From f1b46c3205728b5c871d6c869b68cec5e78e052d Mon Sep 17 00:00:00 2001 From: Norman Feske Date: Tue, 4 Jan 2022 16:43:06 +0100 Subject: [PATCH] Move depot keys to repos/gems/sculpt/depot This change keeps the version-controlled 'pubkey' and 'download' files separate from files generated via depot/create or downloaded via depot/download. So one can remove the entire depot/ directory without interfering with git. Furthermore, depot keys can now be hosted in supplemental repositories independent from Genode's main repository. Fixes #4364 --- repos/gems/run/depot_download.run | 4 ++-- repos/gems/run/sculpt.run | 2 +- .../gems/sculpt/depot}/alex-ab/download | 0 .../gems/sculpt/depot}/alex-ab/pubkey | 0 .../gems/sculpt/depot}/blarson/download | 0 .../gems/sculpt/depot}/blarson/pubkey | 0 .../gems/sculpt/depot}/chelmuth/download | 0 .../gems/sculpt/depot}/chelmuth/pubkey | 0 .../gems/sculpt/depot}/cnuke/download | 0 .../gems/sculpt/depot}/cnuke/pubkey | 0 .../gems/sculpt/depot}/cproc/download | 0 .../gems/sculpt/depot}/cproc/pubkey | 0 .../gems/sculpt/depot}/genodelabs/download | 0 .../gems/sculpt/depot}/genodelabs/pubkey | 0 .../gems/sculpt/depot}/jschlatow/download | 0 .../gems/sculpt/depot}/jschlatow/pubkey | 0 .../gems/sculpt/depot}/mstein/download | 0 .../gems/sculpt/depot}/mstein/pubkey | 0 .../gems/sculpt/depot}/nfeske/download | 0 .../gems/sculpt/depot}/nfeske/pubkey | 0 .../gems/sculpt/depot}/rite/download | 0 .../gems/sculpt/depot}/rite/pubkey | 0 .../gems/sculpt/depot}/skalk/download | 0 .../gems/sculpt/depot}/skalk/pubkey | 0 .../gems/sculpt/depot}/ssumpf/download | 0 .../gems/sculpt/depot}/ssumpf/pubkey | 0 .../gems/sculpt/depot}/trimpim/download | 0 .../gems/sculpt/depot}/trimpim/pubkey | 0 repos/ports/run/vbox5_genode_usb_hid_raw.run | 2 +- repos/ports/run/verify.run | 2 +- tool/depot/mk/downloader | 13 +++++++--- tool/depot/mk/front_end.inc | 3 +++ tool/depot/mk/gpg.inc | 9 ++++--- tool/depot/publish | 2 +- tool/run/run | 24 ++++++++++++++++--- 35 files changed, 46 insertions(+), 15 deletions(-) rename {depot => repos/gems/sculpt/depot}/alex-ab/download (100%) rename {depot => repos/gems/sculpt/depot}/alex-ab/pubkey (100%) rename {depot => repos/gems/sculpt/depot}/blarson/download (100%) rename {depot => repos/gems/sculpt/depot}/blarson/pubkey (100%) rename {depot => repos/gems/sculpt/depot}/chelmuth/download (100%) rename {depot => repos/gems/sculpt/depot}/chelmuth/pubkey (100%) rename {depot => repos/gems/sculpt/depot}/cnuke/download (100%) rename {depot => repos/gems/sculpt/depot}/cnuke/pubkey (100%) rename {depot => repos/gems/sculpt/depot}/cproc/download (100%) rename {depot => repos/gems/sculpt/depot}/cproc/pubkey (100%) rename {depot => repos/gems/sculpt/depot}/genodelabs/download (100%) rename {depot => repos/gems/sculpt/depot}/genodelabs/pubkey (100%) rename {depot => repos/gems/sculpt/depot}/jschlatow/download (100%) rename {depot => repos/gems/sculpt/depot}/jschlatow/pubkey (100%) rename {depot => repos/gems/sculpt/depot}/mstein/download (100%) rename {depot => repos/gems/sculpt/depot}/mstein/pubkey (100%) rename {depot => repos/gems/sculpt/depot}/nfeske/download (100%) rename {depot => repos/gems/sculpt/depot}/nfeske/pubkey (100%) rename {depot => repos/gems/sculpt/depot}/rite/download (100%) rename {depot => repos/gems/sculpt/depot}/rite/pubkey (100%) rename {depot => repos/gems/sculpt/depot}/skalk/download (100%) rename {depot => repos/gems/sculpt/depot}/skalk/pubkey (100%) rename {depot => repos/gems/sculpt/depot}/ssumpf/download (100%) rename {depot => repos/gems/sculpt/depot}/ssumpf/pubkey (100%) rename {depot => repos/gems/sculpt/depot}/trimpim/download (100%) rename {depot => repos/gems/sculpt/depot}/trimpim/pubkey (100%) diff --git