build: Extract gpg key fetching into a helpers (#138)

geldata · Feb 11, 2025 · bbf16aa · bbf16aa
1 parent 2704c00
commit bbf16aa
Show file tree

Hide file tree

Showing 27 changed files with 577 additions and 720 deletions.
diff --git a/integration/linux/build/.gitattributes b/integration/linux/build/.gitattributes
@@ -0,0 +1 @@
+Dockerfile    linguist-generated=true
diff --git a/integration/linux/build/_bootstrap/_helpers.sh b/integration/linux/build/_bootstrap/_helpers.sh
@@ -0,0 +1,8 @@
+function fetch_keys() {
+    for key in "${@}"; do
+        gpg --batch --keyserver pgp.mit.edu --recv-keys "$key" \
+        || gpg --batch --keyserver keyserver.pgp.com --recv-keys "$key" \
+        || gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" \
+        || gpg --batch --keyserver keys.openpgp.org --recv-keys "$key"
+    done
+}
diff --git a/integration/linux/build/_bootstrap/cmake.sh b/integration/linux/build/_bootstrap/cmake.sh
@@ -4,9 +4,12 @@ set -ex
 
 : ${CMAKE_VERSION:=3.30.2}
 
+source "${BASH_SOURCE%/*}/_helpers.sh"
+
 CMAKE_KEYS=(
     CBA23971357C2E6590D9EFD3EC8FEF3A7BFB4EDA
 )
+fetch_keys "${CMAKE_KEYS[@]}"
 
 
 CMAKE_ARCH=
@@ -32,11 +35,6 @@ _server="https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}"
 curl -fsSLO "${_server}/cmake-${CMAKE_VERSION}-SHA-256.txt"
 curl -fsSLO "${_server}/cmake-${CMAKE_VERSION}-SHA-256.txt.asc"
 
-for key in "${CMAKE_KEYS[@]}"; do
-    gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" \
-    || gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key"
-done
-
 gpg --batch --verify "cmake-${CMAKE_VERSION}-SHA-256.txt.asc" "cmake-${CMAKE_VERSION}-SHA-256.txt"
 rm -f "cmake-${CMAKE_VERSION}-SHA-256.txt.asc"
 

diff --git a/integration/linux/build/_bootstrap/git.sh b/integration/linux/build/_bootstrap/git.sh
@@ -4,21 +4,19 @@ set -ex
 
 : ${GIT_VERSION:=2.33.1}
 
+source "${BASH_SOURCE%/*}/_helpers.sh"
+
 GIT_KEYS=(
     E1F036B1FEE7221FC778ECEFB0B5E88696AFE6CB
 )
+fetch_keys "${GIT_KEYS[@]}"
 
 mkdir -p /usr/src/git
 cd /usr/src
 
 curl -fsSLo git.tar.xz "https://www.kernel.org/pub/software/scm/git/git-${GIT_VERSION}.tar.xz"
 curl -fsSLo git.tar.sign "https://www.kernel.org/pub/software/scm/git/git-${GIT_VERSION}.tar.sign"
 
-for key in "${GIT_KEYS[@]}"; do
-    gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" \
-    || gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key"
-done
-
 # gpg --batch --verify git.tar.sign git.tar.xz
 rm -f git.tar.sign
 

diff --git a/integration/linux/build/_bootstrap/gzip.sh b/integration/linux/build/_bootstrap/gzip.sh
@@ -4,21 +4,19 @@ set -ex
 
 : ${GZIP_VERSION:=1.13}
 
+source "${BASH_SOURCE%/*}/_helpers.sh"
+
 GZIP_KEYS=(
     155D3FC500C834486D1EEA677FD9FCCB000BEEEE
 )
+fetch_keys "${GZIP_KEYS[@]}"
 
 mkdir -p /usr/src/gzip
 cd /usr/src
 
 curl -fsSLo gzip.tar.gz "https://ftp.gnu.org/gnu/gzip/gzip-${GZIP_VERSION}.tar.gz"
 curl -fsSLo gzip.tar.gz.sign "https://ftp.gnu.org/gnu/gzip/gzip-${GZIP_VERSION}.tar.gz.sig"
 
-for key in "${GZIP_KEYS[@]}"; do
-    gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" \
-    || gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key"
-done
-
 gpg --batch --verify gzip.tar.gz.sign gzip.tar.gz
 rm -f gzip.tar.gz.sign
 

diff --git a/integration/linux/build/_bootstrap/node.sh b/integration/linux/build/_bootstrap/node.sh
@@ -4,6 +4,8 @@ set -ex
 
 : ${NODE_VERSION:=16.16.0}
 
+source "${BASH_SOURCE%/*}/_helpers.sh"
+
 NODE_KEYS=(
     4ED778F539E3634C779C87C6D7062848A1AB005C
     141F07595B7B3FFE74309A937405533BE57C7D57
@@ -18,6 +20,7 @@ NODE_KEYS=(
     108F52B48DB57BB0CC439B2997B01419BD92F80A
     B9E2F5981AA6E0CD28160D9FF13993A75599653C
 )
+fetch_keys "${NODE_KEYS[@]}"
 
 if getconf GNU_LIBC_VERSION 2>&1 >/dev/null; then
     libc="glibc"
@@ -69,11 +72,6 @@ esac
 curl -fsSLO "${node_server}/node-v${NODE_VERSION}-linux-${NODE_ARCH}.tar.xz"
 curl -fsSLO "${node_server}/SHASUMS256.txt.asc"
 
