mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues
dbscripts-git-repo
infrastructure/roles/gluebuddy/files/gluebuddy_download.sh
Levente Polyak 64ec041ad7
gluebuddy: update download script for sequoia 0.29.0 
Sequoia now manages the trust level, so we need to add the fingerprints
and mark those keys trusted before verifying the file.
2023-04-14 12:01:34 +02:00

57 lines
1.5 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
set -o nounset -o errexit -o pipefail
NAME=gluebuddy
LATEST_GLUEBUDDY_FILE=/root/latest_release
readonly PROJECT_ID="archlinux%2Fgluebuddy"
readonly TRUSTED_UIDs=(
anthraxx@archlinux.org
jelle@archlinux.org
)
readonly TRUSTED_KEYS=(
E240B57E2C4630BA768E2F26FC1B547C8D8172C8
E499C79F53C96A54E572FEE1C06086337C50773E
)
RELEASES="$(curl --silent --show-error --fail "https://gitlab.archlinux.org/api/v4/projects/${PROJECT_ID}/releases")"
LATEST_RELEASE_TAG="$(jq -r .[0].tag_name <<< "${RELEASES}")"
if [ -f $LATEST_GLUEBUDDY_FILE ]; then
LATEST_RELEASE_DOWNLOAD=$(cat ${LATEST_GLUEBUDDY_FILE})
if [ "$LATEST_RELEASE_TAG" = "$LATEST_RELEASE_DOWNLOAD" ]; then
exit 0
fi
fi
readonly TMPDIR="$(mktemp --directory --tmpdir="/var/tmp")"
trap "rm -rf \"${TMPDIR}\"" EXIT
cd "${TMPDIR}"
RELEASES="$(curl --silent --show-error --fail "https://gitlab.archlinux.org/api/v4/projects/${PROJECT_ID}/releases/$LATEST_RELEASE_TAG")"
ASSETS=$(echo $RELEASES | jq .assets.links)
LINKS=$(echo $ASSETS | jq -r '.[].direct_asset_url')
links=($LINKS)
for i in "${links[@]}"
do
curl -O "$i"
done
for uid in "${TRUSTED_UIDs[@]}"; do
sq wkd get "${uid}"
done
for fp in "${TRUSTED_KEYS[@]}"; do
sq link add --all "${fp}"
done
sq verify --signer-cert "${TRUSTED_KEYS[0]}" --detached ${NAME}.sig ${NAME} || \
sq verify --signer-cert "${TRUSTED_KEYS[1]}" --detached ${NAME}.sig ${NAME}
mv ${NAME} /usr/local/bin/${NAME}
chmod +x /usr/local/bin/${NAME}
echo "$LATEST_RELEASE_TAG" > $LATEST_GLUEBUDDY_FILE
View Git Blame Copy Permalink