export LANG=C export SHELL=/bin/bash KEYSERVER = hkp://pool.sks-keyservers.net GPG = gpg --quiet --batch --no-tty --no-permission-warning --keyserver ${KEYSERVER} --homedir output/cache/pacman-keyring/gpghome MKDIRS = mkdir -p FAIL = exit 1 keyring_name = parabola all: PHONY pacman-keyring clean: PHONY rm -rf output/cache #### pacman-keyring: PHONY \ output/pacman-keyring/${keyring_name}.gpg \ output/pacman-keyring/${keyring_name}-trusted \ output/pacman-keyring/${keyring_name}-revoked # Assemble the list of .asc files needed to generate the keyring output/cache/pacman-keyring/deps.mk: hackers.yml bin/list-pgp-keyids $(MKDIRS) ${@D} { \ echo output/pacman-keyring/${keyring_name}.gpg: $$(bin/list-pgp-keyids | sed -r 's|(\S+) .*|output/cache/pacman-keyring/keys/\1.asc|') && \ echo output/cache/pacman-keyring/stamp.ownertrust: $$(bin/list-pgp-keyids | sed -rn 's|^(trusted/\S+) .*|output/cache/pacman-keyring/keys/\1.asc|p') && \ :; }> $@ -include output/cache/pacman-keyring/deps.mk output/cache/pacman-keyring/stamp.gpg-init: gpg-init.txt ${MKDIRS} ${@D} output/cache/pacman-keyring/gpghome ${GPG} --gen-key < $< touch $@ output/cache/pacman-keyring/stamp.ownertrust: output/pacman-keyring/${keyring_name}-trusted output/cache/pacman-keyring/deps.mk ${MKDIRS} ${@D} ${GPG} --import-ownertrust < $< 2>/dev/null touch $@ output/pacman-keyring/${keyring_name}.gpg: output/cache/pacman-keyring/deps.mk $(MKDIRS) ${@D} cat $(filter %.asc,$^) > $@ output/pacman-keyring/${keyring_name}-trusted: hackers.yml bin/list-pgp-keyids $(MKDIRS) ${@D} bin/list-pgp-keyids | sed -rn 's|^trusted/\S+ (\S+)|\1:4:|p' > $@ output/pacman-keyring/${keyring_name}-revoked: hackers.yml bin/list-pgp-keyids $(MKDIRS) ${@D} bin/list-pgp-keyids | sed -rn 's|^revoked/\S+ ||p' > $@ # These 3 rules are mostly straight from "archlinux-keyring.git/update-keys" keyid=$$(bin/get-pgp-keyid $*) output/cache/pacman-keyring/keys/trusted/%.asc: hackers.yml bin/get-pgp-keyid output/cache/pacman-keyring/stamp.gpg-init ${MKDIRS} ${@D} ${GPG} --recv-keys ${keyid} &>/dev/null printf 'minimize\nquit\ny\n' | ${GPG} --command-fd 0 --edit-key ${keyid} #${GPG} --yes --lsign-key ${keyid} &>/dev/null printf 'y\ny\n' | ${GPG} --command-fd 0 --lsign-key ${keyid} &>/dev/null ${GPG} --armor --no-emit-version --export ${keyid} > $@ output/cache/pacman-keyring/keys/secondary/%.asc: hackers.yml bin/get-pgp-keyid output/cache/pacman-keyring/stamp.ownertrust ${MKDIRS} ${@D} ${GPG} --recv-keys ${keyid} &>/dev/null printf 'clean\nquit\ny\n' | ${GPG} --command-fd 0 --edit-key ${keyid} ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:' # make sure it is trusted ${GPG} --armor --no-emit-version --export ${keyid} > $@ output/cache/pacman-keyring/keys/revoked/%.asc: hackers.yml bin/get-pgp-keyid output/cache/pacman-keyring/stamp.ownertrust ${MKDIRS} ${@D} ${GPG} --recv-keys ${keyid} &>/dev/null printf 'clean\nquit\ny\n' | ${GPG} --command-fd 0 --edit-key ${keyid} ! ${GPG} --list-keys --with-colons ${keyid} 2>/dev/null | grep -q '^pub:f:' # make sure it's not trusted ${GPG} --armor --no-emit-version --export ${keyid} > $@ #### .PHONY: PHONY .SECONDARY: .DELETE_ON_ERROR: