mirror of
https://github.com/terrapkg/packages.git
synced 2026-06-02 09:52:18 +00:00
Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Gilver
|
d474da312c | ||
|
Gilver
|
9505fd8d96 | ||
|
Gilver
|
5e55c7e0f3 | ||
|
Gilver
|
1a1e372a34 | ||
|
Gilver
|
52591be83f | ||
|
Gilver
|
6334504d1a | ||
|
Gilver
|
f1f10537d1 | ||
|
Gilver
|
d24f8441ff | ||
|
Gilver
|
dafe778c9f |
@@ -0,0 +1,70 @@
|
|||||||
|
name: Update GPG keys
|
||||||
|
permissions:
|
||||||
|
contents: write
|
||||||
|
|
||||||
|
on:
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
update-gpg-keys:
|
||||||
|
runs-on: ubuntu-24.04-arm
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
branch:
|
||||||
|
- frawhide
|
||||||
|
- f44
|
||||||
|
- f43
|
||||||
|
- f42
|
||||||
|
- el10
|
||||||
|
container:
|
||||||
|
image: ghcr.io/terrapkg/builder:frawhide
|
||||||
|
options: --cap-add=SYS_ADMIN --privileged
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@v6
|
||||||
|
with:
|
||||||
|
fetch-depth: 0
|
||||||
|
ssh-key: ${{ secrets.SSH_AUTHENTICATION_KEY }}
|
||||||
|
|
||||||
|
- name: Install SSH signing key & set up Git repository
|
||||||
|
run: |
|
||||||
|
mkdir -p ${{ runner.temp }}
|
||||||
|
echo "${{ secrets.SSH_SIGNING_KEY }}" > ${{ runner.temp }}/signing_key
|
||||||
|
chmod 0700 ${{ runner.temp }}/signing_key
|
||||||
|
git config --global --add safe.directory "$GITHUB_WORKSPACE"
|
||||||
|
|
||||||
|
- name: Update GPG keys
|
||||||
|
env: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
run: |
|
||||||
|
for branch in $(sed -n 's/- \(f.*\)/\1/p;s/- \(el.*\)/\1/p' .github/workflows/update-branch.yml | tr -d ' '); do
|
||||||
|
if [[ $branch == f* ]]; then
|
||||||
|
export releasever=${branch/f/}
|
||||||
|
else
|
||||||
|
export releasever=$branch
|
||||||
|
fi
|
||||||
|
|
||||||
|
curl -s https://repos.fyralabs.com/terra$releasever/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever
|
||||||
|
curl -s https://repos.fyralabs.com/terra$releasever-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-source
|
||||||
|
if [[ $releasever != el* ]]; then
|
||||||
|
curl -s https://repos.fyralabs.com/terra$releasever-extras/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras
|
||||||
|
curl -s https://repos.fyralabs.com/terra$releasever-extras-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras-source
|
||||||
|
curl -s https://repos.fyralabs.com/terra$releasever-mesa/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa
|
||||||
|
curl -s https://repos.fyralabs.com/terra$releasever-mesa-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa-source
|
||||||
|
curl -s https://repos.fyralabs.com/terra$releasever-multimedia/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia
|
||||||
|
curl -s https://repos.fyralabs.com/terra$releasever-multimedia-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia-source
|
||||||
|
curl -s https://repos.fyralabs.com/terra$releasever-nvidia/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia
|
||||||
|
curl -s https://repos.fyralabs.com/terra$releasever-nvidia-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia-source
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
anda update --filters keys=1 --labels branch=${{ matrix.branch }}
|
||||||
|
|
||||||
|
- name: Save
|
||||||
|
run: |
|
||||||
|
if [[ `git status --porcelain` ]]; then
|
||||||
|
git config user.name "Raboneko"
|
||||||
|
git config user.email "raboneko@fyralabs.com"
|
||||||
|
git config gpg.format "ssh"
|
||||||
|
git config user.signingkey "${{ runner.temp }}/signing_key"
|
||||||
|
git commit -S -a -m "bump(manual): terra-gpg-keys"
|
||||||
|
git push -u origin --all
|
||||||
|
fi
|
||||||
@@ -1 +0,0 @@
|
|||||||
F45
|
|
||||||
@@ -5,5 +5,6 @@ project pkg {
|
|||||||
}
|
}
|
||||||
labels {
|
labels {
|
||||||
updbranch = 1
|
updbranch = 1
|
||||||
|
keys = 1
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,2 @@
|
|||||||
|
let dir = sub(`/[^/]+$`, "", __script_path);
|
||||||
|
sh(`tar -czf keys.tar.gz RPM-GPG-KEY-terra*`, #{ "cwd": dir });
