Simplify up ssh key signing logic

Merge pull request 'Add ssh key sign' (#2 ) from ndowens/artix-metro:master into master
Reviewed-on: #2
2025-03-25 00:15:13 -05:00 · 2025-03-25 05:57:23 +01:00 · 2025-03-25 04:55:56 +00:00 · 2025-03-15 13:13:52 -05:00
3 changed files with 46 additions and 39 deletions
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,19 +1,19 @@
 {
  "name": "artix-metro",
-  "version": "3.1.1",
+  "version": "3.1.3",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
    "": {
      "name": "artix-metro",
-      "version": "3.1.1",
+      "version": "3.1.3",
      "license": "MIT",
      "dependencies": {
-        "artix-checkupdates": "1.0.1",
+        "artix-checkupdates": "1.0.2",
        "cli-color": "2.0.4",
        "glob": "11.0.1",
        "json5": "2.2.3",
-        "ky": "1.7.4"
+        "ky": "1.7.5"
      },
      "bin": {
        "artix-metro": "bin/artix-metro.mjs"
@@ -21,8 +21,8 @@
      "devDependencies": {
        "@sindresorhus/tsconfig": "7.0.0",
        "@types/cli-color": "2.0.6",
-        "@types/node": "22.13.1",
-        "typescript": "5.7.3"
+        "@types/node": "22.13.13",
+        "typescript": "5.8.2"
      }
    },
    "node_modules/@isaacs/cliui": {
@@ -63,9 +63,9 @@
      "license": "MIT"
    },
    "node_modules/@types/node": {
-      "version": "22.13.1",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.1.tgz",
-      "integrity": "sha512-jK8uzQlrvXqEU91UxiK5J7pKHyzgnI1Qnl0QDHIgVGuolJhRb9EEl28Cj9b3rGR8B2lhFCtvIm5os8lFnO/1Ew==",
+      "version": "22.13.13",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.13.tgz",
+      "integrity": "sha512-ClsL5nMwKaBRwPcCvH8E7+nU4GxHVx1axNvMZTFHMEfNI7oahimt26P5zjVCRrjiIWj6YFXfE1v3dEp94wLcGQ==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
@@ -97,9 +97,9 @@
      }
    },
    "node_modules/artix-checkupdates": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/artix-checkupdates/-/artix-checkupdates-1.0.1.tgz",
-      "integrity": "sha512-C0AxI3SfoUUekYg3ft/y4+tRjIe8uuDLvBQRSmkfNsRuBLNlEHaxhY/93JB6G4AGXp5RFLZYDnbgjakgbTLhkw==",
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/artix-checkupdates/-/artix-checkupdates-1.0.2.tgz",
+      "integrity": "sha512-VTLeMVysGeZ3QiLtEyWoVM8D57YyeYhYQoL3vcW9b0dZE+zhE4di80PYEFGeQzIBcCStcBFnI1uSBoAEHMVHAQ==",
      "license": "MIT"
    },
    "node_modules/balanced-match": {
@@ -357,9 +357,9 @@
      }
    },
    "node_modules/ky": {
-      "version": "1.7.4",
-      "resolved": "https://registry.npmjs.org/ky/-/ky-1.7.4.tgz",
-      "integrity": "sha512-zYEr/gh7uLW2l4su11bmQ2M9xLgQLjyvx58UyNM/6nuqyWFHPX5ktMjvpev3F8QWdjSsHUpnWew4PBCswBNuMQ==",
+      "version": "1.7.5",
+      "resolved": "https://registry.npmjs.org/ky/-/ky-1.7.5.tgz",
+      "integrity": "sha512-HzhziW6sc5m0pwi5M196+7cEBtbt0lCYi67wNsiwMUmz833wloE0gbzJPWKs1gliFKQb34huItDQX97LyOdPdA==",
      "license": "MIT",
      "engines": {
        "node": ">=18"
@@ -604,9 +604,9 @@
      "integrity": "sha512-+5nt5AAniqsCnu2cEQQdpzCAh33kVx8n0VoFidKpB1dVVLAN/F+bgVOqOJqOnEnrhp222clB5p3vUlD+1QAnfg=="
    },
    "node_modules/typescript": {
-      "version": "5.7.3",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.7.3.tgz",
-      "integrity": "sha512-84MVSjMEHP+FQRPy3pX9sTVV/INIex71s9TL2Gm5FG/WG1SqXeKyZ0k7/blY/4FdOzI12CBy1vGc4og/eus0fw==",
+      "version": "5.8.2",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.8.2.tgz",
