diff options
author | A. Wilcox <AWilcox@Wilcox-Tech.com> | 2023-10-20 23:20:20 -0500 |
---|---|---|
committer | A. Wilcox <AWilcox@Wilcox-Tech.com> | 2023-10-20 23:20:20 -0500 |
commit | 85ab4eb7302be954972db4113912aabead89a7b0 (patch) | |
tree | c444408085813b300d766136869773cfb33e2922 | |
parent | 0551b2302af5e7454ae403a796842bfd77ebe7bf (diff) | |
download | horizon-85ab4eb7302be954972db4113912aabead89a7b0.tar.gz horizon-85ab4eb7302be954972db4113912aabead89a7b0.tar.bz2 horizon-85ab4eb7302be954972db4113912aabead89a7b0.tar.xz horizon-85ab4eb7302be954972db4113912aabead89a7b0.zip |
hscript: Use mirror keys by default
Before, we were using the old (pre-beta4) key format. Now we pull from
the mirrors. We rely on the user either specifying the 'arch' key or
running the script on the same CPU as the target system, as assumed in
other parts of the codebase.
Fixes: #349
-rw-r--r-- | hscript/script_v.cc | 68 |
1 files changed, 54 insertions, 14 deletions
diff --git a/hscript/script_v.cc b/hscript/script_v.cc index 2cd3ab9..bf5c41f 100644 --- a/hscript/script_v.cc +++ b/hscript/script_v.cc @@ -162,30 +162,70 @@ bool add_default_repos(std::vector<std::unique_ptr<Repository>> &repos, /*! Add the default repository keys to the signing key list. * @param keys The list of repository keys. + * @param s The script object. + * @param firmware Whether to enable non-libre firmware. Defaults to false. * The list +keys+ will be modified with the default repository signing keys * for Adélie Linux. */ bool add_default_repo_keys(std::vector<std::unique_ptr<SigningKey>> &keys, const Script *s, bool firmware = false) { - SigningKey *key = static_cast<SigningKey *>( - SigningKey::parseFromData( - "/etc/apk/keys/packages@adelielinux.org.pub", - {"internal", 0}, nullptr, nullptr, s) - ); - if(!key) { - /* LCOV_EXCL_START - only relevant in OOM conditions */ - output_error("internal", "failed to create default repository signing key"); - return false; - /* LCOV_EXCL_STOP */ + const auto *arch = s->getOneValue("arch"); + std::string arch_str; + if(arch) { + arch_str = dynamic_cast<const Arch *>(arch)->value(); + } else { +#if defined(__powerpc64__) + arch_str = "ppc64"; +#elif defined(__powerpc__) + arch_str = "ppc"; +#elif defined(__aarch64__) + arch_str = "aarch64"; +#elif defined(__arm__) + arch_str = "armv7"; +#elif defined(__i386__) + arch_str = "pmmx"; +#elif defined(__x86_64__) + arch_str = "x86_64"; +#elif defined(__mips64) +# if defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ + arch_str = "mips64el"; +# else /* If byte order is not defined, default to big endian. */ + arch_str = "mips64"; +# endif +#elif defined(__mips__) +# if defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ + arch_str = "mipsel"; +# else /* If byte order is not defined, default to big endian. */ + arch_str = "mips"; +# endif +#else +#error "Unknown default architecture. Sorry." +#endif + } + const std::string key_url{"https://distfiles.adelielinux.org/adelie/keys/" + + arch_str + "/" + arch_str}; + for(const auto &url : {key_url + "-1@packages.adelielinux.org.pub", + key_url + "-2@packages.adelielinux.org.pub"}) { + SigningKey *key = static_cast<SigningKey *>( + SigningKey::parseFromData(url, {"internal", 0}, + nullptr, nullptr, s) + ); + if (!key) { + /* LCOV_EXCL_START - only relevant in OOM conditions */ + output_error("internal", "failed to create default repository signing key"); + return false; + /* LCOV_EXCL_STOP */ + } + std::unique_ptr<SigningKey> repo_key(key); + keys.push_back(std::move(repo_key)); } - std::unique_ptr<SigningKey> repo_key(key); - keys.push_back(std::move(repo_key)); #ifdef NON_LIBRE_FIRMWARE /* REQ: Runner.Execute.signingkey.Firmware */ if(firmware) { + const std::string base_url = "https://distfiles.adelielinux.org/adelie/keys/"; SigningKey *fkey = dynamic_cast<SigningKey *>(SigningKey::parseFromData( - "/etc/apk/keys/packages@pleroma.apkfission.net-5ac0b300.rsa.pub", + base_url + "/packages@pleroma.apkfission.net-5ac0b300.rsa.pub", {"internal", 0}, nullptr, nullptr, s) ); if(!fkey) { @@ -195,7 +235,7 @@ bool add_default_repo_keys(std::vector<std::unique_ptr<SigningKey>> &keys, std::unique_ptr<SigningKey> fw_key(fkey); keys.push_back(std::move(fw_key)); fkey = dynamic_cast<SigningKey *>(SigningKey::parseFromData( - "/etc/apk/keys/packages@pleroma.apkfission.net-5ac04808.rsa.pub", + base_url + "/packages@pleroma.apkfission.net-5ac04808.rsa.pub", {"", 0}, nullptr, nullptr, s)); if(fkey) { std::unique_ptr<SigningKey> fw_key2(fkey); |