From 18d1bd382dd9bd22f58c0556a74bfcc6996b61ec Mon Sep 17 00:00:00 2001
From: Christoph Reiter <reiter.christoph@gmail.com>
Date: Sun, 21 Feb 2021 13:18:17 +0100
Subject: [PATCH] Fetch validpgpkeys before running makepkg

auto retrieve only allows one keyserver and that is flaky, also
not all signatures include the full length key.
---
 autobuild.py          | 30 ++++++------------------------
 fetch-validpgpkeys.sh | 15 +++++++++++++++
 2 files changed, 21 insertions(+), 24 deletions(-)
 mode change 100644 => 100755 autobuild.py
 create mode 100644 fetch-validpgpkeys.sh

diff --git a/autobuild.py b/autobuild.py
old mode 100644
new mode 100755
index 5c9d1d9..b5ff95e
--- a/autobuild.py
+++ b/autobuild.py
@@ -39,6 +39,8 @@ ALLOWED_UPLOADERS = [
     ("Bot", "github-actions[bot]"),
 ]
 
+SCRIPT_DIR = os.path.dirname(os.path.realpath(__file__))
+
 
 class PackageStatus(Enum):
     FINISHED = 'finished'
@@ -282,29 +284,6 @@ def backup_pacman_conf(msys2_root: _PathLike) -> Generator:
         os.replace(backup, conf)
 
 
-@contextmanager
-def auto_key_retrieve(msys2_root: _PathLike) -> Generator:
-    home_dir = os.path.join(msys2_root, "home", environ["USERNAME"])
-    assert os.path.exists(home_dir)
-    gnupg_dir = os.path.join(home_dir, ".gnupg")
-    os.makedirs(gnupg_dir, exist_ok=True)
-    conf = os.path.join(gnupg_dir, "gpg.conf")
-    backup = None
-    if os.path.exists(conf):
-        backup = conf + ".backup"
-        shutil.copyfile(conf, backup)
-    try:
-        with open(conf, "w", encoding="utf-8") as h:
-            h.write("""
-keyserver hkp://keys.gnupg.net
-keyserver-options auto-key-retrieve
-""")
-        yield
-    finally:
-        if backup is not None:
-            os.replace(backup, conf)
-
-
 def build_type_to_dep_types(build_type: str) -> List[str]:
     if build_type == "mingw-src":
         build_type = "mingw64"
@@ -411,11 +390,14 @@ def build_package(build_type: str, pkg, msys2_root: _PathLike, builddir: _PathLi
     repo = get_repo()
 
     with staging_dependencies(build_type, pkg, msys2_root, builddir), \
-            auto_key_retrieve(msys2_root), \
             fresh_git_repo(pkg['repo_url'], repo_dir):
         pkg_dir = os.path.join(repo_dir, pkg['repo_path'])
 
         try:
+            # Fetch all keys mentioned in the PKGBUILD
+            validpgpkeys = to_pure_posix_path(os.path.join(SCRIPT_DIR, 'fetch-validpgpkeys.sh'))
+            run_cmd(msys2_root, ['bash', validpgpkeys], cwd=pkg_dir)
+
             if build_type == "mingw-src":
                 env = environ.copy()
                 env['MINGW_INSTALLS'] = 'mingw64'
diff --git a/fetch-validpgpkeys.sh b/fetch-validpgpkeys.sh
new file mode 100644
index 0000000..14f7337
--- /dev/null
+++ b/fetch-validpgpkeys.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+set -e
+
+. PKGBUILD
+_keyserver=(
+    "keyserver.ubuntu.com"
+    "keys.gnupg.net"
+    "pgp.mit.edu"
+    "keys.openpgp.org"
+)
+for key in "${validpgpkeys[@]}"; do
+    for server in "${_keyserver[@]}"; do
+        timeout 20 /usr/bin/gpg --keyserver "${server}" --recv "${key}" && break || true
+    done
+done