build Qubes-Whonix 13.0.0.0.7 templates

[adrelanos]

@marmarek can you try to build Qubes-Whonix please?

(both, gw and ws)

tag:
13.0.0.0.7-developers-only

I tested 13.0.0.0.6-developers-only quite extensively. And 7 hast just some minor changes. I download and test after the build, but likely we can call it an RC.

---

PR:
marmarek/qubes-template-whonix#6

Is this PR useful? Should official builds be created by either marmarek|adrelanos|whonix/qubes-template-whonix?

---

For reference only:
#1423

[marmarek]

Status update: the gateway build failed for the third time on apt-key adv ... with:

gpg: keyserver timed out
gpg: keyserver receive failed: keyserver error

The build is running behind Tor.
Maybe better include the key in repository, as it was before? Or choose a different, more tor-friendly keyserver (no idea which one)?

[marmarek]

Status update: the gateway build failed for the third time on apt-key adv ... with:

gpg: keyserver timed out
gpg: keyserver receive failed: keyserver error

The build is running behind Tor.
Maybe better include the key in repository, as it was before? Or choose a different, more tor-friendly keyserver (no idea which one)?

[andrewdavidwong]

Or choose a different, more tor-friendly keyserver (no idea which one)?

In Whonix-Workstation VMs, we use hkp://qdigse2yzvuglcix.onion, which works well IME.

[andrewdavidwong]

Or choose a different, more tor-friendly keyserver (no idea which one)?

In Whonix-Workstation VMs, we use hkp://qdigse2yzvuglcix.onion, which works well IME.

[adrelanos]

We shouldn't be fetching from keyservers. Can you please share the build
log around the error?

[adrelanos]

We shouldn't be fetching from keyservers. Can you please share the build
log around the error?

[marmarek]

Was already overwritten by the next build (still running). But it was this line:
https://github.com/marmarek/qubes-template-whonix/blob/master/whonix-gateway/04_install_qubes_post.sh#L51

[marmarek]

Was already overwritten by the next build (still running). But it was this line:
https://github.com/marmarek/qubes-template-whonix/blob/master/whonix-gateway/04_install_qubes_post.sh#L51

[adrelanos]

It's doable. But I wonder if it can be avoided. By somehow using a
higher timeout. The rationale of this was enabling the builder to swap
out my fingerprint by another by just overwriting these variables.

[adrelanos]

It's doable. But I wonder if it can be avoided. By somehow using a
higher timeout. The rationale of this was enabling the builder to swap
out my fingerprint by another by just overwriting these variables.

[marmarek]

It failed again: build log

[marmarek]

It failed again: build log

[adrelanos]

A fix for that is attached above. Is it preferred by to send a pull request or do you wish to just get the fix from my branch?

---

There is a different issue now. make prepare-merge does not iterate over qubes-template-whonix. Did I mess up something required for being a proper builder plugin or is it a qubes-builder bug?

