[pve-devel] [PATCH manager] aplinfo: see trusted keys as build product, always assembly

Thomas Lamprecht Wed, 16 Oct 2019 02:06:02 -0700

Don't track the binary trustedkeys.gpg but see it just as normal
build product with the armored keys as source.


This ensures we always ship those from TRUSTED_KEYS variable, not
more, not less.

Instead of the "gpg import+export in temporary home dir" just
de-armor and concatenate them our self, that's what happens anyway.

This could be even simplified by just using base64 -d on the pubkeys,
after the non base64 stuff was trimmed, that would omit our need for
gpg here completely.

Thanks to Wolfgang B. for giving the idea to just do simple stuff :)

Signed-off-by: Thomas Lamprecht <t.lampre...@proxmox.com>
---
 aplinfo/Makefile        |  26 ++++++--------------------
 aplinfo/trustedkeys.gpg | Bin 3602 -> 0 bytes
 2 files changed, 6 insertions(+), 20 deletions(-)
 delete mode 100644 aplinfo/trustedkeys.gpg

diff --git a/aplinfo/Makefile b/aplinfo/Makefile
index 4b33bf1d..acd66372 100644
--- a/aplinfo/Makefile
+++ b/aplinfo/Makefile
@@ -19,26 +19,12 @@ update:
        wget http://download.proxmox.com/images/aplinfo-pve-6.dat -O 
aplinfo.dat.tmp
        mv aplinfo.dat.tmp aplinfo.dat
 
-# Default list of GPG keys allowed to sign aplinfo, generated with:
-# gpg --import-options show-only --import trustedkeys.gpg
-# pub   rsa4096 2016-08-29 [SC] [expires: 2026-08-27]
-#       359E95965E2C3D643159CD300D9A1950E2EF0603
-# uid                      Proxmox Virtual Environment 5.x Release Key 
<proxmox-rele...@proxmox.com>
-#
-# pub   rsa4096 2018-11-19 [SC] [expires: 2028-11-16]
-#       353479F83781D7F8ED5F5AC57BF2812E8A6E88E0
-# uid                      Proxmox Virtual Environment 6.x Release Key 
<proxmox-rele...@proxmox.com>
-#
-# pub   rsa2048 2008-08-15 [SC] [expires: 2023-08-12]
-#       694CFF26795A29BAE07B4EB585C25E95A16EB94D
-# uid                      Turnkey Linux Release Key <rele...@turnkeylinux.com>
-trustedkeys.gpg: ${TRUSTED_KEYS}
-       rm -Rf tempgpg
-       mkdir tempgpg
-       chmod 700 tempgpg
-       gpg --fingerprint --batch --no-tty --homedir tempgpg --import 
${TRUSTED_KEYS}
-       gpg --batch --no-tty --homedir tempgpg --export > trustedkeys.gpg
+%.gpg: %.pubkey
+       gpg --dearmor -o $@ $<
+
+trustedkeys.gpg: ${TRUSTED_KEYS:.pubkey=.gpg}
+       cat $^ > $@
 