+      "integrity": "sha512-aJn6wq13/afZp/jT9QZmwEjDqqvSGp1VT5GVg+f/t6/oVyrgXM6BY1h9BRh/O5p3PlUPAe+WuiEZOmb/49RqoQ==",
      "dev": true,
      "license": "Apache-2.0",
      "bin": {
@@ -758,9 +758,9 @@
      "dev": true
    },
    "@types/node": {
-      "version": "22.13.1",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.1.tgz",
-      "integrity": "sha512-jK8uzQlrvXqEU91UxiK5J7pKHyzgnI1Qnl0QDHIgVGuolJhRb9EEl28Cj9b3rGR8B2lhFCtvIm5os8lFnO/1Ew==",
+      "version": "22.13.13",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.13.tgz",
+      "integrity": "sha512-ClsL5nMwKaBRwPcCvH8E7+nU4GxHVx1axNvMZTFHMEfNI7oahimt26P5zjVCRrjiIWj6YFXfE1v3dEp94wLcGQ==",
      "dev": true,
      "requires": {
        "undici-types": "~6.20.0"
@@ -777,9 +777,9 @@
      "integrity": "sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug=="
    },
    "artix-checkupdates": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/artix-checkupdates/-/artix-checkupdates-1.0.1.tgz",
-      "integrity": "sha512-C0AxI3SfoUUekYg3ft/y4+tRjIe8uuDLvBQRSmkfNsRuBLNlEHaxhY/93JB6G4AGXp5RFLZYDnbgjakgbTLhkw=="
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/artix-checkupdates/-/artix-checkupdates-1.0.2.tgz",
+      "integrity": "sha512-VTLeMVysGeZ3QiLtEyWoVM8D57YyeYhYQoL3vcW9b0dZE+zhE4di80PYEFGeQzIBcCStcBFnI1uSBoAEHMVHAQ=="
    },
    "balanced-match": {
      "version": "1.0.2",
@@ -982,9 +982,9 @@
      "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg=="
    },
    "ky": {
-      "version": "1.7.4",
-      "resolved": "https://registry.npmjs.org/ky/-/ky-1.7.4.tgz",
-      "integrity": "sha512-zYEr/gh7uLW2l4su11bmQ2M9xLgQLjyvx58UyNM/6nuqyWFHPX5ktMjvpev3F8QWdjSsHUpnWew4PBCswBNuMQ=="
+      "version": "1.7.5",
+      "resolved": "https://registry.npmjs.org/ky/-/ky-1.7.5.tgz",
+      "integrity": "sha512-HzhziW6sc5m0pwi5M196+7cEBtbt0lCYi67wNsiwMUmz833wloE0gbzJPWKs1gliFKQb34huItDQX97LyOdPdA=="
    },
    "lru-cache": {
      "version": "11.0.2",
@@ -1147,9 +1147,9 @@
      "integrity": "sha512-+5nt5AAniqsCnu2cEQQdpzCAh33kVx8n0VoFidKpB1dVVLAN/F+bgVOqOJqOnEnrhp222clB5p3vUlD+1QAnfg=="
    },
    "typescript": {
-      "version": "5.7.3",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.7.3.tgz",
-      "integrity": "sha512-84MVSjMEHP+FQRPy3pX9sTVV/INIex71s9TL2Gm5FG/WG1SqXeKyZ0k7/blY/4FdOzI12CBy1vGc4og/eus0fw==",
+      "version": "5.8.2",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.8.2.tgz",
+      "integrity": "sha512-aJn6wq13/afZp/jT9QZmwEjDqqvSGp1VT5GVg+f/t6/oVyrgXM6BY1h9BRh/O5p3PlUPAe+WuiEZOmb/49RqoQ==",
      "dev": true
    },
    "undici-types": {
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "artix-metro",
-  "version": "3.1.1",
+  "version": "3.1.3",
  "description": "Automate pushing packages to Artix",
  "keywords": [
    "artix",
@@ -31,16 +31,16 @@
  },
  "license": "MIT",
  "dependencies": {
-    "artix-checkupdates": "1.0.1",
+    "artix-checkupdates": "1.0.2",
    "cli-color": "2.0.4",
-    "ky": "1.7.4",
+    "ky": "1.7.5",
    "json5": "2.2.3",
    "glob": "11.0.1"
  },
  "devDependencies": {
-    "typescript": "5.7.3",
+    "typescript": "5.8.2",
    "@sindresorhus/tsconfig": "7.0.0",
    "@types/cli-color": "2.0.6",
-    "@types/node": "22.13.1"
+    "@types/node": "22.13.13"
  }
 }
--- a/src/pusher.mts
+++ b/src/pusher.mts
@@ -55,14 +55,21 @@ class Pusher {
    }