user@qubes-build:~/qubes-builder$ make prepare-merge 
+ '[' -n qubes-src/vmm-xen ']'
++ basename qubes-src/vmm-xen
+ COMPONENT=vmm-xen
+ '[' qubes-src/vmm-xen == . ']'
+ '[' -z vmm-xen ']'
+ '[' -z qubes-src/vmm-xen ']'
+ url_var=GIT_URL_vmm_xen
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-vmm-xen.git
+ '[' -n '' ']'
+ branch_var=BRANCH_vmm_xen
+ '[' -n xen-4.6 ']'
+ BRANCH=xen-4.6
+ echo '-> Updating sources for vmm-xen...'
-> Updating sources for vmm-xen...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-vmm-xen.git xen-4.6...'
--> Fetching from https://github.com/QubesOS/qubes-vmm-xen.git xen-4.6...
+ '[' qubes-src/vmm-xen == . -o -d qubes-src/vmm-xen -a '' '!=' 1 ']'
+ cd qubes-src/vmm-xen
+ git fetch -q https://github.com/QubesOS/qubes-vmm-xen.git --tags xen-4.6
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn vmm-xen
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/vmm-xen FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/vmm-xen
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.S5h5Kt
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.S5h5Kt/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.S5h5Kt
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.ICpVpw
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.ICpVpw/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.ICpVpw
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v4.6.0-13
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.xtSnQb
+ git cat-file tag v4.6.0-13
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v4.6.0-13
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.xtSnQb/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.xtSnQb
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/core-vchan-xen ']'
++ basename qubes-src/core-vchan-xen
+ COMPONENT=core-vchan-xen
+ '[' qubes-src/core-vchan-xen == . ']'
+ '[' -z core-vchan-xen ']'
+ '[' -z qubes-src/core-vchan-xen ']'
+ url_var=GIT_URL_core_vchan_xen
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-core-vchan-xen.git
+ '[' -n '' ']'
+ branch_var=BRANCH_core_vchan_xen
+ '[' -n '' ']'
+ echo '-> Updating sources for core-vchan-xen...'
-> Updating sources for core-vchan-xen...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-core-vchan-xen.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-core-vchan-xen.git release3.1...
+ '[' qubes-src/core-vchan-xen == . -o -d qubes-src/core-vchan-xen -a '' '!=' 1 ']'
+ cd qubes-src/core-vchan-xen
+ git fetch -q https://github.com/QubesOS/qubes-core-vchan-xen.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn core-vchan-xen
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/core-vchan-xen FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/core-vchan-xen
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.S653LG
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.S653LG/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.S653LG
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.Oa4gO5
+ git cat-file tag R3.1-rc1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.Oa4gO5/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.Oa4gO5
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.hMQuUq
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.hMQuUq/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.hMQuUq
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.gURWO5
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.gURWO5/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.gURWO5
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.0
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.9O9tJM
+ git cat-file tag v3.1.0
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.0
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.9O9tJM/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.9O9tJM
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/core-qubesdb ']'
++ basename qubes-src/core-qubesdb
+ COMPONENT=core-qubesdb
+ '[' qubes-src/core-qubesdb == . ']'
+ '[' -z core-qubesdb ']'
+ '[' -z qubes-src/core-qubesdb ']'
+ url_var=GIT_URL_core_qubesdb
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-core-qubesdb.git
+ '[' -n '' ']'
+ branch_var=BRANCH_core_qubesdb
+ '[' -n '' ']'
+ echo '-> Updating sources for core-qubesdb...'
-> Updating sources for core-qubesdb...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-core-qubesdb.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-core-qubesdb.git release3.1...
+ '[' qubes-src/core-qubesdb == . -o -d qubes-src/core-qubesdb -a '' '!=' 1 ']'
+ cd qubes-src/core-qubesdb
+ git fetch -q https://github.com/QubesOS/qubes-core-qubesdb.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn core-qubesdb
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/core-qubesdb FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/core-qubesdb
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.IGldib
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.IGldib/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.IGldib
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.tZtBI2
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.tZtBI2/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.tZtBI2
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.e6YwoF
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.e6YwoF/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.e6YwoF
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.k6LCYR
+ git cat-file tag v3.1.2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.k6LCYR/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.k6LCYR
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/linux-utils ']'
++ basename qubes-src/linux-utils
+ COMPONENT=linux-utils
+ '[' qubes-src/linux-utils == . ']'
+ '[' -z linux-utils ']'
+ '[' -z qubes-src/linux-utils ']'
+ url_var=GIT_URL_linux_utils
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-linux-utils.git
+ '[' -n '' ']'
+ branch_var=BRANCH_linux_utils
+ '[' -n '' ']'
+ echo '-> Updating sources for linux-utils...'
-> Updating sources for linux-utils...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-linux-utils.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-linux-utils.git release3.1...
+ '[' qubes-src/linux-utils == . -o -d qubes-src/linux-utils -a '' '!=' 1 ']'
+ cd qubes-src/linux-utils
+ git fetch -q https://github.com/QubesOS/qubes-linux-utils.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn linux-utils
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/linux-utils FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/linux-utils
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.7AjYKS
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.7AjYKS/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.7AjYKS
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.s5HlxH
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.s5HlxH/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.s5HlxH
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.8
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.iPznSC
+ git cat-file tag v3.1.8
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.8
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.iPznSC/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.iPznSC
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/core-agent-linux ']'
++ basename qubes-src/core-agent-linux
+ COMPONENT=core-agent-linux
+ '[' qubes-src/core-agent-linux == . ']'
+ '[' -z core-agent-linux ']'
+ '[' -z qubes-src/core-agent-linux ']'
+ url_var=GIT_URL_core_agent_linux
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-core-agent-linux.git
+ '[' -n '' ']'
+ branch_var=BRANCH_core_agent_linux
+ '[' -n '' ']'
+ echo '-> Updating sources for core-agent-linux...'
-> Updating sources for core-agent-linux...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-core-agent-linux.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-core-agent-linux.git release3.1...
+ '[' qubes-src/core-agent-linux == . -o -d qubes-src/core-agent-linux -a '' '!=' 1 ']'
+ cd qubes-src/core-agent-linux
+ git fetch -q https://github.com/QubesOS/qubes-core-agent-linux.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn core-agent-linux
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/core-agent-linux FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/core-agent-linux
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.16
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.ffQRux
+ git cat-file tag v3.1.16
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.16
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.ffQRux/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.ffQRux
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/gui-common ']'
++ basename qubes-src/gui-common
+ COMPONENT=gui-common
+ '[' qubes-src/gui-common == . ']'
+ '[' -z gui-common ']'
+ '[' -z qubes-src/gui-common ']'
+ url_var=GIT_URL_gui_common
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-gui-common.git
+ '[' -n '' ']'
+ branch_var=BRANCH_gui_common
+ '[' -n '' ']'
+ echo '-> Updating sources for gui-common...'
-> Updating sources for gui-common...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-gui-common.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-gui-common.git release3.1...
+ '[' qubes-src/gui-common == . -o -d qubes-src/gui-common -a '' '!=' 1 ']'
+ cd qubes-src/gui-common
+ git fetch -q https://github.com/QubesOS/qubes-gui-common.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn gui-common
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/gui-common FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/gui-common
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.0
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.VQ6vwV
+ git cat-file tag R3.0
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.0
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.VQ6vwV/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.VQ6vwV
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.0-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.s3LhV8
+ git cat-file tag R3.0-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.0-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.s3LhV8/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.s3LhV8
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.uyopDi
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.uyopDi/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.uyopDi
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.Eosj4k
+ git cat-file tag R3.1-rc1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.Eosj4k/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.Eosj4k
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.INPowQ
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.INPowQ/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.INPowQ
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.2N1m0Q
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.2N1m0Q/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.2N1m0Q
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.0.3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.26Sm0x
+ git cat-file tag v3.0.3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.0.3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.26Sm0x/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.26Sm0x
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/gui-agent-linux ']'
++ basename qubes-src/gui-agent-linux
+ COMPONENT=gui-agent-linux
+ '[' qubes-src/gui-agent-linux == . ']'
+ '[' -z gui-agent-linux ']'
+ '[' -z qubes-src/gui-agent-linux ']'
+ url_var=GIT_URL_gui_agent_linux
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-gui-agent-linux.git
+ '[' -n '' ']'
+ branch_var=BRANCH_gui_agent_linux
+ '[' -n '' ']'
+ echo '-> Updating sources for gui-agent-linux...'
-> Updating sources for gui-agent-linux...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-gui-agent-linux.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-gui-agent-linux.git release3.1...
+ '[' qubes-src/gui-agent-linux == . -o -d qubes-src/gui-agent-linux -a '' '!=' 1 ']'
+ cd qubes-src/gui-agent-linux
+ git fetch -q https://github.com/QubesOS/qubes-gui-agent-linux.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn gui-agent-linux
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/gui-agent-linux FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/gui-agent-linux
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.GgFWPl
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.GgFWPl/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.GgFWPl
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.0AK777
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.0AK777/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.0AK777
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.5
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.jAE5GW
+ git cat-file tag v3.1.5
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.5
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.jAE5GW/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.jAE5GW
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/app-linux-split-gpg ']'
++ basename qubes-src/app-linux-split-gpg
+ COMPONENT=app-linux-split-gpg
+ '[' qubes-src/app-linux-split-gpg == . ']'
+ '[' -z app-linux-split-gpg ']'
+ '[' -z qubes-src/app-linux-split-gpg ']'
+ url_var=GIT_URL_app_linux_split_gpg
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-app-linux-split-gpg.git
+ '[' -n '' ']'
+ branch_var=BRANCH_app_linux_split_gpg
+ '[' -n master ']'
+ BRANCH=master
+ echo '-> Updating sources for app-linux-split-gpg...'
-> Updating sources for app-linux-split-gpg...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-app-linux-split-gpg.git master...'
--> Fetching from https://github.com/QubesOS/qubes-app-linux-split-gpg.git master...
+ '[' qubes-src/app-linux-split-gpg == . -o -d qubes-src/app-linux-split-gpg -a '' '!=' 1 ']'
+ cd qubes-src/app-linux-split-gpg
+ git fetch -q https://github.com/QubesOS/qubes-app-linux-split-gpg.git --tags master
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn app-linux-split-gpg
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/app-linux-split-gpg FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/app-linux-split-gpg
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v2.0.20
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.PA3abV
+ git cat-file tag v2.0.20
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v2.0.20
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.PA3abV/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.PA3abV
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/app-linux-tor ']'
++ basename qubes-src/app-linux-tor
+ COMPONENT=app-linux-tor
+ '[' qubes-src/app-linux-tor == . ']'
+ '[' -z app-linux-tor ']'
+ '[' -z qubes-src/app-linux-tor ']'
+ url_var=GIT_URL_app_linux_tor
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-app-linux-tor.git
+ '[' -n '' ']'
+ branch_var=BRANCH_app_linux_tor
+ '[' -n master ']'
+ BRANCH=master
+ echo '-> Updating sources for app-linux-tor...'
-> Updating sources for app-linux-tor...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-app-linux-tor.git master...'
--> Fetching from https://github.com/QubesOS/qubes-app-linux-tor.git master...
+ '[' qubes-src/app-linux-tor == . -o -d qubes-src/app-linux-tor -a '' '!=' 1 ']'
+ cd qubes-src/app-linux-tor
+ git fetch -q https://github.com/QubesOS/qubes-app-linux-tor.git --tags master
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn app-linux-tor
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/app-linux-tor FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/app-linux-tor
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.NjH1rz
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.NjH1rz/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.NjH1rz
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.AwCN6G
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.AwCN6G/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.AwCN6G
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.QJNYGs
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.QJNYGs/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.QJNYGs
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v0.1.14
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.Mrh6wn
+ git cat-file tag v0.1.14
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v0.1.14
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.Mrh6wn/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.Mrh6wn
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/app-thunderbird ']'
++ basename qubes-src/app-thunderbird
+ COMPONENT=app-thunderbird
+ '[' qubes-src/app-thunderbird == . ']'
+ '[' -z app-thunderbird ']'
+ '[' -z qubes-src/app-thunderbird ']'
+ url_var=GIT_URL_app_thunderbird
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-app-thunderbird.git
+ '[' -n '' ']'
+ branch_var=BRANCH_app_thunderbird
+ '[' -n master ']'
+ BRANCH=master
+ echo '-> Updating sources for app-thunderbird...'
-> Updating sources for app-thunderbird...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-app-thunderbird.git master...'
--> Fetching from https://github.com/QubesOS/qubes-app-thunderbird.git master...
+ '[' qubes-src/app-thunderbird == . -o -d qubes-src/app-thunderbird -a '' '!=' 1 ']'
+ cd qubes-src/app-thunderbird
+ git fetch -q https://github.com/QubesOS/qubes-app-thunderbird.git --tags master
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn app-thunderbird
