Introduce GPG siging

This commit is contained in:
Ohio2 2021-10-01 21:24:56 +02:00
parent bbd1bec527
commit 2b97b44e16
Signed by: Ohio2
GPG key ID: 2746D0A9E4F21E80
2 changed files with 38 additions and 38 deletions

View file

@ -1 +1,2 @@
# This follows the UNIX philosophy
Actually, also altools is meant to be in shell since it's ok

75
aps
View file

@ -4,14 +4,20 @@
# aps. rewritten. #
###################
# OHIO: aps *needs* to be rewritten, i can't add any thing else in the aps.old.sh
temp_location="/var/tmp"
install_root="/var/tmp/alroot"
installed_pkg_database="${install_root}/var/aps/installed"
#locpkg_database="${install_root}/var/aps/repos"
lock="${install_root}/var/aps/lock"
#official="https://git.hippoz.xyz/alnux/repo"
debug=off
if [ -f "$XDG_CONFIG_HOME/al/config" ]; then
. $XDG_CONFIG_HOME/al/config
elif [ -f "$HOME/.config/al/config" ]; then
. $HOME/.config/al/config
elif [ -f "/etc/al/config" ]; then
. /etc/al/config
elif [ -f "/etc/skel/al/config "]; then
. /etc/skel/al/config
else
wrn "No config file!"
fi
case ${debug} in
on) set -x ;;
esac
function prn(){
echo -e "\e[34m==>\e[39m $1"
}
@ -33,9 +39,9 @@ function notf(){
function confirm(){
prn "To install, press ENTER, to cancel, press CTRL+C (unix process break key)"
}
function dbg(){
wrn "This is a debug build, that may not work!"
}
#function dbg(){
# wrn "This is a debug build, that may not work!"
#}
function sources(){
if [ -f sources ]; then
pkg_config_url=$(cat sources)
@ -59,24 +65,26 @@ function sources(){
fi
}
function sha256(){
sum="$(cat $@/sums)"
case ${shawrp##*/} in
openssl) set -- dgst -sha256 -r "$sum" ;;
sha256 set -- -r "$sum" ;;
esac
hsh=$("$shawrp" "$sum")
sum="$(cat $1/sums | cut -d'+' -f-)"
sha256sum $sum > $1.sha256sum
shafilesum=sha256sum -cs "$1.sha256sum"
if [ shasum == shafilesum ]; then
prn "OK! sha verified."
else
err "Invalid sha"
fi
}
function md5(){
sum="$(cat $@/sums)"
md5sum "$sum"
}
#function md5(){
# sum="$(cat $@/sums)"
# md5sum "$sum"
#}
function versum(){
$sumrest=$(cat $@/sums | cut -d'+' -f-)
$sumtype=$(cat $@/sums | cut -d'+' -f2)
case $sumtype in
sha256) sha256 ;;
md5) md5 ;;
sha256) sha256 $1 ;;
md5) err "MD5 is not supported." ;;
esac
}
function runbuildsh(){
@ -107,19 +115,6 @@ function pkg_find(){
}
function pkg_local(){
if [ -z "$AL_REPO" ]; then
#wrn "Alnux Repo variable is not set, setting to /var/db/repo/core!"
#prn "To set the Alnux Repo var, either:"
#prn " edit /etc/profile or your shell's profile to include your repo and sub-repos, "
#prn " much like this: export AL_REPO=/var/db/repo/core:/var/db/repo/extra OR"
#prn " export Alnux Repo var like this: export AL_REPO=/var/db/repo/core:/var/db/repo/extra"
#export AL_REPO="/var/aps/repos/official/core"
#notf "AL_REPO set to /var/db/repo/core"
#prn "Verifying if AL_REPO is set..."
#if [ -z $AL_REPO ]; then
# err "AL_REPO is not set."
#else
# prn "$(echo $AL_REPO)... yes."
#fi
err "Alnux Repo variable is not set. Will not continue"
fi
pkg_find $1
@ -140,7 +135,7 @@ function pkg_local(){
cd "${pkg_path}"
sources || err "No sources found / failed getting sources"
if [ -f sums ]
versum "${pkg_path}"
versum "${1}"
else
wrn "No sums file found! Be careful!"
fi
@ -218,7 +213,11 @@ function version(){
prn "APS Version 0.1.0"
}
function main(){
dbg
if [ -f "${lock}" ]; then
err "A lock file already exists (another instance of the package manager could be running). If you're sure no package manager is running, remove the file ${lock}."
fi
touch "${lock}"
#dbg
case $1 in
s|sync) sync_local_repo_database "official" ${official}
[ -z "${2}" ] && exit 0