Draft: commitpkg: add -k option to disable PGP key export
During automated mass rebuilds, requiring all defined validpgpkeys to be
present is impractical. Provide a -k
option to disable this as needed.
Merge request reports
Activity
@anthraxx How do you feel about this? I haven't fully verified that it works; would be good to have a yay or nay regarding the approach first.
️@foutrelis I totally understand the use case and that we need to find some way to tackle it. I see this as a last resort way, as having support for such an option will automatically lead to potential misuse of regular packagers
Let me think about 1-2 ways if I can find a simple way to mass add the keys for all packages and create a TODO list for the remaining ones where the automation would not be able to find the keys. If we can't find a sane way to mass add them anytime soon, I'll happily pull this in for a temporary amount of time. Does this sound good?
added scoperegression label
That is indeed a better long-term solution and it seems to work great too!
Ran this inside */trunk of full SVN checkouts of packages and community:
#!/bin/bash set -e . PKGBUILD for key in "${validpgpkeys[@]}"; do [[ -f keys/pgp/$key.asc ]] && continue gpg --list-keys $key >/dev/null || gpg --recv-keys $key || : done for key in "${validpgpkeys[@]}"; do if [[ ! -f keys/pgp/$key.asc ]]; then if ! export-pkgbuild-keys; then svn status | grep '^?' | awk '{print $2}' | xargs rm -r || : touch nokeys exit 1 fi fi done
It appears to have been able to export 407 and 695 keys with only 3 and 6 failures respectively:
svn-packages]$ svn status | wc -l; svn status | grep -c nokeys 410 3 svn-community]$ svn status | wc -l; svn status | grep -c nokeys 701 6
Almost all missing keys added in:
- https://github.com/archlinux/svntogit-packages/commit/93d5f6f3817bbcd4efbc84597bceca7eb82cceef
- https://github.com/archlinux/svntogit-community/commit/7587a46fbcd182041920f1271cdd86ca58004ab6
Todo for the remaining 9 packages: https://archlinux.org/todo/unexportable-pgp-keys/
My mass rebuilder should no longer choke on commitpkg trying to export keys (I think!).
@anthraxx Cheers for the excellent idea!