# $HeadURL$ $LastChangedRevision$ ifndef FACILITY_REPOS_MK FACILITY_REPOS_MK = 1 # In pass #1: load recipe generators # In pass #0: load generated recipes include method-copy.mk # Do not install stuff in this facility; the network may be down! # Variables mentioned both in pass#1 and pass#0. KEY_IDS += debian-1 # Debian KEY_IDS += debian-2 # Debian KEY_IDS += owncloud-rzg # Owncloud client (for RZG) KEY_IDS += certbot.eff.org # Certbot PPA KEY_IDS += sabnzbd.org # sabnzbplus KEY_IDS += google.com # Google Chrome (only needed on delguine, where Suzie installed google-chrome manually) KEY_IDS += skype.com # Skype (only needed on delguine, where Suzie installed google-chrome manually) KEY_IDS += pasta.freemyip.com # pasta.freemyip.com (need to keep names short else make complains) KEY_IDS += dropbox.com # Dropbox KEY_IDS += geti2p.net # I2P KEY_IDS += mysql.com # Oracle/MySQL KEY_IDS += openproject.org # OpenProject PGP_SERVER = pgp.mit.edu #PGP_SERVER = pgp.rediris.es DEDUPED_SORTED_HYPHENATED_KEY_IDS = $(shell echo $(KEY_IDS) | xargs -n 1 | sort -u | paste -s -d-) # Tell recipe generators what to generate recipes for ifeq ($(PCMS_PASS_NUM),1) all.copy: $(shell encode /etc/apt/sources.list).copy # The real Makefile else ifeq ($(PCMS_PASS_NUM),0) all.facility: repos.facility #repos.facility: repos-defined.fix repos-authenticatable.fix repos-cached.fix packages-upgraded.fix #repos.facility: repos-defined.fix repos-authenticatable.fix repos-cached-and-packages-upgraded-has-been-disabled.fix # Repos are not usable (i.e. one cannot run 'apt-get install X' until the repos' contents has been # cached. Therefore repos.facility depends on repos-cached.fix and repos-cached.fix depends on # repos-defined.fix. repos.facility: repos-defined.fix repos-authenticatable.fix repos-cached.fix touch $@ repos-defined.fix: $(shell encode /etc/apt/sources.list).copy touch $@ repos-authenticatable.fix: keys-$(DEDUPED_SORTED_HYPHENATED_KEY_IDS).fix touch $@ keys-$(DEDUPED_SORTED_HYPHENATED_KEY_IDS).fix: /etc/apt/trusted.gpg @# dirnngr is not going to work properly without the next few lines. rm -fr ~/.gnupg* @# gpg will create ~/.gnupg/pubring.kbx itself, but we can do it @# more quietly ourselves. mkdir -p ~/.gnupg chmod 700 ~/.gnupg touch ~/.gnupg/pubring.kbx touch ~/.gnupg/trustdb.gpg gpg --list-keys > /dev/null gpg --list-keys > /dev/null $(RM) keys-*.fix $(RM) /etc/apt/trusted.gpg @# apt-get says 'OK' when things are ok. Redirecting that to /dev/null @# results in a warning that itself can either be disabled by setting @# APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE or itself redirected to /dev/null. set -e; \ for KEY_ID in $(KEY_IDS); do \ apt-key add - < $(SITE_CONFIG_DIR)/keys/$$KEY_ID.asc > /dev/null 2>&1; \ done touch $@ # /etc/apt/trusted.gpg can be removed by recipe above. Here we say it's okay for # it to (temporarily) not exist. /etc/apt/trusted.gpg: ; repos-cached.fix: repos-defined.fix repos-authenticatable.fix netreach --debug=$(VERBOSELEVEL) repos package update touch $@ #packages-upgraded.fix: repos-defined.fix repos-authenticatable.fix repos-cached.fix # netreach --debug=$(VERBOSELEVEL) repos # package upgrade # touch $@ #repos-cached-and-packages-upgraded-has-been-disabled.fix: # msg --progname=$(PROGNAME) --debug=$(VERBOSELEVEL) warning "targets 'repos-cached.fix' and 'packages-upgraded.fix' have been disabled in the Makefiles as Alexis feels this is something that only the pcms script itself should do!" # touch $@ endif # PCMS_PASS_NUM endif # FACILITY_REPOS_MK