From ee5c564c64def9327394d87e81de5158e76b35e4 Mon Sep 17 00:00:00 2001
From: Olivier Medoc <o_medoc@yahoo.fr>
Date: Fri, 8 Feb 2013 15:32:38 +0100
Subject: [PATCH] scripts_archlinux: implemented AUR package verification

---
 scripts_archlinux/04_install_qubes.sh         |  32 +++++++++++++-----
 scripts_archlinux/09_cleanup.sh               |   5 +++
 scripts_archlinux/CF8D4BBE.pub                | Bin 0 -> 1206 bytes
 scripts_archlinux/build_package.sh            |  27 +++++++++++++++
 scripts_archlinux/qubes-vm-core.tar.gz.sig    | Bin 0 -> 287 bytes
 scripts_archlinux/qubes-vm-gui.tar.gz.sig     | Bin 0 -> 287 bytes
 .../qubes-vm-kernel-modules.tar.gz.sig        | Bin 0 -> 287 bytes
 scripts_archlinux/qubes-vm-xen.tar.gz.sig     | Bin 0 -> 287 bytes
 8 files changed, 55 insertions(+), 9 deletions(-)
 create mode 100644 scripts_archlinux/CF8D4BBE.pub
 create mode 100644 scripts_archlinux/build_package.sh
 create mode 100644 scripts_archlinux/qubes-vm-core.tar.gz.sig
 create mode 100644 scripts_archlinux/qubes-vm-gui.tar.gz.sig
 create mode 100644 scripts_archlinux/qubes-vm-kernel-modules.tar.gz.sig
 create mode 100644 scripts_archlinux/qubes-vm-xen.tar.gz.sig

diff --git a/scripts_archlinux/04_install_qubes.sh b/scripts_archlinux/04_install_qubes.sh
index 6b02b5c..2c8c4b6 100755
--- a/scripts_archlinux/04_install_qubes.sh
+++ b/scripts_archlinux/04_install_qubes.sh
@@ -3,18 +3,20 @@
 echo "Mounting archlinux install system into archlinux_dvd..."
 sudo mount root-image.fs archlinux_dvd
 
-echo $INSTALLDIR
-echo "--> Installing yaourt make dependencies..."
-sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR sh -c 'pacman -S --asdeps binutils yajl gcc make'
+echo "--> Installing make dependencies..."
+sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR sh -c 'pacman -S --asdeps --needed --noconfirm binutils yajl gcc make'
 
-echo "--> Installing yaourt..."
-sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR sh -c 'cd tmp && wget https://aur.archlinux.org/packages/pa/package-query/package-query.tar.gz && tar xzvf package-query.tar.gz && cd package-query && makepkg --asroot && pacman --noconfirm -U package-query-*.pkg.tar.xz'
-sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR sh -c 'cd tmp && wget https://aur.archlinux.org/packages/ya/yaourt/yaourt.tar.gz && tar xzvf yaourt.tar.gz && cd yaourt && makepkg --asroot && pacman --noconfirm -U yaourt-*.pkg.tar.xz'
+#echo "--> Installing yaourt..."
+#sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR sh -c 'cd tmp && wget https://aur.archlinux.org/packages/pa/package-query/package-query.tar.gz && tar xzvf package-query.tar.gz && cd package-query && makepkg --asroot && pacman --noconfirm -U package-query-*.pkg.tar.xz'
+#sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR sh -c 'cd tmp && wget https://aur.archlinux.org/packages/ya/yaourt/yaourt.tar.gz && tar xzvf yaourt.tar.gz && cd yaourt && makepkg --asroot && pacman --noconfirm -U yaourt-*.pkg.tar.xz'
 
 echo "--> Preparing build environment inside the chroot..."
 # Notes for qubes-vm-xen
 # Note: we need more ram for /tmp (at least 700M of disk space for compiling XEN because of the sources...)
 sudo sed 's:-t tmpfs -o mode=1777,strictatime,nodev,:-t tmpfs -o size=700M,mode=1777,strictatime,nodev,:' -i ./archlinux_dvd/usr/bin/arch-chroot
+sudo cp ./scripts_archlinux/build_package.sh $INSTALLDIR/etc/
+sudo cp ./scripts_archlinux/CF8D4BBE.pub $INSTALLDIR/etc/
+sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR sh -c "gpg --import /etc/CF8D4BBE.pub"
 
