Commit 84dc662d authored by Allan McRae's avatar Allan McRae
Browse files

makepkg: add source signing PGP keys to source package if available



Arch Linux is adding source signing PGP keys to their package source
tree alongside PKGBUILDs in the form keys/pgp/$fingerprint.asc. As the
PGP keyserver infrastructure is a mess, this helps other people validate
sources in a PKGBUILD.

Add the keys to source packages if found alongside the PKGBUILD.
Signed-off-by: Allan McRae's avatarAllan McRae <allan@archlinux.org>
parent fdf04cda
Pipeline #19655 failed with stage
in 1 minute and 12 seconds
......@@ -705,6 +705,16 @@ create_srcpackage() {
done
pkgname=(${pkgname_backup[@]})
# add a copy of source PGP signing public keys if availabe in keys/pgp/<fingerprint>.asc
local key
for key in ${validpgpkeys[@]}; do
if [[ -f keys/pgp/$key.asc ]]; then
mkdir -p "${srclinks}/${pkgbase}/keys/pgp/"
ln -s "${startdir}/keys/pgp/$key.asc" "${srclinks}/${pkgbase}/keys/pgp/"
fi
done
local fullver=$(get_full_version)
local pkg_file="$SRCPKGDEST/${pkgbase}-${fullver}${SRCEXT}"
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment