blob: 498882292f1aaa149899abb9966ca4490237f4e0 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
TRUSTED-LIST := $(patsubst active-keys/add-%,trusted.gpg/jadupc-archive-%.gpg,$(wildcard active-keys/add-*))
TMPRING := trusted.gpg/build-area
GPG_OPTIONS := --no-options --no-default-keyring --no-auto-check-trustdb --trustdb-name ./trustdb.gpg
build: verify-indices keyrings/jadupc-archive-keyring.gpg verify-results $(TRUSTED-LIST)
verify-indices: keyrings/team-members.gpg
gpg ${GPG_OPTIONS} \
--keyring keyrings/team-members.gpg \
--verify active-keys/index.gpg active-keys/index
verify-results: keyrings/team-members.gpg keyrings/jadupc-archive-keyring.gpg
gpg ${GPG_OPTIONS} \
--keyring keyrings/team-members.gpg --verify \
keyrings/jadupc-archive-keyring.gpg.asc \
keyrings/jadupc-archive-keyring.gpg
#FIXME: Do we need to verify the created keyrings in trusted.gpg.d, too?
# Maybe "just" checking that no key is added if we merge, but how…
keyrings/jadupc-archive-keyring.gpg: active-keys/index
jetring-build -I $@ active-keys
gpg ${GPG_OPTIONS} --no-keyring --import-options import-export --import < $@ > $@.tmp
mv -f $@.tmp $@
keyrings/team-members.gpg: team-members/index
jetring-build -I $@ team-members
gpg ${GPG_OPTIONS} --no-keyring --import-options import-export --import < $@ > $@.tmp
mv -f $@.tmp $@
$(TRUSTED-LIST) :: trusted.gpg/jadupc-archive-%.gpg : active-keys/add-% active-keys/index
mkdir -p $(TMPRING) trusted.gpg
grep -F $(shell basename $<) -- active-keys/index > $(TMPRING)/index
cp $< $(TMPRING)
jetring-build -I $@ $(TMPRING)
rm -rf $(TMPRING)
gpg ${GPG_OPTIONS} --no-keyring --import-options import-export --import < $@ > $@.tmp
mv -f $@.tmp $@
clean:
rm -f keyrings/jadupc-archive-keyring.gpg \
keyrings/jadupc-archive-keyring.gpg~ \
keyrings/jadupc-archive-keyring.gpg.lastchangeset
rm -f keyrings/team-members.gpg \
keyrings/team-members.gpg~ \
keyrings/team-members.gpg.lastchangeset
rm -rf $(TMPRING) trusted.gpg trustdb.gpg
rm -f keyrings/*.cache
install: build
install -d $(DESTDIR)/usr/share/keyrings/
cp trusted.gpg/jadupc-archive-*.gpg $(DESTDIR)/usr/share/keyrings/
cp keyrings/jadupc-archive-keyring.gpg $(DESTDIR)/usr/share/keyrings/
install -d $(DESTDIR)/etc/apt/trusted.gpg.d/
cp $(shell find trusted.gpg/ -name '*.gpg' -type f) $(DESTDIR)/etc/apt/trusted.gpg.d/
.PHONY: verify-indices verify-results clean build install
|