 # Note: Enable x86 repos
 su -c "echo '[multilib]' >> $INSTALLDIR/etc/pacman.conf"
@@ -23,8 +25,20 @@ su -c "echo 'Include = /etc/pacman.d/mirrorlist' >> $INSTALLDIR/etc/pacman.conf"
 sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR sh -c "pacman -Sy"
 
 echo "--> Compiling and installing qubes-packages..."
-sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR sh -c "yaourt --noconfirm -S qubes-vm-xen"
-sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR sh -c "yaourt --noconfirm -S qubes-vm-core"
-sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR sh -c "yaourt --noconfirm -S qubes-vm-gui"
+sudo cp ./scripts_archlinux/qubes-vm-xen.tar.gz.sig $INSTALLDIR/etc/package.sig
+sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR bash /etc/build_package.sh qubes-vm-xen
+sudo cp ./scripts_archlinux/qubes-vm-core.tar.gz.sig $INSTALLDIR/etc/package.sig
+sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR bash /etc/build_package.sh qubes-vm-core
+sudo cp ./scripts_archlinux/qubes-vm-gui.tar.gz.sig $INSTALLDIR/etc/package.sig
+sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR bash /etc/build_package.sh qubes-vm-gui
+sudo cp ./scripts_archlinux/qubes-vm-kernel-modules.tar.gz.sig $INSTALLDIR/etc/package.sig
+sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR bash /etc/build_package.sh qubes-vm-kernel-modules
+
+echo "--> Updating template fstab file..."
+sudo su -c "echo '/dev/mapper/dmroot / ext4 defaults,noatime 1 1' >> $INSTALLDIR/etc/fstab"
+sudo su -c "echo '/dev/xvdb /rw ext4 defaults,noatime 1 2' >> $INSTALLDIR/etc/fstab"
+sudo su -c "echo '/dev/xvdc1 swap swap defaults 0 0' >> $INSTALLDIR/etc/fstab"
+sudo su -c "echo '/rw/home /home none noauto,bind,defaults 0 0' >> $INSTALLDIR/etc/fstab"
+sudo su -c "echo '/dev/xvdd /usr/lib/modules ext3 defaults,noatime 0 0' >> $INSTALLDIR/etc/fstab"
 
 sudo umount archlinux_dvd
diff --git a/scripts_archlinux/09_cleanup.sh b/scripts_archlinux/09_cleanup.sh
index 208accb..5b833b1 100755
--- a/scripts_archlinux/09_cleanup.sh
+++ b/scripts_archlinux/09_cleanup.sh
@@ -11,6 +11,11 @@ sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR pacman --noconfirm -Rsc $cl
 # Clean pacman cache
 sudo ./archlinux_dvd/usr/bin/arch-chroot $INSTALLDIR pacman --noconfirm -Scc
 
+# Remove build data
+rm $INSTALLDIR/etc/build_package.sh
+rm $INSTALLDIR/etc/CF8D4BBE.pub
+rm $INSTALLDIR/etc/package.sig
+
 sudo umount archlinux_dvd
 
