mikroskeem/aur-buildbot
1
1
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Add useful scripts

Browse Source
This commit is contained in:
Mark Vainomaa 2017-02-19 16:12:46 +02:00
parent f5295a6022
commit 09aa9539d8
8 changed files with 66 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -11,12 +11,14 @@ NOTE: This is actually not ready, so it is not recommended to run it in producti
- Note: Don't forget to firewall! - Note: Don't forget to firewall!
* Copy `aur` script to `/usr/bin` in host machine * Copy `aur` script to `/usr/bin` in host machine
* Set up nginx to serve packages to host (and maybe for public) * Set up nginx to serve packages to host (and maybe for public)
* Take look at `scripts/` directory, you might find useful scripts there
## Known issues ## Known issues
* You can't edit PKGBUILD-s * You can't edit PKGBUILD-s
* You can't accept GPG keys automatically (insecure to do so, but you can do `gpg --recv-key <key>` in container shell) * You can't accept GPG keys automatically (insecure to do so, but you can do `gpg --recv-key <key>` in container shell)
* Not documentated enough! * Not documentated enough!
* Probably something more I'm not currently aware of * Probably something more I'm not currently aware of
* Storing GPG password is insecure, if your builder gets hacked, then revoke your key
## TODO ## TODO
* Pacman cache automatic cleanup timer * Pacman cache automatic cleanup timer

37
scripts/init-gpg.sh Executable file
View File

@ -0,0 +1,37 @@
#!/bin/bash
# Go to home directory for sure
pushd $HOME >/dev/null
# Kill gpg-agent
pkill gpg-agent
# Rewrite gpg-agent configuration
cat > ~/.gnupg/gpg-agent.conf <<EOF
default-cache-ttl 4320000
max-cache-ttl 8640000
allow-loopback-pinentry
EOF
# Start gpg-agent
gpg-agent
# Create dummy file
_dummyfile=`mktemp`
echo "foobar" > "${_dummyfile}"
# Cache password in gpg-agent by signing dummy file
cat ~/passphrase.txt | env -i gpg \
--pinentry-mode loopback --passphrase-fd 0 \
--no-tty --batch --yes \
--detach-sig --output "${_dummyfile}.sig" "${_dummyfile}"
# Verify given signature
env -i gpg --verify \
"${_dummyfile}.sig" "${_dummyfile}"
echo $?
rm "${_dummyfile}" "${_dummyfile}.sig"
popd >/dev/null

1
scripts/passphrase.txt Normal file
View File

@ -0,0 +1 @@
# put pw here

4
scripts/remove-package.sh Executable file
View File

@ -0,0 +1,4 @@
#!/bin/bash
pushd /srv/http/built-packages >/dev/null
repose aurpackages -zdvs ${1}
popd

6
scripts/resign-all.sh Executable file
View File

@ -0,0 +1,6 @@
#!/bin/bash
pushd /srv/http/built-packages >/dev/null
rm *.sig
~/resign-repo.sh
~/resign-missing.sh
popd >/dev/null

9
scripts/resign-missing.sh Executable file
View File

@ -0,0 +1,9 @@
#!/bin/bash
pushd /srv/http/built-packages >/dev/null
find -name "*.pkg.tar.xz" | while read _p; do
if [ ! -f "${_p}.sig" ]; then
echo "Signing ${_p}"
gpg --output ${_p}.sig --detach-sig ${_p}
fi
done
popd >/dev/null

5
scripts/resign-repo.sh Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
pushd /srv/http/built-packages >/dev/null
gpg --yes --output aurpackages.db.sig --detach-sig aurpackages.db
gpg --yes --output aurpackages.files.sig --detach-sig aurpackages.files
popd >/dev/null

2
scripts/update-packages.sh Executable file
View File

@ -0,0 +1,2 @@
#!/bin/bash
PAGER=cat aursync -s -n -u -f