gitlab-ci: fix public RSA key creation and APKINDEX signing

This commit is contained in:
Antoine Martin 2023-03-03 01:39:38 -05:00
parent 5f6191c7ff
commit ccdce02954
Signed by: forge
GPG key ID: D62A472A4AA7D541
3 changed files with 15 additions and 10 deletions

View file

@ -129,11 +129,11 @@ setup_system() {
done
doas sh -c "printf '%s\n' $repos > /etc/apk/repositories"
doas apk -U upgrade -a || doas apk fix || die "Failed to up/downgrade system"
gitlab_key_to_rsa $ABUILD_KEY PRIVATE $HOME/.abuild/key.rsa
gitlab_key_to_rsa $ABUILD_KEY_PUB PUBLIC $HOME/.abuild/key.rsa.pub
chmod 700 $HOME/.abuild/key.rsa
echo "PACKAGER_PRIVKEY=$HOME/.abuild/key.rsa" >> $HOME/.abuild/abuild.conf
doas cp $HOME/.abuild/key.rsa.pub /etc/apk/keys/key.rsa.pub
gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa
gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub
chmod 700 $HOME/.abuild/$ABUILD_KEY_NAME.rsa
echo "PACKAGER_PRIVKEY=$HOME/.abuild/$ABUILD_KEY_NAME.rsa" >> $HOME/.abuild/abuild.conf
doas cp $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub /etc/apk/keys/$ABUILD_KEY_NAME.rsa.pub
doas sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf
( . /etc/abuild.conf && echo "Building with $JOBS jobs" )

View file

@ -63,8 +63,12 @@ gitlab_key_to_rsa() {
if [ ! -d "$TGT_DIR" ]; then
mkdir -p "$TGT_DIR"
fi
echo "-----BEGIN RSA $TYPE KEY-----" > "$TGT"
case $TYPE in
rsa-public) local type="PUBLIC";;
rsa-private) local type="RSA PRIVATE";;
esac
echo "-----BEGIN $type KEY-----" > "$TGT"
echo $1 | sed 's/.\{64\}/&\
/g' >> "$TGT"
echo "-----END RSA $TYPE KEY-----" >> "$TGT"
echo "-----END $type KEY-----" >> "$TGT"
}

View file

@ -13,9 +13,9 @@ readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
gitlab_key_to_rsa $ABUILD_KEY PRIVATE $HOME/.abuild/$ABUILD_KEY_NAME.rsa
gitlab_key_to_rsa $ABUILD_KEY_PUB PUBLIC $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub
gitlab_key_to_rsa $SSH_KEY PRIVATE $HOME/.ssh/id_rsa
gitlab_key_to_rsa $ABUILD_KEY rsa-private $HOME/.abuild/$ABUILD_KEY_NAME.rsa
gitlab_key_to_rsa $ABUILD_KEY_PUB rsa-public $HOME/.abuild/$ABUILD_KEY_NAME.rsa.pub
gitlab_key_to_rsa $SSH_KEY rsa-private $HOME/.ssh/id_rsa
chmod 700 "$HOME"/.ssh/id_rsa
chmod 700 "$HOME"/.abuild/$ABUILD_KEY_NAME.rsa
@ -33,6 +33,7 @@ git fetch $fetch_flags "$CI_MERGE_REQUEST_PROJECT_URL" \
"+refs/heads/$BASEBRANCH:refs/heads/$BASEBRANCH"
for repo in $(changed_repos); do
rm $CI_PROJECT_DIR/repo-apk/$repo/x86_64/APKINDEX.tar.gz
mkdir -p $repo/DUMMY
echo "pkgname=DUMMY" > $repo/DUMMY/APKBUILD
cd $repo/DUMMY