 .PHONY: clean
 clean:
-       rm -rf *~ aplinfo.dat.gz aplinfo.dat.asc tempgpg
+       rm -rf *~ aplinfo.dat.gz aplinfo.dat.asc tempgpg *.gpg
diff --git a/aplinfo/trustedkeys.gpg b/aplinfo/trustedkeys.gpg
deleted file mode 100644
index 
4711807d8117b701aa55ef71ba8c3c0d853d9098..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 3602
zcmb7`S2!G8yM|{*4`Gbnf+3=Wh;E23dT-H38PUrqF+`6t2vMR(38J^?61|tvOSBLZ
zqC|ucg5giT?0+A8M|&Txbv^6kx!(6)cP8j2zDe&$G!P8vE=9~P^_vDlZ4yrDSz3jW
z;uFUkVd08fMTHNK6t9A06Y4^!soA*LipM0^PJ<jR)vxB3al_8+Ty^LZ7xVdNXgKYI
zm#@8KZSJX+7r%SE%c71x_IQ;pPNo;zn^mkW0^Y=b&R$SpB=CMlISI+dt>OkHn;T_U
z2ywRiCECs4sNKM)?sxD5`JuF8Tt&stelC`iliLw{kz~-+mu8Eh_Ibn6(q#~Y&D751
z@aE~i?>yCvy68}qk9ZOHEG~IUw$E6{DcGM}Ul`8yvIF+(;QI*7f^h>iI(e8KG}~SS
zFzQ=XGCp>_>-J-6WS@4qq$o#S+;C{!TedxCtz9aJI_T1x1sP3ZXkT83bpSyfNK|QM
zvzbGzL`};Il1mvO0w9^OvIJ>$?p^+p$P9&QkAb#NH0M;m1fQ_4#yCrP9NKgxqOcE0
zbl9CeB(j&o@08#E9t4d+*EjeM5+l&FK<6*j7)dXQnRk<7DPj|e=3<8a@^PD1dt);o
z4c^2!8u9(aqQX(4c;D5273qh%B8*J)97S|ZQ+x6nUQ{}qugRZk`8VnXI*l-WY2Go<
zcT^buB}?e=$l$_7d|h!*BQn*m-1F^Q?w0-u|K6RM2Xj(aT@{?0n$-r55~PV6lk7=B
zKF^mdBvj_|w0Qy{OYZxs5G#Bx(JjG#)|vce03{FrY*5ohdic9}__G;1A$@#pT-lV}
z{hW{<?rsQoA2v||e>Q!DE5gPb!KQ&gu}ORW4f7-aUdsK?S-{T2O$H5;#is%i19%8P
ze<lpXghxOE8N&k*k&+M-;emjJG{hj18>INOAUq)G77#=i3b;W6zL~|KyKz8>2UDWB
z;;xX>8j7M6pn{N+ws>y~Cy7{x8$TOqivL)j>$<(AK$GFymlA%6+I12N2i1*72!)RR
z3?|!he^jnd4;sHze{ZKY`L*cu<?<Ot0H7DA!#9X6pr6!!m|m-X&#t1h9M||f=|N)8
zFWEHsR?d^`hTAoLEN`csm>tQa4=9+w(6Yf$qgTV8Ufa~-om;!<(12ibs6<_Jhk8Z8
zZEQ}9Ji}+W<aU7Yoiv_4qDZl_Q+u?9QVD4Bw55zUv6h{}O{lD>V$7)E0q!hWNfpe<
zxj(Tmqt6B17n7uT6QL}!Me=a#!zloFZ7-U5Yi=e|7AsW%%5tUYuEGuf;!{R$mnVkF
z2@MTR5nadgCSPO4m616@yQJ^DRm$(reV;dKw+ZvHB(~`{&uz9aH>w<Bjew^B(C@Kx
zo;kz<YEiEn_Bk&G!|u(UO+AW6oh!<x*=2x!ExT9G+_}dD-FEJqc6d`7i2jCX9)Hv{
z#$%`iHS@n@c{0@D?B}hB|Fh@jwgr=1=oTE6<W3q<!T4lkiyoJEG&g%T)}>Y)%dRL&
zHBJxP;%U9O%g7wywv>fo;iFrJu;TV_sB^KPM8@CkOT5Sy>(2n|;Jwh{XP$WZs0FnX
zF>(bDi`GYKUe$7^3QIQ+HpSs|19m_8vOgmz$(#4L*M#A|tT6Cy@@Ij+W&Vbf`H|n%
zZ#b3LS6R`820xZnnTDV>+LIyCBOhGbTyhvL{m#hivfaM71;fTY0?r)jrI><InldVZ
zZS|hchg=ebT_K&lm3qTyTMlW(E3>D%FITd-RG6^z@Raik4=uB%K4jtcF8Xk31v4@=
zWWdL(tMewDW`C$RkVg?(($ov8^t<;;fx}vak?*8?Iu#$69a^mI!S2nMkO>|;N_VdK
z*%X=MDV=Yrf?yEr9-O8)wYO^{d5_mv>`(dqa>dFQTR`12?DWVe?ar6@c9>-Mxf<p>
zgT6$)C80uQeFxo8p4v--2Z+n1M&G_?W0vF<F(8V3oQI1*@{dhVLJyl{v7-uuEdKZ}
zhA_|L6ayaG?XMal#`aLkyt}NK6r;}c+*m^LDiDUA!?F{P&4UQ<c-Bs#clCLVe^-j$
zTZd0H>o;WCpO&DkPY8(Yd>_xV$L#I}dIy&4<8Jd_6jp~n_dZirC%SXk2)tk+&nXZe
zQhm+XEyU?nXH0*zVora>qAxZhx$nw(Ds3mWTeera=q2?&I2;q5Uv+Nd`no-1draLh
