mirror of
https://github.com/terrapkg/packages.git
synced 2026-05-31 17:11:56 +00:00
Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Gilver
|
d474da312c | ||
|
Gilver
|
9505fd8d96 | ||
|
Gilver
|
5e55c7e0f3 | ||
|
Gilver
|
1a1e372a34 | ||
|
Gilver
|
52591be83f | ||
|
Gilver
|
6334504d1a | ||
|
Gilver
|
f1f10537d1 | ||
|
Gilver
|
d24f8441ff | ||
|
Gilver
|
dafe778c9f |
@@ -0,0 +1,70 @@
|
||||
name: Update GPG keys
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
update-gpg-keys:
|
||||
runs-on: ubuntu-24.04-arm
|
||||
strategy:
|
||||
matrix:
|
||||
branch:
|
||||
- frawhide
|
||||
- f44
|
||||
- f43
|
||||
- f42
|
||||
- el10
|
||||
container:
|
||||
image: ghcr.io/terrapkg/builder:frawhide
|
||||
options: --cap-add=SYS_ADMIN --privileged
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ssh-key: ${{ secrets.SSH_AUTHENTICATION_KEY }}
|
||||
|
||||
- name: Install SSH signing key & set up Git repository
|
||||
run: |
|
||||
mkdir -p ${{ runner.temp }}
|
||||
echo "${{ secrets.SSH_SIGNING_KEY }}" > ${{ runner.temp }}/signing_key
|
||||
chmod 0700 ${{ runner.temp }}/signing_key
|
||||
git config --global --add safe.directory "$GITHUB_WORKSPACE"
|
||||
|
||||
- name: Update GPG keys
|
||||
env: ${{ secrets.GITHUB_TOKEN }}
|
||||
run: |
|
||||
for branch in $(sed -n 's/- \(f.*\)/\1/p;s/- \(el.*\)/\1/p' .github/workflows/update-branch.yml | tr -d ' '); do
|
||||
if [[ $branch == f* ]]; then
|
||||
export releasever=${branch/f/}
|
||||
else
|
||||
export releasever=$branch
|
||||
fi
|
||||
|
||||
curl -s https://repos.fyralabs.com/terra$releasever/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever
|
||||
curl -s https://repos.fyralabs.com/terra$releasever-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-source
|
||||
if [[ $releasever != el* ]]; then
|
||||
curl -s https://repos.fyralabs.com/terra$releasever-extras/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras
|
||||
curl -s https://repos.fyralabs.com/terra$releasever-extras-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras-source
|
||||
curl -s https://repos.fyralabs.com/terra$releasever-mesa/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa
|
||||
curl -s https://repos.fyralabs.com/terra$releasever-mesa-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa-source
|
||||
curl -s https://repos.fyralabs.com/terra$releasever-multimedia/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia
|
||||
curl -s https://repos.fyralabs.com/terra$releasever-multimedia-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia-source
|
||||
curl -s https://repos.fyralabs.com/terra$releasever-nvidia/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia
|
||||
curl -s https://repos.fyralabs.com/terra$releasever-nvidia-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia-source
|
||||
fi
|
||||
done
|
||||
anda update --filters keys=1 --labels branch=${{ matrix.branch }}
|
||||
|
||||
- name: Save
|
||||
run: |
|
||||
if [[ `git status --porcelain` ]]; then
|
||||
git config user.name "Raboneko"
|
||||
git config user.email "raboneko@fyralabs.com"
|
||||
git config gpg.format "ssh"
|
||||
git config user.signingkey "${{ runner.temp }}/signing_key"
|
||||
git commit -S -a -m "bump(manual): terra-gpg-keys"
|
||||
git push -u origin --all
|
||||
fi
|
||||
@@ -1 +0,0 @@
|
||||
F45
|
||||
@@ -5,5 +5,6 @@ project pkg {
|
||||
}
|
||||
labels {
|
||||
updbranch = 1
|
||||
keys = 1
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
let dir = sub(`/[^/]+$`, "", __script_path);
|
||||
sh(`tar -czf keys.tar.gz RPM-GPG-KEY-terra*`, #{ "cwd": dir });
