mira/gentoo-pill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

enable signing

Browse Source
This commit is contained in:
Mira
2025-12-07 20:27:56 +06:00
parent 314fe4354d
commit 1235389da1
4 changed files with 40 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1,4 +1,5 @@
ctx/ ctx/
secrets/
repo/ repo/
*.key *.key
*.pub *.pub

5
binhost.sh
View File

@@ -10,6 +10,7 @@ IMAGE="docker.io/gentoo/stage3:amd64-desktop-openrc"
CONTAINER_NAME="gentoo_builder" CONTAINER_NAME="gentoo_builder"
PROFILE="default/linux/amd64/23.0/desktop" PROFILE="default/linux/amd64/23.0/desktop"
LOG_FILE="/var/log/gentoo_build.log" # inside container LOG_FILE="/var/log/gentoo_build.log" # inside container
HOST_KEY_PATH="$(pwd)/secrets/signing.key"
if [[ ! -d "$REPO/.git" ]]; then if [[ ! -d "$REPO/.git" ]]; then
git clone "$REPO_URL" "$REPO" git clone "$REPO_URL" "$REPO"
@@ -66,12 +67,16 @@ init_container() {
-v portage_db:/var/db/repos/gentoo \ -v portage_db:/var/db/repos/gentoo \
-v distfiles:/var/cache/distfiles \ -v distfiles:/var/cache/distfiles \
-v binpkgs:/var/cache/binpkgs \ -v binpkgs:/var/cache/binpkgs \
-v "$HOST_KEY_PATH":/tmp/signing.key:ro \
--tmpfs /var/tmp/portage:rw,size=48G,mode=1777 \ --tmpfs /var/tmp/portage:rw,size=48G,mode=1777 \
"$IMAGE" \ "$IMAGE" \
bin/bash -c "sleep infinity" bin/bash -c "sleep infinity"
echo "Running setup..." echo "Running setup..."
podman exec "$CONTAINER_NAME" bash -c " podman exec "$CONTAINER_NAME" bash -c "
mkdir -p /root/.gnupg
chmod 700 /root/.gnupg
gpg --batch --import /tmp/signing.key
emerge-webrsync -q emerge-webrsync -q
emerge -1vn --usepkg --buildpkg dev-vcs/git app-eselect/eselect-repository emerge -1vn --usepkg --buildpkg dev-vcs/git app-eselect/eselect-repository
eselect profile set '$PROFILE' eselect profile set '$PROFILE'

6
binhost/make.conf
View File

@@ -23,7 +23,11 @@ VIDEO_CARDS="intel nouveau"
# "buildpkg" = generate binary packages upon install # "buildpkg" = generate binary packages upon install
# "binpkg-multi-instance" = keep only latest version, but support slotting # "binpkg-multi-instance" = keep only latest version, but support slotting
FEATURES="${FEATURES} -getbinpkg buildpkg binpkg-multi-instance -ipc-sandbox -network-sandbox -pid-sandbox" FEATURES="${FEATURES} -getbinpkg buildpkg binpkg-multi-instance -ipc-sandbox -network-sandbox -pid-sandbox binpkg-signing"
ACCEPT_LICENSE="*" ACCEPT_LICENSE="*"
BINPKG_FORMAT="gpkg" BINPKG_FORMAT="gpkg"
# gpg
BINPKG_GPG_SIGNING_GPG_HOME="/root/.gnupg"
BINPKG_GPG_SIGNING_KEY="0x2D74807D22E7B8551ADAABD44DD2AD0F96276ABF"

29
public_key.asc Normal file
View File

@@ -0,0 +1,29 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGk1iMwBEADDCZJNpmr/BEmWX9XqOWcIFrmlHw3396LHFrGD7TLQOygbe5t5
dsgpvz/NNhmKe1HdDUi5vYUQhfcFD2DJI08L5oCZJ4BncuAXZeQ7tNJZvdR5mQ0n
als8nbYp7aX4Q/bKEQvO+HP8NimIi+//MGwjGap2aHmpZMFRW1PrYATpcNkK6wzL
moNeA3/qa86kzP4ODiBwti1XAT3u1Zo6sEQACpz6x3O4KTiekObbfXtmlhjL7OUP
QKeZFWkvkHZNtHSvkUxHNA2taNeuQJXu/XA2D/6Bq3y1OYn7RjaHzKkrysqk3wfD
hqfhEcJKxk+6VHFyyl/ET2pj5EEnHVSR9dTkJIgb/0KJjGAoP+jLF3US7WYSfvKu
GCLhrSu3zRaGZ50deoDsZYEuCyNPdNS+5pnbgNZFuVnqUzr3GsV2c/lZUA22YYWz
Iyif0MIaU0Z6VhS4Vsw7O0/45VqSdU5P+ifghzvtTvB9GUzV2TSZ08Xc5E7WHEAG
jPM4R9ZtaScRHSNvfTr0Tk/T8kRzlU9XhjytBGkHuNke61VQiRaiwR4wmTGRtbYo
LM66wJmDOmqier3HwzeuJOx2Uxh0HObqczlZh26QzQdWVBf9FjMNXpFRGj8ACQI+
kcjmR7wQoLW4MER3ucNo7vCVFj6BM54zSYqTd7p6WJCavV6b3kRnAb+OdwARAQAB
tCRHZW50b28gQnVpbGRlciA8Z2VudG9vLXBpbGxAYXlhdS5tZT6JAk8EEwEKADkW
IQQtdIB9Iue4VRraq9RN0q0PlidqvwUCaTWIzAMbLwQFCwkIBwIGFQoJCAsCBBYC
AwECHgECF4AACgkQTdKtD5Ynar9v2g/9G/42kp3K9qjq0zG2xrtuESkil5Do73Cc
9/tkVJN/5kV8SKrhMklhOp9cQ3olKkFRtI+ZSj7I/HTT9MFAAv0RDjb1EDRENv2G
vQOQUKpokrAhGXrU2gVpP+oJI7WE2nk/8pNDPGve+f+xJ4kpjkIr33r5xl1Cj+rI
Xfn1WJUGPNEFtNoRpVeg/FC5k8MS1j714Hdz6c/OkZBaHaURd8mhS7QsV/pq8Ttz
T17V0m5llcUkNqkxusc6aJhOt0ghA6frF1TIo0bC3P1NY73Ni1y0w90sImzVlTCA
2V8jBdlXjjS7n6e2WxVHUEP73uKuBX3SACjNZ3KAsVzmzf0qV7a+epwO5uK7OK7H
JpgHnXZvzS1bmpBuxyg4rcfWuvhNbvX+FnaMJXvdNWtU/zi1T37k2tNcFWor7AQ4
1WkmUJgCNRBqBYYzZ2fhgUDXxArrtTdU6xCzuxCVFd22SGS8FEYE/U4WPyKF6gND
uHVGVfJ6R1HM9r/ZbEtwKoisH74r8Sncdd+ne+4H8FB5QVlbBuNZVa54rDF2BEzA
ChO/FTH8mUk7sypnNfufpm9RRfY8z8/L/b7KpbsP/WsGPo+N6lAP3vYgKOCUxBxP
l3J0o6GxOVIC3ZhxKgquNze9MMZBRiwgvoolRKZpPCp5kPqf2xxeLnbWfNCPjJNV
b2PQrY0UJ/k=
=HHW8
-----END PGP PUBLIC KEY BLOCK-----