zd(W%W#p=r6HWh$SJ+QBa=N6`EIrllJ?u)b$#_^>|>NGu!O=$#+Egcx8xhq_mxYG+P
zB{e>@T;ukH?QVQj9l|V^T5eZ=`@!JGu0TrB-3s>lk=11iPPM_q;0&sKmO}mya1#6f
z!O8F+ILXkm<BN)*&cwqO&i1X%`U8)`1Y+G|)(Jp=2Je5FMev7Npx?y$4J^>Vi1ptm
zlL#=NP>s%8$ERqS(-3xCdTVBxm0F$IgER>i>!1SU?QG-seDX3kZnH>6hKve_1f6SE
zcJZz>EkjA7T^Z}^O2JMWmq#Zho0yx;QhZ|p)aPX=tJ)HGR61d3ls<7fUf}Meac-vc
z8Zl)F^Utrah|TwYb`}>qIlZMB`?x|2vtB#o;h9ZmweJn#9lqL0y5v$Jw^2XQ?%e<Z
z$XhjgsaeOxC^5=U>rdxnKF19gNb4xy)nid9brS9Xiow28Jl~9Dd#1y)9Zpj#lcmSn
z-8mZmEplBZruMo6x*WAbo)Le8r=@z*s<ppJyvxD<u6u8Oa(Vvd%DX;@oc4NRlG=mP
zE;Ii|=NEX+vpc5Ay)!lZ&8KtH9|hV6dbG?#<w+Gxco66})s`no$DgsdURuiKjpkd9
z{vE%BkvGUFTl*_5c38heCAoSb_~jU>NC>=&vfQl9o0R1(0tz)B_}c50!ld-oj6{yO
z8Urf}QA0gj1T*Ug+o#XIE71z%63E$XI;vA=hPg+?+di^%Bk6C`b8UO7Y6R?Gc6~tH
zt~$M&jAJWDO2UT;EUAX8Ni)F0j^6{*#8|;#NPFQNw>YG|x)wYk`<^_(*|L-0MECH1
zD~fU7oG!CJ^+j^vaVL^pX8TBX!K(ve?SL@lAq&Yr!+&HN)k?t@7N}+4d3j))3A~A~
zT5QGg``g=R<6Ri9rPwF8rV}KqBD`13JD=B?s@EEy7i<klZRZeVLa;3?qq~`UW?JD3
zWvwaGW?9+ipS2rxi<7L>d2$}JJlY$II*W(lXOFA~tU0n9>V18Cmb%Wobg{B3{+v8c
z<B~I;6TBMUyKz2r{-Mzw(;~N3lOy)(C^qAMLj)mXZp;q;X~ST|!#oJHZ3Vn>^>(Wx
zN<YI@1hS*f@UwGrIEL1#zCn9#!mK*8IdCgCJ92&G7Lz5bjK;FyIG<em(XCQ={$ogI
z)~k~#86X&h*%fp1RvzMbvVx>T#<o&36bRlp(#*)$7dgIHAv4~S{robeF1aRF<)$ms
z8NB=N#)=sFBHdkntAeJJyYIi`;lI-0^Ecx9C-K)DfXw({AP7K608(=?t^K0~ZeP=8
zY9EI#GK~>kTgl024$>;dG+e6NV(;@D8()RbEapiK(v}du?A$!~U@>r4_V&+Lk~Lvv
z(@~kyiB)@@L$wrCHZk7wPd!JWTB6mn;YV|l>2^1BAF~3ovT{wrz4PMp1-9Ra<>a?O
zDI<A~5-v<6gU}%kPTlneyS1m`a1yVo?N|EWyzZCX4pK97D)Amj&(vJ_TH13RMi`+~
z&<Agrf@dlCMVA=jDXPy4xox^!3OUH0EVrH?|KNCj%0nJ68lNjEcUh!D6B5QSeev~;
zGzv_uBu5gbsxbrb5KiynC4JKjy|btdj+70;2#z}~I?<KflPtKR*LVS~U6Vs9$wmBF
zyhzfMYDNF9hw5)Vs>N{UKlOAS0UD{(>&a~8h^`gie}01KZ)<m^IcA2yBuF%c68w*0
zr18`eUcR+b4d5cGu?$7*DdS{epcvczV;SNL8(oe0#}!b3mQA@RmPMW9TVY1|!NQA;
zw8sj&d`rxGm`|(uKUHor1(FID2uqnnbk)YDe8RvM2#RABcDV+!_fLJ`^7mq!KI&J;
zY=b3Eu5|N*-SKd!xm?UibgJ&pnhc?|0f|im5;w<zgfr`dl0z1Sb*c2}F%RR)>g8ci
z*xMC1E9#o}b|8^Li*eq${%ay8U!IM9BUS><nl{Z@Zu^y-!Gw%no0hfS3FA74jvWjk
z;K?*c!{Kd)p9oTegl_qPr>094fn-Yxn)qm-^gs1*5rF=z;y(;$7QzoD{Og_gG$3NU
ze<3`w$LeK)d#e`a7twVvqlG+G29XwvL7m9mR~xeFg1Vq#RMQr(fkQrrWBD+{dTK}1
zWeXs)t_~Nkx2UNnbg6?^H~d2}5zT6K#q(@M!a8B5TUlI!W<_pEIb`9@n$W{VTfFZo
zl?)*aIWC~0&4RA&u)^fEO0#gsJ5?VE=$z=cT1}{5Xhvt4_~_g&j#pI`;cV|I;{1|2
zp77Z=lsyV^DSsr8y^+vTWdfr#ww(}~9Y5&}70#-luC#qywH94311wV}7P|CSCVf3~
z*VK#ak`U{_Kq=I$Vd$$wV5<0<cq8*EWOc(}Ao6uw09HDf(MxsD<8xJa+tyCV>9GC=
Rix++R=8o1)=mCG?e*oAxmBj!6

-- 
2.20.1


_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH manager] aplinfo: see trusted keys as build product, always assembly

Reply via email to