diff options
author | Holger Levsen <holger@layer-acht.org> | 2015-12-12 12:54:25 +0100 |
---|---|---|
committer | Holger Levsen <holger@layer-acht.org> | 2015-12-12 12:54:25 +0100 |
commit | 7ece95bae42f202007345ac3b07908e22787b0a4 (patch) | |
tree | 0833eb3c1dfa6bda8c610a48cb42a61133080bfc | |
parent | a902d1f8c381bd6c31eaa81a1a5bea18f1187463 (diff) | |
download | jenkins.debian.net-7ece95bae42f202007345ac3b07908e22787b0a4.tar.xz |
reproducible archlinux: use gpg to verify sources
-rw-r--r-- | TODO | 4 | ||||
-rwxr-xr-x | bin/reproducible_build_archlinux_pkg.sh | 4 | ||||
-rwxr-xr-x | bin/reproducible_setup_archlinux_schroot.sh | 1 |
3 files changed, 5 insertions, 4 deletions
@@ -309,8 +309,8 @@ This is about Debian, below are more todo entries for other projects… * arch build.sh: ** introduce more variations: USER ** confirm the others are really working -** 'makepkg --skippgpcheck' should be replaced by 'makepkg' and 'echo "keyserver-options auto-key-retrieve" >> ~/.gnupg/gpg.conf' -*** which should make this obsolete: 'schroot --directory /tmp -c source:jenkins-reproducible-archlinux -- grep ^validpgpkeys= $PKG/PKGBUILD|cut -d "'" -f2|xargs schroot --directory /tmp -c source:jenkins-reproducible-archlinux -- gpg --recv-keys' +** 'echo "keyserver-options auto-key-retrieve" >> ~/.gnupg/gpg.conf' is now being used and should make this not needed: +*** 'schroot --directory /tmp -c source:jenkins-reproducible-archlinux -- grep ^validpgpkeys= $PKG/PKGBUILD|cut -d "'" -f2|xargs schroot --directory /tmp -c source:jenkins-reproducible-archlinux -- gpg --recv-keys' ** on SIGTERM, also ssh to remote host and cleanup there! (via ssh &) * put results in a db ** graph results diff --git a/bin/reproducible_build_archlinux_pkg.sh b/bin/reproducible_build_archlinux_pkg.sh index 8dc5a5d3..d6f1a5e1 100755 --- a/bin/reproducible_build_archlinux_pkg.sh +++ b/bin/reproducible_build_archlinux_pkg.sh @@ -126,7 +126,7 @@ first_build() { echo 'export TZ="/usr/share/zoneinfo/Etc/GMT+12"' | schroot --run-session -c $SESSION --directory /tmp -- tee -a /var/lib/jenkins/.bashrc # nicely run makepkg with a timeout of $TIMEOUT hours timeout -k $TIMEOUT.1h ${TIMEOUT}h /usr/bin/ionice -c 3 /usr/bin/nice \ - schroot --run-session -c $SESSION --directory $BUILDDIR/$SRCPACKAGE -- bash -l -c 'makepkg --syncdeps --noconfirm --skippgpcheck 2>&1' | tee -a $LOG + schroot --run-session -c $SESSION --directory $BUILDDIR/$SRCPACKAGE -- bash -l -c 'makepkg --syncdeps --noconfirm 2>&1' | tee -a $LOG PRESULT=${PIPESTATUS[0]} if [ $PRESULT -eq 124 ] ; then echo "$(date -u) - makepkg was killed by timeout after ${TIMEOUT}h." | tee -a $LOG @@ -160,7 +160,7 @@ second_build() { __END__ # nicely run makepkg with a timeout of $TIMEOUT hours timeout -k $TIMEOUT.1h ${TIMEOUT}h /usr/bin/ionice -c 3 /usr/bin/nice \ - schroot --run-session -c $SESSION --directory $BUILDDIR/$SRCPACKAGE -- bash -l -c 'makepkg --syncdeps --noconfirm --skippgpcheck 2>&1' | tee -a $LOG + schroot --run-session -c $SESSION --directory $BUILDDIR/$SRCPACKAGE -- bash -l -c 'makepkg --syncdeps --noconfirm 2>&1' | tee -a $LOG PRESULT=${PIPESTATUS[0]} if [ $PRESULT -eq 124 ] ; then echo "$(date -u) - makepkg was killed by timeout after ${TIMEOUT}h." | tee -a $LOG diff --git a/bin/reproducible_setup_archlinux_schroot.sh b/bin/reproducible_setup_archlinux_schroot.sh index 3e90bdc4..d344cbf4 100755 --- a/bin/reproducible_setup_archlinux_schroot.sh +++ b/bin/reproducible_setup_archlinux_schroot.sh @@ -97,6 +97,7 @@ $ROOTCMD mkdir /var/lib/jenkins $ROOTCMD chown -R jenkins:jenkins /var/lib/jenkins echo ". /etc/profile.d/proxy.sh" | tee -a $SCHROOT_BASE/$TARGET/var/lib/jenkins/.bashrc $USERCMD bash -l -c 'gpg --check-trustdb' # first run will create ~/.gnupg/gpg.conf +echo "keyserver-options auto-key-retrieve" | $USERCMD tee -a $SCHROOT_BASE/$TARGET/var/lib/jenkins/.gnupg/gpg.conf $USERCMD bash -l -c 'gpg --recv-keys 0x091AB856069AAA1C' echo "schroot $TARGET set up successfully in $SCHROOT_BASE/$TARGET - exiting now." |