- Updated autoconf from 2.71 to 2.72
- Updated automake from 1.16.5 to 1.18.1
- Updated libtool from 2.4.6 to 2.5.4
+- Implemented verification of autotools tarballs in Github actions.
fping 5.4 (2025-04-19)
======================
# We keep our own list of mirrors because https://ftpmirror.gnu.org is
# unreliable (frequent errors from selected mirror).
MIRRORS=(
- https://mirror.cs.odu.edu/gnu
https://mirrors.ocf.berkeley.edu/gnu
+ https://mirror.cs.odu.edu/gnu
https://ftp.gnu.org/gnu
)
PREFIX=$(pwd)/ci/build
PATH=$(pwd)/ci/build/bin:$PATH
+KEYRING=$(pwd)/ci/fping-deps.gpg
if [ ! -d ci ]; then
echo "you must run this in the root fping directory" >&2
# remove standard versions
sudo apt-get remove -qq autoconf automake autotools-dev libtool
+# install dependencies
+sudo apt-get install -y gpgv
+
# prepare build environment
cd ci
rm -rf build
mkdir -p build/src
cd build/src
-install_release() {
- local relpath=$1
- local file=$(basename "$relpath")
- local dir="${file%%.tar.*}"
-
- local success=0
+mirror_fetch() {
+ local relpath="$1"
for mirror in "${MIRRORS[@]}"; do
local url="$mirror/$relpath"
- if wget -t 3 -O "$file" "$url"; then
- success=1
- break
+ if wget -t 3 "$url"; then
+ return 0
fi
done
+ return 1
+}
+
+install_release() {
+ local relpath="$1"
+ local file=$(basename "$relpath")
+ local dir="${file%%.tar.*}"
- if [ $success -eq 0 ]; then
+ if ! mirror_fetch "$relpath"; then
echo "Failed to download $relpath from any mirror" >&2
exit 1
fi
+ if ! mirror_fetch "$relpath.sig"; then
+ echo "Failed to download $relpath.sig from any mirror" >&2
+ exit 1
+ fi
+
+ if ! gpgv --keyring "$KEYRING" "$file.sig" "$file"; then
+ echo "GPG verification failed for $file"
+ exit 1
+ fi
+
tar xf "$file"
(
cd "$dir"
./configure --prefix=$PREFIX
make install
)
- rm "$file"
+ rm "$file" "$file.sig"
}
# autoconf
--- /dev/null
+#!/bin/bash
+
+set -e
+
+# Configuration
+GNU_KEYRING_URL="https://ftp.gnu.org/gnu/gnu-keyring.gpg"
+TMP_KEYRING="gnu-keyring.gpg"
+OUTPUT_KEYRING="ci/fping-deps.gpg"
+
+# Maintainer emails to extract their keys from the GNU keyring.
+MAINTAINER_EMAILS=(
+ "zackw@panix.com" # Autoconf: Zack Weinberg
+ "karl@freefriends.org" # Automake: Karl Berry
+ "ileanadumi95@protonmail.com" # Libtool: Ileana Dumitrescu
+)
+
+# Step 1: Initialize an isolated environment to avoid side effects.
+export GNUPGHOME="$(mktemp -d)"
+chmod 700 "$GNUPGHOME"
+echo "Initialized isolated GNUPGHOME at $GNUPGHOME"
+cleanup() {
+ rm -rf "$GNUPGHOME"
+ rm -f "$TMP_KEYRING"
+ echo "Cleaned up."
+}
+trap cleanup EXIT
+
+# Step 2: Download the official GNU Keyring (relies on https certificate checking).
+echo "Downloading GNU Keyring from $GNU_KEYRING_URL"...
+wget -q -O "$TMP_KEYRING" "$GNU_KEYRING_URL"
+
+# Step 3: Extract the specific keys we need.
+echo "Extracting maintainer keys from GNU Keyring..."
+for EMAIL in "${MAINTAINER_EMAILS[@]}"; do
+ # Verify that the key exists in the keyring
+ if ! gpg --no-default-keyring --keyring "./$TMP_KEYRING" --list-keys "$EMAIL" > /dev/null 2>&1; then
+ echo "Error: No key found for $EMAIL in GNU Keyring!"
+ exit 1
+ fi
+ echo "Found key(s) for $EMAIL"
+done
+
+# Export specific keys to our project keyring.
+gpg --no-default-keyring --keyring "./$TMP_KEYRING" --export \
+ "${MAINTAINER_EMAILS[@]}" \
+ > "$OUTPUT_KEYRING"
+
+echo "Success! Updated $OUTPUT_KEYRING with keys from the official GNU Keyring."
projects / fping.git / commitdiff