFYAKm4HxgMBCgnCuwQYEwoA +IBYhBJ5ka7BjDI/Ris0VVBuT5qdmzSKdBQJkyZUhAhsMAAoJEBuT5qdmzSKdQ7oC +CIYeYcvDgfp7jFeoh5qAi85gZhlaOncvh+WCiA5R637TjM9XQaIfhoRuiM+VL1CC +Kzq7NWx2S+DZpNWVPWY2vChaAgkBJC6GG5u2gq8zU6o84ThaDd0kZe3jfmhg8O8K +13tpOV6ovOjgK7kCtILqYsnW7RmZ4YEhfYUJtuhIe7CkI1xrpo0= +=N+0o +-----END PGP PUBLIC KEY BLOCK----- diff --git a/libkeyringctl/__pycache__/__init__.cpython-311.pyc b/libkeyringctl/__pycache__/__init__.cpython-311.pyc new file mode 100644 index 0000000..79f88d3 Binary files /dev/null and b/libkeyringctl/__pycache__/__init__.cpython-311.pyc differ diff --git a/libkeyringctl/__pycache__/ci.cpython-311.pyc b/libkeyringctl/__pycache__/ci.cpython-311.pyc new file mode 100644 index 0000000..fd8ce68 Binary files /dev/null and b/libkeyringctl/__pycache__/ci.cpython-311.pyc differ diff --git a/libkeyringctl/__pycache__/cli.cpython-311.pyc b/libkeyringctl/__pycache__/cli.cpython-311.pyc new file mode 100644 index 0000000..338e97b Binary files /dev/null and b/libkeyringctl/__pycache__/cli.cpython-311.pyc differ diff --git a/libkeyringctl/__pycache__/git.cpython-311.pyc b/libkeyringctl/__pycache__/git.cpython-311.pyc new file mode 100644 index 0000000..607f1fe Binary files /dev/null and b/libkeyringctl/__pycache__/git.cpython-311.pyc differ diff --git a/libkeyringctl/__pycache__/keyring.cpython-311.pyc b/libkeyringctl/__pycache__/keyring.cpython-311.pyc new file mode 100644 index 0000000..155aa8d Binary files /dev/null and b/libkeyringctl/__pycache__/keyring.cpython-311.pyc differ diff --git a/libkeyringctl/__pycache__/sequoia.cpython-311.pyc b/libkeyringctl/__pycache__/sequoia.cpython-311.pyc new file mode 100644 index 0000000..7a3d4e5 Binary files /dev/null and b/libkeyringctl/__pycache__/sequoia.cpython-311.pyc differ diff --git a/libkeyringctl/__pycache__/trust.cpython-311.pyc b/libkeyringctl/__pycache__/trust.cpython-311.pyc new file mode 100644 index 0000000..e6b4183 Binary files /dev/null and b/libkeyringctl/__pycache__/trust.cpython-311.pyc differ diff --git a/libkeyringctl/__pycache__/types.cpython-311.pyc b/libkeyringctl/__pycache__/types.cpython-311.pyc new file mode 100644 index 0000000..fbac623 Binary files /dev/null and b/libkeyringctl/__pycache__/types.cpython-311.pyc differ diff --git a/libkeyringctl/__pycache__/util.cpython-311.pyc b/libkeyringctl/__pycache__/util.cpython-311.pyc new file mode 100644 index 0000000..0567920 Binary files /dev/null and b/libkeyringctl/__pycache__/util.cpython-311.pyc differ diff --git a/libkeyringctl/__pycache__/verify.cpython-311.pyc b/libkeyringctl/__pycache__/verify.cpython-311.pyc new file mode 100644 index 0000000..5c57724 Binary files /dev/null and b/libkeyringctl/__pycache__/verify.cpython-311.pyc differ diff --git a/libkeyringctl/keyring.py b/libkeyringctl/keyring.py index 18448b2..cd6085e 100644 --- a/libkeyringctl/keyring.py +++ b/libkeyringctl/keyring.py @@ -1133,19 +1133,19 @@ def build( target_dir.mkdir(parents=True, exist_ok=True) target_dir.touch() - keyring: Path = target_dir / Path("condorcore.gpg") + keyring: Path = target_dir / Path("archlinux.gpg") export(working_dir=working_dir, keyring_root=keyring_root, output=keyring) trusted_main_keys = export_ownertrust( certs=[keyring_root / "main"], keyring_root=keyring_root, - output=target_dir / "condorcore-trusted", + output=target_dir / "archlinux-trusted", ) export_revoked( certs=[keyring_root], keyring_root=keyring_root, main_keys=set(trusted_main_keys), - output=target_dir / "condorcore-revoked", + output=target_dir / "archlinux-revoked", ) diff --git a/wkd_sync/archlinux-keyring-wkd-sync.timer b/wkd_sync/archlinux-keyring-wkd-sync.timer index 8bdea3e..6ffd191 100644 --- a/wkd_sync/archlinux-keyring-wkd-sync.timer +++ b/wkd_sync/archlinux-keyring-wkd-sync.timer @@ -5,6 +5,3 @@ Description=Refresh existing PGP keys of archlinux-keyring regularly OnCalendar=weekly Persistent=true RandomizedDelaySec=1week - -[Install] -WantedBy=timers.target