mirrors/raspiblitz
1
0
Fork 0
mirror of https://github.com/rootzoll/raspiblitz.git synced 2025-03-01 00:59:23 +01:00
Code Issues Projects Releases Packages Wiki Activity

build: fix github web-flow PGPpubkeyFingerprint (#4417)

Browse source 
* build: fix github web-flow PGPpubkeyFingerprint
* git-verify: use extended regular expression to check alternative key
* build: break when external scripts return with error
* git-verify: use extended regular expression to check correctKey
* ci: maximize disk space in gh action
using https://github.com/marketplace/actions/maximize-build-disk-space
This commit is contained in:
openoms 2024-02-16 16:23:06 +00:00 committed by GitHub
parent 1a092f8ee7
commit 13ae51c54a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
12 changed files with 25 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.github/workflows/amd64-lean-image.yml vendored
View file

@ -31,6 +31,12 @@ jobs:
amd64-image-build: amd64-image-build:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
steps: steps:
- name: Maximize build space
uses: easimon/maximize-build-space@master
with:
root-reserve-mb: 12288
temp-reserve-mb: 12288
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: Set values - name: Set values

12
build_sdcard.sh
View file

@ -748,8 +748,8 @@ fi
# *** CACHE DISK IN RAM & KEYVALUE-STORE*** # *** CACHE DISK IN RAM & KEYVALUE-STORE***
echo "Activating CACHE RAM DISK ... " echo "Activating CACHE RAM DISK ... "
/home/admin/_cache.sh ramdisk on /home/admin/_cache.sh ramdisk on || exit 1
/home/admin/_cache.sh keyvalue on /home/admin/_cache.sh keyvalue on || exit 1
# *** Wifi, Bluetooth & other RaspberryPi configs *** # *** Wifi, Bluetooth & other RaspberryPi configs ***
if [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian" ]; then if [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian" ]; then
@ -794,7 +794,7 @@ cp /home/admin/assets/background.service /etc/systemd/system/background.service
systemctl enable background systemctl enable background
# *** BACKGROUND SCAN *** # *** BACKGROUND SCAN ***
/home/admin/_background.scan.sh install /home/admin/_background.scan.sh install || exit 1
####### #######
# TOR # # TOR #
@ -863,13 +863,13 @@ echo "1. login fresh --> user:admin password:raspiblitz"
echo -e "2. run --> release\n" echo -e "2. run --> release\n"
# make sure that at least the code is available (also if no internet) # make sure that at least the code is available (also if no internet)
/home/admin/config.scripts/blitz.display.sh prepare-install /home/admin/config.scripts/blitz.display.sh prepare-install || exit 1
# (do last - because it might trigger reboot) # (do last - because it might trigger reboot)
if [ "${display}" != "headless" ] || [ "${baseimage}" = "raspios_arm64" ]; then if [ "${display}" != "headless" ] || [ "${baseimage}" = "raspios_arm64" ]; then
echo "*** ADDITIONAL DISPLAY OPTIONS ***" echo "*** ADDITIONAL DISPLAY OPTIONS ***"
echo "- calling: blitz.display.sh set-display ${display}" echo "- calling: blitz.display.sh set-display ${display}"
/home/admin/config.scripts/blitz.display.sh set-display ${display} /home/admin/config.scripts/blitz.display.sh set-display ${display} || exit 1
/home/admin/config.scripts/blitz.display.sh rotate 1 /home/admin/config.scripts/blitz.display.sh rotate 1 || exit 1
fi fi
echo "# BUILD DONE - see above" echo "# BUILD DONE - see above"

2
home.admin/config.scripts/blitz.display.sh
View file

@ -250,7 +250,7 @@ function install_lcd() {
sudo -u admin git checkout master sudo -u admin git checkout master
sudo -u admin git reset --hard 5a206a7 || exit 1 sudo -u admin git reset --hard 5a206a7 || exit 1
sudo -u admin /home/admin/config.scripts/blitz.git-verify.sh 'GitHub' 'https://github.com/web-flow.gpg' '4AEE18F83AFDEB23' || exit 1 sudo -u admin /home/admin/config.scripts/blitz.git-verify.sh 'GitHub' 'https://github.com/web-flow.gpg' '(4AEE18F83AFDEB23|B5690EEEBB952194)' || exit 1
# customized from https://github.com/tux1c/wavesharelcd-64bit-rpi/blob/master/install.sh # customized from https://github.com/tux1c/wavesharelcd-64bit-rpi/blob/master/install.sh
# prepare X11 # prepare X11