a/repos/gems/run/depot_download.run b/repos/gems/run/depot_download.run index 2a7a52ae51..00466a20c7 100644 --- a/repos/gems/run/depot_download.run +++ b/repos/gems/run/depot_download.run @@ -50,10 +50,10 @@ set config { } proc depot_user_download { user } { - return [exec cat [genode_dir]/depot/$user/download] } + return [exec cat [select_from_repositories sculpt/depot/$user/download]] } proc depot_user_pubkey { user } { - return [exec cat [genode_dir]/depot/$user/pubkey] } + return [exec cat [select_from_repositories sculpt/depot/$user/pubkey]] } append config { diff --git a/repos/gems/run/sculpt.run b/repos/gems/run/sculpt.run index a352e4741b..0f9d4efd8e 100644 --- a/repos/gems/run/sculpt.run +++ b/repos/gems/run/sculpt.run @@ -687,7 +687,7 @@ foreach user $depot_selection { lappend depot_users_files [file join depot $user pubkey] \ [file join depot $user download] } -exec sh -c "tar cf [run_dir]/genode/depot_users.tar -C [genode_dir] \ +exec sh -c "tar cf [run_dir]/genode/depot_users.tar -C [genode_dir]/repos/gems/sculpt \ [join $depot_users_files]" diff --git a/depot/alex-ab/download b/repos/gems/sculpt/depot/alex-ab/download similarity index 100% rename from depot/alex-ab/download rename to repos/gems/sculpt/depot/alex-ab/download diff --git a/depot/alex-ab/pubkey b/repos/gems/sculpt/depot/alex-ab/pubkey similarity index 100% rename from depot/alex-ab/pubkey rename to repos/gems/sculpt/depot/alex-ab/pubkey diff --git a/depot/blarson/download b/repos/gems/sculpt/depot/blarson/download similarity index 100% rename from depot/blarson/download rename to repos/gems/sculpt/depot/blarson/download diff --git a/depot/blarson/pubkey b/repos/gems/sculpt/depot/blarson/pubkey similarity index 100% rename from depot/blarson/pubkey rename to repos/gems/sculpt/depot/blarson/pubkey diff --git a/depot/chelmuth/download b/repos/gems/sculpt/depot/chelmuth/download similarity index 100% rename from depot/chelmuth/download rename to repos/gems/sculpt/depot/chelmuth/download diff --git a/depot/chelmuth/pubkey b/repos/gems/sculpt/depot/chelmuth/pubkey similarity index 100% rename from depot/chelmuth/pubkey rename to repos/gems/sculpt/depot/chelmuth/pubkey diff --git a/depot/cnuke/download b/repos/gems/sculpt/depot/cnuke/download similarity index 100% rename from depot/cnuke/download rename to repos/gems/sculpt/depot/cnuke/download diff --git a/depot/cnuke/pubkey b/repos/gems/sculpt/depot/cnuke/pubkey similarity index 100% rename from depot/cnuke/pubkey rename to repos/gems/sculpt/depot/cnuke/pubkey diff --git a/depot/cproc/download b/repos/gems/sculpt/depot/cproc/download similarity index 100% rename from depot/cproc/download rename to repos/gems/sculpt/depot/cproc/download diff --git a/depot/cproc/pubkey b/repos/gems/sculpt/depot/cproc/pubkey similarity index 100% rename from depot/cproc/pubkey rename to repos/gems/sculpt/depot/cproc/pubkey diff --git a/depot/genodelabs/download b/repos/gems/sculpt/depot/genodelabs/download similarity index 100% rename from depot/genodelabs/download rename to repos/gems/sculpt/depot/genodelabs/download diff --git a/depot/genodelabs/pubkey b/repos/gems/sculpt/depot/genodelabs/pubkey similarity index 100% rename from depot/genodelabs/pubkey rename to repos/gems/sculpt/depot/genodelabs/pubkey diff --git a/depot/jschlatow/download b/repos/gems/sculpt/depot/jschlatow/download similarity index 100% rename from depot/jschlatow/download rename to repos/gems/sculpt/depot/jschlatow/download diff --git a/depot/jschlatow/pubkey b/repos/gems/sculpt/depot/jschlatow/pubkey similarity index 100% rename from depot/jschlatow/pubkey rename to repos/gems/sculpt/depot/jschlatow/pubkey diff --git a/depot/mstein/download b/repos/gems/sculpt/depot/mstein/download similarity index 100% rename from