|
||||
@@ -9,48 +9,7 @@ Requires: filesystem >= 3.18-6
|
||||
License: MIT
|
||||
URL: https://terra.fyralabs.com
|
||||
# We aren't pulling keys from the origin URLs, since they shouldn't change and this is easier to audit.
|
||||
Source0: RPM-GPG-KEY-terrarawhide
|
||||
Source1: RPM-GPG-KEY-terrarawhide-extras
|
||||
Source2: RPM-GPG-KEY-terrarawhide-extras-source
|
||||
Source3: RPM-GPG-KEY-terrarawhide-mesa
|
||||
Source4: RPM-GPG-KEY-terrarawhide-mesa-source
|
||||
Source5: RPM-GPG-KEY-terrarawhide-multimedia
|
||||
Source6: RPM-GPG-KEY-terrarawhide-multimedia-source
|
||||
Source7: RPM-GPG-KEY-terrarawhide-nvidia
|
||||
Source8: RPM-GPG-KEY-terrarawhide-nvidia-source
|
||||
Source9: RPM-GPG-KEY-terrarawhide-source
|
||||
Source10: RPM-GPG-KEY-terra42
|
||||
Source11: RPM-GPG-KEY-terra42-extras
|
||||
Source12: RPM-GPG-KEY-terra42-extras-source
|
||||
Source13: RPM-GPG-KEY-terra42-mesa
|
||||
Source14: RPM-GPG-KEY-terra42-mesa-source
|
||||
Source15: RPM-GPG-KEY-terra42-multimedia
|
||||
Source16: RPM-GPG-KEY-terra42-multimedia-source
|
||||
Source17: RPM-GPG-KEY-terra42-nvidia
|
||||
Source18: RPM-GPG-KEY-terra42-nvidia-source
|
||||
Source19: RPM-GPG-KEY-terra42-source
|
||||
Source20: RPM-GPG-KEY-terra43
|
||||
Source21: RPM-GPG-KEY-terra43-extras
|
||||
Source22: RPM-GPG-KEY-terra43-extras-source
|
||||
Source23: RPM-GPG-KEY-terra43-mesa
|
||||
Source24: RPM-GPG-KEY-terra43-mesa-source
|
||||
Source25: RPM-GPG-KEY-terra43-multimedia
|
||||
Source26: RPM-GPG-KEY-terra43-multimedia-source
|
||||
Source27: RPM-GPG-KEY-terra43-nvidia
|
||||
Source28: RPM-GPG-KEY-terra43-nvidia-source
|
||||
Source29: RPM-GPG-KEY-terra43-source
|
||||
Source30: RPM-GPG-KEY-terra44
|
||||
Source31: RPM-GPG-KEY-terra44-extras
|
||||
Source32: RPM-GPG-KEY-terra44-extras-source
|
||||
Source33: RPM-GPG-KEY-terra44-mesa
|
||||
Source34: RPM-GPG-KEY-terra44-mesa-source
|
||||
Source35: RPM-GPG-KEY-terra44-multimedia
|
||||
Source36: RPM-GPG-KEY-terra44-multimedia-source
|
||||
Source37: RPM-GPG-KEY-terra44-nvidia
|
||||
Source38: RPM-GPG-KEY-terra44-nvidia-source
|
||||
Source39: RPM-GPG-KEY-terra44-source
|
||||
Source40: RPM-GPG-KEY-terrael10
|
||||
Source41: RPM-GPG-KEY-terrael10-source
|
||||
Source0: keys.tar.gz
|
||||
BuildArch: noarch
|
||||
|
||||
Packager: Terra Packaging Team <terra@fyralabs.com>
|
||||
@@ -65,12 +24,13 @@ Summary: Terra GPG keys for Mock
|
||||
Terra GPG key copies for use in Mock.
