From 85ab4eb7302be954972db4113912aabead89a7b0 Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Fri, 20 Oct 2023 23:20:20 -0500 Subject: hscript: Use mirror keys by default Before, we were using the old (pre-beta4) key format. Now we pull from the mirrors. We rely on the user either specifying the 'arch' key or running the script on the same CPU as the target system, as assumed in other parts of the codebase. Fixes: #349 --- hscript/script_v.cc | 68 ++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 54 insertions(+), 14 deletions(-) diff --git a/hscript/script_v.cc b/hscript/script_v.cc index 2cd3ab9..bf5c41f 100644 --- a/hscript/script_v.cc +++ b/hscript/script_v.cc @@ -162,30 +162,70 @@ bool add_default_repos(std::vector> &repos, /*! Add the default repository keys to the signing key list. * @param keys The list of repository keys. + * @param s The script object. + * @param firmware Whether to enable non-libre firmware. Defaults to false. * The list +keys+ will be modified with the default repository signing keys * for Adélie Linux. */ bool add_default_repo_keys(std::vector> &keys, const Script *s, bool firmware = false) { - SigningKey *key = static_cast( - SigningKey::parseFromData( - "/etc/apk/keys/packages@adelielinux.org.pub", - {"internal", 0}, nullptr, nullptr, s) - ); - if(!key) { - /* LCOV_EXCL_START - only relevant in OOM conditions */ - output_error("internal", "failed to create default repository signing key"); - return false; - /* LCOV_EXCL_STOP */ + const auto *arch = s->getOneValue("arch"); + std::string arch_str; + if(arch) { + arch_str = dynamic_cast(arch)->value(); + } else { +#if defined(__powerpc64__) + arch_str = "ppc64"; +#elif defined(__powerpc__) + arch_str = "ppc"; +#elif defined(__aarch64__) + arch_str = "aarch64"; +#elif defined(__arm__) + arch_str = "armv7"; +#elif defined(__i386__) + arch_str = "pmmx"; +#elif defined(__x86_64__) + arch_str = "x86_64"; +#elif defined(__mips64) +# if defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ + arch_str = "mips64el"; +# else /* If byte order is not defined, default to big endian. */ + arch_str = "mips64"; +# endif +#elif defined(__mips__) +# if defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ + arch_str = "mipsel"; +# else /* If byte order is not defined, default to big endian. */ + arch_str = "mips"; +# endif +#else +#error "Unknown default architecture. Sorry." +#endif + } + const std::string key_url{"https://distfiles.adelielinux.org/adelie/keys/" + + arch_str + "/" + arch_str}; + for(const auto &url : {key_url + "-1@packages.adelielinux.org.pub", + key_url + "-2@packages.adelielinux.org.pub"}) { + SigningKey *key = static_cast( + SigningKey::parseFromData(url, {"internal", 0}, + nullptr, nullptr, s) + ); + if (!key) { + /* LCOV_EXCL_START - only relevant in OOM conditions */ + output_error("internal", "failed to create default repository signing key"); + return false; + /* LCOV_EXCL_STOP */ + } + std::unique_ptr repo_key(key); + keys.push_back(std::move(repo_key)); } - std::unique_ptr repo_key(key); - keys.push_back(std::move(repo_key)); #ifdef NON_LIBRE_FIRMWARE /* REQ: Runner.Execute.signingkey.Firmware */ if(firmware) { + const std::string base_url = "https://distfiles.adelielinux.org/adelie/keys/"; SigningKey *fkey = dynamic_cast(SigningKey::parseFromData( - "/etc/apk/keys/packages@pleroma.apkfission.net-5ac0b300.rsa.pub", + base_url + "/packages@pleroma.apkfission.net-5ac0b300.rsa.pub", {"internal", 0}, nullptr, nullptr, s) ); if(!fkey) { @@ -195,7 +235,7 @@ bool add_default_repo_keys(std::vector> &keys, std::unique_ptr fw_key(fkey); keys.push_back(std::move(fw_key)); fkey = dynamic_cast(SigningKey::parseFromData( - "/etc/apk/keys/packages@pleroma.apkfission.net-5ac04808.rsa.pub", + base_url + "/packages@pleroma.apkfission.net-5ac04808.rsa.pub", {"", 0}, nullptr, nullptr, s)); if(fkey) { std::unique_ptr fw_key2(fkey); -- cgit v1.2.3-70-g09d2