mirror of
https://github.com/ben-grande/qusal.git
synced 2025-02-25 01:09:59 -05:00
fc22726ee8
Passing files to Dom0 is always dangerous: - Passing a git repository is dangerous as it can have ignored modified files and signature verification will pass. - Passing an archive is troublesome for updates. - Passing an RPM package depends on the RPM verification to be correct, some times it is not. - Passing a RPM repository definition is less troublesome for the user, as it is a small file to verify the contents and update mechanism is via the package manager. Trust in RPM verification is still required. Many improvements were made to the build scripts: - requires-program: Single function to check if program is installed; - spec-get: Sort project names for the usage message; - spec-get: Only running commands that are necessary; - spec-get: Fix empty summary when readme has copyright header; - spec-gen: Fix grep warning of escaped symbol; - spec-build: Sign RPM and verify signature; - spec-build: Only lint the first SPEC for faster runtime; - yumrepo-gen: Generate a local yum repository with signed metadata; - qubesbuilder-gen: Generate a .qubesbuilder based on tracked projects; - release: Build, sign and push all RPMs to repository. Goal is to be able to build with qubes-builderv2 Qubes Executor. For: https://github.com/ben-grande/qusal/issues/37
37 lines
1.3 KiB
Bash
Executable File
37 lines
1.3 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
## SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
|
|
##
|
|
## SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
set -eu
|
|
|
|
template=".qubesbuilder.template"
|
|
target=".qubesbuilder"
|
|
intended_target="${target}"
|
|
if test "${1-}" = "test"; then
|
|
tmpdir="$(mktemp -d)"
|
|
target="${tmpdir}/.qubesbuilder"
|
|
trap 'rm -rf -- "${tmpdir}"' EXIT INT HUP QUIT ABRT
|
|
fi
|
|
ignored="$(git ls-files --exclude-standard --others --ignored)"
|
|
untracked="$(git ls-files --exclude-standard --others)"
|
|
unwanted="$(echo "${ignored}" "${untracked}" | grep "^salt/" \
|
|
| cut -d "/" -f2 | sort -u)"
|
|
group="$(./scripts/spec-get.sh dom0 group)"
|
|
projects="$(find salt/ -mindepth 1 -maxdepth 1 -type d \
|
|
| sort -d | sed "s|^salt/\(\S\+\)| - rpm_spec/${group}-\1.spec|")"
|
|
for unwanted_project in ${unwanted}; do
|
|
projects="$(echo "${projects}" | sed "\@rpm_spec/${group}-${unwanted_project}.spec@d")"
|
|
done
|
|
|
|
sed -e "/@SPEC@/d" "${template}" | tee "${target}" >/dev/null
|
|
echo "${projects}" | tee -a "${target}" >/dev/null
|
|
if test "${1-}" = "test"; then
|
|
if ! cmp -s "${target}" "${intended_target}"; then
|
|
echo "${0##*/}: error: File ${intended_target} is not up to date" >&2
|
|
echo "${0##*/}: error: Please run '${0##/*}' to update the file" >&2
|
|
exit 1
|
|
fi
|
|
fi
|