From dafe778c9f7929352199514ac1d14c3d79355be7 Mon Sep 17 00:00:00 2001 From: Gilver Date: Fri, 20 Feb 2026 07:48:16 -0600 Subject: [PATCH] feat: GPG update script to auto fetch new keys and emergency force update --- .github/workflows/update-branch.yml | 1 + .github/workflows/update-comps.yml | 1 + .github/workflows/update-gpg-keys.yml | 73 +++++++++++++++++++ anda/devs/zed/preview/zed-preview.spec | 2 +- anda/devs/zed/stable/zed.spec | 2 +- anda/games/rpcs3/rpcs3.spec | 4 +- anda/terra/RPM-GPG-KEY-terra44-source | 17 +++++ anda/terra/gpg-keys/RELEASE.txt | 1 - anda/terra/gpg-keys/RPM-GPG-KEY-terra44 | 17 +++++ .../terra/gpg-keys/RPM-GPG-KEY-terra44-extras | 17 +++++ .../RPM-GPG-KEY-terra44-extras-source | 18 +++++ anda/terra/gpg-keys/RPM-GPG-KEY-terra44-mesa | 17 +++++ .../gpg-keys/RPM-GPG-KEY-terra44-mesa-source | 18 +++++ .../gpg-keys/RPM-GPG-KEY-terra44-multimedia | 17 +++++ .../RPM-GPG-KEY-terra44-multimedia-source | 18 +++++ .../terra/gpg-keys/RPM-GPG-KEY-terra44-nvidia | 17 +++++ .../RPM-GPG-KEY-terra44-nvidia-source | 18 +++++ .../terra/gpg-keys/RPM-GPG-KEY-terra44-source | 17 +++++ anda/terra/gpg-keys/anda.hcl | 1 + anda/terra/gpg-keys/pre.rhai | 2 + anda/terra/gpg-keys/terra-gpg-keys.spec | 40 ++-------- anda/terra/gpg-keys/update-gpg-keys.sh | 25 +++++++ anda/terra/gpg-keys/update.rhai | 17 ++++- andax/bump_extras.rhai | 2 +- 24 files changed, 319 insertions(+), 43 deletions(-) create mode 100644 .github/workflows/update-gpg-keys.yml create mode 100644 anda/terra/RPM-GPG-KEY-terra44-source delete mode 100644 anda/terra/gpg-keys/RELEASE.txt create mode 100644 anda/terra/gpg-keys/RPM-GPG-KEY-terra44 create mode 100644 anda/terra/gpg-keys/RPM-GPG-KEY-terra44-extras create mode 100644 anda/terra/gpg-keys/RPM-GPG-KEY-terra44-extras-source create mode 100644 anda/terra/gpg-keys/RPM-GPG-KEY-terra44-mesa create mode 100644 anda/terra/gpg-keys/RPM-GPG-KEY-terra44-mesa-source create mode 100644 anda/terra/gpg-keys/RPM-GPG-KEY-terra44-multimedia create mode 100644 anda/terra/gpg-keys/RPM-GPG-KEY-terra44-multimedia-source create mode 100644 anda/terra/gpg-keys/RPM-GPG-KEY-terra44-nvidia create mode 100644 anda/terra/gpg-keys/RPM-GPG-KEY-terra44-nvidia-source create mode 100644 anda/terra/gpg-keys/RPM-GPG-KEY-terra44-source create mode 100644 anda/terra/gpg-keys/pre.rhai create mode 100755 anda/terra/gpg-keys/update-gpg-keys.sh diff --git a/.github/workflows/update-branch.yml b/.github/workflows/update-branch.yml index 4e41a61276..978e08848a 100644 --- a/.github/workflows/update-branch.yml +++ b/.github/workflows/update-branch.yml @@ -13,6 +13,7 @@ jobs: matrix: branch: - frawhide + - f44 - f43 - f42 - el10 diff --git a/.github/workflows/update-comps.yml b/.github/workflows/update-comps.yml index 9b95277df9..61aefdf15e 100644 --- a/.github/workflows/update-comps.yml +++ b/.github/workflows/update-comps.yml @@ -6,6 +6,7 @@ on: push: branches: - frawhide + - f44 - f43 - f42 - el10 diff --git a/.github/workflows/update-gpg-keys.yml b/.github/workflows/update-gpg-keys.yml new file mode 100644 index 0000000000..7df9f63dae --- /dev/null +++ b/.github/workflows/update-gpg-keys.yml @@ -0,0 +1,73 @@ +name: Update GPG keys +permissions: + contents: read + contents: write + +on: + workflow_dispatch: + +jobs: + update-gpg-keys: + runs-on: ubuntu-24.04-arm + container: + image: ghcr.io/terrapkg/builder:frawhide + options: --cap-add=SYS_ADMIN --privileged + steps: + steps: + - name: Checkout + uses: actions/checkout@v6 + with: + fetch-depth: 0 + ssh-key: ${{ secrets.SSH_AUTHENTICATION_KEY }} + + - name: Install SSH signing key & set up Git repository + run: | + mkdir -p ${{ runner.temp }} + echo "${{ secrets.SSH_SIGNING_KEY }}" > ${{ runner.temp }}/signing_key + chmod 0700 ${{ runner.temp }}/signing_key + git config --global --add safe.directory "$GITHUB_WORKSPACE" + + - name: Update GPG keys + run: | + for branch in $(sed -n 's/- \(f.*\)/\1/p;s/- \(el.*\)/\1/p' .github/workflows/update-branch.yml | tr -d ' '); do + if [[ $branch == f* ]]; then + export releasever=${branch/f/} + else + export releasever=$branch + fi + + curl -s https://repos.fyralabs.com/terra$releasever/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever + curl -s https://repos.fyralabs.com/terra$releasever-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-source + if [[ $releasever != el* ]]; then + curl -s https://repos.fyralabs.com/terra$releasever-extras/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras + curl -s https://repos.fyralabs.com/terra$releasever-extras-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras-source + curl -s https://repos.fyralabs.com/terra$releasever-mesa/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa + curl -s https://repos.fyralabs.com/terra$releasever-mesa-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa-source + curl -s https://repos.fyralabs.com/terra$releasever-multimedia/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia + curl -s https://repos.fyralabs.com/terra$releasever-multimedia-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia-source + curl -s https://repos.fyralabs.com/terra$releasever-nvidia/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia + curl -s https://repos.fyralabs.com/terra$releasever-nvidia-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia-source + fi + done + + - name: Save + run: | + if [[ `git status --porcelain` ]]; then + git config user.name "Raboneko" + git config user.email "raboneko@fyralabs.com" + git config gpg.format "ssh" + git config user.signingkey "${{ runner.temp }}/signing_key" + anda update --filters keys=1 + git commit -S -a -m "bump(manual): terra-gpg-keys" + git format-patch HEAD^ + copy_over () { + git checkout $1 + git apply *.patch || true + git add anda + git commit -S -a -m "$msg" + } + copy_over f43 || true + copy_over f42 || true + copy_over el10 || true + git push -u origin --all + fi diff --git a/anda/devs/zed/preview/zed-preview.spec b/anda/devs/zed/preview/zed-preview.spec index 726dcb5c95..f1e4371da4 100644 --- a/anda/devs/zed/preview/zed-preview.spec +++ b/anda/devs/zed/preview/zed-preview.spec @@ -5,7 +5,7 @@ %global debug_package %{nil} %endif -%global ver 0.225.3-pre +%global ver 0.225.4-pre # Exclude input files from mangling %global __brp_mangle_shebangs_exclude_from ^/usr/src/.