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/app-thunderbird FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/app-thunderbird
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.O08kJL
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.O08kJL/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.O08kJL
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v1.2.8
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.q4TpEJ
+ git cat-file tag v1.2.8
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v1.2.8
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.q4TpEJ/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.q4TpEJ
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/app-linux-pdf-converter ']'
++ basename qubes-src/app-linux-pdf-converter
+ COMPONENT=app-linux-pdf-converter
+ '[' qubes-src/app-linux-pdf-converter == . ']'
+ '[' -z app-linux-pdf-converter ']'
+ '[' -z qubes-src/app-linux-pdf-converter ']'
+ url_var=GIT_URL_app_linux_pdf_converter
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-app-linux-pdf-converter.git
+ '[' -n '' ']'
+ branch_var=BRANCH_app_linux_pdf_converter
+ '[' -n master ']'
+ BRANCH=master
+ echo '-> Updating sources for app-linux-pdf-converter...'
-> Updating sources for app-linux-pdf-converter...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-app-linux-pdf-converter.git master...'
--> Fetching from https://github.com/QubesOS/qubes-app-linux-pdf-converter.git master...
+ '[' qubes-src/app-linux-pdf-converter == . -o -d qubes-src/app-linux-pdf-converter -a '' '!=' 1 ']'
+ cd qubes-src/app-linux-pdf-converter
+ git fetch -q https://github.com/QubesOS/qubes-app-linux-pdf-converter.git --tags master
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn app-linux-pdf-converter
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/app-linux-pdf-converter FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/app-linux-pdf-converter
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.cyckvU
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.cyckvU/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.cyckvU
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.SA3DRh
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.SA3DRh/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.SA3DRh
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.4gvRoY
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.4gvRoY/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.4gvRoY
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v2.0.4
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.Uk58ts
+ git cat-file tag v2.0.4
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v2.0.4
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.Uk58ts/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.Uk58ts
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/app-linux-img-converter ']'
++ basename qubes-src/app-linux-img-converter
+ COMPONENT=app-linux-img-converter
+ '[' qubes-src/app-linux-img-converter == . ']'
+ '[' -z app-linux-img-converter ']'
+ '[' -z qubes-src/app-linux-img-converter ']'
+ url_var=GIT_URL_app_linux_img_converter
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-app-linux-img-converter.git
+ '[' -n '' ']'
+ branch_var=BRANCH_app_linux_img_converter
+ '[' -n master ']'
+ BRANCH=master
+ echo '-> Updating sources for app-linux-img-converter...'
-> Updating sources for app-linux-img-converter...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-app-linux-img-converter.git master...'
--> Fetching from https://github.com/QubesOS/qubes-app-linux-img-converter.git master...
+ '[' qubes-src/app-linux-img-converter == . -o -d qubes-src/app-linux-img-converter -a '' '!=' 1 ']'
+ cd qubes-src/app-linux-img-converter
+ git fetch -q https://github.com/QubesOS/qubes-app-linux-img-converter.git --tags master
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn app-linux-img-converter
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/app-linux-img-converter FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/app-linux-img-converter
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.0
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.OKz44L
+ git cat-file tag R3.0
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.0
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.OKz44L/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.OKz44L
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.0-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.AQcGX4
+ git cat-file tag R3.0-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.0-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.AQcGX4/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.AQcGX4
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.0-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.Kk6tbC
+ git cat-file tag R3.0-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.0-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.Kk6tbC/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.Kk6tbC
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.TEbBbV
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.TEbBbV/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.TEbBbV
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.e5VBXY
+ git cat-file tag R3.1-rc1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.e5VBXY/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.e5VBXY
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.weTFX3
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.weTFX3/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.weTFX3
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.11Qx3f
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.11Qx3f/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.11Qx3f
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v1.1.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.1tBYoG
+ git cat-file tag v1.1.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v1.1.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.1tBYoG/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.1tBYoG
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/app-linux-input-proxy ']'
++ basename qubes-src/app-linux-input-proxy
+ COMPONENT=app-linux-input-proxy
+ '[' qubes-src/app-linux-input-proxy == . ']'
+ '[' -z app-linux-input-proxy ']'
+ '[' -z qubes-src/app-linux-input-proxy ']'
+ url_var=GIT_URL_app_linux_input_proxy
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-app-linux-input-proxy.git
+ '[' -n '' ']'
+ branch_var=BRANCH_app_linux_input_proxy
+ '[' -n master ']'
+ BRANCH=master
+ echo '-> Updating sources for app-linux-input-proxy...'
-> Updating sources for app-linux-input-proxy...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-app-linux-input-proxy.git master...'
--> Fetching from https://github.com/QubesOS/qubes-app-linux-input-proxy.git master...
+ '[' qubes-src/app-linux-input-proxy == . -o -d qubes-src/app-linux-input-proxy -a '' '!=' 1 ']'
+ cd qubes-src/app-linux-input-proxy
+ git fetch -q https://github.com/QubesOS/qubes-app-linux-input-proxy.git --tags master
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn app-linux-input-proxy
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/app-linux-input-proxy FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/app-linux-input-proxy
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v1.0.4
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.MpMyeE
+ git cat-file tag v1.0.4
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v1.0.4
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.MpMyeE/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.MpMyeE
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/mgmt-salt ']'
++ basename qubes-src/mgmt-salt
+ COMPONENT=mgmt-salt
+ '[' qubes-src/mgmt-salt == . ']'
+ '[' -z mgmt-salt ']'
+ '[' -z qubes-src/mgmt-salt ']'
+ url_var=GIT_URL_mgmt_salt
+ '[' -n '' ']'
+ '[' -n https://github.com/QubesOS/qubes-mgmt-salt.git ']'
+ GIT_URL=https://github.com/QubesOS/qubes-mgmt-salt.git
+ '[' -n '' ']'
+ branch_var=BRANCH_mgmt_salt
+ '[' -n '' ']'
+ echo '-> Updating sources for mgmt-salt...'
-> Updating sources for mgmt-salt...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt.git release3.1...
+ '[' qubes-src/mgmt-salt == . -o -d qubes-src/mgmt-salt -a '' '!=' 1 ']'
+ cd qubes-src/mgmt-salt
+ git fetch -q https://github.com/QubesOS/qubes-mgmt-salt.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn mgmt-salt
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/mgmt-salt FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/mgmt-salt
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.08PeYD
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.08PeYD/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.08PeYD
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.0ABSLI
