From 7be3afb15c58823b95bc2ba1f21bced8e813e5ea Mon Sep 17 00:00:00 2001
From: Christian Heusel <christian@heusel.eu>
Date: Sat, 1 Feb 2025 00:43:41 +0100
Subject: [PATCH] gluebuddy: Move from sq to rsop

The sequoia cli once again changed their interface, therefore port this
to the (somewhat guaranteed to be) stable sops interface.

Suggested-by: David Runge <dvzrv@archlinux.org>
Signed-off-by: Christian Heusel <christian@heusel.eu>
---
 roles/gluebuddy/files/gluebuddy_download.sh | 11 +----------
 roles/gluebuddy/tasks/main.yml              |  4 ++--
 2 files changed, 3 insertions(+), 12 deletions(-)

diff --git a/roles/gluebuddy/files/gluebuddy_download.sh b/roles/gluebuddy/files/gluebuddy_download.sh
index 4eeeace4b..6248f41e7 100755
--- a/roles/gluebuddy/files/gluebuddy_download.sh
+++ b/roles/gluebuddy/files/gluebuddy_download.sh
@@ -40,16 +40,7 @@ do
   curl --silent --show-error --fail --location --remote-name "$i"
 done
 
-for uid in "${TRUSTED_UIDs[@]}"; do
-	sq network wkd fetch "${uid}"
-done
-
-for fp in "${TRUSTED_KEYS[@]}"; do
-	sq pki link add --all "${fp}"
-done
-
-sq verify --signer-cert "${TRUSTED_KEYS[0]}" --detached ${NAME}.sig ${NAME} || \
-	sq verify --signer-cert "${TRUSTED_KEYS[1]}" --detached ${NAME}.sig ${NAME}
+rsop verify "${NAME}.sig" <(pacman-key --export "${TRUSTED_KEYS[@]}") < "${NAME}"
 
 mv ${NAME} /usr/local/bin/${NAME}
 chmod +x /usr/local/bin/${NAME}
diff --git a/roles/gluebuddy/tasks/main.yml b/roles/gluebuddy/tasks/main.yml
index 7722f0aea..db053b87b 100644
--- a/roles/gluebuddy/tasks/main.yml
+++ b/roles/gluebuddy/tasks/main.yml
@@ -1,5 +1,5 @@
-- name: Install sequoia
-  pacman: name=sequoia-sq state=present
+- name: Install rsop
+  pacman: name=rsop state=present
 
 - name: Install systemd service/timer
   copy: src={{ item }} dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
-- 
GitLab