*$ diff --git a/anda/devs/zed/stable/zed.spec b/anda/devs/zed/stable/zed.spec index 6430234a25..fdd4fa0846 100644 --- a/anda/devs/zed/stable/zed.spec +++ b/anda/devs/zed/stable/zed.spec @@ -15,7 +15,7 @@ %global rustflags_debuginfo 0 Name: zed -Version: 0.224.8 +Version: 0.224.9 Release: 1%?dist Summary: Zed is a high-performance, multiplayer code editor SourceLicense: AGPL-3.0-only AND Apache-2.0 AND GPL-3.0-or-later diff --git a/anda/games/rpcs3/rpcs3.spec b/anda/games/rpcs3/rpcs3.spec index cb3160e0a4..87333e6780 100644 --- a/anda/games/rpcs3/rpcs3.spec +++ b/anda/games/rpcs3/rpcs3.spec @@ -9,8 +9,8 @@ # GLIBCXX_ASSERTIONS is known to break RPCS3 %global build_cflags %(echo "%{__build_flags_lang_c}" | sed 's|-Wp,-D_GLIBCXX_ASSERTIONS ||g') %{?_distro_extra_cflags} %global build_cxxflags %(echo "%{__build_flags_lang_cxx}" | sed 's|-Wp,-D_GLIBCXX_ASSERTIONS ||g') %{?_distro_extra_cflags} -%global commit aaf84a844542cf0697c19cb0d8579eff705b10c5 -%global ver 0.0.39-18800 +%global commit ff992a67c8e1c1eb83c39ab619c1eab564e80c36 +%global ver 0.0.39-18801 Name: rpcs3 Version: %(echo %{ver} | sed 's/-/^/g') diff --git a/anda/terra/RPM-GPG-KEY-terra44-source b/anda/terra/RPM-GPG-KEY-terra44-source new file mode 100644 index 0000000000..ea6e6659ab --- /dev/null +++ b/anda/terra/RPM-GPG-KEY-terra44-source @@ -0,0 +1,17 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GopenPGP 2.8.1 +Comment: https://gopenpgp.org + +xjMEaYpzWxYJKwYBBAHaRw8BAQdA7UMAtNQ1lu/zeq7f6ak1ZRDb09GI5nKRTGPb +z5/P9DLNKVRlcnJhIDQ0IC0gU291cmNlIDxzZWN1cml0eUBmeXJhbGFicy5jb20+ +wr8EExYIAHEFgmmKc1sDCwkHCZD5EsiV2QOikTUUAAAAAAAcABBzYWx0QG5vdGF0 +aW9ucy5vcGVucGdwanMub3JnKnNq119JCv79xo34cTtU+AIVCAMWAAICGQECmwMC +HgEWIQSo/fET0Zg0/vaHhXf5EsiV2QOikQAAZvIBAOBgURJ0bpsl9UQt+oty/9g6 +QJwE7x2KvTfw9CIjzd2yAQCqE6mBtL4Wd0T8FFXzg2KYgMPvNlkof24kas5Y79ID +DM44BGmKc1sSCisGAQQBl1UBBQEBB0C1EBr2yVcLBryHfBsJ8HffYUYmQxdOytvC +4sEKnn+UcAMBCgnCrgQYFggAYAWCaYpzWwmQ+RLIldkDopE1FAAAAAAAHAAQc2Fs +dEBub3RhdGlvbnMub3BlbnBncGpzLm9yZ7hCyKk6CNKWKKt60jpyuYACmwwWIQSo +/fET0Zg0/vaHhXf5EsiV2QOikQAAKLABAJSkznaUgXt2HisPv9rJGBjobx3dx9Ns +SZs4qLEwaBzAAQCGD5cZBVo4sVzskOhFAG3U2wMMGyTXP4+hvsFB09HNCg== +=F2xn +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/anda/terra/gpg-keys/RELEASE.txt b/anda/terra/gpg-keys/RELEASE.txt deleted file mode 100644 index dc0833e168..0000000000 --- a/anda/terra/gpg-keys/RELEASE.txt +++ /dev/null @@ -1 +0,0 @@ -F44 \ No newline at end of file diff --git a/anda/terra/gpg-keys/RPM-GPG-KEY-terra44 b/anda/terra/gpg-keys/RPM-GPG-KEY-terra44 new file mode 100644 index 0000000000..5e6de513de --- /dev/null +++ b/anda/terra/gpg-keys/RPM-GPG-KEY-terra44 @@ -0,0 +1,17 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GopenPGP 2.8.1 +Comment: https://gopenpgp.org + +xjMEaYpzVxYJKwYBBAHaRw8BAQdAb3DsTkfuyHxBUTJh9KY5K9Zmd3HHNlr3nr7j +DqIfJHbNIFRlcnJhIDQ0IDxzZWN1cml0eUBmeXJhbGFicy5jb20+wr8EExYIAHEF +gmmKc1cDCwkHCZAAzatD3iJtbzUUAAAAAAAcABBzYWx0QG5vdGF0aW9ucy5vcGVu +cGdwanMub3Jn6H9BnkxjSlvFTWI4j1lWagIVCAMWAAICGQECmwMCHgEWIQSuCRV6 +TeiLSX6h1dMAzatD3iJtbwAAkxUA/AhjnPTnXX4U50jtWrE8/33CXkR/kMvp8y2m +jR9jrEzPAQCEA1Jx8eBbBo7RySbF1D8AoYGGvdy5Igmsz7/FCq4DAM44BGmKc1cS +CisGAQQBl1UBBQEBB0BKc0gRkEY9/IuABq32DNPxZN0AQo41geDGywcbV47JSQMB +CgnCrgQYFggAYAWCaYpzVwmQAM2rQ94ibW81FAAAAAAAHAAQc2FsdEBub3RhdGlv +bnMub3BlbnBncGpzLm9yZ8nm3oDFHJ/SnE3gwb0ZR04CmwwWIQSuCRV6TeiLSX6h +1dMAzatD3iJtbwAAjYoA/2P25j8wdGP/TdF4mhNiN/6cBNL08/wmqDTJooYy2GP+ +AQCJp+Vj5nfTYUO7+6WvES4cFaaZJhY8CsjJwx6k8xhsCA== +=KXwo +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-extras b/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-extras