aplinfo: see trusted keys as build product, always assembly

Don't track the binary trustedkeys.gpg but see it just as normal
build product with the armored keys as source.

This ensures we always ship those from TRUSTED_KEYS variable, not
more, not less.

Instead of the "gpg import+export in temporary home dir" just
de-armor and concatenate them our self, that's what happens anyway.

This could be even simplified by just using base64 -d on the pubkeys,
after the non base64 stuff was trimmed, that would omit our need for
gpg here completely.

Thanks to Wolfgang B. for giving the idea to just do simple stuff :)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/aplinfo/Makefile b/aplinfo/Makefile
index 4b33bf1d877d8111a8b062a272bb99ab1acc88a8..acd663722c60a4892c3d92fc2abeae84a6a979ea 100644 (file)
--- a/aplinfo/Makefile
+++ b/aplinfo/Makefile
@@ -19,26 +19,12 @@ update:
        wget http://download.proxmox.com/images/aplinfo-pve-6.dat -O aplinfo.dat.tmp
        mv aplinfo.dat.tmp aplinfo.dat
 
-# Default list of GPG keys allowed to sign aplinfo, generated with:
-# gpg --import-options show-only --import trustedkeys.gpg
-# pub   rsa4096 2016-08-29 [SC] [expires: 2026-08-27]
-#       359E95965E2C3D643159CD300D9A1950E2EF0603
-# uid                      Proxmox Virtual Environment 5.x Release Key <proxmox-release@proxmox.com>
-#
-# pub   rsa4096 2018-11-19 [SC] [expires: 2028-11-16]
-#       353479F83781D7F8ED5F5AC57BF2812E8A6E88E0
-# uid                      Proxmox Virtual Environment 6.x Release Key <proxmox-release@proxmox.com>
-#
-# pub   rsa2048 2008-08-15 [SC] [expires: 2023-08-12]
-#       694CFF26795A29BAE07B4EB585C25E95A16EB94D
-# uid                      Turnkey Linux Release Key <release@turnkeylinux.com>
-trustedkeys.gpg: ${TRUSTED_KEYS}
-       rm -Rf tempgpg
-       mkdir tempgpg
-       chmod 700 tempgpg
-       gpg --fingerprint --batch --no-tty --homedir tempgpg --import ${TRUSTED_KEYS}
-       gpg --batch --no-tty --homedir tempgpg --export > trustedkeys.gpg
+%.gpg: %.pubkey
+       gpg --dearmor -o $@ $<
+
+trustedkeys.gpg: ${TRUSTED_KEYS:.pubkey=.gpg}
+       cat $^ > $@
 
 .PHONY: clean
 clean:
-       rm -rf *~ aplinfo.dat.gz aplinfo.dat.asc tempgpg
+       rm -rf *~ aplinfo.dat.gz aplinfo.dat.asc tempgpg *.gpg

diff --git a/aplinfo/trustedkeys.gpg b/aplinfo/trustedkeys.gpg
deleted file mode 100644 (file)
index 4711807..0000000
Binary files a/aplinfo/trustedkeys.gpg and /dev/null differ