Browse Source

fast-build mode: do not rely on gpg when verifying metadata

If previous build create metadata generation job, the repository will be left in
unsigned state for up to 5-20 seconds. We cannot do anything with this as how
Bintray works. When this case happens, signature checks will fail causing build
failure.

See https://gitlab.com/termux-mirror/termux-packages/-/jobs/175356747.

For now, gpg checks are permanently disabled. When a better solution will be
found, feel free to revert this commit.
emacs-27
Leonid Plyushch 6 years ago
parent
commit
cada4be0d8
  1. 18
      scripts/build/termux_get_repo_files.sh

18
scripts/build/termux_get_repo_files.sh

@ -17,24 +17,12 @@ termux_get_repo_files() {
rm -f /data/data/.built-packages/* rm -f /data/data/.built-packages/*
fi fi
# Import signing keys from files
gpg --import ${TERMUX_REPO_SIGNING_KEYS}
for idx in $(seq ${#TERMUX_REPO_URL[@]}); do for idx in $(seq ${#TERMUX_REPO_URL[@]}); do
local TERMUX_REPO_NAME=$(echo ${TERMUX_REPO_URL[$idx-1]} | sed -e 's%https://%%g' -e 's%http://%%g' -e 's%/%-%g') local TERMUX_REPO_NAME=$(echo ${TERMUX_REPO_URL[$idx-1]} | sed -e 's%https://%%g' -e 's%http://%%g' -e 's%/%-%g')
local FILE_PREFIX=${TERMUX_COMMON_CACHEDIR}/${TERMUX_REPO_NAME}-${TERMUX_REPO_DISTRIBUTION[$idx-1]} local RELEASE_FILE=${TERMUX_COMMON_CACHEDIR}/${TERMUX_REPO_NAME}-${TERMUX_REPO_DISTRIBUTION[$idx-1]}-Release
curl --fail -L "${TERMUX_REPO_URL[$idx-1]}/dists/${TERMUX_REPO_DISTRIBUTION[$idx-1]}/InRelease" -o ${FILE_PREFIX}-InRelease \
|| curl --fail -L "${TERMUX_REPO_URL[$idx-1]}/dists/${TERMUX_REPO_DISTRIBUTION[$idx-1]}/Release.gpg" -o ${FILE_PREFIX}-Release.gpg \
&& curl --fail -L "${TERMUX_REPO_URL[$idx-1]}/dists/${TERMUX_REPO_DISTRIBUTION[$idx-1]}/Release" -o ${FILE_PREFIX}-Release \
|| termux_error_exit "Download of InRelease and Release.gpg from ${TERMUX_REPO_URL[$idx-1]}/dists/${TERMUX_REPO_DISTRIBUTION[$idx-1]} failed"
if [ -f ${TERMUX_COMMON_CACHEDIR}/${TERMUX_REPO_NAME}-${TERMUX_REPO_DISTRIBUTION[$idx-1]}-InRelease ]; then curl --fail -L "${TERMUX_REPO_URL[$idx-1]}/dists/${TERMUX_REPO_DISTRIBUTION[$idx-1]}/Release" -o $RELEASE_FILE \
local RELEASE_FILE=${TERMUX_COMMON_CACHEDIR}/${TERMUX_REPO_NAME}-${TERMUX_REPO_DISTRIBUTION[$idx-1]}-InRelease || termux_error_exit "Download of InRelease and Release.gpg from ${TERMUX_REPO_URL[$idx-1]}/dists/${TERMUX_REPO_DISTRIBUTION[$idx-1]} failed"
gpg --verify $RELEASE_FILE
else
local RELEASE_FILE=${TERMUX_COMMON_CACHEDIR}/${TERMUX_REPO_NAME}-${TERMUX_REPO_DISTRIBUTION[$idx-1]}-Release
gpg --verify ${RELEASE_FILE}.gpg $RELEASE_FILE
fi
for arch in all $TERMUX_ARCH; do for arch in all $TERMUX_ARCH; do
local PACKAGES_HASH=$(./scripts/get_hash_from_file.py ${RELEASE_FILE} $arch ${TERMUX_REPO_COMPONENT[$idx-1]}) local PACKAGES_HASH=$(./scripts/get_hash_from_file.py ${RELEASE_FILE} $arch ${TERMUX_REPO_COMPONENT[$idx-1]})

Loading…
Cancel
Save