new file mode 100644 index 0000000000..f0c25fef1e --- /dev/null +++ b/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-extras @@ -0,0 +1,17 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GopenPGP 2.8.1 +Comment: https://gopenpgp.org + +xjMEaYpzWBYJKwYBBAHaRw8BAQdAIzdUq01dXkOIYGoFAa7/mRGeGEr1wUcY/pam +pmJ4mNjNKVRlcnJhIDQ0IC0gRXh0cmFzIDxzZWN1cml0eUBmeXJhbGFicy5jb20+ +wr8EExYIAHEFgmmKc1gDCwkHCZBgCNCnmiP5gjUUAAAAAAAcABBzYWx0QG5vdGF0 +aW9ucy5vcGVucGdwanMub3JnOCdKgJrl62SYBRsg6kNz2gIVCAMWAAICGQECmwMC +HgEWIQSIWqSyA1VEtFC/DVlgCNCnmiP5ggAAFQoBAObMv2serV7KtDyflGPyb8dL +tMaibMvkswHEbqukTG93AP9a1EPaHwtD5tZXxxUynli8UhGqHlvBQ3fL8Q6bqSCM +CM44BGmKc1gSCisGAQQBl1UBBQEBB0Aw+7djS+yUI2MvGQPrakwKGrIC8J+qQZmc +HuBshCzjCwMBCgnCrgQYFggAYAWCaYpzWAmQYAjQp5oj+YI1FAAAAAAAHAAQc2Fs +dEBub3RhdGlvbnMub3BlbnBncGpzLm9yZzYfacTCU+Oed9RIlb2EZdwCmwwWIQSI +WqSyA1VEtFC/DVlgCNCnmiP5ggAAzZ4A/3plxYks6NIEZIGCLFk5pg0XNQ0ThvCi +R+zehKfHi6UFAP9GYJPck4WUb8BVfN6C7owh0SdhQ0rjXHoUwK1RHniwBw== +=X09n +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-extras-source b/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-extras-source new file mode 100644 index 0000000000..dfbb936665 --- /dev/null +++ b/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-extras-source @@ -0,0 +1,18 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GopenPGP 2.8.1 +Comment: https://gopenpgp.org + +xjMEaYpzWRYJKwYBBAHaRw8BAQdAF3LIndu3tcRaDnqqthGgFqSZWya0I7/Pl7rs +0NeeGHzNMlRlcnJhIDQ0IC0gRXh0cmFzIC0gU291cmNlIDxzZWN1cml0eUBmeXJh +bGFicy5jb20+wr8EExYIAHEFgmmKc1kDCwkHCZDXVlwUOcXHhTUUAAAAAAAcABBz +YWx0QG5vdGF0aW9ucy5vcGVucGdwanMub3Jn112aEYQl6OP78t5s0TcwEQIVCAMW +AAICGQECmwMCHgEWIQS8ujogHdK6v+JJsmLXVlwUOcXHhQAADkcA/A03jRGR1kkJ +2x1IrfE737P/KUYm+cOSShas6G+4Ttb6AP9D3Om1miIkCmQPVPW3yKOCNntxcCRM +hVl7jfO4I1C9D844BGmKc1kSCisGAQQBl1UBBQEBB0AT0R7nxrCqYh0rW7KQIVkU +hNjH5aukMG01ZP0eGXGOHwMBCgnCrgQYFggAYAWCaYpzWQmQ11ZcFDnFx4U1FAAA +AAAAHAAQc2FsdEBub3RhdGlvbnMub3BlbnBncGpzLm9yZ+FMQCtesuQvwglEbIGe +8ToCmwwWIQS8ujogHdK6v+JJsmLXVlwUOcXHhQAAhPgA/RpZLeiDUOGydUEb9wTI +NgbvZ4Yf3lphSlzyllg7rR5KAP0Tqr1CeO9PLB85g87qsLQTBTpksuAAeHVleJak +Kt7jCQ== +=nLc0 +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-mesa b/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-mesa new file mode 100644 index 0000000000..b983582a61 --- /dev/null +++ b/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-mesa @@ -0,0 +1,17 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GopenPGP 2.8.1 +Comment: https://gopenpgp.org + +xjMEaYpzWRYJKwYBBAHaRw8BAQdA9nvqX6Rc5zoXOB5Oyi6zRZryyx7lxsQBYV9C +LDI7+MvNJ1RlcnJhIDQ0IC0gTWVzYSA8c2VjdXJpdHlAZnlyYWxhYnMuY29tPsK/ +BBMWCABxBYJpinNZAwsJBwmQej3D4C/+tlA1FAAAAAAAHAAQc2FsdEBub3RhdGlv +bnMub3BlbnBncGpzLm9yZ0IKV181NXbbjY/ClKZ/qWoCFQgDFgACAhkBApsDAh4B +FiEEvtc+fUAZYMWQ5F2Vej3D4C/+tlAAACeoAQDZiyuO7wbwX1rgTRMuxURLnbbe +NyYcm4/CYiMzAScvhAD/dJXriy/rLODPAbfMsp0+r0rsOtsyzFQkJtRBlYgn/gvO +OARpinNZEgorBgEEAZdVAQUBAQdAYmYguyB5/29fAtrO5iLNuamQuJr9aUJ5dbFl +0GyVHyMDAQoJwq4EGBYIAGAFgmmKc1kJkHo9w+Av/rZQNRQAAAAAABwAEHNhbHRA +bm90YXRpb25zLm9wZW5wZ3Bqcy5vcmftTZ7t0+k8C2f+7pD5daW2ApsMFiEEvtc+ +fUAZYMWQ5F2Vej3D4C/+tlAAAMmRAP44BAL8+96Rwl6Xw2gHzHbR6+vRHfF+zgV4 +RSWvjl7xOwEA25wHOq5RNAfEnFsTFVAn99C9mcJISdB1YMnip2deZAQ= +=F1z6 +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-mesa-source