diff options
-rw-r--r-- | config.local.parabola | 6 | ||||
-rwxr-xr-x | cron-jobs/make_repo_torrents | 70 | ||||
-rw-r--r-- | db-functions | 1 | ||||
-rwxr-xr-x | db-list-unsigned-packages.py | 40 | ||||
-rwxr-xr-x | db-update | 15 | ||||
-rwxr-xr-x | make_individual_torrent | 52 |
6 files changed, 176 insertions, 8 deletions
diff --git a/config.local.parabola b/config.local.parabola index 2c52977..b96f801 100644 --- a/config.local.parabola +++ b/config.local.parabola @@ -1,7 +1,11 @@ PKGREPOS=( + # Main repos libre{,-testing} libre-multilib{,-testing} - pcr kernels cross java nonprism + # Community project repos + {nonsystemd,nonprism}{,-testing} + pcr kernels cross java + # User repos '~smv' '~xihh' '~brendan' '~lukeshu' '~emulatorman' '~aurelien' '~jorginho' '~coadde' '~drtan' ) PKGPOOL='pool/parabola' diff --git a/cron-jobs/make_repo_torrents b/cron-jobs/make_repo_torrents new file mode 100755 index 0000000..fc723f1 --- /dev/null +++ b/cron-jobs/make_repo_torrents @@ -0,0 +1,70 @@ +#! /bin/bash +# Copyright (C) 2014 Joseph Graham <joseph@t67.eu> +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# This script finds any updated packages and calls +# `make_indivudual_torrent' for each of them. + +username=$( id -un ) + +case "${username}" in + repo | root ) + true + ;; + * ) + echo "This script must be run as repo user or root user." + echo "ByeBye!" + exit 1 + ;; +esac + +# pacman doesn't support multiple different packages of the same name, +# so it's OK to just stuff all the torrents into a single directory. +script_directory="$(dirname "$(readlink -e "$0")")/.." +. "$(dirname "$(readlink -e "$0")")/../config" +public_location="$FTP_BASE/" +torrent_location="$FTP_BASE/torrents/" + +cd "${torrent_location}" + +# Find any directories that might have packages in then +find "${public_location}" -name 'os' -type 'd' | +while read dir +do + # Find any packages + find "${dir}" -name '*\.pkg\.tar\.xz' | + while read pkg + do + pkg_name="${pkg##*/}" + + if [[ -h "${pkg}" ]] # check if it's a symbolic link + then + # We get the target of the symlink + pkg=$( readlink -f "${pkg}" ) + fi + + # If a .torrent file does not already exist for this package, we call + # `make_individual_torrent' to make it. + if ! [[ -f "${torrent_location}${pkg_name}.torrent" ]] + then + "$script_directory/make_individual_torrent" "${pkg}" "${public_location}" + fi + done +done + +if [[ "${username}" == root ]] +then + chown repo * +fi diff --git a/db-functions b/db-functions index 1febb12..c1bf6e8 100644 --- a/db-functions +++ b/db-functions @@ -83,6 +83,7 @@ cleanup() { if (( REPO_MODIFIED )); then date +%s > "${FTP_BASE}/lastupdate" + date -u +%s > "${FTP_BASE}/lastsync" fi [ "$1" ] && exit "$1" diff --git a/db-list-unsigned-packages.py b/db-list-unsigned-packages.py index 36be93a..80cff51 100755 --- a/db-list-unsigned-packages.py +++ b/db-list-unsigned-packages.py @@ -21,23 +21,35 @@ unsigned packages in the database at standard input of repo named in the first argument and specified for architectures listed in the following arguments (usually the one of the database or any, default is to list all). + +If the --keyset argument is passed, print the key fingerprint of every +signed package. """ +import base64 +import subprocess import sys import tarfile def main(): """Do the job.""" + check_keys = False + if "--keyset" in sys.argv: + sys.argv.remove("--keyset") + check_keys = True repo = sys.argv[1] pkgarches = frozenset(name.encode("utf-8") for name in sys.argv[2:]) + packages = [] + keys = [] with tarfile.open(fileobj=sys.stdin.buffer) as archive: for entry in archive: if