termux · agnostic-apollo · Aug 19, 2024 · Aug 20, 2024
@@ -50,7 +50,7 @@ jobs:
             echo "Processing pull request #$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH"): ${BASE_COMMIT}..HEAD"
             CHANGED_FILES=$(git diff-tree --no-commit-id --name-only -r "${BASE_COMMIT}" "HEAD")
           fi
-          for repo_path in $(jq --raw-output 'del(.pkg_format) | keys | .[]' repo.json); do
+          for repo_path in $(jq --raw-output '.channels | keys | .[]' repo.json); do
             repo=$(jq --raw-output '.["'${repo_path}'"].name' repo.json)
             # Parse changed files and identify new packages and deleted packages.
             # Create lists of those packages that will be passed to upload job for
@@ -83,7 +83,7 @@ jobs:
               fi
             done<<<${CHANGED_FILES}
           done
-          for repo in $(jq --raw-output 'del(.pkg_format) | .[].name' repo.json); do
+          for repo in $(jq --raw-output '.channels | .[].name' repo.json); do
             # Fix so that lists do not contain duplicates
             if [ -f ./built_${repo}_packages.txt ]; then
               sort ./built_${repo}_packages.txt | uniq > ./built_${repo}_packages.txt.tmp
@@ -107,7 +107,7 @@ jobs:
           GIT_PUSH_PACKAGES: "false"
         run: |
           declare -a packages
-          for repo_path in $(jq --raw-output 'del(.pkg_format) | keys | .[]' repo.json); do
+          for repo_path in $(jq --raw-output '.channels | keys | .[]' repo.json); do
             repo=$(jq --raw-output '.["'${repo_path}'"].name' repo.json)
             if [ -f ./built_${repo}_packages.txt ]; then
               packages="$packages $(cat ./built_${repo}_packages.txt | tr '\n' ' ')"

@@ -73,7 +73,7 @@ jobs:
             exit 0
           fi
 
-          for repo_path in $(jq --raw-output 'del(.pkg_format) | keys | .[]' repo.json); do
+          for repo_path in $(jq --raw-output '.channels | keys | .[]' repo.json); do
             repo=$(jq --raw-output '.["'${repo_path}'"].name' repo.json)
             # Parse changed files and identify new packages and deleted packages.
             # Create lists of those packages that will be passed to upload job for
@@ -108,7 +108,7 @@ jobs:
           done
         else
           for pkg in ${{ github.event.inputs.packages }}; do
-            repo_paths=$(jq --raw-output 'del(.pkg_format) | keys | .[]' repo.json)
+            repo_paths=$(jq --raw-output '.channels | keys | .[]' repo.json)
             found=false
             for repo_path in $repo_paths; do
               repo=$(jq --raw-output '.["'${repo_path}'"].name' repo.json)
@@ -127,7 +127,7 @@ jobs:
           done
         fi
 
-        for repo in $(jq --raw-output 'del(.pkg_format) | .[].name' repo.json); do
+        for repo in $(jq --raw-output '.channels | .[].name' repo.json); do
           # Fix so that lists do not contain duplicates
           if [ -f ./built_${repo}_packages.txt ]; then
             sort ./built_${repo}_packages.txt | uniq > ./built_${repo}_packages.txt.tmp
@@ -144,7 +144,7 @@ jobs:
         done
 
         declare -a packages
-        for repo_path in $(jq --raw-output 'del(.pkg_format) | keys | .[]' repo.json); do
+        for repo_path in $(jq --raw-output '.channels | keys | .[]' repo.json); do
           repo=$(jq --raw-output '.["'${repo_path}'"].name' repo.json)
           if [ -f ./built_${repo}_packages.txt ]; then
             packages="$packages $(cat ./built_${repo}_packages.txt | tr '\n' ' ')"
@@ -174,7 +174,7 @@ jobs:
     - name: Lint packages
       run: |
         declare -a package_recipes
-        for repo_path in $(jq --raw-output 'del(.pkg_format) | keys | .[]' repo.json); do
+        for repo_path in $(jq --raw-output '.channels | keys | .[]' repo.json); do
           repo=$(jq --raw-output '.["'${repo_path}'"].name' repo.json)
           if [ -f ./built_${repo}_packages.txt ]; then
             package_recipes="$package_recipes $(cat ./built_${repo}_packages.txt | repo_path=${repo_path} awk '{print ENVIRON["repo_path"]"/"$1"/build.sh"}')"
@@ -188,7 +188,7 @@ jobs:
     - name: Free additional disk space (if needed)
       run: |
         declare -a packages
-        for repo_path in $(jq --raw-output 'del(.pkg_format) | keys | .[]' repo.json); do
+        for repo_path in $(jq --raw-output '.channels | keys | .[]' repo.json); do
           repo=$(jq --raw-output '.["'${repo_path}'"].name' repo.json)
           if [ -f ./built_${repo}_packages.txt ]; then
             packages="$packages $(cat ./built_${repo}_packages.txt | tr '\n' ' ')"
@@ -208,7 +208,7 @@ jobs:
     - name: Build packages
       run: |
         declare -a packages
-        for repo_path in $(jq --raw-output 'del(.pkg_format) | keys | .[]' repo.json); do
+        for repo_path in $(jq --raw-output '.channels | keys | .[]' repo.json); do
           repo=$(jq --raw-output '.["'${repo_path}'"].name' repo.json)
           if [ -f ./built_${repo}_packages.txt ]; then
             packages="$packages $(cat ./built_${repo}_packages.txt | tr '\n' ' ')"
@@ -226,7 +226,7 @@ jobs:
       run: |
         test -d termux-packages/output && mv termux-packages/output/* ./output/
 