b/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-mesa-source new file mode 100644 index 0000000000..b66c47e517 --- /dev/null +++ b/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-mesa-source @@ -0,0 +1,18 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GopenPGP 2.8.1 +Comment: https://gopenpgp.org + +xjMEaYpzWhYJKwYBBAHaRw8BAQdAXnpFECHNb3ryiIB27S92KhSMrQintJtioYJ7 +qBYgW9XNMFRlcnJhIDQ0IC0gTWVzYSAtIFNvdXJjZSA8c2VjdXJpdHlAZnlyYWxh +YnMuY29tPsK/BBMWCABxBYJpinNaAwsJBwmQxija3/ZHYn01FAAAAAAAHAAQc2Fs +dEBub3RhdGlvbnMub3BlbnBncGpzLm9yZ3aX8z3Yh1dyP7AAUMSEvgECFQgDFgAC +AhkBApsDAh4BFiEEabP6XRkmLg0Aixopxija3/ZHYn0AAFDlAP9F7z7x2sg6KUFM +i4FVnPmgwH97MakbBlRPPFr6k1eZ1AEA60HTpLLfCPcTbA+FzwmzeRFwrsW7uJwD +J8T4+r4p8wLOOARpinNaEgorBgEEAZdVAQUBAQdAGrAlL/5dsSuOeYGyqAB1R6qk +FVD6A/pdDlrtpU2cZQkDAQoJwq4EGBYIAGAFgmmKc1oJkMYo2t/2R2J9NRQAAAAA +ABwAEHNhbHRAbm90YXRpb25zLm9wZW5wZ3Bqcy5vcmclFKmCzLWkm/i0CLhvw1gm +ApsMFiEEabP6XRkmLg0Aixopxija3/ZHYn0AAK6xAPwPSCQ7p7Sv6Iknm2PsD46b +W28irf9ZtZGQtjLvbICTEQD/UnU/c0sWfyKGGtNbnfWWCWRPQ7RiYA1W8FV825zg +yAE= +=RpzP +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-multimedia b/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-multimedia new file mode 100644 index 0000000000..88e9b8ab03 --- /dev/null +++ b/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-multimedia @@ -0,0 +1,17 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: https://gopenpgp.org +Version: GopenPGP 2.8.1 + +xjMEaYpzdhYJKwYBBAHaRw8BAQdAS+7xt/wuYX6vC8MAVX+hCyydE9ze7s9RrqkO +V955PevNLVRlcnJhIDQ0IC0gTXVsdGltZWRpYSA8c2VjdXJpdHlAZnlyYWxhYnMu +Y29tPsK/BBMWCABxBYJpinN2AwsJBwmQY/yBc/Z8Q3A1FAAAAAAAHAAQc2FsdEBu +b3RhdGlvbnMub3BlbnBncGpzLm9yZ8n3QviVcmQM9aBc+5ADHMECFQgDFgACAhkB +ApsDAh4BFiEE6RDn+xxDvXTztTEZY/yBc/Z8Q3AAAAfAAQCKEHz1upm1IdX0W5o7 +CdOie7Tx3Z5B0nc+QXejaUnksgEA5DhXt/12BBLV9U9Zt/Xeu9In9voWe3OrPwth +qV1WDwfOOARpinN2EgorBgEEAZdVAQUBAQdAVKIBAhiNXVLhBOwAPs0bBpK6GReM +64cI8gDa+17shgYDAQoJwq4EGBYIAGAFgmmKc3YJkGP8gXP2fENwNRQAAAAAABwA +EHNhbHRAbm90YXRpb25zLm9wZW5wZ3Bqcy5vcmefkLWxmr5AIaDXC5cHxIZCApsM +FiEE6RDn+xxDvXTztTEZY/yBc/Z8Q3AAAJcQAPsHa+QALApqpzFNBP9EI048XCHL +lDmB5GJ2anYy+PzcSAEAz9Gh+62BXvy0ODXuMpHLCleay5JkDnV6r6izkoD7dQc= +=8V1K +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-multimedia-source b/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-multimedia-source new file mode 100644 index 0000000000..f70d0949dc --- /dev/null +++ b/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-multimedia-source @@ -0,0 +1,18 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GopenPGP 2.8.1 +Comment: https://gopenpgp.org + +xjMEaYpzWhYJKwYBBAHaRw8BAQdAEeOfLop+GoMPjhOZLZka+O85PiAxBleUfWxz +LAN+pFnNNlRlcnJhIDQ0IC0gTXVsdGltZWRpYSAtIFNvdXJjZSA8c2VjdXJpdHlA +ZnlyYWxhYnMuY29tPsK/BBMWCABxBYJpinNaAwsJBwmQS4SqIbLB5Z81FAAAAAAA +HAAQc2FsdEBub3RhdGlvbnMub3BlbnBncGpzLm9yZ76kBtyWy/EBTdMn8rrwILQC +FQgDFgACAhkBApsDAh4BFiEEk6CyGxoPRHmOX3fWS4SqIbLB5Z8AAFFqAP4w7GRV +LDujzNkxGT+UpgGEAl6p+CH7BlGPOyjPNye0HgD+MRwFJjH4oMgLOQl4Ab+KmvYA ++gcTpjOWGgwT0JxEIwDOOARpinNaEgorBgEEAZdVAQUBAQdAj8GItTADl2iBDTXT +dAhZ5uYdTKwe/unw6RVkhbYwTAcDAQoJwq4EGBYIAGAFgmmKc1oJkEuEqiGyweWf +NRQAAAAAABwAEHNhbHRAbm90YXRpb25zLm9wZW5wZ3Bqcy5vcmc+fPpvt69yEuAI +5zDxY7AmApsMFiEEk6CyGxoPRHmOX3fWS4SqIbLB5Z8AAIZNAP40C5vz8NpmHh8V +Y5vME6iRrFdn9LzIp3rIANZc7dn4SgEAnBZ+RczAC2CikUeuJ+84A8p86KeU1eXL +8YSQ90OKxQE= +=Vprg +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-nvidia b/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-nvidia new file mode 100644 index 0000000000..6e8bf3c45b --- /dev/null +++ b/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-nvidia @@ -0,0 +1,17 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GopenPGP 2.8.1 +Comment: https://gopenpgp.org + +xjMEaYpzdxYJKwYBBAHaRw8BAQdAyUrDJOJErpiXaSZ+iwWfOjUQYb7Ww7L4FoYa +5gv4U1TNKVRlcnJhIDQ0IC0gTnZpZGlhIDxzZWN1cml0eUBmeXJhbGFicy5jb20+ +wr8EExYIAHEFgmmKc3cDCwkHCZB5f/UW4V7dvDUUAAAAAAAcABBzYWx0QG5vdGF0 +aW9ucy5vcGVucGdwanMub3JnHKVenZwrKZ6XEjvbYIpJ+wIVCAMWAAICGQECmwMC +HgEWIQQmaWGFrmznmx6FVr15f/UW4V7dvAAAnusBAL5dhLe9JkfezIOkSSQ6x33/ +PEqR6+iid1K/cQpSUmoPAP9r4L5uW9khMgzhQNQdmCO0mYBjBcfXZMxOdAJKOeY3 +AM44BGmKc3cSCisGAQQBl1UBBQEBB0BY/WFtVq5ATp7giDLciNtAqfZE1O3OVQXs +idxzNjxELQMBCgnCrgQYFggAYAWCaYpzdwmQeX/1FuFe3bw1FAAAAAAAHAAQc2Fs +dEBub3RhdGlvbnMub3BlbnBncGpzLm9yZ+N7q6u3i2dvae06Yf0pr2MCmwwWIQQm +aWGFrmznmx6FVr15f/UW4V7dvAAA0t0BAIro/sCMgwg3TwlPGNT0Ier5lcz21J9H +Q51nACsA3SR2APwLG6OZzJIudludtBrTgrV79LRv9DEX58KmrhtBv02gCg== +=ftIl +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-nvidia-source b/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-nvidia-source new file mode 100644 index 0000000000..ee44775762 --- /dev/null +++ b/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-nvidia-source @@ -0,0 +1,18 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GopenPGP 2.8.1 +Comment: https://gopenpgp.org + +xjMEaYpzdxYJKwYBBAHaRw8BAQdAW2ZSuJks+NCbX1m1S+/2YHrkdvV085vPkyLp +9lfoWoLNMlRlcnJhIDQ0IC0gTnZpZGlhIC0gU291cmNlIDxzZWN1cml0eUBmeXJh +bGFicy5jb20+wr8EExYIAHEFgmmKc3cDCwkHCZCSwkAZvngqITUUAAAAAAAcABBz +YWx0QG5vdGF0aW9ucy5vcGVucGdwanMub3JnHkmRJm6DdmTUcvQxXtw25gIVCAMW +AAICGQECmwMCHgEWIQQLE3kbMhz7vUregauSwkAZvngqIQAAUIkA/jXu41c/5OHX +8K9qT1EHCFYkBsF53a/QNcvg8cn5bhdqAQCM+FCTHXdn/qBfzKaAOgZdUAXASACN +jb/Gygg9e5nmDc44BGmKc3cSCisGAQQBl1UBBQEBB0CJWWfDF7xCIlUlw7d+hEiK +S6wh6UY7KGfpO3qOA8V2RAMBCgnCrgQYFggAYAWCaYpzdwmQksJAGb54KiE1FAAA +AAAAHAAQc2FsdEBub3RhdGlvbnMub3BlbnBncGpzLm9yZ90YnsscRilE7JRUm6td +v/oCmwwWIQQLE3kbMhz7vUregauSwkAZvngqIQAAp8AA/jV/mubRFTHVT5GyO93C +48vwZc4BJBC30x5dU3yfFQrmAP9SOlhcs2D8aZuBRL1TSXpkBq6NKJxNdtEr0pv7 +/ds1Ag== +=uldH +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-source b/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-source new file mode 100644 index 0000000000..ea6e6659ab --- /dev/null +++ b/anda/terra/gpg-keys/RPM-GPG-KEY-terra44-source @@ -0,0 +1,17 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GopenPGP 2.8.1 +Comment: https://gopenpgp.org + +xjMEaYpzWxYJKwYBBAHaRw8BAQdA7UMAtNQ1lu/zeq7f6ak1ZRDb09GI5nKRTGPb +z5/P9DLNKVRlcnJhIDQ0IC0gU291cmNlIDxzZWN1cml0eUBmeXJhbGFicy5jb20+ +wr8EExYIAHEFgmmKc1sDCwkHCZD5EsiV2QOikTUUAAAAAAAcABBzYWx0QG5vdGF0 +aW9ucy5vcGVucGdwanMub3JnKnNq119JCv79xo34cTtU+AIVCAMWAAICGQECmwMC +HgEWIQSo/fET0Zg0/vaHhXf5EsiV2QOikQAAZvIBAOBgURJ0bpsl9UQt+oty/9g6 +QJwE7x2KvTfw9CIjzd2yAQCqE6mBtL4Wd0T8FFXzg2KYgMPvNlkof24kas5Y79ID +DM44BGmKc1sSCisGAQQBl1UBBQEBB0C1EBr2yVcLBryHfBsJ8HffYUYmQxdOytvC +4sEKnn+UcAMBCgnCrgQYFggAYAWCaYpzWwmQ+RLIldkDopE1FAAAAAAAHAAQc2Fs +dEBub3RhdGlvbnMub3BlbnBncGpzLm9yZ7hCyKk6CNKWKKt60jpyuYACmwwWIQSo +/fET0Zg0/vaHhXf5EsiV2QOikQAAKLABAJSkznaUgXt2HisPv9rJGBjobx3dx9Ns +SZs4qLEwaBzAAQCGD5cZBVo4sVzskOhFAG3U2wMMGyTXP4+hvsFB09HNCg== +=F2xn +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/anda/terra/gpg-keys/anda.hcl b/anda/terra/gpg-keys/anda.hcl index 97f5a29b38..109c714a6f 100644 --- a/anda/terra/gpg-keys/anda.hcl +++ b/anda/terra/gpg-keys/anda.hcl @@ -5,5 +5,6 @@ project pkg { } labels { updbranch = 1 + keys = 1 } } diff --git a/anda/terra/gpg-keys/pre.rhai b/anda/terra/gpg-keys/pre.rhai new file mode 100644 index 0000000000..88c68b5f4b --- /dev/null +++ b/anda/terra/gpg-keys/pre.rhai @@ -0,0 +1,2 @@ +let dir = sub(`/[^/]+$`, "", __script_path); +sh(`tar -czf keys.tar.gz RPM-GPG-KEY-terra*`, #{ "cwd": dir }); diff --git a/anda/terra/gpg-keys/terra-gpg-keys.spec b/anda/terra/gpg-keys/terra-gpg-keys.spec index d8a67f99ad..53b763e1e5 100644 --- a/anda/terra/gpg-keys/terra-gpg-keys.spec +++ b/anda/terra/gpg-keys/terra-gpg-keys.spec @@ -1,58 +1,28 @@ %undefine dist Name: terra-gpg-keys -Version: %{?fedora:%{fedora}}%{?rhel:%{rhel}} -Release: 2%?dist +Version: 45 +Release: 3%?dist Summary: GPG keys for Terra Requires: filesystem >= 3.18-6 License: MIT URL: https://terra.fyralabs.com # We aren't pulling keys from the origin URLs, since they shouldn't change and this is easier to audit. -Source0: RPM-GPG-KEY-terrarawhide -Source1: RPM-GPG-KEY-terrarawhide-extras -Source2: RPM-GPG-KEY-terrarawhide-extras-source -Source3: RPM-GPG-KEY-terrarawhide-mesa -Source4: RPM-GPG-KEY-terrarawhide-mesa-source -Source5: RPM-GPG-KEY-terrarawhide-multimedia -Source6: RPM-GPG-KEY-terrarawhide-multimedia-source -Source7: RPM-GPG-KEY-terrarawhide-nvidia -Source8: RPM-GPG-KEY-terrarawhide-nvidia-source -Source9: RPM-GPG-KEY-terrarawhide-source -Source10: RPM-GPG-KEY-terra42 -Source11: RPM-GPG-KEY-terra42-extras -Source12: RPM-GPG-KEY-terra42-extras-source -Source13: RPM-GPG-KEY-terra42-mesa -Source14: RPM-GPG-KEY-terra42-mesa-source -Source15: RPM-GPG-KEY-terra42-multimedia -Source16: RPM-GPG-KEY-terra42-multimedia-source -Source17: RPM-GPG-KEY-terra42-nvidia -Source18: RPM-GPG-KEY-terra42-nvidia-source -Source19: RPM-GPG-KEY-terra42-source -Source20: RPM-GPG-KEY-terra43 -Source21: RPM-GPG-KEY-terra43-extras -Source22: RPM-GPG-KEY-terra43-extras-source -Source23: RPM-GPG-KEY-terra43-mesa -Source24: RPM-GPG-KEY-terra43-mesa-source -Source25: RPM-GPG-KEY-terra43-multimedia -Source26: RPM-GPG-KEY-terra43-multimedia-source -Source27: RPM-GPG-KEY-terra43-nvidia -Source28: RPM-GPG-KEY-terra43-nvidia-source -Source29: RPM-GPG-KEY-terra43-source -Source30: RPM-GPG-KEY-terrael10 -Source31: RPM-GPG-KEY-terrael10-source +Source0: keys.tar.gz BuildArch: noarch %description GPG keys for Terra, used for verifying RPM package signatures. %prep +%autosetup -n keys %build %install install -d -m 755 $RPM_BUILD_ROOT/etc/pki/rpm-gpg -install -m 644 %{_sourcedir}/RPM-GPG-KEY* $RPM_BUILD_ROOT/etc/pki/rpm-gpg/ +install -m 644 ./RPM-GPG-KEY* $RPM_BUILD_ROOT/etc/pki/rpm-gpg/ %files %dir /etc/pki/rpm-gpg diff --git a/anda/terra/gpg-keys/update-gpg-keys.sh b/anda/terra/gpg-keys/update-gpg-keys.sh new file mode 100755 index 0000000000..03028221f7 --- /dev/null +++ b/anda/terra/gpg-keys/update-gpg-keys.sh @@ -0,0 +1,25 @@ +#!/usr/bin/bash + +for branch in $(sed -n 's/- \(f.*\)/\1/p;s/- \(el.