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.0ABSLI/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.0ABSLI
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.0W43MN
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.0W43MN/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.0W43MN
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.YizBq8
+ git cat-file tag v3.1.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.YizBq8/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.YizBq8
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/mgmt-salt-base ']'
++ basename qubes-src/mgmt-salt-base
+ COMPONENT=mgmt-salt-base
+ '[' qubes-src/mgmt-salt-base == . ']'
+ '[' -z mgmt-salt-base ']'
+ '[' -z qubes-src/mgmt-salt-base ']'
+ url_var=GIT_URL_mgmt_salt_base
+ '[' -n '' ']'
+ '[' -n https://github.com/QubesOS/qubes-mgmt-salt-base.git ']'
+ GIT_URL=https://github.com/QubesOS/qubes-mgmt-salt-base.git
+ '[' -n '' ']'
+ branch_var=BRANCH_mgmt_salt_base
+ '[' -n '' ']'
+ echo '-> Updating sources for mgmt-salt-base...'
-> Updating sources for mgmt-salt-base...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-base.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-base.git release3.1...
+ '[' qubes-src/mgmt-salt-base == . -o -d qubes-src/mgmt-salt-base -a '' '!=' 1 ']'
+ cd qubes-src/mgmt-salt-base
+ git fetch -q https://github.com/QubesOS/qubes-mgmt-salt-base.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn mgmt-salt-base
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/mgmt-salt-base FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/mgmt-salt-base
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.JsWE1z
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.JsWE1z/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.JsWE1z
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.Kqr2fS
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.Kqr2fS/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.Kqr2fS
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.PCNSXg
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.PCNSXg/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.PCNSXg
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.J0Un7i
+ git cat-file tag v3.1.3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.J0Un7i/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.J0Un7i
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/mgmt-salt-base-topd ']'
++ basename qubes-src/mgmt-salt-base-topd
+ COMPONENT=mgmt-salt-base-topd
+ '[' qubes-src/mgmt-salt-base-topd == . ']'
+ '[' -z mgmt-salt-base-topd ']'
+ '[' -z qubes-src/mgmt-salt-base-topd ']'
+ url_var=GIT_URL_mgmt_salt_base_topd
+ '[' -n '' ']'
+ '[' -n https://github.com/QubesOS/qubes-mgmt-salt-base-topd.git ']'
+ GIT_URL=https://github.com/QubesOS/qubes-mgmt-salt-base-topd.git
+ '[' -n '' ']'
+ branch_var=BRANCH_mgmt_salt_base_topd
+ '[' -n '' ']'
+ echo '-> Updating sources for mgmt-salt-base-topd...'
-> Updating sources for mgmt-salt-base-topd...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-base-topd.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-base-topd.git release3.1...
+ '[' qubes-src/mgmt-salt-base-topd == . -o -d qubes-src/mgmt-salt-base-topd -a '' '!=' 1 ']'
+ cd qubes-src/mgmt-salt-base-topd
+ git fetch -q https://github.com/QubesOS/qubes-mgmt-salt-base-topd.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn mgmt-salt-base-topd
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/mgmt-salt-base-topd FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/mgmt-salt-base-topd
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.MWfngb
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.MWfngb/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.MWfngb
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.N8UTzL
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.N8UTzL/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.N8UTzL
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.jT2vaO
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.jT2vaO/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.jT2vaO
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.fTOwR1
+ git cat-file tag v3.1.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.fTOwR1/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.fTOwR1
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/mgmt-salt-base-config ']'
++ basename qubes-src/mgmt-salt-base-config
+ COMPONENT=mgmt-salt-base-config
+ '[' qubes-src/mgmt-salt-base-config == . ']'
+ '[' -z mgmt-salt-base-config ']'
+ '[' -z qubes-src/mgmt-salt-base-config ']'
+ url_var=GIT_URL_mgmt_salt_base_config
+ '[' -n '' ']'
+ '[' -n https://github.com/QubesOS/qubes-mgmt-salt-base-config.git ']'
+ GIT_URL=https://github.com/QubesOS/qubes-mgmt-salt-base-config.git
+ '[' -n '' ']'
+ branch_var=BRANCH_mgmt_salt_base_config
+ '[' -n '' ']'
+ echo '-> Updating sources for mgmt-salt-base-config...'
-> Updating sources for mgmt-salt-base-config...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-base-config.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-base-config.git release3.1...
+ '[' qubes-src/mgmt-salt-base-config == . -o -d qubes-src/mgmt-salt-base-config -a '' '!=' 1 ']'
+ cd qubes-src/mgmt-salt-base-config
+ git fetch -q https://github.com/QubesOS/qubes-mgmt-salt-base-config.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn mgmt-salt-base-config
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/mgmt-salt-base-config FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/mgmt-salt-base-config
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.ERj5z5
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.ERj5z5/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.ERj5z5
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.0B1fxI
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.0B1fxI/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.0B1fxI
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.Vnko22
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.Vnko22/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.Vnko22
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.uVYqm4
+ git cat-file tag v3.1.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.uVYqm4/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.uVYqm4
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/mgmt-salt-base-overrides ']'
++ basename qubes-src/mgmt-salt-base-overrides
+ COMPONENT=mgmt-salt-base-overrides
+ '[' qubes-src/mgmt-salt-base-overrides == . ']'
+ '[' -z mgmt-salt-base-overrides ']'
+ '[' -z qubes-src/mgmt-salt-base-overrides ']'
+ url_var=GIT_URL_mgmt_salt_base_overrides
+ '[' -n '' ']'
+ '[' -n https://github.com/QubesOS/qubes-mgmt-salt-base-overrides.git ']'
+ GIT_URL=https://github.com/QubesOS/qubes-mgmt-salt-base-overrides.git
+ '[' -n '' ']'
+ branch_var=BRANCH_mgmt_salt_base_overrides
+ '[' -n '' ']'
+ echo '-> Updating sources for mgmt-salt-base-overrides...'
-> Updating sources for mgmt-salt-base-overrides...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-base-overrides.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-base-overrides.git release3.1...
+ '[' qubes-src/mgmt-salt-base-overrides == . -o -d qubes-src/mgmt-salt-base-overrides -a '' '!=' 1 ']'
+ cd qubes-src/mgmt-salt-base-overrides
+ git fetch -q https://github.com/QubesOS/qubes-mgmt-salt-base-overrides.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn mgmt-salt-base-overrides
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/mgmt-salt-base-overrides FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/mgmt-salt-base-overrides
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.y3262s
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.y3262s/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.y3262s
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.wQNjUf
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.wQNjUf/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.wQNjUf
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.sCyLmf
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.sCyLmf/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.sCyLmf
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.ZE8lQD
+ git cat-file tag v3.1.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.ZE8lQD/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.ZE8lQD
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/mgmt-salt-dom0-qvm ']'
++ basename qubes-src/mgmt-salt-dom0-qvm
+ COMPONENT=mgmt-salt-dom0-qvm
+ '[' qubes-src/mgmt-salt-dom0-qvm == . ']'
+ '[' -z mgmt-salt-dom0-qvm ']'
+ '[' -z qubes-src/mgmt-salt-dom0-qvm ']'
+ url_var=GIT_URL_mgmt_salt_dom0_qvm
+ '[' -n '' ']'
+ '[' -n https://github.com/QubesOS/qubes-mgmt-salt-dom0-qvm.git ']'