-        for repo in $(jq --raw-output 'del(.pkg_format) | .[].name' repo.json); do
+        for repo in $(jq --raw-output '.channels | .[].name' repo.json); do
           # Put package lists into directory with *.deb files so they will be transferred to
           # upload job.
           test -f ./built_${repo}_packages.txt && mv ./built_${repo}_packages.txt ./debs/
@@ -290,7 +290,7 @@ jobs:
           tar xf "$archive"
         done
 
-        for repo in $(jq --raw-output 'del(.pkg_format) | keys | .[]' repo.json); do
+        for repo in $(jq --raw-output '.channels | keys | .[]' repo.json); do
           export REPOSITORY_NAME=$(jq --raw-output '.["'$repo'"].name' repo.json)
           export REPOSITORY_DISTRIBUTION=$(jq --raw-output '.["'$repo'"].distribution' repo.json)
 

@@ -30,6 +30,9 @@ source "$TERMUX_SCRIPTDIR/scripts/utils/docker/docker.sh"; docker__create_docker
 # Functions for working with packages
 source "$TERMUX_SCRIPTDIR/scripts/utils/package/package.sh"
 
+# Source the repository library.
+source "$TERMUX_SCRIPTDIR/scripts/utils/termux/repository/repository.sh"
+
 export SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH:-$(git -c log.showSignature=false log -1 --pretty=%ct 2>/dev/null || date "+%s")}
 
 if [ "$(uname -o)" = "Android" ] || [ -e "/system/bin/app_process" ]; then
@@ -540,20 +543,8 @@ if [ -n "${TERMUX_PACKAGE_LIBRARY-}" ]; then
 fi
 
 if [ "${TERMUX_INSTALL_DEPS-false}" = "true" ] || [ "${TERMUX_PACKAGE_LIBRARY-bionic}" = "glibc" ]; then
-	# Setup PGP keys for verifying integrity of dependencies.
-	# Keys are obtained from our keyring package.
-	gpg --list-keys 2C7F29AE97891F6419A9E2CDB0076E490B71616B > /dev/null 2>&1 || {
-		gpg --import "$TERMUX_SCRIPTDIR/packages/termux-keyring/grimler.gpg"
-		gpg --no-tty --command-file <(echo -e "trust\n5\ny")  --edit-key 2C7F29AE97891F6419A9E2CDB0076E490B71616B
-	}
-	gpg --list-keys CC72CF8BA7DBFA0182877D045A897D96E57CF20C > /dev/null 2>&1 || {
-		gpg --import "$TERMUX_SCRIPTDIR/packages/termux-keyring/termux-autobuilds.gpg"
-		gpg --no-tty --command-file <(echo -e "trust\n5\ny")  --edit-key CC72CF8BA7DBFA0182877D045A897D96E57CF20C
-	}
-	gpg --list-keys 998DE27318E867EA976BA877389CEED64573DFCA > /dev/null 2>&1 || {
-		gpg --import "$TERMUX_SCRIPTDIR/packages/termux-keyring/termux-pacman.gpg"
-		gpg --no-tty --command-file <(echo -e "trust\n5\ny")  --edit-key 998DE27318E867EA976BA877389CEED64573DFCA
-	}
+	# Setup PGP keys for each repo channel in repo.json file for verifying integrity of dependencies.
+	termux_repository__add_repo_signing_keys_to_keystore
 fi
 
