Add useful scripts

2017-02-19 16:12:46 +02:00 · 2017-02-19 16:12:46 +02:00 · 09aa9539d8
parent f5295a6022
commit 09aa9539d8
8 changed files with 66 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -11,12 +11,14 @@ NOTE: This is actually not ready, so it is not recommended to run it in producti
    - Note: Don't forget to firewall!
 * Copy `aur` script to `/usr/bin` in host machine
 * Set up nginx to serve packages to host (and maybe for public)
+* Take look at `scripts/` directory, you might find useful scripts there

 ## Known issues
 * You can't edit PKGBUILD-s
 * You can't accept GPG keys automatically (insecure to do so, but you can do `gpg --recv-key <key>` in container shell)
 * Not documentated enough!
 * Probably something more I'm not currently aware of
+* Storing GPG password is insecure, if your builder gets hacked, then revoke your key

 ## TODO
 * Pacman cache automatic cleanup timer
--- a/scripts/init-gpg.sh
+++ b/scripts/init-gpg.sh
@ -0,0 +1,37 @@
+#!/bin/bash
+
+# Go to home directory for sure
+pushd $HOME >/dev/null
+
+# Kill gpg-agent
+pkill gpg-agent
+
+# Rewrite gpg-agent configuration
+cat > ~/.gnupg/gpg-agent.conf <<EOF
+default-cache-ttl 4320000
+max-cache-ttl 8640000
+allow-loopback-pinentry
+EOF
+
+# Start gpg-agent
+gpg-agent
+
+
+# Create dummy file
+_dummyfile=`mktemp`
+echo "foobar" > "${_dummyfile}"
+
+# Cache password in gpg-agent by signing dummy file
+cat ~/passphrase.txt | env -i gpg \
+	--pinentry-mode loopback --passphrase-fd 0 \
+	--no-tty --batch --yes \
+	--detach-sig --output "${_dummyfile}.sig" "${_dummyfile}"
+
+# Verify given signature
+env -i gpg --verify \
+	"${_dummyfile}.sig" "${_dummyfile}"
+
+echo $?
+
+rm "${_dummyfile}" "${_dummyfile}.sig"
+popd >/dev/null
--- a/scripts/passphrase.txt
+++ b/scripts/passphrase.txt
@ -0,0 +1 @@
+# put pw here
--- a/scripts/remove-package.sh
+++ b/scripts/remove-package.sh
@ -0,0 +1,4 @@
+#!/bin/bash
+pushd /srv/http/built-packages >/dev/null
+repose aurpackages -zdvs ${1}
+popd
--- a/scripts/resign-all.sh
+++ b/scripts/resign-all.sh
@ -0,0 +1,6 @@
+#!/bin/bash
+pushd /srv/http/built-packages >/dev/null
+rm *.sig
+~/resign-repo.sh
+~/resign-missing.sh
+popd >/dev/null
--- a/scripts/resign-missing.sh
+++ b/scripts/resign-missing.sh
@ -0,0 +1,9 @@
+#!/bin/bash
+pushd /srv/http/built-packages >/dev/null
+find -name "*.pkg.tar.xz" | while read _p; do
+	if [ ! -f "${_p}.sig" ]; then
+		echo "Signing ${_p}"
+		gpg --output ${_p}.sig --detach-sig ${_p}
+	fi
+done
+popd >/dev/null
--- a/scripts/resign-repo.sh
+++ b/scripts/resign-repo.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+pushd /srv/http/built-packages >/dev/null
+gpg --yes --output aurpackages.db.sig --detach-sig aurpackages.db
+gpg --yes --output aurpackages.files.sig --detach-sig aurpackages.files
+popd >/dev/null
--- a/scripts/update-packages.sh
+++ b/scripts/update-packages.sh
@ -0,0 +1,2 @@
+#!/bin/bash
+PAGER=cat aursync -s -n -u -f