+ GIT_URL=https://github.com/QubesOS/qubes-mgmt-salt-dom0-qvm.git
+ '[' -n '' ']'
+ branch_var=BRANCH_mgmt_salt_dom0_qvm
+ '[' -n '' ']'
+ echo '-> Updating sources for mgmt-salt-dom0-qvm...'
-> Updating sources for mgmt-salt-dom0-qvm...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-dom0-qvm.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-dom0-qvm.git release3.1...
+ '[' qubes-src/mgmt-salt-dom0-qvm == . -o -d qubes-src/mgmt-salt-dom0-qvm -a '' '!=' 1 ']'
+ cd qubes-src/mgmt-salt-dom0-qvm
+ git fetch -q https://github.com/QubesOS/qubes-mgmt-salt-dom0-qvm.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn mgmt-salt-dom0-qvm
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/mgmt-salt-dom0-qvm FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/mgmt-salt-dom0-qvm
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.857Mit
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.857Mit/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.857Mit
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.FGgyfZ
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.FGgyfZ/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.FGgyfZ
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.UhADXS
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.UhADXS/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.UhADXS
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.3YlsQX
+ git cat-file tag v3.1.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.3YlsQX/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.3YlsQX
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/mgmt-salt-dom0-virtual-machines ']'
++ basename qubes-src/mgmt-salt-dom0-virtual-machines
+ COMPONENT=mgmt-salt-dom0-virtual-machines
+ '[' qubes-src/mgmt-salt-dom0-virtual-machines == . ']'
+ '[' -z mgmt-salt-dom0-virtual-machines ']'
+ '[' -z qubes-src/mgmt-salt-dom0-virtual-machines ']'
+ url_var=GIT_URL_mgmt_salt_dom0_virtual_machines
+ '[' -n '' ']'
+ '[' -n https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines.git ']'
+ GIT_URL=https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines.git
+ '[' -n '' ']'
+ branch_var=BRANCH_mgmt_salt_dom0_virtual_machines
+ '[' -n '' ']'
+ echo '-> Updating sources for mgmt-salt-dom0-virtual-machines...'
-> Updating sources for mgmt-salt-dom0-virtual-machines...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines.git release3.1...
+ '[' qubes-src/mgmt-salt-dom0-virtual-machines == . -o -d qubes-src/mgmt-salt-dom0-virtual-machines -a '' '!=' 1 ']'
+ cd qubes-src/mgmt-salt-dom0-virtual-machines
+ git fetch -q https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn mgmt-salt-dom0-virtual-machines
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/mgmt-salt-dom0-virtual-machines FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/mgmt-salt-dom0-virtual-machines
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.Fth7Jl
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.Fth7Jl/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.Fth7Jl
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.AzKobr
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.AzKobr/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.AzKobr
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.DkHAXb
+ git cat-file tag v3.1.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.DkHAXb/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.DkHAXb
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/mgmt-salt-dom0-update ']'
++ basename qubes-src/mgmt-salt-dom0-update
+ COMPONENT=mgmt-salt-dom0-update
+ '[' qubes-src/mgmt-salt-dom0-update == . ']'
+ '[' -z mgmt-salt-dom0-update ']'
+ '[' -z qubes-src/mgmt-salt-dom0-update ']'
+ url_var=GIT_URL_mgmt_salt_dom0_update
+ '[' -n '' ']'
+ '[' -n https://github.com/QubesOS/qubes-mgmt-salt-dom0-update.git ']'
+ GIT_URL=https://github.com/QubesOS/qubes-mgmt-salt-dom0-update.git
+ '[' -n '' ']'
+ branch_var=BRANCH_mgmt_salt_dom0_update
+ '[' -n '' ']'
+ echo '-> Updating sources for mgmt-salt-dom0-update...'
-> Updating sources for mgmt-salt-dom0-update...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-dom0-update.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-dom0-update.git release3.1...
+ '[' qubes-src/mgmt-salt-dom0-update == . -o -d qubes-src/mgmt-salt-dom0-update -a '' '!=' 1 ']'
+ cd qubes-src/mgmt-salt-dom0-update
+ git fetch -q https://github.com/QubesOS/qubes-mgmt-salt-dom0-update.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn mgmt-salt-dom0-update
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/mgmt-salt-dom0-update FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/mgmt-salt-dom0-update
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.iNfDEo
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.iNfDEo/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.iNfDEo
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.t2fIkN
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.t2fIkN/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.t2fIkN
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.IaBfgr
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.IaBfgr/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.IaBfgr
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.0.2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.zpqqhK
+ git cat-file tag v3.0.2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.0.2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.zpqqhK/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.zpqqhK
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/linux-template-builder ']'
++ basename qubes-src/linux-template-builder
+ COMPONENT=linux-template-builder
+ '[' qubes-src/linux-template-builder == . ']'
+ '[' -z linux-template-builder ']'
+ '[' -z qubes-src/linux-template-builder ']'
+ url_var=GIT_URL_linux_template_builder
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-linux-template-builder.git
+ '[' -n '' ']'
+ branch_var=BRANCH_linux_template_builder
+ '[' -n master ']'
+ BRANCH=master
+ echo '-> Updating sources for linux-template-builder...'
-> Updating sources for linux-template-builder...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-linux-template-builder.git master...'
--> Fetching from https://github.com/QubesOS/qubes-linux-template-builder.git master...
+ '[' qubes-src/linux-template-builder == . -o -d qubes-src/linux-template-builder -a '' '!=' 1 ']'
+ cd qubes-src/linux-template-builder
+ git fetch -q https://github.com/QubesOS/qubes-linux-template-builder.git --tags master
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn linux-template-builder
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/linux-template-builder FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/linux-template-builder
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.hSFLdZ
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.hSFLdZ/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.hSFLdZ
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.ELIQtr
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.ELIQtr/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.ELIQtr
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.0.5
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.QsbuAC
+ git cat-file tag v3.0.5
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.0.5
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.QsbuAC/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.QsbuAC
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n . ']'
++ basename .
+ COMPONENT=.
+ '[' . == . ']'
+ COMPONENT=builder
+ '[' -z builder ']'
+ '[' -z . ']'
+ url_var=GIT_URL_builder
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-builder.git
+ '[' -n '' ']'
+ branch_var=BRANCH_builder
+ '[' -n master ']'
+ BRANCH=master
+ echo '-> Updating sources for builder...'
-> Updating sources for builder...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-builder.git master...'
--> Fetching from https://github.com/QubesOS/qubes-builder.git master...
+ '[' . == . -o -d . -a '' '!=' 1 ']'
+ cd .
+ git fetch -q https://github.com/QubesOS/qubes-builder.git --tags master
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn builder
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag . FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd .
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag mm_24e7557c
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.Fh8OfR
+ git cat-file tag mm_24e7557c
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag mm_24e7557c
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.Fh8OfR/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.Fh8OfR
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
Changes to be merged:
user@qubes-build:~/qubes-builder$ 

