scripts_archlinux: implemented AUR package verification

11 years ago · ee5c564c64
parent 2478ad1b9d
commit ee5c564c64
8 changed files with 55 additions and 9 deletions
--- a/scripts_archlinux/04_install_qubes.sh
+++ b/scripts_archlinux/04_install_qubes.sh
@ -3,18 +3,20 @@
 echo "Mounting archlinux install system into archlinux_dvd..."
 sudo mount root-image.fs archlinux_dvd

-echo $INSTALLDIR
-echo "--> Installing yaourt make dependencies..."
-sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR sh -c 'pacman -S --asdeps binutils yajl gcc make'
+echo "--> Installing make dependencies..."
+sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR sh -c 'pacman -S --asdeps --needed --noconfirm binutils yajl gcc make'

-echo "--> Installing yaourt..."
-sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR sh -c 'cd tmp && wget https://aur.archlinux.org/packages/pa/package-query/package-query.tar.gz && tar xzvf package-query.tar.gz && cd package-query && makepkg --asroot && pacman --noconfirm -U package-query-*.pkg.tar.xz'
-sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR sh -c 'cd tmp && wget https://aur.archlinux.org/packages/ya/yaourt/yaourt.tar.gz && tar xzvf yaourt.tar.gz && cd yaourt && makepkg --asroot && pacman --noconfirm -U yaourt-*.pkg.tar.xz'
+#echo "--> Installing yaourt..."
+#sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR sh -c 'cd tmp && wget https://aur.archlinux.org/packages/pa/package-query/package-query.tar.gz && tar xzvf package-query.tar.gz && cd package-query && makepkg --asroot && pacman --noconfirm -U package-query-*.pkg.tar.xz'
+#sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR sh -c 'cd tmp && wget https://aur.archlinux.org/packages/ya/yaourt/yaourt.tar.gz && tar xzvf yaourt.tar.gz && cd yaourt && makepkg --asroot && pacman --noconfirm -U yaourt-*.pkg.tar.xz'

 echo "--> Preparing build environment inside the chroot..."
 # Notes for qubes-vm-xen
 # Note: we need more ram for /tmp (at least 700M of disk space for compiling XEN because of the sources...)
 sudo sed 's:-t tmpfs -o mode=1777,strictatime,nodev,:-t tmpfs -o size=700M,mode=1777,strictatime,nodev,:' -i ./archlinux_dvd/usr/bin/arch-chroot
+sudo cp ./scripts_archlinux/build_package.sh $INSTALLDIR/etc/
+sudo cp ./scripts_archlinux/CF8D4BBE.pub $INSTALLDIR/etc/
+sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR sh -c "gpg --import /etc/CF8D4BBE.pub"

 # Note: Enable x86 repos
 su -c "echo '[multilib]' >> $INSTALLDIR/etc/pacman.conf"
@ -23,8 +25,20 @@ su -c "echo 'Include = /etc/pacman.d/mirrorlist' >> $INSTALLDIR/etc/pacman.conf"
 sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR sh -c "pacman -Sy"

 echo "--> Compiling and installing qubes-packages..."
-sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR sh -c "yaourt --noconfirm -S qubes-vm-xen"
-sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR sh -c "yaourt --noconfirm -S qubes-vm-core"
-sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR sh -c "yaourt --noconfirm -S qubes-vm-gui"
+sudo cp ./scripts_archlinux/qubes-vm-xen.tar.gz.sig $INSTALLDIR/etc/package.sig
+sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR bash /etc/build_package.sh qubes-vm-xen
+sudo cp ./scripts_archlinux/qubes-vm-core.tar.gz.sig $INSTALLDIR/etc/package.sig
+sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR bash /etc/build_package.sh qubes-vm-core
+sudo cp ./scripts_archlinux/qubes-vm-gui.tar.gz.sig $INSTALLDIR/etc/package.sig
+sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR bash /etc/build_package.sh qubes-vm-gui
+sudo cp ./scripts_archlinux/qubes-vm-kernel-modules.tar.gz.sig $INSTALLDIR/etc/package.sig
+sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR bash /etc/build_package.sh qubes-vm-kernel-modules
+
+echo "--> Updating template fstab file..."
+sudo su -c "echo '/dev/mapper/dmroot / ext4 defaults,noatime 1 1' >> $INSTALLDIR/etc/fstab"
+sudo su -c "echo '/dev/xvdb /rw ext4 defaults,noatime 1 2' >> $INSTALLDIR/etc/fstab"
+sudo su -c "echo '/dev/xvdc1 swap swap defaults 0 0' >> $INSTALLDIR/etc/fstab"
+sudo su -c "echo '/rw/home /home none noauto,bind,defaults 0 0' >> $INSTALLDIR/etc/fstab"
+sudo su -c "echo '/dev/xvdd /usr/lib/modules ext3 defaults,noatime 0 0' >> $INSTALLDIR/etc/fstab"

 sudo umount archlinux_dvd
--- a/scripts_archlinux/09_cleanup.sh
+++ b/scripts_archlinux/09_cleanup.sh
@ -11,6 +11,11 @@ sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR pacman --noconfirm -Rsc $cl
 # Clean pacman cache
 sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR pacman --noconfirm -Scc

+# Remove build data
+rm $INSTALLDIR/etc/build_package.sh
+rm $INSTALLDIR/etc/CF8D4BBE.pub
+rm $INSTALLDIR/etc/package.sig
+
 sudo umount archlinux_dvd

 #rm -f $INSTALLDIR/var/lib/rpm/__db.00* $INSTALLDIR/var/lib/rpm/.rpm.lock
--- a/scripts_archlinux/CF8D4BBE.pub
+++ b/scripts_archlinux/CF8D4BBE.pub
--- a/scripts_archlinux/build_package.sh
+++ b/scripts_archlinux/build_package.sh
@ -0,0 +1,27 @@
+#!/bin/bash
+
+cd /tmp
+mkdir build
+cd build
+
+wget "https://aur.archlinux.org/packages/qu/$1/$1.tar.gz" || exit
+
+gpg --verify "/etc/package.sig" "$1.tar.gz" || exit
+
+tar xzvf $1.tar.gz || exit
+cd "$1" || exit
+
+packages=`cat ./PKGBUILD | grep makedepends | cut -d '(' -f 2 | cut -d ')' -f 1`
+for package in $packages ; do
+ pacman -S --asdeps --noconfirm --needed $package
+done
+packages=`cat ./PKGBUILD | grep depends | cut -d '(' -f 2 | cut -d ')' -f 1`
+for package in $packages ; do
+ pacman -S --asdeps --noconfirm --needed $package
+done
+
+makepkg --asroot || exit
+
+pacman --noconfirm -U $1-*.pkg.tar.xz || exit
+
+
--- a/scripts_archlinux/qubes-vm-core.tar.gz.sig
+++ b/scripts_archlinux/qubes-vm-core.tar.gz.sig
--- a/scripts_archlinux/qubes-vm-gui.tar.gz.sig
+++ b/scripts_archlinux/qubes-vm-gui.tar.gz.sig
--- a/scripts_archlinux/qubes-vm-kernel-modules.tar.gz.sig
+++ b/scripts_archlinux/qubes-vm-kernel-modules.tar.gz.sig
--- a/scripts_archlinux/qubes-vm-xen.tar.gz.sig
+++ b/scripts_archlinux/qubes-vm-xen.tar.gz.sig