 #rm -f $INSTALLDIR/var/lib/rpm/__db.00* $INSTALLDIR/var/lib/rpm/.rpm.lock
diff --git a/scripts_archlinux/CF8D4BBE.pub b/scripts_archlinux/CF8D4BBE.pub
new file mode 100644
index 0000000000000000000000000000000000000000..8900f6ff7d6b74a5fc1a1f6bea880cff7b3288de
GIT binary patch
literal 1206
zcmV;n1WEgu0SyFD#h^L?2mtx*n6sBDl=mMl4{ixrx@s*xkEF?dHSAzbRGyddfXMg{
zP!qG{5N9vZ|99)$ic(tBhEgiNNQq%^iVGGi>YZ`C5e(4)7@(+2&xtW$faU}_mO5>>
z0-)9SeGF8jTIcgBtGHnfl1K@WxkSJ$&)a#wtxPkrPD3r<)-gu_)&f!#CzqA%OD_24
zuO`NKFe=Z|zbVa2X*J6V8WZA+Sej@$ruh4If0kU8J8@FG=NB|+@#xiBa|WzNPiJPv
zwIL+kp{V|2b|SP~*xpXNyE`G!8F-P54CHYptFcJ%!%NcX0t6W0I0Fa<0^34o4Z{yW
zTMaLCHmfFZG_me^<TC&f0RRECH&1M7c4=jDAWdatZ(|@RQFUTvb0AMsAaiMFZfS03
zAZulLDIh#=Uu|V%Z(~4tVQ6n}E@pB*i2*nS69EDMA_W3a#h^L@8v_Ol2?z%R0tOWb
z0tpHW1Qr4V0RkQY0vCV)3JDOy=kpuSjZ40Eb_f4VjsP}lmG4}HfB8WY{AnWm^4#d=
zG?uJ7a752rGnNlNbEo3Lrem~xJu^^R2md!W^#Opb(X@?Iryc3=W|Ex4xrv8h#4N%V
z6RqKA0JWj%QD0VE+lPuZnN?+58H*WMnb%W=k6Jge%?ldqZWeS>+djXeY#I#Ph<<}X
z`?(Ahb5V<FyqU<!yOI6c6%9A*>J3$wH%)n_(3BE}b!poJsZi^kkWj-6S{Yt;lkn_d
zrz91nYdly*A@%W^;;r^Q3KB+Wccz3;<fansRmOLG-H?wY-3Q0#z2f`{MV%T|SUi$X
zu&oXu8)zP%<8qa@Oukr0(p7&2hA!6}TvAWD0SyFD#h^L?2msXzkw7%&O&;;;nv0`V
z$*DU}Y=a0xfhn(PBkeaBf)1Z{;c1O4gz1V@;(4agc%nfv^Yz#be>?Y~kcegxauh%T
zwG%J8il*R?#)EsWo!yU&{fHCirp|W0Ax$*bqIvDv<3PJJ-n9k)LjvGPAA6ffKxm?>
zQM{i)X9l$~c|#<6*`I}IZtIs-%>vVD&E8+`HSPOt`r+Nf^l;o~s;*#glLQ>syFA}+
z`YiQ28rMnEBkc`qU;q{^KEuLN5^H2~4EB>*3TFcSzOxMkvn6uZKg{~Ib$(7{^iE}1
zPuP4eci70k15>a+SD|QTcDp_XC-2aV7y$A@YPFLZzrO$x0RRDs0Urby0RjLC1p-jT
zpgIB@3;+rV5X0y58_$hPzUa~j0J0xV4;CFPR#Fp8)~pM%MCLhCg9ll1I4^|ts~|f9
zJVgZK#Oz`VN7)zU!e-LG<r><}27-<wHl=;9;{Yk4*At!4!xB}@WX?!|PL^>vp!Ef`
z=@J&RMxt5|0XD|J^`9b<fxUBvI{GA|gE^OcTwDKB>o?}WeSIzUsk4_}KIw86wox8{
zOa#pk-S3|1Swzm@@F9@etLI-3*XgvnUsGrUTP$G5h;ZIsc55GbtfL}{P=E^6IAJK(
zP^f|Q8NwZo#e=99s_?8IFU8c%{G;&V1r|7VBv88g-%2L!e#db}>fklTdz^XveHTEm
U0=Z&8$M0KFl~~&IUj=*OJ45Lq<^TWy

literal 0
HcmV?d00001

diff --git a/scripts_archlinux/build_package.sh b/scripts_archlinux/build_package.sh
new file mode 100644
index 0000000..0074a9c
--- /dev/null
+++ b/scripts_archlinux/build_package.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+cd /tmp
+mkdir build
+cd build
+
+wget "https://aur.archlinux.org/packages/qu/$1/$1.tar.gz" || exit
+
+gpg --verify "/etc/package.sig" "$1.tar.gz" || exit
+
+tar xzvf $1.tar.gz || exit
+cd "$1" || exit
+
+packages=`cat ./PKGBUILD | grep makedepends | cut -d '(' -f 2 | cut -d ')' -f 1`
+for package in $packages ; do
+ pacman -S --asdeps --noconfirm --needed $package
+done
+packages=`cat ./PKGBUILD | grep depends | cut -d '(' -f 2 | cut -d ')' -f 1`
+for package in $packages ; do
+ pacman -S --asdeps --noconfirm --needed $package
+done
+
+makepkg --asroot || exit
+
+pacman --noconfirm -U $1-*.pkg.tar.xz || exit
+
+
diff --git a/scripts_archlinux/qubes-vm-core.tar.gz.sig b/scripts_archlinux/qubes-vm-core.tar.gz.sig
new file mode 100644
index 0000000000000000000000000000000000000000..ee8b4dfb31c9eebc657368fca9cf582185516315
GIT binary patch
literal 287
zcmV+)0pR|L0UQJX0RjL91p-kN?Rx+U2@u2Q^Bd2NOTIlp2mfri{d78;N*AwBK}G5e
z(l!P|kTW&*%DL|RLZ#7_r8rxfJ%9~*%p7T%X>u}8+B1#kxL-8s?7B%Cx<6yvdA+>S
zQjMRL_Njc!?w0Y_xbZ9s_M`mJXTrvQ7;-?Nwdm^|a4pKkVH$GF3j6-U?9$YshuYR6
z1+6^l)HF4K(;5m*iNn>b+_`l$l}horQunfyHEmoA7jCpaj@BA>`Xwf7CJA)*p=?^<
zCu&IjiKb1YX{^=aa@-Y^eittB455urx0WnCuJcsaADOFrzo4vueJ{Qzal+GFn=cm<
l+|AwD@wD%#MyXojF_|(bql0TweT1sZPZ)|rDEjbCPFwuLkRbp7