entry.name.endswith("/desc"): content = archive.extractfile(entry) skip = False is_arch = False + key = None for line in content: if is_arch: is_arch = False @@ -46,12 +58,38 @@ def main(): break if line == b"%PGPSIG%\n": skip = True # signed - break + key = b"" + if check_keys: + continue + else: + break if line == b"%ARCH%\n": is_arch = True + continue + if key is not None: + if line.strip(): + key += line.strip() + else: + break + if check_keys and key: + key_binary = base64.b64decode(key) + keys.append(key_binary) + packages.append(repo + "/" + entry.name[:-5]) if skip: continue print(repo + "/" + entry.name[:-5]) + if check_keys and keys: + # We have collected all signed package names in packages and + # all keys in keys. Let's now ask gpg to list all signatures + # and find which keys made them. + packets = subprocess.check_output(("gpg", "--list-packets"), + input=b"".join(keys)) + i = 0 + for line in packets.decode("latin1").split("\n"): + if line.startswith(":signature packet:"): + keyid = line[line.index("keyid ") + len("keyid "):] + print(packages[i], keyid) + i += 1 if __name__ == "__main__": @@ -3,7 +3,10 @@ . "$(dirname "$(readlink -e "$0")")/config" . "$(dirname "$(readlink -e "$0")")/db-functions" -shopt -s nullglob +if [[ $STAGING = *luke* ]]; then + set -x + PKGEXT='.pkg.tar.?z' +fi if [ $# -ge 1 ]; then warning "Calling %s with a specific repository is no longer supported" "${0##*/}" @@ -32,11 +35,11 @@ done # check if packages are valid for repo in "${repos[@]}"; do + if ! check_repo_permission "${repo}"; then + die "You don't have permission to update packages in %s" "${repo}" + fi pkgs=($(getpkgfiles "${STAGING}/${repo}/"*${PKGEXT})) if [ $? -eq 0 ]; then - if [ ${#pkgs[@]} -gt 0 ] && ! check_repo_permission "${repo}"; then - die "You don't have permission to update packages in %s" "${repo}" - fi for pkg in "${pkgs[@]}"; do if [ -h "${pkg}" ]; then die "Package %s is a symbolic link" "${repo}/${pkg##*/}" @@ -100,10 +103,10 @@ done cd "${STAGING}" while read -r file; do pub="${FTP_BASE}/${file}" - if [[ -f $pub ]]; then + if [[ -f "$pub" ]]; then warning "file already exists: %s" "${file}" else mkdir -p -- "${pub%/*}" mv -vn "$file" "$pub" fi -done < <(find other sources -type f) +done < <(find other sources -type f 2>/dev/null) diff --git a/make_individual_torrent b/make_individual_torrent new file mode 100755 index 0000000..e5b7d8c --- /dev/null +++ b/make_individual_torrent @@ -0,0 +1,52 @@ +#! /bin/bash +# Copyright (C) 2014 Joseph Graham <joseph@t67.eu> +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# This script is called by `make_repo_torrents' to make a torrent. It +# depends on `mktorrent'. It takes the following args: +# $1 - path of package +# $2 - public location + +# Comma seperated list of trackers, no spaces +# t67.eu is run by Xylon, hackcoop by fauno & friends +trackers='http://t67.eu:6969/announce,http://tracker.hackcoop.com.ar/announce' + +# This mirror is put as a webseed. Which mirror we use for a webseed +# doesn't really matter since it's re-written on the client machine by +# pacman2pacman so it won't normally be used anyway. +seed_url='http://repo.parabolagnulinux.org/' + +if [[ -z "${1}" ]] +then + echo "Error. First arg must be the path of the package." + echo 1 +fi + +if [[ -z "${2}" ]] +then + echo "Error. Second arg must be the public location." + echo 1 +fi + +pkg="${1}" +public_location="${2}" + +pkg_name="${pkg##*/}" + +# URL of the actual package for the webseed +webseed="${seed_url}${pkg#${public_location}}" + +mktorrent -a "${trackers}" "${pkg}" -w "${webseed}" >/dev/null || +echo "Error making torrent for \"${pkg}\"" |