Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move the signing keys info for each repo channel to repo json file #21181

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

Move the signing keys info for each repo channel to repo json file #21181

wants to merge 2 commits into from

Conversation

agnostic-apollo
Copy link
Member

Move the signing keys info for each repo channel to repo.json instead of hardcoding it in build scripts

This will allow each repo channel to define its own keys that may be used for verifying signatures of its files. The termux-packages fork will just need to add signing keys info in the repo.json file itself for any additional channels instead of having to patch build scripts. With the old hardcoded way, the unnecessary pacman key was also being added to local keystore in the current/upstream termux-packages repo, even though no repo channel uses it, so defining the keys in the repo.json will solve that issue as well.

The termux_repository__add_repo_signing_keys_to_keystore() function now handles the logic for adding the repository signing keys to the local keystore. Check its function docs for more info on the new json format and requirements for repo.json file.

Add repository signing keys to local keystore.
.
Each repo channel dict in `repo.json` file should have a
`signing_keys` key for an array of dicts, where each dict contains
information for each key that may be required by the parent repo
channel. At least one signing key info must exist for each repo
channel.
.
The `key_file` key should be set to the path of the key file. If it
is a relative path that does not start a slash `/`, then
`termux-packages` repo root directory will be prepended to it.
.
#
A dict is being used because other keys may be required
in future in addition to current `key_file` key, like `key_format`, etc.
.
```
"<repo_channel_path>": {
    "signing_keys": [
      {
        "key_file": "path/to/key1.gpg"
      },
      {
        "key_file": "path/to/key1.gpg"
      }
    ]
}
```
.
.
**Parameters:**
`repo_json_file` - The path to the `repo.json` file.
`repo_root_dir` - The path to the `termux-packages` repo root
                  directory.
.
**Returns:**
Returns `0` if successful, otherwise returns with a non-zero exit code.
.
.
termux_repository__add_repo_signing_keys_to_keystore `<repo_json_file>`
    `<repo_root_dir>`
  1. @Maxython You will need to make changes to https://github.com/termux-pacman/termux-packages/blob/master/repo.json and add packages/termux-keyring/termux-pacman.gpg to each repository channel.
  2. @licy183 You can remove the patch and make required changes to the https://github.com/termux-user-repository/tur/blob/master/repo.json file itself.

@Maxython
Copy link
Member

One thing, I changed the method of getting information from repo.json in properties.sh file. Because I noticed that when trying to get keys of values, jq sorts them. Because of this it can indicate wrong data by index.

agnostic-apollo and others added 2 commits August 23, 2024 00:44
@agnostic-apollo @Maxython
scripts(build-package.sh): move the signing keys info for each repo c…
241a3c2 
…hannel to `repo.json` instead of hardcoding it in build scripts

This will allow each repo channel to define its own keys that may be used for verifying signatures of its files. The `termux-packages` fork will just need to add signing keys info in the `repo.json` file itself for any additional channels instead of having to patch build scripts. With the old hardcoded way, the unnecessary pacman key was also being added to local keystore in the current/upstream termux-packages repo, even though no repo channel uses it, so defining the keys in the `repo.json` will solve that issue as well.

The `termux_repository__add_repo_signing_keys_to_keystore()` function now handles the logic for adding the repository signing keys to the local keystore. Check its function docs for more info on the new json format and requirements for `repo.json` file.
@Maxython
Improving PR
c8600d2 
The point of this Improving PR is to provide the previous changes in a simpler form, but at the same time maintaining the functionality and capabilities.
@agnostic-apollo agnostic-apollo marked this pull request as draft September 8, 2024 01:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thunder-coding thunder-coding thunder-coding approved these changes

@Grimler91 Grimler91 Awaiting requested review from Grimler91 Grimler91 is a code owner

@finagolfin finagolfin Awaiting requested review from finagolfin finagolfin is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@agnostic-apollo @Maxython @thunder-coding