-for key in "${NODE_KEYS[@]}"; do
-    gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" \
-    || gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key"
-done
-
 gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc
 grep " node-v${NODE_VERSION}-linux-${NODE_ARCH}.tar.xz\$" SHASUMS256.txt | sha256sum -c -
 tar -xJf "node-v${NODE_VERSION}-linux-${NODE_ARCH}.tar.xz" -C /usr/local --strip-components=1 --no-same-owner

diff --git a/integration/linux/build/_bootstrap/openssl.sh b/integration/linux/build/_bootstrap/openssl.sh
@@ -4,10 +4,13 @@ set -ex
 
 : ${OPENSSL_VERSION:=3.3.2}
 
+source "${BASH_SOURCE%/*}/_helpers.sh"
+
 OPENSSL_KEYS=(
     BA5473A2B0587B07FB27CF2D216094DFD0CB81EF
     EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5
 )
+fetch_keys "${OPENSSL_KEYS[@]}"
 
 mkdir -p /usr/src/openssl
 cd /usr/src
@@ -20,11 +23,6 @@ else
     curl -fsSLo openssl.tar.gz.asc "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz.asc"
 fi
 
-for key in "${OPENSSL_KEYS[@]}"; do
-    gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" \
-    || gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key"
-done
-
 gpg --batch --verify openssl.tar.gz.asc openssl.tar.gz
 rm -f openssl.tar.gz.asc
 

diff --git a/integration/linux/build/_bootstrap/python.sh b/integration/linux/build/_bootstrap/python.sh
@@ -5,11 +5,14 @@ set -ex
 : ${PYTHON_VERSION:=3.12.7}
 : ${PYTHON_PIP_VERSION:=24.2}
 
+source "${BASH_SOURCE%/*}/_helpers.sh"
+
 PYTHON_KEYS=(
     E3FF2839C048B25C084DEBE9B26995E310250568
     a035c8c19219ba821ecea86b64e628f8d684696d
     7169605F62C751356D054A26A821E680E5FA6305
 )
+fetch_keys "${PYTHON_KEYS[@]}"
 
 mkdir -p /usr/src/python
 cd /usr/src
@@ -19,11 +22,6 @@ curl -fsSLo python.tar.xz \
 curl -fsSLo python.tar.xz.asc \
     "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc"
 
-for key in "${PYTHON_KEYS[@]}"; do
-    gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" \
-    || gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key"
-done
-
 gpg --batch --verify python.tar.xz.asc python.tar.xz
 rm -f python.tar.xz.asc
 

diff --git a/integration/linux/build/_bootstrap/tar.sh b/integration/linux/build/_bootstrap/tar.sh
@@ -4,22 +4,20 @@ set -ex
 
 : ${TAR_VERSION:=1.35}
 
+source "${BASH_SOURCE%/*}/_helpers.sh"
+
 TAR_KEYS=(
     7E3792A9D8ACF7D633BC1588ED97E90E62AA7E34
     325F650C4C2B6AD58807327A3602B07F55D0C732
 )
+fetch_keys "${TAR_KEYS[@]}"
 
 mkdir -p /usr/src/tar
 cd /usr/src
 
 curl -fsSLo tar.tar.xz "https://ftp.gnu.org/gnu/tar/tar-${TAR_VERSION}.tar.xz"
 curl -fsSLo tar.tar.xz.sign "https://ftp.gnu.org/gnu/tar/tar-${TAR_VERSION}.tar.xz.sig"
 
-for key in "${TAR_KEYS[@]}"; do
-    gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" \
-    || gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key"
-done
-
 gpg --batch --verify tar.tar.xz.sign tar.tar.xz
 rm -f tar.tar.xz.sign
 

diff --git a/integration/linux/build/_bootstrap/yarn.sh b/integration/linux/build/_bootstrap/yarn.sh
@@ -4,21 +4,19 @@ set -ex
 
 : ${YARN_VERSION:=1.22.19}
 
+source "${BASH_SOURCE%/*}/_helpers.sh"
+
 YARN_KEYS=(
     6A010C5166006599AA17F08146C2130DFD2497F5
 )
+fetch_keys "${YARN_KEYS[@]}"
 
 mkdir -p /usr/src/yarn
 cd /usr/src
 
 curl -fsSLO --compressed "https://yarnpkg.com/downloads/${YARN_VERSION}/yarn-v${YARN_VERSION}.tar.gz"
 curl -fsSLO --compressed "https://yarnpkg.com/downloads/${YARN_VERSION}/yarn-v${YARN_VERSION}.tar.gz.asc"
 
-for key in "${YARN_KEYS[@]}"; do
-    gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" \
-    || gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key"
-done
-
 gpg --batch --verify "yarn-v${YARN_VERSION}.tar.gz.asc" "yarn-v${YARN_VERSION}.tar.gz"
 rm "yarn-v${YARN_VERSION}.tar.gz.asc"