diff --git a/.github/workflows/update-repo.yml b/.github/workflows/update-repo.yml index e353d38..1445cdc 100644 --- a/.github/workflows/update-repo.yml +++ b/.github/workflows/update-repo.yml @@ -16,145 +16,63 @@ jobs: with: fetch-depth: 0 - - name: Setup tools - run: sudo apt-get update && sudo apt-get install -y libarchive-tools gpg + - name: Install dependencies + run: | + sudo apt-get update + sudo apt-get install -y gnupg libarchive-tools - name: Import GPG Key run: | - if [ -z "${{ secrets.GPG_PRIVATE_KEY }}" ]; then - echo "ERROR: GPG_PRIVATE_KEY secret is empty!" - exit 1 - fi - echo "${{ secrets.GPG_PRIVATE_KEY }}" > private_key.gpg - gpg --batch --import private_key.gpg - rm private_key.gpg + echo "${{ secrets.GPG_PRIVATE_KEY }}" > private.key + gpg --batch --import private.key + rm private.key - - name: Update Repository Database + - name: Sign Packages run: | cd x86_64 - rm -f hyprarch-repo.db* hyprarch-repo.files* - mkdir -p db_temp - export GPG_TTY=$(tty) - - # Export public key to the folder so it is accessible via URL - gpg --export --armor 236328A7F2C2001E > pubkey.gpg for pkg in *.pkg.tar.zst; do - # 1. Sign the package file - echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --detach-sign --no-armor "$pkg" - - # 2. Extract Metadata - pkgname=$(bsdtar -xOf "$pkg" .PKGINFO | grep "^pkgname =" | cut -d' ' -f3) - pkgver=$(bsdtar -xOf "$pkg" .PKGINFO | grep "^pkgver =" | cut -d' ' -f3) - pkgdesc=$(bsdtar -xOf "$pkg" .PKGINFO | grep "^pkgdesc =" | cut -d' ' -f3- | sed "s/['\"]//g") - - mkdir -p "db_temp/$pkgname-$pkgver" - - { - echo "%NAME%" - echo "$pkgname" - echo "" - echo "%VERSION%" - echo "$pkgver" - echo "" - echo "%DESC%" - echo "$pkgdesc" - echo "" - echo "%FILENAME%" - echo "$pkg" - echo "" - echo "%CSIZE%" - echo "$(stat -c%s "$pkg")" - echo "" - echo "%ISIZE%" - echo "$(bsdtar -xOf "$pkg" .PKGINFO | grep "^size =" | cut -d' ' -f3)" - echo "" - echo "%PGPSIG%" - echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --detach-sign --stdout --no-armor "$pkg" | base64 | tr -d '\n' - echo "" - } > "db_temp/$pkgname-$pkgver/desc" - done - - # 3. Pack and Sign DB - cd db_temp - tar -c * | gzip -9 > ../hyprarch-repo.db.tar.gz - cd .. - echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --detach-sign --no-armor hyprarch-repo.db.tar.gz - - # 4. Finalize - cp hyprarch-repo.db.tar.gz hyprarch-repo.db - cp hyprarch-repo.db.tar.gz.sig hyprarch-repo.db.sig - cp hyprarch-repo.db.tar.gz hyprarch-repo.files - cp hyprarch-repo.db.tar.gz hyprarch-repo.files.tar.gz - rm -rf db_temp + echo "Signing $pkg" - - name: Generate Subfolder Index + echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes \ + --pinentry-mode loopback \ + --local-user 236328A7F2C2001E \ + --passphrase-fd 0 \ + --detach-sign "$pkg" + done + + - name: Build Repo Database (correct Arch way) run: | cd x86_64 - echo "Index of /x86_64/" > index.html - echo "

Index of /x86_64/

" >> index.html
-          echo "../" >> index.html
-          for file in *; do
-            if [[ "$file" != "index.html" ]]; then
-              size=$(du -sh "$file" | cut -f1)
-              date=$(date -r "$file" '+%d-%b-%Y %H:%M')
-              printf "%s%-$(($(printf '%s' "$file" | wc -c) > 50 ? 1 : 50 - $(printf '%s' "$file" | wc -c)))s %s %8s\n" "$file" "$file" "" "$date" "$size" >> index.html
-            fi
-          done
-          echo "
" >> index.html - - name: Generate Root Landing Page + rm -f hyprarch-repo.db* hyprarch-repo.files* + + repo-add --sign hyprarch-repo.db.tar.gz *.pkg.tar.zst + + - name: Export Public Key run: | - echo ' - - - HyprArch Repository - - - -
-

HyprArch Custom Repository

- -

1. Add the GPG Key

-

Run this command to trust the repository maintainer (Mitsuba100):

- 
curl -s https://hyprarch-repo.stuple.net/x86_64/pubkey.gpg | sudo pacman-key -a - && sudo pacman-key --lsign-key 236328A7F2C2001E
+ gpg --export --armor 236328A7F2C2001E > x86_64/pubkey.gpg -

2. Configure Pacman

-

Add the following to the bottom of /etc/pacman.conf:

- 
[hyprarch-repo]
-          SigLevel = Required DatabaseOptional
-          Server = https://hyprarch-repo.stuple.net/$arch
- -

3. Sync

-
- sudo pacman -Sy -
+ - name: Generate Simple Index Page + run: | + cd x86_64 -
-

📁 Browse File Index

-

Automated by GitHub Actions • Last updated: '$(date)'

-
- - ' > index.html + echo "

Repository Index

" >> index.html - name: Commit and Push run: | - git config --global user.name "github-actions[bot]" - git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "repo-bot" + git config --global user.email "repo-bot@users.noreply.github.com" + git add . + if ! git diff-index --quiet HEAD; then - git commit -m "Add GPG trust command to landing page" + git commit -m "Update repository database" git push else - echo "Nothing to change." - fi + echo "No changes" + fi \ No newline at end of file