hscript: Use mirror keys by default

Before, we were using the old (pre-beta4) key format. Now we pull from the mirrors. We rely on the user either specifying the 'arch' key or running the script on the same CPU as the target system, as assumed in other parts of the codebase. Fixes: #349
author: A. Wilcox <AWilcox@Wilcox-Tech.com> 2023-10-20 23:20:20 -0500
committer: A. Wilcox <AWilcox@Wilcox-Tech.com> 2023-10-20 23:20:20 -0500
commit: 85ab4eb7302be954972db4113912aabead89a7b0 (patch)
tree: c444408085813b300d766136869773cfb33e2922
parent: 0551b2302af5e7454ae403a796842bfd77ebe7bf (diff)
download: horizon-85ab4eb7302be954972db4113912aabead89a7b0.tar.gz
horizon-85ab4eb7302be954972db4113912aabead89a7b0.tar.bz2
horizon-85ab4eb7302be954972db4113912aabead89a7b0.tar.xz
horizon-85ab4eb7302be954972db4113912aabead89a7b0.zip
1 files changed, 54 insertions, 14 deletions
diff --git a/hscript/script_v.cc b/hscript/script_v.cc
index 2cd3ab9..bf5c41f 100644
--- a/hscript/script_v.cc
+++ b/hscript/script_v.cc
@@ -162,30 +162,70 @@ bool add_default_repos(std::vector<std::unique_ptr<Repository>> &repos,
 
 /*! Add the default repository keys to the signing key list.
  * @param keys      The list of repository keys.
+ * @param s         The script object.
+ * @param firmware  Whether to enable non-libre firmware.  Defaults to false.
  * The list +keys+ will be modified with the default repository signing keys
  * for Adélie Linux.
  */
 bool add_default_repo_keys(std::vector<std::unique_ptr<SigningKey>> &keys,
                            const Script *s, bool firmware = false) {
-    SigningKey *key = static_cast<SigningKey *>(
-        SigningKey::parseFromData(
-            "/etc/apk/keys/packages@adelielinux.org.pub",
-            {"internal", 0}, nullptr, nullptr, s)
-    );
-    if(!key) {
-        /* LCOV_EXCL_START - only relevant in OOM conditions */
-        output_error("internal", "failed to create default repository signing key");
-        return false;
-        /* LCOV_EXCL_STOP */
+    const auto *arch = s->getOneValue("arch");
+    std::string arch_str;
+    if(arch) {
+        arch_str = dynamic_cast<const Arch *>(arch)->value();
+    } else {
+#if defined(__powerpc64__)
+        arch_str = "ppc64";
+#elif defined(__powerpc__)
+        arch_str = "ppc";
+#elif defined(__aarch64__)
+        arch_str = "aarch64";
+#elif defined(__arm__)
+        arch_str = "armv7";
+#elif defined(__i386__)
+        arch_str = "pmmx";
+#elif defined(__x86_64__)
+        arch_str = "x86_64";
+#elif defined(__mips64)
+#   if defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
+        arch_str = "mips64el";
+#   else  /* If byte order is not defined, default to big endian. */
+        arch_str = "mips64";
+#   endif
+#elif defined(__mips__)
+#   if defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
+        arch_str = "mipsel";
+#   else  /* If byte order is not defined, default to big endian. */
+        arch_str = "mips";
+#   endif
+#else
+#error "Unknown default architecture.  Sorry."
+#endif
+    }
+    const std::string key_url{"https://distfiles.adelielinux.org/adelie/keys/"
+                              + arch_str + "/" + arch_str};
+    for(const auto &url : {key_url + "-1@packages.adelielinux.org.pub",
+                           key_url + "-2@packages.adelielinux.org.pub"}) {
+        SigningKey *key = static_cast<SigningKey *>(
+                SigningKey::parseFromData(url, {"internal", 0},
+                                          nullptr, nullptr, s)
+        );
+        if (!key) {
+            /* LCOV_EXCL_START - only relevant in OOM conditions */
+            output_error("internal", "failed to create default repository signing key");
+            return false;
+            /* LCOV_EXCL_STOP */
+        }
+        std::unique_ptr<SigningKey> repo_key(key);
+        keys.push_back(std::move(repo_key));
     }
-    std::unique_ptr<SigningKey> repo_key(key);
-    keys.push_back(std::move(repo_key));
 
 #ifdef NON_LIBRE_FIRMWARE
     /* REQ: Runner.Execute.signingkey.Firmware */
     if(firmware) {
+        const std::string base_url = "https://distfiles.adelielinux.org/adelie/keys/";
         SigningKey *fkey = dynamic_cast<SigningKey *>(SigningKey::parseFromData(
-            "/etc/apk/keys/packages@pleroma.apkfission.net-5ac0b300.rsa.pub",
+            base_url + "/packages@pleroma.apkfission.net-5ac0b300.rsa.pub",
             {"internal", 0}, nullptr, nullptr, s)
         );
         if(!fkey) {
@@ -195,7 +235,7 @@ bool add_default_repo_keys(std::vector<std::unique_ptr<SigningKey>> &keys,
         std::unique_ptr<SigningKey> fw_key(fkey);
         keys.push_back(std::move(fw_key));
         fkey = dynamic_cast<SigningKey *>(SigningKey::parseFromData(
-            "/etc/apk/keys/packages@pleroma.apkfission.net-5ac04808.rsa.pub",
+            base_url + "/packages@pleroma.apkfission.net-5ac04808.rsa.pub",
                                               {"", 0}, nullptr, nullptr, s));
         if(fkey) {
             std::unique_ptr<SigningKey> fw_key2(fkey);
author	A. Wilcox <AWilcox@Wilcox-Tech.com>	2023-10-20 23:20:20 -0500
committer	A. Wilcox <AWilcox@Wilcox-Tech.com>	2023-10-20 23:20:20 -0500
commit	85ab4eb7302be954972db4113912aabead89a7b0 (patch)
tree	c444408085813b300d766136869773cfb33e2922
parent	0551b2302af5e7454ae403a796842bfd77ebe7bf (diff)
download	horizon-85ab4eb7302be954972db4113912aabead89a7b0.tar.gz horizon-85ab4eb7302be954972db4113912aabead89a7b0.tar.bz2 horizon-85ab4eb7302be954972db4113912aabead89a7b0.tar.xz horizon-85ab4eb7302be954972db4113912aabead89a7b0.zip