sergiotarxz/termux-packages
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fast-build mode: do not rely on gpg when verifying metadata

Browse Source 
If previous build create metadata generation job, the repository will be left in
unsigned state for up to 5-20 seconds. We cannot do anything with this as how
Bintray works. When this case happens, signature checks will fail causing build
failure.

See https://gitlab.com/termux-mirror/termux-packages/-/jobs/175356747.

For now, gpg checks are permanently disabled. When a better solution will be
found, feel free to revert this commit.
This commit is contained in:
Leonid Pliushch 2019-03-11 17:51:42 +02:00
parent 0d6a96818b
commit 9ca57fbef1
1 changed files with 3 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
scripts/build/termux_get_repo_files.sh
View File

@ -17,24 +17,12 @@ termux_get_repo_files() {
rm -f /data/data/.built-packages/*
fi
# Import signing keys from files
gpg --import ${TERMUX_REPO_SIGNING_KEYS}
for idx in $(seq ${#TERMUX_REPO_URL[@]}); do
local TERMUX_REPO_NAME=$(echo ${TERMUX_REPO_URL[$idx-1]} | sed -e 's%https://%%g' -e 's%http://%%g' -e 's%/%-%g')
local FILE_PREFIX=${TERMUX_COMMON_CACHEDIR}/${TERMUX_REPO_NAME}-${TERMUX_REPO_DISTRIBUTION[$idx-1]}
curl --fail -L "${TERMUX_REPO_URL[$idx-1]}/dists/${TERMUX_REPO_DISTRIBUTION[$idx-1]}/InRelease" -o ${FILE_PREFIX}-InRelease \
|| curl --fail -L "${TERMUX_REPO_URL[$idx-1]}/dists/${TERMUX_REPO_DISTRIBUTION[$idx-1]}/Release.gpg" -o ${FILE_PREFIX}-Release.gpg \
&& curl --fail -L "${TERMUX_REPO_URL[$idx-1]}/dists/${TERMUX_REPO_DISTRIBUTION[$idx-1]}/Release" -o ${FILE_PREFIX}-Release \
|| termux_error_exit "Download of InRelease and Release.gpg from ${TERMUX_REPO_URL[$idx-1]}/dists/${TERMUX_REPO_DISTRIBUTION[$idx-1]} failed"
local RELEASE_FILE=${TERMUX_COMMON_CACHEDIR}/${TERMUX_REPO_NAME}-${TERMUX_REPO_DISTRIBUTION[$idx-1]}-Release
if [ -f ${TERMUX_COMMON_CACHEDIR}/${TERMUX_REPO_NAME}-${TERMUX_REPO_DISTRIBUTION[$idx-1]}-InRelease ]; then
local RELEASE_FILE=${TERMUX_COMMON_CACHEDIR}/${TERMUX_REPO_NAME}-${TERMUX_REPO_DISTRIBUTION[$idx-1]}-InRelease
gpg --verify $RELEASE_FILE
else
local RELEASE_FILE=${TERMUX_COMMON_CACHEDIR}/${TERMUX_REPO_NAME}-${TERMUX_REPO_DISTRIBUTION[$idx-1]}-Release
gpg --verify ${RELEASE_FILE}.gpg $RELEASE_FILE
fi
curl --fail -L "${TERMUX_REPO_URL[$idx-1]}/dists/${TERMUX_REPO_DISTRIBUTION[$idx-1]}/Release" -o $RELEASE_FILE \
|| termux_error_exit "Download of InRelease and Release.gpg from ${TERMUX_REPO_URL[$idx-1]}/dists/${TERMUX_REPO_DISTRIBUTION[$idx-1]} failed"
for arch in all $TERMUX_ARCH; do
local PACKAGES_HASH=$(./scripts/get_hash_from_file.py ${RELEASE_FILE} $arch ${TERMUX_REPO_COMPONENT[$idx-1]})