*\)/\1/p' .github/workflows/update-branch.yml | tr -d ' '); do + +if [[ $branch == f* ]]; then + export releasever=${branch/f/} +else + export releasever=$branch +fi + +# Begin check hell to not strain our servers or waste CI time if a key already exists +[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever ] && curl -s https://repos.fyralabs.com/terra$releasever/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever +[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-source ] && curl -s https://repos.fyralabs.com/terra$releasever-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-source +if [[ $releasever != el* ]]; then +[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras ] && curl -s https://repos.fyralabs.com/terra$releasever-extras/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras +[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras-source ] && curl -s https://repos.fyralabs.com/terra$releasever-extras-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras-source +[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa ] && curl -s https://repos.fyralabs.com/terra$releasever-mesa/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa +[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa-source ] && curl -s https://repos.fyralabs.com/terra$releasever-mesa-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa-source +[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia ] && curl -s https://repos.fyralabs.com/terra$releasever-multimedia/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia +[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia-source ] && curl -s https://repos.fyralabs.com/terra$releasever-multimedia-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia-source +[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia ] && curl -s https://repos.fyralabs.com/terra$releasever-nvidia/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia +[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia-source ] && curl -s https://repos.fyralabs.com/terra$releasever-nvidia-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia-source +fi + +done diff --git a/anda/terra/gpg-keys/update.rhai b/anda/terra/gpg-keys/update.rhai index c8c7367174..150524eee4 100644 --- a/anda/terra/gpg-keys/update.rhai +++ b/anda/terra/gpg-keys/update.rhai @@ -1,8 +1,21 @@ import "andax/bump_extras.rhai" as bump; +import "andax/spec.rhai" as spec; -open_file("anda/terra/gpg-keys/RELEASE.txt", "w").write(bump::as_bodhi_ver(labels.branch)); +let branch = bump::as_bodhi_ver(labels.branch); +if branch.starts_with("F") { + branch.crop(1); + let releasever = branch; +} else if branch.starts_with("EPEL") { + let releasever = labels.branch; + releasever.crop(2); +} + +rpm.version(releasever); + +sh(`anda/terra/gpg-keys/update-gpg-keys.sh`, #{}); let dir = sub(`/[^/]+$`, "", __script_path); if sh("[[ `git status " + dir + " --porcelain` ]] && exit 1 || exit 0", #{}).ctx.rc == 1 { - rpm.release(); + let rel = spec::get_release(rpm).parse_int(); + rpm.release(rel + 1); } diff --git a/andax/bump_extras.rhai b/andax/bump_extras.rhai index efa2c0a89c..90ec2e5ee8 100644 --- a/andax/bump_extras.rhai +++ b/andax/bump_extras.rhai @@ -45,7 +45,7 @@ fn as_bodhi_ver(branch) { } return `EPEL-${release}`; } else if branch == "frawhide" { - return "F44"; + return "F45"; } else if branch.starts_with("f") { branch.crop(1); return `F${branch}`;