6
home.admin/config.scripts/blitz.git-verify.sh
View file

@ -15,7 +15,7 @@ fi
# Example for commits created on GitHub: # Example for commits created on GitHub:
# PGPsigner="web-flow" # PGPsigner="web-flow"
# PGPpubkeyLink="https://github.com/${PGPsigner}.gpg" # PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
# PGPpubkeyFingerprint="4AEE18F83AFDEB23" # PGPpubkeyFingerprint="(4AEE18F83AFDEB23|B5690EEEBB952194)"
# Example for commits signed with a personal PGP key: # Example for commits signed with a personal PGP key:
# PGPsigner="janoside" # PGPsigner="janoside"
@ -49,7 +49,7 @@ fi
echo "# importing key of ${PGPsigner}" echo "# importing key of ${PGPsigner}"
gpg --import --import-options show-only /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc gpg --import --import-options show-only /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc
fingerprint=$(gpg --show-keys --keyid-format LONG /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc 2>/dev/null | grep "${PGPpubkeyFingerprint}" -c) fingerprint=$(gpg --show-keys --keyid-format LONG /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc 2>/dev/null | grep -Ec "${PGPpubkeyFingerprint}")
if [ "${fingerprint}" -lt 1 ]; then if [ "${fingerprint}" -lt 1 ]; then
echo echo
echo "# WARNING --> the PGP fingerprint is not as expected for ${PGPsigner}" >&2 echo "# WARNING --> the PGP fingerprint is not as expected for ${PGPsigner}" >&2
@ -79,7 +79,7 @@ echo
goodSignature=$(grep "Good signature from" -c <"$_temp") goodSignature=$(grep "Good signature from" -c <"$_temp")
echo "# goodSignature(${goodSignature})" echo "# goodSignature(${goodSignature})"
correctKey=$(tr -d " \t\n\r" <"$_temp" | grep "${PGPpubkeyFingerprint}" -c) correctKey=$(tr -d " \t\n\r" <"$_temp" | grep -Ec "${PGPpubkeyFingerprint}")
echo "# correctKey(${correctKey})" echo "# correctKey(${correctKey})"
if [ "${correctKey}" -lt 1 ] || [ "${goodSignature}" -lt 1 ]; then if [ "${correctKey}" -lt 1 ] || [ "${goodSignature}" -lt 1 ]; then

4
home.admin/config.scripts/bonus.btcpayserver.sh
View file

@ -18,7 +18,7 @@ PGPpubkeyFingerprint="AB4CFA9895ACA0DBE27F6B346618763EF09186FE"
# --- # ---
#PGPsigner="web-flow" #PGPsigner="web-flow"
#PGPpubkeyLink="https://github.com/web-flow.gpg" #PGPpubkeyLink="https://github.com/web-flow.gpg"
#PGPpubkeyFingerprint="4AEE18F83AFDEB23" #PGPpubkeyFingerprint="(4AEE18F83AFDEB23|B5690EEEBB952194)"
# command info # command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -506,7 +506,7 @@ if [ "$1" = "install" ]; then
sudo -u btcpay git clone https://github.com/btcpayserver/btcpayserver.git 2>/dev/null sudo -u btcpay git clone https://github.com/btcpayserver/btcpayserver.git 2>/dev/null
cd btcpayserver || exit 1 cd btcpayserver || exit 1
sudo -u btcpay git reset --hard $BTCPayVersion sudo -u btcpay git reset --hard $BTCPayVersion
#sudo -u btcpay /home/admin/config.scripts/blitz.git-verify.sh "web-flow" "https://github.com/web-flow.gpg" "4AEE18F83AFDEB23" || exit 1 #sudo -u btcpay /home/admin/config.scripts/blitz.git-verify.sh "web-flow" "https://github.com/web-flow.gpg" "(4AEE18F83AFDEB23|B5690EEEBB952194)" || exit 1
echo "# verify signature of ${PGPsigner}" echo "# verify signature of ${PGPsigner}"
sudo -u btcpay /home/admin/config.scripts/blitz.git-verify.sh "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1 sudo -u btcpay /home/admin/config.scripts/blitz.git-verify.sh "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1

2
home.admin/config.scripts/bonus.circuitbreaker.sh
View file

@ -19,7 +19,7 @@ fi
PGPsigner="web-flow" PGPsigner="web-flow"
PGPpubkeyLink="https://github.com/${PGPsigner}.gpg" PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
PGPpubkeyFingerprint="4AEE18F83AFDEB23" PGPpubkeyFingerprint="(4AEE18F83AFDEB23|B5690EEEBB952194)"
# PGPsigner="joostjager" # PGPsigner="joostjager"
# PGPpubkeyLink="https://github.com/${PGPsigner}.gpg" # PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"