|
||||||
@@ -9,48 +9,7 @@ Requires: filesystem >= 3.18-6
|
|||||||
License: MIT
|
License: MIT
|
||||||
URL: https://terra.fyralabs.com
|
URL: https://terra.fyralabs.com
|
||||||
# We aren't pulling keys from the origin URLs, since they shouldn't change and this is easier to audit.
|
# We aren't pulling keys from the origin URLs, since they shouldn't change and this is easier to audit.
|
||||||
Source0: RPM-GPG-KEY-terrarawhide
|
Source0: keys.tar.gz
|
||||||
Source1: RPM-GPG-KEY-terrarawhide-extras
|
|
||||||
Source2: RPM-GPG-KEY-terrarawhide-extras-source
|
|
||||||
Source3: RPM-GPG-KEY-terrarawhide-mesa
|
|
||||||
Source4: RPM-GPG-KEY-terrarawhide-mesa-source
|
|
||||||
Source5: RPM-GPG-KEY-terrarawhide-multimedia
|
|
||||||
Source6: RPM-GPG-KEY-terrarawhide-multimedia-source
|
|
||||||
Source7: RPM-GPG-KEY-terrarawhide-nvidia
|
|
||||||
Source8: RPM-GPG-KEY-terrarawhide-nvidia-source
|
|
||||||
Source9: RPM-GPG-KEY-terrarawhide-source
|
|
||||||
Source10: RPM-GPG-KEY-terra42
|
|
||||||
Source11: RPM-GPG-KEY-terra42-extras
|
|
||||||
Source12: RPM-GPG-KEY-terra42-extras-source
|
|
||||||
Source13: RPM-GPG-KEY-terra42-mesa
|
|
||||||
Source14: RPM-GPG-KEY-terra42-mesa-source
|
|
||||||
Source15: RPM-GPG-KEY-terra42-multimedia
|
|
||||||
Source16: RPM-GPG-KEY-terra42-multimedia-source
|
|
||||||
Source17: RPM-GPG-KEY-terra42-nvidia
|
|
||||||
Source18: RPM-GPG-KEY-terra42-nvidia-source
|
|
||||||
Source19: RPM-GPG-KEY-terra42-source
|
|
||||||
Source20: RPM-GPG-KEY-terra43
|
|
||||||
Source21: RPM-GPG-KEY-terra43-extras
|
|
||||||
Source22: RPM-GPG-KEY-terra43-extras-source
|
|
||||||
Source23: RPM-GPG-KEY-terra43-mesa
|
|
||||||
Source24: RPM-GPG-KEY-terra43-mesa-source
|
|
||||||
Source25: RPM-GPG-KEY-terra43-multimedia
|
|
||||||
Source26: RPM-GPG-KEY-terra43-multimedia-source
|
|
||||||
Source27: RPM-GPG-KEY-terra43-nvidia
|
|
||||||
Source28: RPM-GPG-KEY-terra43-nvidia-source
|
|
||||||
Source29: RPM-GPG-KEY-terra43-source
|
|
||||||
Source30: RPM-GPG-KEY-terra44
|
|
||||||
Source31: RPM-GPG-KEY-terra44-extras
|
|
||||||
Source32: RPM-GPG-KEY-terra44-extras-source
|
|
||||||
Source33: RPM-GPG-KEY-terra44-mesa
|
|
||||||
Source34: RPM-GPG-KEY-terra44-mesa-source
|
|
||||||
Source35: RPM-GPG-KEY-terra44-multimedia
|
|
||||||
Source36: RPM-GPG-KEY-terra44-multimedia-source
|
|
||||||
Source37: RPM-GPG-KEY-terra44-nvidia
|
|
||||||
Source38: RPM-GPG-KEY-terra44-nvidia-source
|
|
||||||
Source39: RPM-GPG-KEY-terra44-source
|
|
||||||
Source40: RPM-GPG-KEY-terrael10
|
|
||||||
Source41: RPM-GPG-KEY-terrael10-source
|
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
|
|
||||||
Packager: Terra Packaging Team <terra@fyralabs.com>
|
Packager: Terra Packaging Team <terra@fyralabs.com>
|
||||||
@@ -65,12 +24,13 @@ Summary: Terra GPG keys for Mock
|
|||||||
Terra GPG key copies for use in Mock.
|
Terra GPG key copies for use in Mock.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
|
%autosetup -D -n .
