[arch-commits] Commit in lib32-systemd/trunk (PKGBUILD gnupg-keys.gpg)

Fri Jun 1 11:08:21 UTC 2018

Date: Friday, June 1, 2018 @ 11:08:21
  Author: eworm
Revision: 335964

use pacman's git source verification

Modified:
  lib32-systemd/trunk/PKGBUILD
Deleted:
  lib32-systemd/trunk/gnupg-keys.gpg

----------+
 PKGBUILD |   44 ++++++--------------------------------------
 1 file changed, 6 insertions(+), 38 deletions(-)

Modified: PKGBUILD
===================================================================

--- PKGBUILD	2018-06-01 11:07:53 UTC (rev 335963)
+++ PKGBUILD	2018-06-01 11:08:21 UTC (rev 335964)
@@ -23,12 +23,11 @@
 options=('strip')
 validpgpkeys=('63CDA1E5D3FC22B998D20DD6327F26951A015CC4'  # Lennart Poettering <lennart at poettering.net>
               '5C251B5FC54EB2F80F407AAAC54CA336CFEB557E') # Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
-source=('git+https://github.com/systemd/systemd-stable'
-        'git+https://github.com/systemd/systemd'
-        'gnupg-keys.gpg')
+source=(# fragment is latest tag for source verification, final checkout in prepare()
+        "git+https://github.com/systemd/systemd-stable#tag=v${pkgver%.*}?signed"
+        "git+https://github.com/systemd/systemd#tag=v${pkgver%.*}?signed")
 sha512sums=('SKIP'
-            'SKIP'
-            '42dcacfa0b0c68b04267446d2c360e508dab13f06c07506f46632b19fca0561c27bb5813cd916f7d28b53f853f7197f721c1a02aacd7a3cc8d8742bb6a393cff')
+            'SKIP')
 
 _backports=(
 )
@@ -36,41 +35,12 @@
 _reverts=(
 )
 
-_validate_tag() (
-  local success fingerprint trusted status tag=v${pkgver%.*}
-
-  cd "$srcdir/$_pkgbasename-stable"
-  parse_gpg_statusfile /dev/stdin < <(git verify-tag --raw "$tag" 2>&1)
-
-  if (( ! success )); then
-    error 'failed to validate tag %s\n' "$tag"
-    return 1
-  fi
-
-  if ! in_array "$fingerprint" "${validpgpkeys[@]}" && (( ! trusted )); then
-    error 'unknown or untrusted public key: %s\n' "$fingerprint"
-    return 1
-  fi
-
-  case $status in
-    'expired')
-      warning 'the signature has expired'
-      ;;
-    'expiredkey')
-      warning 'the key has expired'
-      ;;
-  esac
-
-  return 0
-)
-
 prepare() {
   cd "$_pkgbasename-stable"
 
-  # import gpg keys for verification
-  gpg --import ../gnupg-keys.gpg
-
+  # add upstream repository for cherry-picking
   git remote add -f upstream ../systemd
+  # # checkout the latest stable commit
   git checkout "$_commit"
 
   local c
@@ -93,8 +63,6 @@
 }
 
 build() {
-  _validate_tag || return
-
   export CC="gcc -m32"
   export CXX="g++ -m32"
   export PKG_CONFIG_PATH="/usr/lib32/pkgconfig"

Deleted: gnupg-keys.gpg
===================================================================
(Binary files differ)

