From 9f605490611634bdf58ad6d59dded487e2735304 Mon Sep 17 00:00:00 2001 From: Mitsuba100 Date: Tue, 14 Apr 2026 21:50:51 +0200 Subject: [PATCH] Update .github/workflows/update-repo.yml --- .github/workflows/update-repo.yml | 36 ++++++++++++------------------- 1 file changed, 14 insertions(+), 22 deletions(-) diff --git a/.github/workflows/update-repo.yml b/.github/workflows/update-repo.yml index bdb775e..64b59d1 100644 --- a/.github/workflows/update-repo.yml +++ b/.github/workflows/update-repo.yml @@ -1,4 +1,4 @@ -name: Update Arch Repository +name: Update Arch Repository on: push: @@ -23,29 +23,21 @@ jobs: - name: Build and Sign Repository run: | cd x86_64 - # Remove ALL old metadata and symlinks to start fresh rm -f hyprarch-repo.db* hyprarch-repo.files* - # 1. Export public key gpg --export --armor 236328A7F2C2001E > pubkey.gpg - # 2. Sign packages (Force BINARY by removing --armor) + # --- FIX: DETACHED BINARY SIGNATURES --- for pkg in *.pkg.tar.zst; do - echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --detach-sign "$pkg" + echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --no-armor --detach-sign "$pkg" done - # 3. Build DB using Python helper (Ensure you updated the script on the Pi as well) python3 ~/build_db.py - # 4. Finalize Files (NO SYMLINKS) - # We manually copy instead of linking so the web server sees real files + # --- FIX: NO SYMLINKS, BINARY DB SIGNATURE --- cp hyprarch-repo.db.tar.gz hyprarch-repo.db cp hyprarch-repo.db.tar.gz hyprarch-repo.files - - # 5. Sign the DB (Binary) - echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --detach-sign hyprarch-repo.db - - # 6. Ensure .sig files match the main files exactly + echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --no-armor --detach-sign hyprarch-repo.db cp hyprarch-repo.db.sig hyprarch-repo.db.tar.gz.sig - name: Generate Subfolder Index @@ -76,10 +68,7 @@ jobs: a:hover { text-decoration: underline; } .container { max-width: 900px; margin: auto; background: #3b4252; padding: 20px; border-radius: 8px; } h1 { border-bottom: 2px solid #4c566a; padding-bottom: 10px; color: #81a1c1; } - h2 { color: #a3be8c; margin-top: 30px; } pre { background: #2e3440; padding: 15px; border-radius: 5px; color: #ebcb8b; overflow-x: auto; border: 1px solid #4c566a; } - code { color: #d08770; } - .step { background: #434c5e; padding: 10px 15px; border-left: 4px solid #81a1c1; margin: 10px 0; } @@ -91,9 +80,6 @@ jobs: 
[hyprarch-repo]
           SigLevel = Required DatabaseOptional
           Server = https://repo.stuple.net/\$arch
-

3. Sync

-
sudo pacman -Syy
-

📁 Browse File Index

Last updated: '$(date)'

@@ -101,9 +87,15 @@ jobs: EOF - - name: Deploy to Local Web Folder + - name: Deploy and Fix Permissions run: | - # Clean the destination first to ensure no old symlinks remain + # 1. Clean destination rm -rf /var/www/hyprarch-repo/x86_64/* mkdir -p /var/www/hyprarch-repo/x86_64 - cp -rf . /var/www/hyprarch-repo/ \ No newline at end of file + + # 2. Copy files + cp -rf . /var/www/hyprarch-repo/ + + # 3. Ensure Nginx (www-data) can read them + sudo chown -R stui:www-data /var/www/hyprarch-repo + sudo chmod -R 755 /var/www/hyprarch-repo \ No newline at end of file