From c1378163fb9b59336ee3db830700500b87d3ee45 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Wed, 20 Mar 2024 17:20:47 +0100 Subject: [PATCH 1/9] Version 20240313 ... (rhbz#2269408) This also reshuffles the patch situation a bit, notably: - the patch for sq-keyring-linter is no longer necessary, since we have sequoia-sq >= 0.31.0 in all active Fedora releases - a new patch was added that reverts [0], since ATTOW in Fedora we have sequoia-sq 0.33.0 which is from before the keyring module was moved into the toolbox one; once Fedora gets sequoia-sq >= 0.34.0 this patch can be dropped [0] https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/commit/10252b287d7d3bc338d0aa3e5d2e6c0fc6d1653d --- .gitignore | 1 + ...yringctl-Adapt-to-CLI-churn-in-sequo.patch | 61 ++++++++++++ ...x-keyring-revert_to_sq-keyring-linter.diff | 93 ------------------- archlinux-keyring.spec | 5 +- sources | 2 +- 5 files changed, 66 insertions(+), 96 deletions(-) create mode 100644 0001-Revert-fix-libkeyringctl-Adapt-to-CLI-churn-in-sequo.patch delete mode 100644 archlinux-keyring-revert_to_sq-keyring-linter.diff diff --git a/.gitignore b/.gitignore index d909b1e..877b407 100644 --- a/.gitignore +++ b/.gitignore @@ -52,3 +52,4 @@ /archlinux-keyring-20231207.tar.gz /archlinux-keyring-20231222.tar.gz /archlinux-keyring-20240208.tar.gz +/archlinux-keyring-20240313.tar.gz diff --git a/0001-Revert-fix-libkeyringctl-Adapt-to-CLI-churn-in-sequo.patch b/0001-Revert-fix-libkeyringctl-Adapt-to-CLI-churn-in-sequo.patch new file mode 100644 index 0000000..09efe94 --- /dev/null +++ b/0001-Revert-fix-libkeyringctl-Adapt-to-CLI-churn-in-sequo.patch @@ -0,0 +1,61 @@ +From 4b984f2583b05496585d8ed8cfab9f2dcb6827b8 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Wed, 20 Mar 2024 17:14:46 +0100 +Subject: [PATCH] Revert "fix(libkeyringctl): Adapt to CLI churn in sequoia-sq + 0.34.0" + +Drop this once we have sequoia-sq 0.34.0 in Fedora. + +This reverts commit 10252b287d7d3bc338d0aa3e5d2e6c0fc6d1653d. +--- + libkeyringctl/sequoia.py | 6 +++--- + libkeyringctl/verify.py | 2 +- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/libkeyringctl/sequoia.py b/libkeyringctl/sequoia.py +index 34206a5..1e73149 100644 +--- a/libkeyringctl/sequoia.py ++++ b/libkeyringctl/sequoia.py +@@ -49,7 +49,7 @@ def keyring_split(working_dir: Path, keyring: Path, preserve_filename: bool = Fa + keyring_dir = Path(mkdtemp(dir=working_dir, prefix="keyring-")).absolute() + + with cwd(keyring_dir): +- system(["sq", "toolbox", "keyring", "split", str(keyring)]) ++ system(["sq", "keyring", "split", str(keyring)]) + + keyrings: List[Path] = list(natural_sort_path(keyring_dir.iterdir())) + +@@ -75,7 +75,7 @@ def keyring_merge(certificates: List[Path], output: Optional[Path] = None, force + The result if no output file has been used + """ + +- cmd = ["sq", "toolbox", "keyring", "merge"] ++ cmd = ["sq", "keyring", "merge"] + if force: + cmd.insert(1, "--force") + if output: +@@ -103,7 +103,7 @@ def packet_split(working_dir: Path, certificate: Path) -> Iterable[Path]: + packet_dir = Path(mkdtemp(dir=working_dir, prefix="packet-")).absolute() + + with cwd(packet_dir): +- system(["sq", "toolbox", "packet", "split", "--prefix", "''", str(certificate)]) ++ system(["sq", "toolbox", "packet", "split", str(certificate)]) + return natural_sort_path(packet_dir.iterdir()) + + +diff --git a/libkeyringctl/verify.py b/libkeyringctl/verify.py +index 29c64d8..a0c582b 100644 +--- a/libkeyringctl/verify.py ++++ b/libkeyringctl/verify.py +@@ -71,7 +71,7 @@ def verify( # noqa: ignore=C901 + keyring_fd = Popen(("sq", "dearmor", f"{str(keyring_path)}"), stdout=PIPE) + print(system(["hokey", "lint"], _stdin=keyring_fd.stdout), end="") + if lint_sq_keyring: +- print(system(["sq", "toolbox", "keyring", "lint", f"{str(keyring_path)}"]), end="") ++ print(system(["sq", "keyring", "lint", f"{str(keyring_path)}"]), end="") + + + def verify_integrity(certificate: Path, all_fingerprints: Set[Fingerprint]) -> None: # noqa: ignore=C901 +-- +2.44.0 + diff --git a/archlinux-keyring-revert_to_sq-keyring-linter.diff b/archlinux-keyring-revert_to_sq-keyring-linter.diff deleted file mode 100644 index ddad6f8..0000000 --- a/archlinux-keyring-revert_to_sq-keyring-linter.diff +++ /dev/null @@ -1,93 +0,0 @@ -From a8e44708937708290e62ad66898119902fd6425f Mon Sep 17 00:00:00 2001 -From: Michel Lind -Date: Thu, 7 Sep 2023 11:11:00 -0500 -Subject: [PATCH] Revert "feat: Replace sq-keyring-linter with sq >= 0.31.0" - -For use in distribution packages where sq has not been updated - -This reverts commit 3365f8607cadf4c5e87b8e5d582cdbb021c0d267. ---- - README.md | 3 ++- - libkeyringctl/ci.py | 2 +- - libkeyringctl/cli.py | 2 +- - libkeyringctl/verify.py | 6 +++--- - 4 files changed, 7 insertions(+), 6 deletions(-) - -diff --git a/README.md b/README.md -index 102e9c3..f409fc5 100644 ---- a/README.md -+++ b/README.md -@@ -24,11 +24,12 @@ Build: - Runtime: - - * python --* sequoia-sq >= 0.31.0 -+* sequoia-sq - - Optional: - - * hopenpgp-tools (verify) -+* sq-keyring-linter (verify) - * git (ci) - - ## Usage -diff --git a/libkeyringctl/ci.py b/libkeyringctl/ci.py -index 7200709..31b0210 100644 ---- a/libkeyringctl/ci.py -+++ b/libkeyringctl/ci.py -@@ -10,7 +10,7 @@ from .verify import verify - - - def ci(working_dir: Path, keyring_root: Path, project_root: Path) -> None: -- """Verify certificates against modern expectations using `sq keyring lint` and hokey -+ """Verify certificates against modern expectations using sq-keyring-linter and hokey - - Currently only newly added certificates will be checked against the expectations as existing - keys are not all fully compatible with those assumptions. -diff --git a/libkeyringctl/cli.py b/libkeyringctl/cli.py -index 020f64b..3334c17 100644 ---- a/libkeyringctl/cli.py -+++ b/libkeyringctl/cli.py -@@ -118,7 +118,7 @@ verify_parser.add_argument( - ) - verify_parser.add_argument("--no-lint-hokey", dest="lint_hokey", action="store_false", help="Do not run hokey lint") - verify_parser.add_argument( -- "--no-lint-sq-keyring", dest="lint_sq_keyring", action="store_false", help="Do not run sq keyring lint" -+ "--no-lint-sq-keyring", dest="lint_sq_keyring", action="store_false", help="Do not run sq-keyring-linter" - ) - verify_parser.set_defaults(lint_hokey=True, lint_sq_keyring=True) - -diff --git a/libkeyringctl/verify.py b/libkeyringctl/verify.py -index a0c582b..5b7fc7d 100644 ---- a/libkeyringctl/verify.py -+++ b/libkeyringctl/verify.py -@@ -29,7 +29,7 @@ def verify( # noqa: ignore=C901 - lint_hokey: bool = True, - lint_sq_keyring: bool = True, - ) -> None: -- """Verify certificates against modern expectations using `sq keyring lint` and hokey -+ """Verify certificates against modern expectations using sq-keyring-linter and hokey - - Parameters - ---------- -@@ -38,7 +38,7 @@ def verify( # noqa: ignore=C901 - sources: A list of username, fingerprint or directories from which to read PGP packet information - (defaults to `keyring_root`) - lint_hokey: Whether to run hokey lint -- lint_sq_keyring: Whether to run sq keyring lint -+ lint_sq_keyring: Whether to run sq-keyring-linter - """ - - if not sources: -@@ -71,7 +71,7 @@ def verify( # noqa: ignore=C901 - keyring_fd = Popen(("sq", "dearmor", f"{str(keyring_path)}"), stdout=PIPE) - print(system(["hokey", "lint"], _stdin=keyring_fd.stdout), end="") - if lint_sq_keyring: -- print(system(["sq", "keyring", "lint", f"{str(keyring_path)}"]), end="") -+ print(system(["sq-keyring-linter", f"{str(keyring_path)}"]), end="") - - - def verify_integrity(certificate: Path, all_fingerprints: Set[Fingerprint]) -> None: # noqa: ignore=C901 --- -2.41.0 - diff --git a/archlinux-keyring.spec b/archlinux-keyring.spec index fc6d3d4..6c4b5fe 100644 --- a/archlinux-keyring.spec +++ b/archlinux-keyring.spec @@ -1,9 +1,10 @@ Name: archlinux-keyring -Version: 20240208 +Version: 20240313 Release: %autorelease Url: https://archlinux.org/packages/core/any/archlinux-keyring/ Source0: https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/archive/%{version}/archlinux-keyring-%{version}.tar.gz -Patch: archlinux-keyring-revert_to_sq-keyring-linter.diff +# Revert this patch once we have sequoia-sq 0.34.0 in Fedora +Patch: 0001-Revert-fix-libkeyringctl-Adapt-to-CLI-churn-in-sequo.patch # see https://wiki.archlinux.org/index.php/Pacman-key for introduction License: LicenseRef-Fedora-Public-Domain Summary: GPG keys used by Arch Linux distribution to sign packages diff --git a/sources b/sources index bbae4c7..dc49c52 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (archlinux-keyring-20240208.tar.gz) = 47ab241044701821d00dfa83b15ebbe60c5d4aa004aebec2235fca42e4d65566533ee14b43db443ba03cc50a2078667c6126d8f740e55b8c910b334d52eff660 +SHA512 (archlinux-keyring-20240313.tar.gz) = 8caedebccd31a62264cb7c5e8d4c7f3e326f018b6e9148ab31e19e58a60b64c0ee2a641090c77a40bcfba93ef4ce13132b721241a0404816b40e28da4fd36f9b From 6594ae2daa60e80d7c42f79c0cc830715ead54ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 27 Apr 2024 21:17:21 +0200 Subject: [PATCH 2/9] Drop now-needed patch for sequoia-sq [skip changelog] (cherry picked from commit a88ca31402acd6c44943796b6154136f08521b90) --- ...yringctl-Adapt-to-CLI-churn-in-sequo.patch | 61 ------------------- archlinux-keyring.spec | 2 - 2 files changed, 63 deletions(-) delete mode 100644 0001-Revert-fix-libkeyringctl-Adapt-to-CLI-churn-in-sequo.patch diff --git a/0001-Revert-fix-libkeyringctl-Adapt-to-CLI-churn-in-sequo.patch b/0001-Revert-fix-libkeyringctl-Adapt-to-CLI-churn-in-sequo.patch deleted file mode 100644 index 09efe94..0000000 --- a/0001-Revert-fix-libkeyringctl-Adapt-to-CLI-churn-in-sequo.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 4b984f2583b05496585d8ed8cfab9f2dcb6827b8 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Wed, 20 Mar 2024 17:14:46 +0100 -Subject: [PATCH] Revert "fix(libkeyringctl): Adapt to CLI churn in sequoia-sq - 0.34.0" - -Drop this once we have sequoia-sq 0.34.0 in Fedora. - -This reverts commit 10252b287d7d3bc338d0aa3e5d2e6c0fc6d1653d. ---- - libkeyringctl/sequoia.py | 6 +++--- - libkeyringctl/verify.py | 2 +- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/libkeyringctl/sequoia.py b/libkeyringctl/sequoia.py -index 34206a5..1e73149 100644 ---- a/libkeyringctl/sequoia.py -+++ b/libkeyringctl/sequoia.py -@@ -49,7 +49,7 @@ def keyring_split(working_dir: Path, keyring: Path, preserve_filename: bool = Fa - keyring_dir = Path(mkdtemp(dir=working_dir, prefix="keyring-")).absolute() - - with cwd(keyring_dir): -- system(["sq", "toolbox", "keyring", "split", str(keyring)]) -+ system(["sq", "keyring", "split", str(keyring)]) - - keyrings: List[Path] = list(natural_sort_path(keyring_dir.iterdir())) - -@@ -75,7 +75,7 @@ def keyring_merge(certificates: