claude-noether/marfrit-packages
1
0
Fork 0
forked from marfrit/marfrit-packages
Code Pull Requests Activity

ci: accept any pkg.tar.* extension, configure gpg for repo-add

Browse Source 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Markus Fritsche
2026-04-14 19:42:19 +00:00
parent 0fda1c47ea
commit b9bfad146f
1 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/build.yml
+19 -7
View File
@@ -54,13 +54,14 @@ jobs:
chown -R builder:builder /tmp/build-distcc-avahi chown -R builder:builder /tmp/build-distcc-avahi
cd /tmp/build-distcc-avahi cd /tmp/build-distcc-avahi
sudo -u builder -H makepkg --nocheck --noconfirm --syncdeps --cleanbuild sudo -u builder -H makepkg --nocheck --noconfirm --syncdeps --cleanbuild
ls -la *.pkg.tar.zst ls -la *.pkg.tar.* | grep -v "\.sig$"
- name: sign package - name: sign package
run: | run: |
set -e set -e
cd /tmp/build-distcc-avahi cd /tmp/build-distcc-avahi
for f in *.pkg.tar.zst; do for f in *.pkg.tar.xz *.pkg.tar.zst *.pkg.tar.gz; do
[ -f "$f" ] || continue
gpg --batch --pinentry-mode loopback --passphrase-file /root/repo_pass \ gpg --batch --pinentry-mode loopback --passphrase-file /root/repo_pass \
--detach-sign --yes -u 92D5E96D8F63C75E4116AA1FF5C8C4603D0D250C "$f" --detach-sign --yes -u 92D5E96D8F63C75E4116AA1FF5C8C4603D0D250C "$f"
done done
@@ -75,13 +76,24 @@ jobs:
curl -sSL https://packages.reauktion.de/arch/aarch64/marfrit.db.tar.gz -o marfrit.db.tar.gz || true curl -sSL https://packages.reauktion.de/arch/aarch64/marfrit.db.tar.gz -o marfrit.db.tar.gz || true
curl -sSL https://packages.reauktion.de/arch/aarch64/marfrit.files.tar.gz -o marfrit.files.tar.gz || true curl -sSL https://packages.reauktion.de/arch/aarch64/marfrit.files.tar.gz -o marfrit.files.tar.gz || true
# move freshly built package(s) in # move freshly built package(s) in
mv /tmp/build-distcc-avahi/*.pkg.tar.zst . for ext in xz zst gz; do
mv /tmp/build-distcc-avahi/*.pkg.tar.zst.sig . ls /tmp/build-distcc-avahi/*.pkg.tar.$ext 2>/dev/null && \
mv /tmp/build-distcc-avahi/*.pkg.tar.$ext /tmp/build-distcc-avahi/*.pkg.tar.$ext.sig .
done || true
# regenerate the db, signing it with our key # regenerate the db, signing it with our key
GPG_TTY= \ export GPG_TTY=""
GNUPGHOME=/root/.gnupg \ export GNUPGHOME=/root/.gnupg
# repo-add wants explicit passphrase; wrap via gpg-agent loopback
cat > /root/.gnupg/gpg.conf <<EOF
pinentry-mode loopback
passphrase-file /root/repo_pass
EOF
cat > /root/.gnupg/gpg-agent.conf <<EOF
allow-loopback-pinentry
EOF
gpg-connect-agent reloadagent /bye
repo-add --new --sign --key 92D5E96D8F63C75E4116AA1FF5C8C4603D0D250C \ repo-add --new --sign --key 92D5E96D8F63C75E4116AA1FF5C8C4603D0D250C \
--verify marfrit.db.tar.gz *.pkg.tar.zst --verify marfrit.db.tar.gz *.pkg.tar.*
# refresh "unversioned" symlinks expected by pacman # refresh "unversioned" symlinks expected by pacman
ln -sf marfrit.db.tar.gz marfrit.db ln -sf marfrit.db.tar.gz marfrit.db
ln -sf marfrit.files.tar.gz marfrit.files ln -sf marfrit.files.tar.gz marfrit.files