Merge branch 'pacman-gpg-expire-fix' into 'main'

add "pacman-faketime" wrapper to work around expiring package signing keys (#313) See merge request systemrescue/systemrescue-sources!247
2026-01-06 08:40:02 +01:00 · 2022-12-10 20:07:36 +00:00 · 2022-12-10 20:07:36 +00:00 · b3538193db
parent d898b94680 54bd03d4fd
commit b3538193db
4 changed files with 33 additions and 2 deletions
--- a/airootfs/root/customize_airootfs.sh
+++ b/airootfs/root/customize_airootfs.sh
@ -60,6 +60,11 @@ systemctl mask ldconfig.service
 /usr/bin/pacman-key --populate
 rm -f /etc/pacman.d/gnupg/*~

+echo "" >>/etc/pacman.d/gnupg/gpg.conf
+echo "# disable caching & trustdb regeneration to be able to use pacman with faketime in the pacman-faketime wrapper" >>/etc/pacman.d/gnupg/gpg.conf
+echo "no-sig-cache" >>/etc/pacman.d/gnupg/gpg.conf
+echo "no-auto-check-trustdb" >>/etc/pacman.d/gnupg/gpg.conf
+
 # get a list of all packages from sysrescuerepo to exclude them from reinstall by yay-prepare
 mkdir -p /usr/share/sysrescue/lib/
 pacman -Sl sysrescuerepo | sed -e "s/^sysrescuerepo //" \
--- a/airootfs/usr/bin/pacman-faketime
+++ b/airootfs/usr/bin/pacman-faketime
@ -0,0 +1,25 @@
+#! /usr/bin/env bash
+#
+# call pacman and fake the system date to the day this version of SystemRescue was released
+# this can help to work around expired package signatures
+#
+# Author: Gerd v. Egidy
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# see https://www.system-rescue.org/manual/Installing_packages_with_pacman/ for details
+#
+
+# get SystemRescue release date
+RELEASE_DATE=$(grep BUILD_ID /etc/os-release  | sed -e "s/.*\"\(.*\)\"/\1/")
+if [[ -z "$RELEASE_DATE" ]] || ! echo "$RELEASE_DATE" | grep -E -q "^[0-9]{4}-[0-9]{2}-[0-9]{2}$"; then
+    echo "ERROR: can't determine SystemRescue release date"
+    exit 1
+fi
+
+if ! command -v faketime &>/dev/null ; then
+    echo "ERROR: 'faketime' command not found. Is this the correct release of SystemRescue?"
+    exit 1
+fi
+
+# wrap pacman with all arguments
+faketime "$RELEASE_DATE" pacman "$@"
--- a/airootfs/usr/share/sysrescue/bin/yay-prepare
+++ b/airootfs/usr/share/sysrescue/bin/yay-prepare
@ -66,14 +66,14 @@ done
 pacman -Sy

 # reinstall all required packages
-pacman -S "${REINSTALL[@]}"
+pacman-faketime -S "${REINSTALL[@]}"

 # install base-devel group, but don't reinstall what we already have
 # we want to ask the user for confirmation, but don't give them a choice what to install
 # this isn't supported by pacman directly, so we need to get the group contents first and then install them

 BASE_DEVEL_PKGS=$(pacman -Sg base-devel | sed -e "s/^base-devel \(.*\)/\1/")
-pacman -S --needed $BASE_DEVEL_PKGS git cmake
+pacman-faketime -S --needed $BASE_DEVEL_PKGS git cmake

 useradd -m yay

--- a/1
+++ b/1
@ -101,6 +101,7 @@ keepassxc
 kexec-tools
 less
 lftp
+libfaketime
 libisoburn
 libvncserver
 linux-atm