List[Path], output: Optional[Path] = None, force - The result if no output file has been used - """ - -- cmd = ["sq", "toolbox", "keyring", "merge"] -+ cmd = ["sq", "keyring", "merge"] - if force: - cmd.insert(1, "--force") - if output: -@@ -103,7 +103,7 @@ def packet_split(working_dir: Path, certificate: Path) -> Iterable[Path]: - packet_dir = Path(mkdtemp(dir=working_dir, prefix="packet-")).absolute() - - with cwd(packet_dir): -- system(["sq", "toolbox", "packet", "split", "--prefix", "''", str(certificate)]) -+ system(["sq", "toolbox", "packet", "split", str(certificate)]) - return natural_sort_path(packet_dir.iterdir()) - - -diff --git a/libkeyringctl/verify.py b/libkeyringctl/verify.py -index 29c64d8..a0c582b 100644 ---- a/libkeyringctl/verify.py -+++ b/libkeyringctl/verify.py -@@ -71,7 +71,7 @@ def verify( # noqa: ignore=C901 - keyring_fd = Popen(("sq", "dearmor", f"{str(keyring_path)}"), stdout=PIPE) - print(system(["hokey", "lint"], _stdin=keyring_fd.stdout), end="") - if lint_sq_keyring: -- print(system(["sq", "toolbox", "keyring", "lint", f"{str(keyring_path)}"]), end="") -+ print(system(["sq", "keyring", "lint", f"{str(keyring_path)}"]), end="") - - - def verify_integrity(certificate: Path, all_fingerprints: Set[Fingerprint]) -> None: # noqa: ignore=C901 --- -2.44.0 - diff --git a/archlinux-keyring.spec b/archlinux-keyring.spec index 6c4b5fe..e444389 100644 --- a/archlinux-keyring.spec +++ b/archlinux-keyring.spec @@ -3,8 +3,6 @@ Version: 20240313 Release: %autorelease Url: https://archlinux.org/packages/core/any/archlinux-keyring/ Source0: https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/archive/%{version}/archlinux-keyring-%{version}.tar.gz -# Revert this patch once we have sequoia-sq 0.34.0 in Fedora -Patch: 0001-Revert-fix-libkeyringctl-Adapt-to-CLI-churn-in-sequo.patch # see https://wiki.archlinux.org/index.php/Pacman-key for introduction License: LicenseRef-Fedora-Public-Domain Summary: GPG keys used by Arch Linux distribution to sign packages From e31a41046d56403609d63976a9961f013c829782 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 27 Apr 2024 21:19:27 +0200 Subject: [PATCH 3/9] Version 20240427 ... (rhbz#2277519) (cherry picked from commit 3b4e0b0d8239403a368a5b771a1f3d22b8fbc8c2) --- .gitignore | 1 + archlinux-keyring.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 877b407..0c38a7c 100644 --- a/.gitignore +++ b/.gitignore @@ -53,3 +53,4 @@ /archlinux-keyring-20231222.tar.gz /archlinux-keyring-20240208.tar.gz /archlinux-keyring-20240313.tar.gz +/archlinux-keyring-20240427.tar.gz diff --git a/archlinux-keyring.spec b/archlinux-keyring.spec index e444389..b2367d4 100644 --- a/archlinux-keyring.spec +++ b/archlinux-keyring.spec @@ -1,5 +1,5 @@ Name: archlinux-keyring -Version: 20240313 +Version: 20240427 Release: %autorelease Url: https://archlinux.org/packages/core/any/archlinux-keyring/ Source0: https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/archive/%{version}/archlinux-keyring-%{version}.tar.gz diff --git a/sources b/sources index dc49c52..cb0a47e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (archlinux-keyring-20240313.tar.gz) = 8caedebccd31a62264cb7c5e8d4c7f3e326f018b6e9148ab31e19e58a60b64c0ee2a641090c77a40bcfba93ef4ce13132b721241a0404816b40e28da4fd36f9b +SHA512 (archlinux-keyring-20240427.tar.gz) = 05f61d6f6a4c2e2cc38fa030e37dd0b8e158171732901b08c51b7736f7797402065f778ddd5844dcc5e4595575c8a42b5801492c917825721d52b5f6ddfcc5cc From 80338578bb93f924285f36a47bffa1c292d11dc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 2 Jun 2024 13:56:09 +0200 Subject: [PATCH 4/9] Version 20240520 ... (rhbz#2277698) --- .gitignore | 1 + archlinux-keyring.