--- - name: Create the makepkg drop-in config file ansible.builtin.template: dest: /etc/makepkg.conf.d/makepkg.conf src: makepkg.conf.j2 owner: root group: root mode: "0644" - name: Create the build user group ansible.builtin.group: name: "{{ aur_repo_build_account }}" system: true state: present - name: Create the build user ansible.builtin.user: name: "{{ aur_repo_build_account }}" password: '!' group: "{{ aur_repo_build_account }}" comment: "AUR Package Builder" shell: /sbin/nologin home: "{{ aur_repo_dir }}" createhome: true system: true state: present - name: Create the parent build dir ansible.builtin.file: path: "{{ item }}" state: directory owner: "{{ aur_repo_build_account }}" group: "{{ aur_repo_build_account }}" mode: "0755" loop: - "{{ aur_repo_dir }}" - "{{ aur_repo_dir }}/packages" - "{{ aur_repo_dir }}/sources" - "{{ aur_repo_dir }}/srcpackages" - /var/log/makepkg - /tmp/build - name: Check if the singing key is in build user's keyring become: true become_user: "{{ aur_repo_build_account }}" ansible.builtin.command: cmd: gpg2 --list-secret-key --with-colons {{ aur_repo_key_thumbprint }} failed_when: key_result.rc not in [0, 2] changed_when: false register: key_result - name: GPG key import block when: key_result.rc == 2 block: - name: Template out the signing private key ansible.builtin.template: dest: "/tmp/build/signing_key.asc" src: signing_key.asc.j2 owner: "{{ aur_repo_build_account }}" group: "{{ aur_repo_build_account }}" mode: "0600" - name: Import the signing key become: true become_user: "{{ aur_repo_build_account }}" ansible.builtin.command: cmd: gpg2 --import /tmp/build/signing_key.asc changed_when: true - name: Delete the signing key ansible.builtin.file: path: "/tmp/build/signing_key.asc" state: absent - name: Check if aurutils is already installed ansible.builtin.stat: follow: true path: /usr/bin/aur register: aurutils_stat - name: Aurutils install block when: not aurutils_stat.stat.exists block: - name: Install makepkg dependencies community.general.pacman: name: - git - base-devel state: present update_cache: true - name: Clone aurutils ansible.builtin.git: depth: 1 dest: /tmp/aurutils repo: https://aur.archlinux.org/aurutils.git single_branch: true version: master - name: Slurp PKGBUILD contents ansible.builtin.slurp: path: /tmp/aurutils/PKGBUILD register: aurutils_pkgbuild - name: Parse PKGBUILD into facts ansible.builtin.set_fact: aurutils_dependencies: "{{ aurutils_pkgbuild['content'] | b64decode | regex_search('(?<=^depends=\\().*(?=\\)$)', multiline=True) | replace(\"'\", '') | split(' ') }}" # noqa: yaml[line-length] aurutils_pkgver: "{{ aurutils_pkgbuild['content'] | b64decode | regex_search('(?<=^pkgver=).*(?=$)', multiline=True) }}" aurutils_pkgrel: "{{ aurutils_pkgbuild['content'] | b64decode | regex_search('(?<=^pkgrel=).*(?=$)', multiline=True) }}" aurutils_arch: "{{ aurutils_pkgbuild['content'] | b64decode | regex_search('(?<=^arch=\\().*(?=\\)$)', multiline=True) | replace(\"'\", '') }}" - name: Debug aurutils dependencies ansible.builtin.debug: msg: "{{ aur_repo_dir }}/packages/aurutils-{{ aurutils_pkgver }}-{{ aurutils_pkgrel }}-{{ aurutils_arch }}.pkg.tar.lz4" - name: Install aurutils dependencies community.general.pacman: name: "{{ aurutils_dependencies }}" state: present reason: dependency update_cache: false - name: Build aurutils become: true become_user: "{{ aur_repo_build_account }}" ansible.builtin.command: cmd: makepkg chdir: /tmp/aurutils creates: "{{ aur_repo_dir }}/packages/aurutils-{{ aurutils_pkgver }}-{{ aurutils_pkgrel }}-{{ aurutils_arch }}.pkg.tar.lz4" - name: Check if the signing key is in pacman keyring ansible.builtin.command: argv: - pacman-key - -l - "{{ aur_repo_key_thumbprint }}" failed_when: pacman_key_result.rc not in [0, 2] changed_when: false register: pacman_key_result - name: Pacman key import block when: pacman_key_result.rc == 2 block: - name: Import the signing public key to arch keyring ansible.builtin.command: argv: - pacman-key - -r - "{{ aur_repo_key_thumbprint }}" - --keyserver - hkps://keyserver.ubuntu.com changed_when: true - name: Locally sign the imported pacman key ansible.builtin.command: argv: - pacman-key - --lsign-key - "{{ aur_repo_key_thumbprint }}" changed_when: true - name: Install aurutils community.general.pacman: name: "{{ aur_repo_dir }}/packages/aurutils-{{ aurutils_pkgver }}-{{ aurutils_pkgrel }}-{{ aurutils_arch }}.pkg.tar.lz4" state: present update_cache: false