[adrelanos]

A fix for that is attached above. Is it preferred by to send a pull request or do you wish to just get the fix from my branch?

---

There is a different issue now. make prepare-merge does not iterate over qubes-template-whonix. Did I mess up something required for being a proper builder plugin or is it a qubes-builder bug?

user@qubes-build:~/qubes-builder$ make prepare-merge 
+ '[' -n qubes-src/vmm-xen ']'
++ basename qubes-src/vmm-xen
+ COMPONENT=vmm-xen
+ '[' qubes-src/vmm-xen == . ']'
+ '[' -z vmm-xen ']'
+ '[' -z qubes-src/vmm-xen ']'
+ url_var=GIT_URL_vmm_xen
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-vmm-xen.git
+ '[' -n '' ']'
+ branch_var=BRANCH_vmm_xen
+ '[' -n xen-4.6 ']'
+ BRANCH=xen-4.6
+ echo '-> Updating sources for vmm-xen...'
-> Updating sources for vmm-xen...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-vmm-xen.git xen-4.6...'
--> Fetching from https://github.com/QubesOS/qubes-vmm-xen.git xen-4.6...
+ '[' qubes-src/vmm-xen == . -o -d qubes-src/vmm-xen -a '' '!=' 1 ']'
+ cd qubes-src/vmm-xen
+ git fetch -q https://github.com/QubesOS/qubes-vmm-xen.git --tags xen-4.6
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn vmm-xen
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/vmm-xen FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/vmm-xen
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.S5h5Kt
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.S5h5Kt/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.S5h5Kt
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.ICpVpw
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.ICpVpw/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.ICpVpw
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v4.6.0-13
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.xtSnQb
+ git cat-file tag v4.6.0-13
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v4.6.0-13
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.xtSnQb/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.xtSnQb
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/core-vchan-xen ']'
++ basename qubes-src/core-vchan-xen
+ COMPONENT=core-vchan-xen
+ '[' qubes-src/core-vchan-xen == . ']'
+ '[' -z core-vchan-xen ']'
+ '[' -z qubes-src/core-vchan-xen ']'
+ url_var=GIT_URL_core_vchan_xen
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-core-vchan-xen.git
+ '[' -n '' ']'
+ branch_var=BRANCH_core_vchan_xen
+ '[' -n '' ']'
+ echo '-> Updating sources for core-vchan-xen...'
-> Updating sources for core-vchan-xen...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-core-vchan-xen.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-core-vchan-xen.git release3.1...
+ '[' qubes-src/core-vchan-xen == . -o -d qubes-src/core-vchan-xen -a '' '!=' 1 ']'
+ cd qubes-src/core-vchan-xen
+ git fetch -q https://github.com/QubesOS/qubes-core-vchan-xen.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn core-vchan-xen
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/core-vchan-xen FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/core-vchan-xen
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.S653LG
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.S653LG/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.S653LG
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.Oa4gO5
+ git cat-file tag R3.1-rc1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.Oa4gO5/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.Oa4gO5
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.hMQuUq
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.hMQuUq/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.hMQuUq
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.gURWO5
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.gURWO5/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.gURWO5
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.0
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.9O9tJM
+ git cat-file tag v3.1.0
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.0
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.9O9tJM/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.9O9tJM
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/core-qubesdb ']'
++ basename qubes-src/core-qubesdb
+ COMPONENT=core-qubesdb
+ '[' qubes-src/core-qubesdb == . ']'
+ '[' -z core-qubesdb ']'
+ '[' -z qubes-src/core-qubesdb ']'
+ url_var=GIT_URL_core_qubesdb
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-core-qubesdb.git
+ '[' -n '' ']'
+ branch_var=BRANCH_core_qubesdb
+ '[' -n '' ']'
+ echo '-> Updating sources for core-qubesdb...'
-> Updating sources for core-qubesdb...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-core-qubesdb.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-core-qubesdb.git release3.1...
+ '[' qubes-src/core-qubesdb == . -o -d qubes-src/core-qubesdb -a '' '!=' 1 ']'
+ cd qubes-src/core-qubesdb
+ git fetch -q https://github.com/QubesOS/qubes-core-qubesdb.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn core-qubesdb
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/core-qubesdb FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/core-qubesdb
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.IGldib
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.IGldib/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.IGldib
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.tZtBI2
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.tZtBI2/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.tZtBI2
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.e6YwoF
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.e6YwoF/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.e6YwoF
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.k6LCYR
+ git cat-file tag v3.1.2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.k6LCYR/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.k6LCYR
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/linux-utils ']'
++ basename qubes-src/linux-utils
+ COMPONENT=linux-utils
+ '[' qubes-src/linux-utils == . ']'
+ '[' -z linux-utils ']'
+ '[' -z qubes-src/linux-utils ']'
+ url_var=GIT_URL_linux_utils
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-linux-utils.git
+ '[' -n '' ']'
+ branch_var=BRANCH_linux_utils
+ '[' -n '' ']'
+ echo '-> Updating sources for linux-utils...'
-> Updating sources for linux-utils...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-linux-utils.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-linux-utils.git release3.1...
+ '[' qubes-src/linux-utils == . -o -d qubes-src/linux-utils -a '' '!=' 1 ']'
+ cd qubes-src/linux-utils
+ git fetch -q https://github.com/QubesOS/qubes-linux-utils.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn linux-utils
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/linux-utils FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/linux-utils
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.7AjYKS
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.7AjYKS/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.7AjYKS
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.s5HlxH
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.s5HlxH/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.s5HlxH
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.8
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.iPznSC
+ git cat-file tag v3.1.8
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.8
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.iPznSC/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.iPznSC
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/core-agent-linux ']'
++ basename qubes-src/core-agent-linux
+ COMPONENT=core-agent-linux
+ '[' qubes-src/core-agent-linux == . ']'
+ '[' -z core-agent-linux ']'
+ '[' -z qubes-src/core-agent-linux ']'
+ url_var=GIT_URL_core_agent_linux
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-core-agent-linux.git
+ '[' -n '' ']'
+ branch_var=BRANCH_core_agent_linux
+ '[' -n '' ']'
+ echo '-> Updating sources for core-agent-linux...'
-> Updating sources for core-agent-linux...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-core-agent-linux.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-core-agent-linux.git release3.1...
+ '[' qubes-src/core-agent-linux == . -o -d qubes-src/core-agent-linux -a '' '!=' 1 ']'
+ cd qubes-src/core-agent-linux
+ git fetch -q https://github.com/QubesOS/qubes-core-agent-linux.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn core-agent-linux