depot/mstein/download rename to repos/gems/sculpt/depot/mstein/download diff --git a/depot/mstein/pubkey b/repos/gems/sculpt/depot/mstein/pubkey similarity index 100% rename from depot/mstein/pubkey rename to repos/gems/sculpt/depot/mstein/pubkey diff --git a/depot/nfeske/download b/repos/gems/sculpt/depot/nfeske/download similarity index 100% rename from depot/nfeske/download rename to repos/gems/sculpt/depot/nfeske/download diff --git a/depot/nfeske/pubkey b/repos/gems/sculpt/depot/nfeske/pubkey similarity index 100% rename from depot/nfeske/pubkey rename to repos/gems/sculpt/depot/nfeske/pubkey diff --git a/depot/rite/download b/repos/gems/sculpt/depot/rite/download similarity index 100% rename from depot/rite/download rename to repos/gems/sculpt/depot/rite/download diff --git a/depot/rite/pubkey b/repos/gems/sculpt/depot/rite/pubkey similarity index 100% rename from depot/rite/pubkey rename to repos/gems/sculpt/depot/rite/pubkey diff --git a/depot/skalk/download b/repos/gems/sculpt/depot/skalk/download similarity index 100% rename from depot/skalk/download rename to repos/gems/sculpt/depot/skalk/download diff --git a/depot/skalk/pubkey b/repos/gems/sculpt/depot/skalk/pubkey similarity index 100% rename from depot/skalk/pubkey rename to repos/gems/sculpt/depot/skalk/pubkey diff --git a/depot/ssumpf/download b/repos/gems/sculpt/depot/ssumpf/download similarity index 100% rename from depot/ssumpf/download rename to repos/gems/sculpt/depot/ssumpf/download diff --git a/depot/ssumpf/pubkey b/repos/gems/sculpt/depot/ssumpf/pubkey similarity index 100% rename from depot/ssumpf/pubkey rename to repos/gems/sculpt/depot/ssumpf/pubkey diff --git a/depot/trimpim/download b/repos/gems/sculpt/depot/trimpim/download similarity index 100% rename from depot/trimpim/download rename to repos/gems/sculpt/depot/trimpim/download diff --git a/depot/trimpim/pubkey b/repos/gems/sculpt/depot/trimpim/pubkey similarity index 100% rename from depot/trimpim/pubkey rename to repos/gems/sculpt/depot/trimpim/pubkey diff --git a/repos/ports/run/vbox5_genode_usb_hid_raw.run b/repos/ports/run/vbox5_genode_usb_hid_raw.run index 77803feaf8..66736ff5c9 100644 --- a/repos/ports/run/vbox5_genode_usb_hid_raw.run +++ b/repos/ports/run/vbox5_genode_usb_hid_raw.run @@ -244,7 +244,7 @@ exec -ignorestderr \ --cross-dev-prefix "[cross_dev_prefix]" \ --include boot_dir/nova \ --include image/iso \ - --include [repository_contains /run/usb_hid_raw.run]/run/usb_hid_raw.run + --include [repository_contains run/usb_hid_raw.run]/run/usb_hid_raw.run exec ln -sf ${genode_dir}/repos/ports/run/vm_genode_usb_hid_raw.vbox bin/ exec ln -sf ../../usb_hid_raw.iso bin/ diff --git a/repos/ports/run/verify.run b/repos/ports/run/verify.run index 079edd52a9..68e5a66ec1 100644 --- a/repos/ports/run/verify.run +++ b/repos/ports/run/verify.run @@ -50,7 +50,7 @@ build { app/verify } exec tar cf [run_dir]/genode/test.tar -C [genode_dir]/repos/ports/src/app/verify/test . -copy_file [genode_dir]/depot/nfeske/pubkey [run_dir]/genode/pubkey +copy_file [select_from_repositories sculpt/depot/nfeske/pubkey] [run_dir]/genode/pubkey build_boot_image { verify libc.lib.so vfs.lib.so } diff --git a/tool/depot/mk/downloader b/tool/depot/mk/downloader index 5db9e5bc23..3c513a591a 100755 --- a/tool/depot/mk/downloader +++ b/tool/depot/mk/downloader @@ -40,7 +40,7 @@ ARCHIVES := $(MAKECMDGOALS) include $(GENODE_DIR)/tool/depot/mk/gpg.inc $(DEPOT_DIR)/% : $(PUBLIC_DIR)/%.tar.xz $(PUBLIC_DIR)/%.tar.xz.sig - $(VERBOSE)pubkey_file=$(DEPOT_DIR)/$(call archive_user,$*)/pubkey; \ + $(VERBOSE)pubkey_file=$(call pubkey_path,$*); \ $(GPG) --yes -o $$pubkey_file.dearmored --dearmor $$pubkey_file; \ ( $(GPG) --no-tty --no-default-keyring \ --keyring $$pubkey_file.dearmored \ @@ -75,15 +75,22 @@ endif ORIGINS := $(sort $(foreach A,$(ARCHIVES),$(call archive_user,$A))) +# return 'download' file located side by side of a given 'pubkey' file +url_file_for_pubkey_file = $(wildcard $(1:pubkey=download)) + +# return path to 'download' file for a given archive +url_file_path = $(call url_file_for_pubkey_file,$(call pubkey_path,$1)) + quotation_sanitized = $(subst ',,$(strip $1)) + $(foreach O,$(ORIGINS),\ $(eval URL($O) := \ $(call quotation_sanitized,\ - $(call file_content,$(DEPOT_DIR)/$O/download)))) + $(call file_content,$(call url_file_path,$O))))) MISSING_DOWNLOAD_LOCATIONS := $(sort $(foreach O,$(ORIGINS),\ - $(if ${URL($O)},,$(DEPOT_DIR)/$O/download))) + $(if ${URL($O)},,$O))) ifneq ($(MISSING_DOWNLOAD_LOCATIONS),) $(DOWNLOADED_FILES): missing_download_locations diff --git a/tool/depot/mk/front_end.inc b/tool/depot/mk/front_end.inc index 13196d15c8..7820c343f9 100644 --- a/tool/depot/mk/front_end.inc +++ b/tool/depot/mk/front_end.inc @@ -13,6 +13,9 @@ REPOSITORIES ?= $(shell find $(GENODE_DIR)/repos -follow -mindepth 1 -maxdepth 1 # list of all repositories that contain depot recipes REP_RECIPES_DIRS := $(wildcard $(addsuffix /recipes,$(REPOSITORIES))) +# list of possible locations of pubkey/download files +REP_SCULPT_DEPOT_DIRS := $(wildcard $(addsuffix /sculpt/depot,$(REPOSITORIES))) + DEPOT_DIR ?= $(GENODE_DIR)/depot usage: diff --git a/tool/depot/mk/gpg.inc b/tool/depot/mk/gpg.inc index 72b2d1152c..bcd938c4ff 100644 --- a/tool/depot/mk/gpg.inc +++ b/tool/depot/mk/gpg.inc @@ -8,7 +8,10 @@ GPG ?= gpg pubkey_filename = $(call archive_user,$1)/pubkey -pubkey_path = $(wildcard $(DEPOT_DIR)/$(call pubkey_filename,$1)) + +pubkey_path = $(firstword \ + $(wildcard $(addsuffix /$(call pubkey_filename,$1), \ + $(REP_SCULPT_DEPOT_DIRS)))) # obtain key ID of 'depot//pubkey' to be used to select signing key pubkey_id = $(shell pubkey_file=$(call pubkey_path,$1); \ @@ -20,9 +23,9 @@ pubkey_id = $(shell pubkey_file=$(call pubkey_path,$1); \ MISSING_PUBKEY_FILES := $(sort \ $(foreach A,$(ARCHIVES),\ $(if $(call pubkey_path,$A),,\ - $(DEPOT_DIR)/$(call pubkey_filename,$A)))) + $(call archive_user,$A)))) missing_pubkey_files: - @echo "Error: missing public-key files:";\ + @echo "Error: missing public-key files for:";\ for i in $(MISSING_PUBKEY_FILES); do echo " $$i"; done; false diff --git a/tool/depot/publish b/tool/depot/publish index 90e6fa26c0..7d1d51d87e 100755 --- a/tool/depot/publish +++ b/tool/depot/publish @@ -90,7 +90,7 @@ include $(GENODE_DIR)/tool/depot/mk/gpg.inc MISSING_PUBKEY_FILES := $(sort \ $(foreach A,$(ARCHIVES),\ $(if $(call pubkey_path,$A),,\ - $(DEPOT_DIR)/$(call pubkey_filename,$A)))) + $(call pubkey_filename,$A)))) $(PUBLIC_DIR)/%.xz.sig : $(PUBLIC_DIR)/%.xz $(VERBOSE)$(GPG) --detach-sign --digest-algo SHA256 --no-tty --use-agent \ diff --git a/tool/run/run b/tool/run/run index 50877de450..a9ed77b29a 100755 --- a/tool/run/run +++ b/tool/run/run @@ -572,14 +572,32 @@ proc installed_command {command} { ## # Return first repository containing the given path # -proc repository_contains {path} { +proc repository_contains { rep_rel_path } { + global repositories; - foreach i $repositories { - if {[file exists $i/$path]} { return $i } + + foreach rep $repositories { + if {[file exists [file join $rep $rep_rel_path]]} { + return $rep } } } +## +# Return path to first file found in the available repositories +# +proc select_from_repositories { rep_rel_path } { + + set rep_dir [repository_contains $rep_rel_path] + + if {[llength $rep_dir]} { + return [file join $rep_dir $rep_rel_path] } + + puts stderr "Error: $rep_rel_path not present in any repository" + exit -8 +} + + ## ## Utilities for performing steps that are the same on several platforms ##