From 9ca57fbef1d0d12125b7264211c7406f4989feb3 Mon Sep 17 00:00:00 2001
From: Leonid Pliushch <leonid.pliushch@gmail.com>
Date: Mon, 11 Mar 2019 17:51:42 +0200
Subject: [PATCH] fast-build mode: do not rely on gpg when verifying metadata

If previous build create metadata generation job, the repository will be left in
unsigned state for up to 5-20 seconds. We cannot do anything with this as how
Bintray works. When this case happens, signature checks will fail causing build
failure.

See https://gitlab.com/termux-mirror/termux-packages/-/jobs/175356747.

For now, gpg checks are permanently disabled. When a better solution will be
found, feel free to revert this commit.
---
 scripts/build/termux_get_repo_files.sh | 18 +++---------------
 1 file changed, 3 insertions(+), 15 deletions(-)

diff --git a/scripts/build/termux_get_repo_files.sh b/scripts/build/termux_get_repo_files.sh
index f9f4028da..f688ed846 100644
--- a/scripts/build/termux_get_repo_files.sh
+++ b/scripts/build/termux_get_repo_files.sh
@@ -17,24 +17,12 @@ termux_get_repo_files() {
 			rm -f /data/data/.built-packages/*
 		fi
 
-		# Import signing keys from files
-		gpg --import ${TERMUX_REPO_SIGNING_KEYS}
-
 		for idx in $(seq ${#TERMUX_REPO_URL[@]}); do
 			local TERMUX_REPO_NAME=$(echo ${TERMUX_REPO_URL[$idx-1]} | sed -e 's%https://%%g' -e 's%http://%%g' -e 's%/%-%g')
-			local FILE_PREFIX=${TERMUX_COMMON_CACHEDIR}/${TERMUX_REPO_NAME}-${TERMUX_REPO_DISTRIBUTION[$idx-1]}
-			curl --fail -L "${TERMUX_REPO_URL[$idx-1]}/dists/${TERMUX_REPO_DISTRIBUTION[$idx-1]}/InRelease" -o ${FILE_PREFIX}-InRelease \
-			    || curl --fail -L "${TERMUX_REPO_URL[$idx-1]}/dists/${TERMUX_REPO_DISTRIBUTION[$idx-1]}/Release.gpg" -o ${FILE_PREFIX}-Release.gpg \
-			    && curl --fail -L "${TERMUX_REPO_URL[$idx-1]}/dists/${TERMUX_REPO_DISTRIBUTION[$idx-1]}/Release" -o ${FILE_PREFIX}-Release \
-			    || termux_error_exit "Download of InRelease and Release.gpg from ${TERMUX_REPO_URL[$idx-1]}/dists/${TERMUX_REPO_DISTRIBUTION[$idx-1]} failed"
+			local RELEASE_FILE=${TERMUX_COMMON_CACHEDIR}/${TERMUX_REPO_NAME}-${TERMUX_REPO_DISTRIBUTION[$idx-1]}-Release
 
-			if [ -f ${TERMUX_COMMON_CACHEDIR}/${TERMUX_REPO_NAME}-${TERMUX_REPO_DISTRIBUTION[$idx-1]}-InRelease ]; then
-				local RELEASE_FILE=${TERMUX_COMMON_CACHEDIR}/${TERMUX_REPO_NAME}-${TERMUX_REPO_DISTRIBUTION[$idx-1]}-InRelease
-				gpg --verify $RELEASE_FILE
-			else
-				local RELEASE_FILE=${TERMUX_COMMON_CACHEDIR}/${TERMUX_REPO_NAME}-${TERMUX_REPO_DISTRIBUTION[$idx-1]}-Release
-				gpg --verify ${RELEASE_FILE}.gpg $RELEASE_FILE
-			fi
+			curl --fail -L "${TERMUX_REPO_URL[$idx-1]}/dists/${TERMUX_REPO_DISTRIBUTION[$idx-1]}/Release" -o $RELEASE_FILE \
+			    || termux_error_exit "Download of InRelease and Release.gpg from ${TERMUX_REPO_URL[$idx-1]}/dists/${TERMUX_REPO_DISTRIBUTION[$idx-1]} failed"
 
 			for arch in all $TERMUX_ARCH; do
 				local PACKAGES_HASH=$(./scripts/get_hash_from_file.py ${RELEASE_FILE} $arch ${TERMUX_REPO_COMPONENT[$idx-1]})