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 0c38a7c..ca0991e 100644 --- a/.gitignore +++ b/.gitignore @@ -54,3 +54,4 @@ /archlinux-keyring-20240208.tar.gz /archlinux-keyring-20240313.tar.gz /archlinux-keyring-20240427.tar.gz +/archlinux-keyring-20240520.tar.gz diff --git a/archlinux-keyring.spec b/archlinux-keyring.spec index b2367d4..6cc7d8c 100644 --- a/archlinux-keyring.spec +++ b/archlinux-keyring.spec @@ -1,5 +1,5 @@ Name: archlinux-keyring -Version: 20240427 +Version: 20240520 Release: %autorelease Url: https://archlinux.org/packages/core/any/archlinux-keyring/ Source0: https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/archive/%{version}/archlinux-keyring-%{version}.tar.gz diff --git a/sources b/sources index cb0a47e..6351f7b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (archlinux-keyring-20240427.tar.gz) = 05f61d6f6a4c2e2cc38fa030e37dd0b8e158171732901b08c51b7736f7797402065f778ddd5844dcc5e4595575c8a42b5801492c917825721d52b5f6ddfcc5cc +SHA512 (archlinux-keyring-20240520.tar.gz) = d4336eda7e3c09e62fb451fb70d4562658e5b16b5aed27a4c929c59490a9cdffc05cbc8709dbba6be7f2bfb7642a343ea33004c4ccf6d48c99e82c48c90fbec7 From c6b1726f350e82d7009dd4d631aa65df3384ca34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 10 Jun 2024 12:43:06 +0200 Subject: [PATCH 5/9] Version 20240609 ... (rhbz#2291115) --- .gitignore | 1 + archlinux-keyring.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index ca0991e..485ad6e 100644 --- a/.gitignore +++ b/.gitignore @@ -55,3 +55,4 @@ /archlinux-keyring-20240313.tar.gz /archlinux-keyring-20240427.tar.gz /archlinux-keyring-20240520.tar.gz +/archlinux-keyring-20240609.tar.gz diff --git a/archlinux-keyring.spec b/archlinux-keyring.spec index 6cc7d8c..a1441d3 100644 --- a/archlinux-keyring.spec +++ b/archlinux-keyring.spec @@ -1,5 +1,5 @@ Name: archlinux-keyring -Version: 20240520 +Version: 20240609 Release: %autorelease Url: https://archlinux.org/packages/core/any/archlinux-keyring/ Source0: https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/archive/%{version}/archlinux-keyring-%{version}.tar.gz diff --git a/sources b/sources index 6351f7b..9ad8081 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (archlinux-keyring-20240520.tar.gz) = d4336eda7e3c09e62fb451fb70d4562658e5b16b5aed27a4c929c59490a9cdffc05cbc8709dbba6be7f2bfb7642a343ea33004c4ccf6d48c99e82c48c90fbec7 +SHA512 (archlinux-keyring-20240609.tar.gz) = 38848faad881f3714ad01387e8e486e98027168b927c746e1c50a1881d685a997c3e1953c900d2e0ae9e0cb05e7a5973939775d65e75c5c547b4fd7bc562eff7 From 318bf016568cfa2fdab2e222cf795d6c03e4b724 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Fri, 12 Jul 2024 16:40:24 +0200 Subject: [PATCH 6/9] Version 20240709 ... (rhbz#2296950) --- .gitignore | 1 + archlinux-keyring.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 485ad6e..55b9ab3 100644 --- a/.gitignore +++ b/.gitignore @@ -56,3 +56,4 @@ /archlinux-keyring-20240427.tar.gz /archlinux-keyring-20240520.tar.gz /archlinux-keyring-20240609.tar.gz +/archlinux-keyring-20240709.tar.gz diff --git a/archlinux-keyring.spec b/archlinux-keyring.spec index a1441d3..ec95c4e 100644 --- a/archlinux-keyring.spec +++ b/archlinux-keyring.spec @@ -1,5 +1,5 @@ Name: archlinux-keyring -Version: 20240609 +Version: 20240709 Release: %autorelease Url: https://archlinux.org/packages/core/any/archlinux-keyring/ Source0: https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/archive/%{version}/archlinux-keyring-%{version}.tar.gz diff --git a/sources