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
%install
|
%install
|
||||||
install -d -m 755 $RPM_BUILD_ROOT/etc/pki/rpm-gpg
|
install -d -m 755 $RPM_BUILD_ROOT/etc/pki/rpm-gpg
|
||||||
install -m 644 %{_sourcedir}/RPM-GPG-KEY* $RPM_BUILD_ROOT/etc/pki/rpm-gpg/
|
install -m 644 ./RPM-GPG-KEY* $RPM_BUILD_ROOT/etc/pki/rpm-gpg/
|
||||||
|
|
||||||
install -d -m 755 $RPM_BUILD_ROOT/etc/pki/mock
|
install -d -m 755 $RPM_BUILD_ROOT/etc/pki/mock
|
||||||
install -m 644 %{_sourcedir}/RPM-GPG-KEY* $RPM_BUILD_ROOT/etc/pki/mock/
|
install -m 644 %{_sourcedir}/RPM-GPG-KEY* $RPM_BUILD_ROOT/etc/pki/mock/
|
||||||
|
|||||||
Executable
+25
@@ -0,0 +1,25 @@
|
|||||||
|
#!/usr/bin/bash
|
||||||
|
|
||||||
|
for branch in $(sed -n 's/- \(f.*\)/\1/p;s/- \(el.*\)/\1/p' .github/workflows/update-branch.yml | tr -d ' '); do
|
||||||
|
|
||||||
|
if [[ $branch == f* ]]; then
|
||||||
|
export releasever=${branch/f/}
|
||||||
|
else
|
||||||
|
export releasever=$branch
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Begin check hell to not strain our servers or waste CI time if a key already exists
|
||||||
|
[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever ] && curl -s https://repos.fyralabs.com/terra$releasever/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever
|
||||||
|
[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-source ] && curl -s https://repos.fyralabs.com/terra$releasever-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-source
|
||||||
|
if [[ $releasever != el* ]]; then
|
||||||
|
[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras ] && curl -s https://repos.fyralabs.com/terra$releasever-extras/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras
|
||||||
|
[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras-source ] && curl -s https://repos.fyralabs.com/terra$releasever-extras-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras-source
|
||||||
|
[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa ] && curl -s https://repos.fyralabs.com/terra$releasever-mesa/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa
|
||||||
|
[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa-source ] && curl -s https://repos.fyralabs.com/terra$releasever-mesa-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa-source
|
||||||
|
[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia ] && curl -s https://repos.fyralabs.com/terra$releasever-multimedia/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia
|
||||||
|
[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia-source ] && curl -s https://repos.fyralabs.com/terra$releasever-multimedia-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia-source
|
||||||
|
[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia ] && curl -s https://repos.fyralabs.com/terra$releasever-nvidia/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia
|
||||||
|
[ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia-source ] && curl -s https://repos.fyralabs.com/terra$releasever-nvidia-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia-source
|
||||||
|
fi
|
||||||
|
|
||||||
|
done
|
||||||
@@ -1,8 +1,21 @@
|
|||||||
import "andax/bump_extras.rhai" as bump;
|
import "andax/bump_extras.rhai" as bump;
|
||||||
|
import "andax/spec.rhai" as spec;
|
||||||
|
|
||||||
open_file("anda/terra/gpg-keys/RELEASE.txt", "w").write(bump::as_bodhi_ver(labels.branch));
|
let branch = bump::as_bodhi_ver(labels.branch);
|
||||||
|
|
||||||
|
if branch.starts_with("F") {
|
||||||
|
branch.crop(1);
|
||||||
|
let releasever = branch;
|
||||||
|
} else if branch.starts_with("EPEL") {
|
||||||
|
let releasever = labels.branch;
|
||||||
|
releasever.crop(2);
|
||||||
|
}
|
||||||
|
|
||||||
|
rpm.version(releasever);
|
||||||
|
|
||||||
|
sh(`anda/terra/gpg-keys/update-gpg-keys.sh`, #{});
|
||||||
let dir = sub(`/[^/]+$`, "", __script_path);
|
let dir = sub(`/[^/]+$`, "", __script_path);
|
||||||
if sh("[[ `git status " + dir + " --porcelain` ]] && exit 1 || exit 0", #{}).ctx.rc == 1 {
|
if sh("[[ `git status " + dir + " --porcelain` ]] && exit 1 || exit 0", #{}).ctx.rc == 1 {
|
||||||
rpm.release();
|
let rel = spec::get_release(rpm).parse_int();
|
||||||
|
rpm.release(rel + 1);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user