From b9f5b0e725d11f785c54a6cf81327637e112e58d Mon Sep 17 00:00:00 2001 From: classabbyamp Date: Fri, 17 Nov 2023 23:19:16 -0500 Subject: [PATCH] common/xbps-src/shutils/chroot.sh: support importing other keys When packages in `hostdir/binpkgs` are signed, it causes `xbps-src` to annoyingly request to import the associated key (every time, in the case of automation tools like `xxbuild` or `ymir`). This allows the user to add their personal public key `.plist` to `etc/repo-keys/` so this prompting does not happen. --- .gitignore | 1 + README.md | 3 +++ common/xbps-src/shutils/chroot.sh | 3 +++ 3 files changed, 7 insertions(+) diff --git a/.gitignore b/.gitignore index ae75426d89b57..0a1b2da0284e7 100644 --- a/.gitignore +++ b/.gitignore @@ -21,3 +21,4 @@ etc/conf etc/conf.* etc/virtual etc/xbps.d/custom +etc/repo-keys diff --git a/README.md b/README.md index a63ee5e8082d4..b52198c98dd3c 100644 --- a/README.md +++ b/README.md @@ -340,6 +340,9 @@ Each time a binary package is created, a package signature must be created with > It is not possible to sign a repository with multiple RSA keys. +If packages in `hostdir/binpkgs` are signed, the key in `.plist` format (as imported by xbps) can be placed +in `etc/repo-keys/` to prevent xbps-src from prompting to import that key. + ### Rebuilding and overwriting existing local packages diff --git a/common/xbps-src/shutils/chroot.sh b/common/xbps-src/shutils/chroot.sh index d65d8d7e30741..69ca6b78f5838 100644 --- a/common/xbps-src/shutils/chroot.sh +++ b/common/xbps-src/shutils/chroot.sh @@ -309,6 +309,9 @@ chroot_sync_repodata() { # Copy xbps repository keys to the masterdir. mkdir -p $XBPS_MASTERDIR/var/db/xbps/keys cp -f $XBPS_COMMONDIR/repo-keys/*.plist $XBPS_MASTERDIR/var/db/xbps/keys + if [ -n "$(shopt -s nullglob; echo "$XBPS_DISTDIR"/etc/repo-keys/*.plist)" ]; then + cp -f "$XBPS_DISTDIR"/etc/repo-keys/*.plist "$XBPS_MASTERDIR"/var/db/xbps/keys + fi # Make sure to sync index for remote repositories. if [ -z "$XBPS_SKIP_REMOTEREPOS" ]; then