literal 0
HcmV?d00001

diff --git a/scripts_archlinux/qubes-vm-gui.tar.gz.sig b/scripts_archlinux/qubes-vm-gui.tar.gz.sig
new file mode 100644
index 0000000000000000000000000000000000000000..7e0618e817032b1678e26ee044756bfe86435ca1
GIT binary patch
literal 287
zcmV+)0pR|L0UQJX0RjL91p-kN?S23X2@u2Q^Bd2NOTOrK2mr1g!oH+Y*(iF{dz9ET
zGQwC_Wclq;bM{LdAIQS8wZRGcmjUjNcD&LsjGC+Yr=<2Q{q5)J)uEG;ckjA7BYfl4
z+lno$oHhKx!|X;7tzqPIvAb~}zP9c$qmz7=%ZmS-wyN=q%hZN8U$-dx)1vmnXhg4H
zkAb707JFaANbZr7X{<Tl9KG@y#a5ED%H_?dE4-<5hUc8rJ0spI`NUK3d8()FM#^Bl
z9*dQ;_R{~o4}%ck%)!SZX_WeluRixW9fxnaO!3y5pD)Hx=h3T{&nL7V_mQX`4%xF$
lKO+Gm5&JfpFQ4n0Mcvjt8Ahl}U;hop|C-m8r53x5O47XIo2vi-

literal 0
HcmV?d00001

diff --git a/scripts_archlinux/qubes-vm-kernel-modules.tar.gz.sig b/scripts_archlinux/qubes-vm-kernel-modules.tar.gz.sig
new file mode 100644
index 0000000000000000000000000000000000000000..6e9e66ecf07a72613ae5e9fe544e08ab7551a2fa
GIT binary patch
literal 287
zcmV+)0pR|L0UQJX0RjL91p-kN?STLa2@u2Q^Bd2NOTOH+2mfE>UB*^h<|JkOJaL0a
zFYz!BDm}3y|Nr+f<+~heBBOkv2vv6-t)$fGvKC9lN#<~7vh3PbEbRY01c|5m6%oe`
z1Gsqs@qZyU-YRoF#7<{bFvSg+rGd!CNeXIHvJJRjcqI$s4wY=2gt<}Le}B%Wyc2=;
zgkl@X)HwK_8hS37F2xtP)Q>S>JZM-oB!`eZ`L~HKiXCdd`vpOk(_QE_#QHp8=B{3G
zT`S;!cbPvXC9KtEvRJt2L6(xM)XBBeAA(6QX|?B}s<sXCKi&d<Hg;Nj$wMK-B2duq
lN-8l{Z5PAUq8-EW;5RS7oiBUCFGflGzdbNER+go%Yf>gLhU@?U

literal 0
HcmV?d00001

diff --git a/scripts_archlinux/qubes-vm-xen.tar.gz.sig b/scripts_archlinux/qubes-vm-xen.tar.gz.sig
new file mode 100644
index 0000000000000000000000000000000000000000..3ed3fa77959a4bf5900105fa66784ad4a585aa55
GIT binary patch
literal 287
zcmV+)0pR|L0UQJX0RjL91p-kN>KOnE2@u2Q^Bd2NOTL!p2mqUT`Z%-+cKEKo4h<B3
z-@gV_!=PP2@9^OV@RDh9lu2wV<t;ytE^~ohW`NJMi8E(L8RY-A3Xz=o2tX<jt8hyc
zm2}(Uo^V$WjBv9{VR9{V|HWEYA%Y|-!?F6?Ncordub&JTeUuJg1x3SP{X_$Co7?-7
z#>0_W`r;_jh=pCr$-iEJpR=P;5F@HkRs-J0RvMI(Rq~G*54}ZGbvxRllF}H1hboq_
zShbK<E(Nl`hBPUn2d@*QMN^ORfOn*fiRis;q(s^u^(AaxHmi>7=2Cqnq|P|fY~OTO
lXyG_3-{#V83DR4Ti-s{OeWRDjnWiek+gu$v&HDx%K_r99hXMcq

literal 0
HcmV?d00001