    async refreshGpg() {
-        if (await isPasswordRequired()) {
+        const sshSignMode = 'SSHKEYSIGN' in process.env;
+        if (sshSignMode || await isPasswordRequired()) {
            console.log(clc.cyan('Refreshing signature...'));
            this._createdSignfile ||= await runCommand('touch', [SIGNFILE]);
-            await runCommand('gpg', ['-a', '--passphrase', escapeCommandParam(this._config.gpgpass || ''), '--batch', '--pinentry-mode', 'loopback', '--detach-sign', SIGNFILE]);
-            await fsp.rm(`${SIGNFILE}.asc`);
+            if (sshSignMode) {
+                await runCommand('ssh-keygen', ['-Y', 'sign', '-f', path.resolve(process.env['SSHKEYSIGN'] as string), '-n', ' git', SIGNFILE]);
+            }
+            else {
+                await runCommand('gpg', ['-a', '--passphrase', escapeCommandParam(this._config.gpgpass || ''), '--batch', '--pinentry-mode', 'loopback', '--detach-sign', SIGNFILE]);
+            }
+            await fsp.rm(`${SIGNFILE}.${sshSignMode ? 'sig' : 'asc'}`)
        }
    }

+
    increment(pkg: string): Promise<void> {
        return new Promise(async (res, _) => {
            const pkgbuild = path.join(this._artools.workspace, 'artixlinux', pkg, 'PKGBUILD');
@@ -133,7 +140,7 @@ class Pusher {
        }

        console.log(clc.yellowBright('Running artix-checkupdates'));
-        const actionable = job.increment ? job.packages : (await (!!job.source ? checkupdates.fetchMovable() : checkupdates.fetchUpgradable())).map(res => res.basename);
+        const actionable = job.increment ? job.packages : (await (!!job.source ? checkupdates.fetchLooseMovable() : checkupdates.fetchUpgradable())).map(res => res.basename);

        // order is IMPORTANT. Must be BLOCKING.
        for (let i = 0; i < (job.packages || []).length; i++) {
Author	SHA1	Message	Date
Cory Sanin	1d7e66459a	Simplify up ssh key signing logic	2025-03-25 00:15:13 -05:00
Cory Sanin	c1b59b8e20	Merge pull request 'Add ssh key sign' (#2 ) from ndowens/artix-metro:master into master Reviewed-on: #2	2025-03-25 05:57:23 +01:00
ndowens	fe95766606	Add ssh key sign	2025-03-25 04:55:56 +00:00
Cory Sanin	362593798c	use loose moves for verifing movable packages	2025-03-15 13:13:52 -05:00