2
home.admin/config.scripts/bonus.ckbunker.sh
View file

@ -19,7 +19,7 @@ source /mnt/hdd/raspiblitz.conf
GITHUB_SIGN_AUTHOR="web-flow" GITHUB_SIGN_AUTHOR="web-flow"
GITHUB_SIGN_PUBKEYLINK="https://github.com/web-flow.gpg" GITHUB_SIGN_PUBKEYLINK="https://github.com/web-flow.gpg"
GITHUB_SIGN_FINGERPRINT="4AEE18F83AFDEB23" GITHUB_SIGN_FINGERPRINT="(4AEE18F83AFDEB23|B5690EEEBB952194)"
PORT_CLEAR="9823" PORT_CLEAR="9823"
PORT_SSL="9824" PORT_SSL="9824"

2
home.admin/config.scripts/bonus.fints.sh
View file

@ -15,7 +15,7 @@ GITHUB_TAG=""
# leave GITHUB_SIGN_AUTHOR empty to skip verifying # leave GITHUB_SIGN_AUTHOR empty to skip verifying
GITHUB_SIGN_AUTHOR="" #web-flow GITHUB_SIGN_AUTHOR="" #web-flow
GITHUB_SIGN_PUBKEYLINK="https://github.com/web-flow.gpg" GITHUB_SIGN_PUBKEYLINK="https://github.com/web-flow.gpg"
GITHUB_SIGN_FINGERPRINT="4AEE18F83AFDEB23" GITHUB_SIGN_FINGERPRINT="(4AEE18F83AFDEB23|B5690EEEBB952194)"
# port numbers the app should run on # port numbers the app should run on
# delete if not an web app # delete if not an web app

2
home.admin/config.scripts/bonus.loop.sh
View file

@ -28,7 +28,7 @@ fi
# releases are creatd on GitHub # releases are creatd on GitHub
PGPsigner="web-flow" PGPsigner="web-flow"
PGPpubkeyLink="https://github.com/${PGPsigner}.gpg" PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
PGPpubkeyFingerprint="4AEE18F83AFDEB23" PGPpubkeyFingerprint="(4AEE18F83AFDEB23|B5690EEEBB952194)"
# TODO download with .tar.gz # TODO download with .tar.gz
#PGPsigner="alexbosworth" #PGPsigner="alexbosworth"

2
home.admin/config.scripts/bonus.template.sh
View file

@ -26,7 +26,7 @@ GITHUB_TAG="v0.1"
# leave GITHUB_SIGN_AUTHOR empty to skip verifying # leave GITHUB_SIGN_AUTHOR empty to skip verifying
GITHUB_SIGN_AUTHOR="web-flow" GITHUB_SIGN_AUTHOR="web-flow"
GITHUB_SIGN_PUBKEYLINK="https://github.com/web-flow.gpg" GITHUB_SIGN_PUBKEYLINK="https://github.com/web-flow.gpg"
GITHUB_SIGN_FINGERPRINT="4AEE18F83AFDEB23" GITHUB_SIGN_FINGERPRINT="(4AEE18F83AFDEB23|B5690EEEBB952194)"
# port numbers the app should run on # port numbers the app should run on
# delete if not an web app # delete if not an web app

2
home.admin/config.scripts/cl-plugin.http.sh
View file

@ -17,7 +17,7 @@ fi
PGPsigner="web-flow" PGPsigner="web-flow"
PGPpubkeyLink="https://github.com/${PGPsigner}.gpg" PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
PGPpubkeyFingerprint="4AEE18F83AFDEB23" PGPpubkeyFingerprint="(4AEE18F83AFDEB23|B5690EEEBB952194)"
# source <(/home/admin/config.scripts/network.aliases.sh getvars cl <mainnet|testnet|signet>) # source <(/home/admin/config.scripts/network.aliases.sh getvars cl <mainnet|testnet|signet>)
source <(/home/admin/config.scripts/network.aliases.sh getvars cl mainnet) source <(/home/admin/config.scripts/network.aliases.sh getvars cl mainnet)

2
home.admin/config.scripts/cl.rest.sh
View file

@ -21,7 +21,7 @@ fi
# Example for commits created on GitHub: # Example for commits created on GitHub:
#PGPsigner="web-flow" #PGPsigner="web-flow"
#PGPpubkeyLink="https://github.com/${PGPsigner}.gpg" #PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
#PGPpubkeyFingerprint="4AEE18F83AFDEB23" #PGPpubkeyFingerprint="(4AEE18F83AFDEB23|B5690EEEBB952194)"
PGPsigner="saubyk" PGPsigner="saubyk"
PGPpubkeyLink="https://github.com/${PGPsigner}.gpg" PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"