b/sources index 9ad8081..c168935 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (archlinux-keyring-20240609.tar.gz) = 38848faad881f3714ad01387e8e486e98027168b927c746e1c50a1881d685a997c3e1953c900d2e0ae9e0cb05e7a5973939775d65e75c5c547b4fd7bc562eff7 +SHA512 (archlinux-keyring-20240709.tar.gz) = 42c66cc3df37c621258e420eedea3c89b9ea52b8666864a7b16a295d949a4a46e47a4f35c3edc1aa1028fe3295d9737404e4d93f26f989f8430024cee4ec8edf From 8b6ee5f7eb8e265cb1a12433125ea8194c2b20a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 24 Oct 2024 09:40:57 +0200 Subject: [PATCH 7/9] Version 20241015 ... (rhbz#2319024) (cherry picked from commit 0ca7c778e9d9427fca28ac31fdaccf9182bd23a2) --- .gitignore | 1 + archlinux-keyring.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 55b9ab3..e27666f 100644 --- a/.gitignore +++ b/.gitignore @@ -57,3 +57,4 @@ /archlinux-keyring-20240520.tar.gz /archlinux-keyring-20240609.tar.gz /archlinux-keyring-20240709.tar.gz +/archlinux-keyring-20241015.tar.gz diff --git a/archlinux-keyring.spec b/archlinux-keyring.spec index ec95c4e..ffdb1de 100644 --- a/archlinux-keyring.spec +++ b/archlinux-keyring.spec @@ -1,5 +1,5 @@ Name: archlinux-keyring -Version: 20240709 +Version: 20241015 Release: %autorelease Url: https://archlinux.org/packages/core/any/archlinux-keyring/ Source0: https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/archive/%{version}/archlinux-keyring-%{version}.tar.gz diff --git a/sources b/sources index c168935..cb11c9d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (archlinux-keyring-20240709.tar.gz) = 42c66cc3df37c621258e420eedea3c89b9ea52b8666864a7b16a295d949a4a46e47a4f35c3edc1aa1028fe3295d9737404e4d93f26f989f8430024cee4ec8edf +SHA512 (archlinux-keyring-20241015.tar.gz) = 9f042416951cee25cec65759fa2a9ea095cc5b8e650fc7dc070f0c319b50c8f082e45ef1cae6acb1350a0bd48112ee08283fc58c793c6e9c362b91bea42499e0 From a458ca041cb71c4dba421cefd49a1667490d9223 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 3 Dec 2024 10:56:17 +0100 Subject: [PATCH 8/9] Version 20241203 ... (rhbz#2330133) (cherry picked from commit 44fc02e66d8ab85db0966729c5806cf37ece6897) The patch for sq-0.39 is reverted. The update has already been built, but is not stable yet. This reverted will need to be dropped later. --- archlinux-keyring.spec | 9 ++++++--- sources | 1 - 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/archlinux-keyring.spec b/archlinux-keyring.spec index ffdb1de..e3b6303 100644 --- a/archlinux-keyring.spec +++ b/archlinux-keyring.spec @@ -1,8 +1,10 @@ Name: archlinux-keyring -Version: 20241015 +Version: 20241203 Release: %autorelease Url: https://archlinux.org/packages/core/any/archlinux-keyring/ -Source0: https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/archive/%{version}/archlinux-keyring-%{version}.tar.gz +Source: https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/archive/%{version}/archlinux-keyring-%{version}.tar.gz +Patch: https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/commit/1b5d2bddcd847c0dc05ac4899867f2c76a8838b8.patch + # see https://wiki.archlinux.org/index.php/Pacman-key for introduction License: LicenseRef-Fedora-Public-Domain Summary: GPG keys used by Arch Linux distribution to sign packages @@ -28,7 +30,8 @@ developers into an RPM package to allow for safe and convenient installation on Fedora systems. %prep -%autosetup -p1 +%setup -q +%patch -P0 -R -p1 %build diff --git a/sources b/sources index cb11c9d..e69de29 100644 --- a/sources +++ b/sources @@ -1 +0,0 @@ -SHA512 (archlinux-keyring-20241015.tar.gz) = 