|
||||
|
||||
%prep
|
||||
%autosetup -D -n .
|
||||
|
||||
%build
|
||||
|
||||
%install
|
||||
install -d -m 755 $RPM_BUILD_ROOT/etc/pki/rpm-gpg
|
||||
install -m 644 %{_sourcedir}/RPM-GPG-KEY* $RPM_BUILD_ROOT/etc/pki/rpm-gpg/
|
||||
install -m 644 ./RPM-GPG-KEY* $RPM_BUILD_ROOT/etc/pki/rpm-gpg/
|
||||
|
||||
install -d -m 755 $RPM_BUILD_ROOT/etc/pki/mock
|
||||
install -m 644 %{_sourcedir}/RPM-GPG-KEY* $RPM_BUILD_ROOT/etc/pki/mock/
|
||||
|
||||
Executable
+25
@@ -0,0 +1,25 @@
|
||||
#!/usr/bin/bash
|
||||
|
||||
for branch in $(sed -n 's/- \(f.*\)/\1/p;s/- \(el.*\)/\1/p' .github/workflows/update-branch.yml | tr -d ' '); do
|
||||
|
||||
if [[ $branch == f* ]]; then
|
||||
export releasever=${branch/f/}
|
||||
else
|
||||
export releasever=$branch
|
||||
fi
|
||||
|
||||
# Begin check hell to not strain our servers or waste CI time if a key already exists
|
||||
[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever ] && curl -s https://repos.fyralabs.com/terra$releasever/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever
|
||||
[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-source ] && curl -s https://repos.fyralabs.com/terra$releasever-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-source
|
||||
if [[ $releasever != el* ]]; then
|
||||
[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras ] && curl -s https://repos.fyralabs.com/terra$releasever-extras/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras
|
||||
[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras-source ] && curl -s https://repos.fyralabs.com/terra$releasever-extras-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras-source
|
||||
[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa ] && curl -s https://repos.fyralabs.com/terra$releasever-mesa/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa
|
||||
[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa-source ] && curl -s https://repos.fyralabs.com/terra$releasever-mesa-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa-source
|
||||
[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia ] && curl -s https://repos.fyralabs.com/terra$releasever-multimedia/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia
|
||||
[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia-source ] && curl -s https://repos.fyralabs.com/terra$releasever-multimedia-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia-source
|
||||
[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia ] && curl -s https://repos.fyralabs.com/terra$releasever-nvidia/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia
|
||||
[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia-source ] && curl -s https://repos.fyralabs.com/terra$releasever-nvidia-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia-source
|
||||
fi
|
||||
|
||||
done
|
||||
@@ -1,8 +1,21 @@
|
||||
import "andax/bump_extras.rhai" as bump;
|
||||
import "andax/spec.rhai" as spec;
|
||||
|
||||
open_file("anda/terra/gpg-keys/RELEASE.txt", "w").write(bump::as_bodhi_ver(labels.branch));
|
||||
let branch = bump::as_bodhi_ver(labels.branch);
|
||||
|
||||
if branch.starts_with("F") {
|
||||
branch.crop(1);
|
||||
let releasever = branch;
|
||||
} else if branch.starts_with("EPEL") {
|
||||
let releasever = labels.branch;
|
||||
releasever.crop(2);
|
||||
}
|
||||
|
||||
rpm.version(releasever);
|
||||
|
||||
sh(`anda/terra/gpg-keys/update-gpg-keys.sh`, #{});
|
||||
let dir = sub(`/[^/]+$`, "", __script_path);
|
||||
if sh("[[ `git status " + dir + " --porcelain` ]] && exit 1 || exit 0", #{}).ctx.rc == 1 {
|
||||
rpm.release();
|
||||
let rel = spec::get_release(rpm).parse_int();
|
||||
rpm.release(rel + 1);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user