 for ((i=0; i<${#PACKAGE_LIST[@]}; i++)); do

@@ -1,21 +1,34 @@
 {
   "pkg_format": "debian",
-  "packages": {
-    "name": "termux-main",
-    "distribution": "stable",
-    "component": "main",
-    "url": "https://packages-cf.termux.dev/apt/termux-main"
+  "signing_keys": {
+    "termux": {
+      "key_file": "packages/termux-keyring/termux-autobuilds.gpg"
+    },
+    "grimler": {
+      "key_file": "packages/termux-keyring/grimler.gpg"
+    }
   },
-  "root-packages": {
-    "name": "termux-root",
-    "distribution": "root",
-    "component": "stable",
-    "url": "https://packages-cf.termux.dev/apt/termux-root"
-  },
-  "x11-packages": {
-    "name": "termux-x11",
-    "distribution": "x11",
-    "component": "main",
-    "url": "https://packages-cf.termux.dev/apt/termux-x11"
+  "channels": {
+    "packages": {
+      "name": "termux-main",
+      "distribution": "stable",
+      "component": "main",
+      "url": "https://packages-cf.termux.dev/apt/termux-main",
+      "keys": ["termux", "grimler"]
+    },
+    "root-packages": {
+      "name": "termux-root",
+      "distribution": "root",
+      "component": "stable",
+      "url": "https://packages-cf.termux.dev/apt/termux-root",
+      "keys": ["termux", "grimler"]
+    },
+    "x11-packages": {
+      "name": "termux-x11",
+      "distribution": "x11",
+      "component": "main",
+      "url": "https://packages-cf.termux.dev/apt/termux-x11",
+      "keys": ["termux", "grimler"]
+    }
   }
 }
@@ -39,7 +39,7 @@ for package in "${@}"; do
 		buildsh_path="${package}/build.sh"
 		package=$(basename ${package})
 	else
-		for repo_path in $(jq --raw-output 'del(.pkg_format) | keys | .[]' $REPO_ROOT/repo.json); do
+		for repo_path in $(jq --raw-output '.channels | keys | .[]' $REPO_ROOT/repo.json); do
 			if [ -d "${repo_path}/${package}" ] && [ -f "${repo_path}/${package}/build.sh" ]; then
 				repo=$(jq --raw-output '.["'$repo_path'"].name' $REPO_ROOT/repo.json)
 				repo=${repo#"termux-"}

@@ -25,7 +25,7 @@ export TERMUX_SCRIPTDIR
 TERMUX_SCRIPTDIR=$(realpath "$(dirname "$0")/../..") # Root of repository.
 
 export TERMUX_PACKAGES_DIRECTORIES
-TERMUX_PACKAGES_DIRECTORIES=$(jq --raw-output 'del(.pkg_format) | keys | .[]' "${TERMUX_SCRIPTDIR}"/repo.json)
+TERMUX_PACKAGES_DIRECTORIES=$(jq --raw-output '.channels | keys | .[]' "${TERMUX_SCRIPTDIR}"/repo.json)
 
 # Define few more variables used by scripts.
 # shellcheck source=scripts/properties.sh
@@ -151,7 +151,7 @@ _fetch_and_cache_tags() {
 	quiet termux_repology_api_get_latest_version ' '
 
     local __PACKAGES=()
-	for repo_dir in $(jq --raw-output 'del(.pkg_format) | keys | .[]' "${TERMUX_SCRIPTDIR}/repo.json"); do
+	for repo_dir in $(jq --raw-output '.channels | keys | .[]' "${TERMUX_SCRIPTDIR}/repo.json"); do
 		for pkg_dir in "${repo_dir}"/*; do
 			! quiet _should_update "${pkg_dir}" && continue # Skip if not needed.
 			grep -q '^termux_pkg_auto_update' "${pkg_dir}/build.sh" && continue # Skip if package has custom auto-update
@@ -310,7 +310,7 @@ echo "INFO: Running update for: $*"
 
 if [[ "$1" == "@all" ]]; then
 	_fetch_and_cache_tags
-	for repo_dir in $(jq --raw-output 'del(.pkg_format) | keys | .[]' "${TERMUX_SCRIPTDIR}/repo.json"); do
+	for repo_dir in $(jq --raw-output '.channels | keys | .[]' "${TERMUX_SCRIPTDIR}/repo.json"); do
 		for pkg_dir in "${repo_dir}"/*; do
 			_unix_millis=$(date +%s%N | cut -b1-13)
 			! _should_update "${pkg_dir}" && continue # Skip if not needed.
@@ -330,7 +330,7 @@ if [[ "$1" == "@all" ]]; then
 else
 	for pkg in "$@"; do
 		if [ ! -d "${pkg}" ]; then # If only package name is given, try to find it's directory.
-			for repo_dir in $(jq --raw-output 'del(.pkg_format) | keys | .[]' "${TERMUX_SCRIPTDIR}/repo.json"); do
+			for repo_dir in $(jq --raw-output '.channels | keys | .[]' "${TERMUX_SCRIPTDIR}/repo.json"); do
 				if [ -d "${repo_dir}/${pkg}" ]; then
 					pkg="${repo_dir}/${pkg}"
 					break