9f042416951cee25cec65759fa2a9ea095cc5b8e650fc7dc070f0c319b50c8f082e45ef1cae6acb1350a0bd48112ee08283fc58c793c6e9c362b91bea42499e0 From 506f7be08d6cd372b8f183e11fc6a5171181d1c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 3 Dec 2024 11:41:02 +0100 Subject: [PATCH 9/9] Upload sources [skip changelog] (cherry picked from commit 78333f4d7081f00473236234e92d0ddfaef18727) --- .gitignore | 1 + ...2bddcd847c0dc05ac4899867f2c76a8838b8.patch | 151 ++++++++++++++++++ sources | 1 + 3 files changed, 153 insertions(+) create mode 100644 1b5d2bddcd847c0dc05ac4899867f2c76a8838b8.patch diff --git a/.gitignore b/.gitignore index e27666f..c0067f4 100644 --- a/.gitignore +++ b/.gitignore @@ -58,3 +58,4 @@ /archlinux-keyring-20240609.tar.gz /archlinux-keyring-20240709.tar.gz /archlinux-keyring-20241015.tar.gz +/archlinux-keyring-20241203.tar.gz diff --git a/1b5d2bddcd847c0dc05ac4899867f2c76a8838b8.patch b/1b5d2bddcd847c0dc05ac4899867f2c76a8838b8.patch new file mode 100644 index 0000000..4167eb4 --- /dev/null +++ b/1b5d2bddcd847c0dc05ac4899867f2c76a8838b8.patch @@ -0,0 +1,151 @@ +From 1b5d2bddcd847c0dc05ac4899867f2c76a8838b8 Mon Sep 17 00:00:00 2001 +From: David Runge +Date: Fri, 1 Nov 2024 12:28:54 +0100 +Subject: [PATCH] fix: Adapt use of sq to sequoia-sq 0.39.0 + +Add various fixes, as +- the output format of `sq toolbox packet split` changed (again) +- the CLI of `sq toolbox packet split` changed (again) +- the useless warning message on stderr now covers two lines and + interferes with parsing of `sq toolbox packet dump` output +- the global option `--force` was renamed to `--overwrite` +- the `sq key generate` subcommand introduced a mandatory `--rev-cert` + option +- the `pki certify` subcommand was moved to `pki vouch certify` and + introduced mandatory options for our use-case (`--certifier-file`, + `--cert-file`, `--userid`) + +Signed-off-by: David Runge +--- + libkeyringctl/keyring.py | 12 ++++++------ + libkeyringctl/sequoia.py | 14 +++++++------- + libkeyringctl/util.py | 3 ++- + tests/test_sequoia.py | 4 ++-- + 4 files changed, 17 insertions(+), 16 deletions(-) + +diff --git a/libkeyringctl/keyring.py b/libkeyringctl/keyring.py +index e4342c17..9937783a 100644 +--- a/libkeyringctl/keyring.py ++++ b/libkeyringctl/keyring.py +@@ -56,12 +56,12 @@ PACKET_FILENAME_DATETIME_FORMAT: str = "%Y-%m-%d_%H-%M-%S" + class PacketType(Enum): + """All understood OpenPGP packet types and the file endings as output by `sq packet split`""" + +- PUBLIC_KEY = "Public-Key Packet" +- USER_ID = "User ID Packet" +- USER_ATTRIBUTE = "User Attribute Packet" +- PUBLIC_SUBKEY = "Public-Subkey Packet" +- SECRET_KEY = "Secret-Key Packet" +- SIGNATURE = "Signature Packet" ++ PUBLIC_KEY = "Public-Key-Packet" ++ USER_ID = "User-ID-Packet" ++ USER_ATTRIBUTE = "User-Attribute-Packet" ++ PUBLIC_SUBKEY = "Public-Subkey-Packet" ++ SECRET_KEY = "Secret-Key-Packet" ++ SIGNATURE = "Signature-Packet" + + + def is_pgp_fingerprint(string: str) -> bool: +diff --git a/libkeyringctl/sequoia.py b/libkeyringctl/sequoia.py +index 4de264b6..1a432a45 100644 +--- a/libkeyringctl/sequoia.py ++++ b/libkeyringctl/sequoia.py +@@ -49,7 +49,7 @@ def keyring_split(working_dir: Path, keyring: Path, preserve_filename: bool = Fa + keyring_dir = Path(mkdtemp(dir=working_dir, prefix="keyring-")).absolute() + + with cwd(keyring_dir): +- system(["sq", "toolbox", "keyring", "split", str(keyring)]) ++ system(["sq", "toolbox", "keyring", "split", "--prefix", "''", str(keyring)]) + + keyrings: List[Path] = list(natural_sort_path(keyring_dir.iterdir())) + +@@ -77,7 +77,7 @@ def keyring_merge(certificates: List[Path], output: Optional[Path] = None, force + + cmd = ["sq", "toolbox", "keyring", "merge"] + if force: +- cmd.insert(1, "--force") ++ cmd.insert(1, "--overwrite") + if output: + cmd += ["--output", str(output)] + cmd += [str(cert) for cert in sorted(certificates)] +@@ -123,7 +123,7 @@ def packet_join(packets: List[Path], output: Optional[Path] = None, force: bool + + cmd = ["sq", "toolbox", "packet", "join"] + if force: +- cmd.insert(1, "--force") ++ cmd.insert(1, "--overwrite") + packets_str = list(map(lambda path: str(path), packets)) + cmd.extend(packets_str) + cmd.extend(["--output", str(output)]) +@@ -174,7 +174,7 @@ def packet_dump(packet: Path) -> str: + The contents of the packet dump + """ + +- return system(["sq", "toolbox", "packet", "dump", str(packet)]) ++ return system(["sq", "toolbox", "packet", "dump", str(packet)], ignore_stderr=True) + + + def packet_dump_field(packet: Path, query: str) -> str: +@@ -319,7 +319,7 @@ def key_generate(uids: List[Uid], outfile: Path) -> str: + cmd = ["sq", "key", "generate", "--without-password"] + for uid in uids: + cmd.extend(["--userid", str(uid)]) +- cmd.extend(["--output", str(outfile)]) ++ cmd.extend(["--output", str(outfile), "--rev-cert", f"{str(outfile)}.rev"]) + return system(cmd) + + +@@ -357,8 +357,8 @@ def certify(key: Path, certificate: Path, uid: Uid, output: Optional[Path]) -> s + The result of the certification in case output is None + """ + +- cmd = ["sq", "pki", "certify"] ++ cmd = ["sq", "pki", "vouch", "certify"] + if output: + cmd.extend(["--output", str(output)]) +- cmd.extend(["--certifier-file", str(key), str(certificate), uid]) ++ cmd.extend(["--certifier-file", str(key), "--cert-file", str(certificate), "--userid", uid]) + return system(cmd) +diff --git a/libkeyringctl/util.py b/libkeyringctl/util.py +index 79b95d0f..c9d7bedb 100644 +--- a/libkeyringctl/util.py ++++ b/libkeyringctl/util.py +@@ -104,6 +104,7 @@ def system( + _stdin: Optional[IO[AnyStr]] = None, + exit_on_error: bool = False, + env: Optional[Dict[str, str]] = None, ++ ignore_stderr: bool = False, + ) -> str: + """Execute a command using check_output + +@@ -126,7 +127,7 @@ def system( + env = {"HOME": environ["HOME"], "PATH": environ["PATH"], "LANG": "en_US.UTF-8"} + + try: +- return check_output(cmd, stderr=STDOUT, stdin=_stdin, env=env).decode() ++ return check_output(cmd, stderr=None if ignore_stderr else STDOUT, stdin=_stdin, env=env).decode() + except CalledProcessError as e: + stderr.buffer.write(e.stdout) + print_stack() +diff --git a/tests/test_sequoia.py b/tests/test_sequoia.py +index 1fbd5dce..b7d36d89 100644 +--- a/tests/test_sequoia.py ++++ b/tests/test_sequoia.py +@@ -107,7 +107,7 @@ def test_packet_join(system_mock: Mock, output: Optional[Path], force: bool) -> + for packet in packets: + assert str(packet) in args[0] + if force: +- assert "--force" == args[0][1] ++ assert "--overwrite" == args[0][1] + if output: + assert "--output" in args[0] and str(output) in args[0] + +@@ -365,4 +365,4 @@ def test_certify(system_mock: Mock, output: Optional[Path]) -> None: + assert sequoia.certify(key=Path("key"), certificate=Path("cert"), uid=Uid("uid"), output=output) == "return" + name, args, kwargs = system_mock.mock_calls[0] + if output: +- assert str(output) == args[0][-5] ++ assert str(output) == args[0][5] +-- +GitLab + diff --git a/sources b/sources index e69de29..a4437f5 100644 --- a/sources +++ b/sources @@ -0,0 +1 @@ +SHA512 (archlinux-keyring-20241203.tar.gz) = ef680d29f80b874f4175856e7e77ac28e19a8fa53e555f217d5eaf4ac42af3ee770a77f96eb353804b29dc7fecf1426a4a274f074387021263e76ba076126c40