From ac4dcb64a8f6c07dfe50e9005dc4246f21ebf84e Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sat, 6 Sep 2014 00:39:14 -0400 Subject: Split hackers.yml into users/#{uid}.yml --- Makefile | 41 ++++++++++++++++++++++++----------------- 1 file changed, 24 insertions(+), 17 deletions(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index d1858f4..3253c91 100644 --- a/Makefile +++ b/Makefile @@ -2,30 +2,36 @@ export LANG=C export SHELL=/bin/bash KEYSERVER = hkp://pool.sks-keyservers.net +KEYRING_NAME = parabola + GPG = gpg --quiet --batch --no-tty --no-permission-warning --keyserver ${KEYSERVER} --homedir output/cache/pacman-keyring/gpghome MKDIRS = mkdir -p FAIL = exit 1 -keyring_name = parabola +dep_dir = $1 $(shell find $1) +users = $(call dep_dir,users) all: PHONY pacman-keyring clean: PHONY rm -rf output/cache +distclean: PHONY + rm -rf output #### pacman-keyring: PHONY \ - output/pacman-keyring/${keyring_name}.gpg \ - output/pacman-keyring/${keyring_name}-trusted \ - output/pacman-keyring/${keyring_name}-revoked + output/pacman-keyring/${KEYRING_NAME}.gpg \ + output/pacman-keyring/${KEYRING_NAME}-trusted \ + output/pacman-keyring/${KEYRING_NAME}-revoked # Assemble the list of .asc files needed to generate the keyring -output/cache/pacman-keyring/deps.mk: hackers.yml bin/list-pgp-keyids +output/cache/pacman-keyring/deps.mk: ${users} $(MKDIRS) ${@D} { \ - echo output/pacman-keyring/${keyring_name}.gpg: $$(bin/list-pgp-keyids | sed -r 's|(\S+) .*|output/cache/pacman-keyring/keys/\1.asc|') && \ - echo output/cache/pacman-keyring/stamp.ownertrust: $$(bin/list-pgp-keyids | sed -rn 's|^(trusted/\S+) .*|output/cache/pacman-keyring/keys/\1.asc|p') && \ + echo output/pacman-keyring/${KEYRING_NAME}.gpg: $$(bin/pgp-list-keyids | sed -r 's|(\S+) .*|output/cache/pacman-keyring/keys/\1.asc|') && \ + echo output/cache/pacman-keyring/stamp.ownertrust: $$(bin/pgp-list-keyids | sed -rn 's|^(trusted/\S+) .*|output/cache/pacman-keyring/keys/\1.asc|p') && \ + bin/uid-map | sed 's|.*|trusted:&\nsecondary:&\nrevoked:&|' | sed -r 's|(.*):(.*):(.*)|output/cache/pacman-keyring/keys/\1/\3.asc: users/\2.yml|' && \ :; }> $@ -include output/cache/pacman-keyring/deps.mk @@ -33,37 +39,38 @@ output/cache/pacman-keyring/stamp.gpg-init: gpg-init.txt ${MKDIRS} ${@D} output/cache/pacman-keyring/gpghome ${GPG} --gen-key < $< touch $@ -output/cache/pacman-keyring/stamp.ownertrust: output/pacman-keyring/${keyring_name}-trusted output/cache/pacman-keyring/deps.mk +output/cache/pacman-keyring/stamp.ownertrust: output/pacman-keyring/${KEYRING_NAME}-trusted output/cache/pacman-keyring/deps.mk ${MKDIRS} ${@D} ${GPG} --import-ownertrust < $< 2>/dev/null touch $@ -output/pacman-keyring/${keyring_name}.gpg: output/cache/pacman-keyring/deps.mk +output/pacman-keyring/${KEYRING_NAME}.gpg: output/cache/pacman-keyring/deps.mk $(MKDIRS) ${@D} cat $(filter %.asc,$^) > $@ -output/pacman-keyring/${keyring_name}-trusted: hackers.yml bin/list-pgp-keyids +output/pacman-keyring/${KEYRING_NAME}-trusted: ${users} $(MKDIRS) ${@D} - bin/list-pgp-keyids | sed -rn 's|^trusted/\S+ (\S+)|\1:4:|p' > $@ -output/pacman-keyring/${keyring_name}-revoked: hackers.yml bin/list-pgp-keyids + bin/pgp-list-keyids | sed -rn 's|^trusted/\S+ (\S+)|\1:4:|p' > $@ +output/pacman-keyring/${KEYRING_NAME}-revoked: ${users} $(MKDIRS) ${@D} - bin/list-pgp-keyids | sed -rn 's|^revoked/\S+ ||p' > $@ + bin/pgp-list-keyids | sed -rn 's|^revoked/\S+ ||p' > $@ # These 3 rules are mostly straight from "archlinux-keyring.git/update-keys" -keyid=$$(bin/get-pgp-keyid $*) -output/cache/pacman-keyring/keys/trusted/%.asc: hackers.yml bin/get-pgp-keyid output/cache/pacman-keyring/stamp.gpg-init +# The appropriate .yml file is added as a dependency by deps.mk +keyid=$$(bin/pgp-get-keyid-by-uid $(patsubst users/%.yml,%,$(filter %.yml,$^))) +output/cache/pacman-keyring/keys/trusted/%.asc: output/cache/pacman-keyring/stamp.gpg-init ${MKDIRS} ${@D} ${GPG} --recv-keys ${keyid} &>/dev/null printf 'minimize\nquit\ny\n' | ${GPG} --command-fd 0 --edit-key ${keyid} #${GPG} --yes --lsign-key ${keyid} &>/dev/null printf 'y\ny\n' | ${GPG} --command-fd 0 --lsign-key ${keyid} &>/dev/null ${GPG} --armor --no-emit-version --export ${keyid} > $@ -output/cache/pacman-keyring/keys/secondary/%.asc: hackers.yml bin/get-pgp-keyid output/cache/pacman-keyring/stamp.ownertrust +output/cache/pacman-keyring/keys/secondary/%.asc: output/cache/pacman-keyring/stamp.ownertrust ${MKDIRS} ${@D} ${GPG} --recv-keys ${keyid} &>/dev/null printf 'clean\nquit\ny\n' | ${GPG} --command-fd 0 --edit-key ${keyid} ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:' # make sure it is trusted ${GPG} --armor --no-emit-version --export ${keyid} > $@ -output/cache/pacman-keyring/keys/revoked/%.asc: hackers.yml bin/get-pgp-keyid output/cache/pacman-keyring/stamp.ownertrust +output/cache/pacman-keyring/keys/revoked/%.asc: output/cache/pacman-keyring/stamp.ownertrust ${MKDIRS} ${@D} ${GPG} --recv-keys ${keyid} &>/dev/null printf 'clean\nquit\ny\n' | ${GPG} --command-fd 0 --edit-key ${keyid} -- cgit v1.2.3