@@ -592,7 +592,7 @@ linter_main() {
 if (( $# )); then
 	linter_main "$@" || exit 1
 else
-	for repo_dir in $(jq --raw-output 'del(.pkg_format) | keys | .[]' $TERMUX_SCRIPTDIR/repo.json); do
+	for repo_dir in $(jq --raw-output '.channels | keys | .[]' $TERMUX_SCRIPTDIR/repo.json); do
 		linter_main $repo_dir/*/build.sh
 	done || exit 1
 fi
@@ -55,17 +55,22 @@ TERMUX_REPO_PACKAGE="com.termux"
 TERMUX_REPO_URL=()
 TERMUX_REPO_DISTRIBUTION=()
 TERMUX_REPO_COMPONENT=()
+TERMUX_REPO_KEYS=()
+TERMUX_SIGNING_KEYS_FILE=()
+#TERMUX_SIGNING_KEYS_FORMAT=()
 
-export TERMUX_PACKAGES_DIRECTORIES=$(jq --raw-output 'del(.pkg_format) | keys | .[]' ${TERMUX_SCRIPTDIR}/repo.json)
-
-for url in $(jq -r 'del(.pkg_format) | .[] | .url' ${TERMUX_SCRIPTDIR}/repo.json); do
-	TERMUX_REPO_URL+=("$url")
-done
-for distribution in $(jq -r 'del(.pkg_format) | .[] | .distribution' ${TERMUX_SCRIPTDIR}/repo.json); do
-	TERMUX_REPO_DISTRIBUTION+=("$distribution")
+export TERMUX_PACKAGES_DIRECTORIES=$(jq --raw-output '.channels | keys | join(" ")' ${TERMUX_SCRIPTDIR}/repo.json)
+for pkg_dir in $TERMUX_PACKAGES_DIRECTORIES; do
+	TERMUX_REPO_URL+=("$(jq -r '.channels | ."'${pkg_dir}'" | .url' ${TERMUX_SCRIPTDIR}/repo.json)")
+	TERMUX_REPO_DISTRIBUTION+=("$(jq -r '.channels | ."'${pkg_dir}'" | .distribution' ${TERMUX_SCRIPTDIR}/repo.json)")
+	TERMUX_REPO_COMPONENT+=("$(jq -r '.channels | ."'${pkg_dir}'" | .component' ${TERMUX_SCRIPTDIR}/repo.json)")
+	TERMUX_REPO_KEYS+=("$(jq -r '.channels | ."'${pkg_dir}'" | .keys | if . != null then join(" ") else . end' ${TERMUX_SCRIPTDIR}/repo.json)")
 done
-for component in $(jq -r 'del(.pkg_format) | .[] | .component' ${TERMUX_SCRIPTDIR}/repo.json); do
-	TERMUX_REPO_COMPONENT+=("$component")
+
+export TERMUX_SIGNING_KEYS=$(jq --raw-output '.signing_keys | keys | join(" ")' ${TERMUX_SCRIPTDIR}/repo.json)
+for signing_key in $TERMUX_SIGNING_KEYS; do
+	TERMUX_SIGNING_KEYS_FILE+=("$(jq -r '.signing_keys | ."'${signing_key}'" | .key_file' ${TERMUX_SCRIPTDIR}/repo.json)")
+	#TERMUX_SIGNING_KEYS_FORMAT+=("$(jq -r '.signing_keys | ."'${signing_key}'" | .key_format' ${TERMUX_SCRIPTDIR}/repo.json)")
 done
 
 # Allow to override setup.

@@ -78,7 +78,7 @@ mkdir -p "$TERMUX_PKG_TMPDIR"
 rm -rf "${TERMUX_PKG_TMPDIR}"
 
 # Package sources.
-for repo_path in $(jq --raw-output 'del(.pkg_format) | keys | .[]' $TERMUX_SCRIPTDIR/repo.json); do
+for repo_path in $(jq --raw-output '.channels | keys | .[]' $TERMUX_SCRIPTDIR/repo.json); do
 	for p in "$TERMUX_SCRIPTDIR"/$repo_path/*; do
 		(
 			. "$TERMUX_SCRIPTDIR"/scripts/build/get_source/termux_step_get_source.sh

@@ -84,7 +84,7 @@ termux_pkg_upgrade_version() {
 
 		echo "INFO: Trying to build package."
 
-		for repo_path in $(jq --raw-output 'del(.pkg_format) | keys | .[]' ${TERMUX_SCRIPTDIR}/repo.json); do
+		for repo_path in $(jq --raw-output '.channels | keys | .[]' ${TERMUX_SCRIPTDIR}/repo.json); do
 			_buildsh_path="${TERMUX_SCRIPTDIR}/${repo_path}/${TERMUX_PKG_NAME}/build.sh"
 			repo=$(jq --raw-output ".\"${repo_path}\".name" ${TERMUX_SCRIPTDIR}/repo.json)
 			repo=${repo#"termux-"}