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/core-agent-linux FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/core-agent-linux
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.16
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.ffQRux
+ git cat-file tag v3.1.16
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.16
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.ffQRux/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.ffQRux
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/gui-common ']'
++ basename qubes-src/gui-common
+ COMPONENT=gui-common
+ '[' qubes-src/gui-common == . ']'
+ '[' -z gui-common ']'
+ '[' -z qubes-src/gui-common ']'
+ url_var=GIT_URL_gui_common
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-gui-common.git
+ '[' -n '' ']'
+ branch_var=BRANCH_gui_common
+ '[' -n '' ']'
+ echo '-> Updating sources for gui-common...'
-> Updating sources for gui-common...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-gui-common.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-gui-common.git release3.1...
+ '[' qubes-src/gui-common == . -o -d qubes-src/gui-common -a '' '!=' 1 ']'
+ cd qubes-src/gui-common
+ git fetch -q https://github.com/QubesOS/qubes-gui-common.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn gui-common
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/gui-common FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/gui-common
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.0
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.VQ6vwV
+ git cat-file tag R3.0
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.0
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.VQ6vwV/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.VQ6vwV
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.0-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.s3LhV8
+ git cat-file tag R3.0-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.0-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.s3LhV8/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.s3LhV8
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.uyopDi
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.uyopDi/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.uyopDi
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.Eosj4k
+ git cat-file tag R3.1-rc1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.Eosj4k/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.Eosj4k
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.INPowQ
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.INPowQ/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.INPowQ
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.2N1m0Q
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.2N1m0Q/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.2N1m0Q
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.0.3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.26Sm0x
+ git cat-file tag v3.0.3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.0.3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.26Sm0x/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.26Sm0x
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/gui-agent-linux ']'
++ basename qubes-src/gui-agent-linux
+ COMPONENT=gui-agent-linux
+ '[' qubes-src/gui-agent-linux == . ']'
+ '[' -z gui-agent-linux ']'
+ '[' -z qubes-src/gui-agent-linux ']'
+ url_var=GIT_URL_gui_agent_linux
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-gui-agent-linux.git
+ '[' -n '' ']'
+ branch_var=BRANCH_gui_agent_linux
+ '[' -n '' ']'
+ echo '-> Updating sources for gui-agent-linux...'
-> Updating sources for gui-agent-linux...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-gui-agent-linux.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-gui-agent-linux.git release3.1...
+ '[' qubes-src/gui-agent-linux == . -o -d qubes-src/gui-agent-linux -a '' '!=' 1 ']'
+ cd qubes-src/gui-agent-linux
+ git fetch -q https://github.com/QubesOS/qubes-gui-agent-linux.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn gui-agent-linux
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/gui-agent-linux FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/gui-agent-linux
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.GgFWPl
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.GgFWPl/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.GgFWPl
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.0AK777
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.0AK777/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.0AK777
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.5
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.jAE5GW
+ git cat-file tag v3.1.5
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.5
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.jAE5GW/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.jAE5GW
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/app-linux-split-gpg ']'
++ basename qubes-src/app-linux-split-gpg
+ COMPONENT=app-linux-split-gpg
+ '[' qubes-src/app-linux-split-gpg == . ']'
+ '[' -z app-linux-split-gpg ']'
+ '[' -z qubes-src/app-linux-split-gpg ']'
+ url_var=GIT_URL_app_linux_split_gpg
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-app-linux-split-gpg.git
+ '[' -n '' ']'
+ branch_var=BRANCH_app_linux_split_gpg
+ '[' -n master ']'
+ BRANCH=master
+ echo '-> Updating sources for app-linux-split-gpg...'
-> Updating sources for app-linux-split-gpg...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-app-linux-split-gpg.git master...'
--> Fetching from https://github.com/QubesOS/qubes-app-linux-split-gpg.git master...
+ '[' qubes-src/app-linux-split-gpg == . -o -d qubes-src/app-linux-split-gpg -a '' '!=' 1 ']'
+ cd qubes-src/app-linux-split-gpg
+ git fetch -q https://github.com/QubesOS/qubes-app-linux-split-gpg.git --tags master
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn app-linux-split-gpg
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/app-linux-split-gpg FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/app-linux-split-gpg
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v2.0.20
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.PA3abV
+ git cat-file tag v2.0.20
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v2.0.20
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.PA3abV/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.PA3abV
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/app-linux-tor ']'
++ basename qubes-src/app-linux-tor
+ COMPONENT=app-linux-tor
+ '[' qubes-src/app-linux-tor == . ']'
+ '[' -z app-linux-tor ']'
+ '[' -z qubes-src/app-linux-tor ']'
+ url_var=GIT_URL_app_linux_tor
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-app-linux-tor.git
+ '[' -n '' ']'
+ branch_var=BRANCH_app_linux_tor
+ '[' -n master ']'
+ BRANCH=master
+ echo '-> Updating sources for app-linux-tor...'
-> Updating sources for app-linux-tor...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-app-linux-tor.git master...'
--> Fetching from https://github.com/QubesOS/qubes-app-linux-tor.git master...
+ '[' qubes-src/app-linux-tor == . -o -d qubes-src/app-linux-tor -a '' '!=' 1 ']'
+ cd qubes-src/app-linux-tor
+ git fetch -q https://github.com/QubesOS/qubes-app-linux-tor.git --tags master
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn app-linux-tor
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/app-linux-tor FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/app-linux-tor
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.NjH1rz
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.NjH1rz/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.NjH1rz
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.AwCN6G
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.AwCN6G/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.AwCN6G
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.QJNYGs
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.QJNYGs/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.QJNYGs
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v0.1.14
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.Mrh6wn
+ git cat-file tag v0.1.14
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v0.1.14
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.Mrh6wn/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.Mrh6wn
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/app-thunderbird ']'
++ basename qubes-src/app-thunderbird
+ COMPONENT=app-thunderbird
+ '[' qubes-src/app-thunderbird == . ']'
+ '[' -z app-thunderbird ']'
+ '[' -z qubes-src/app-thunderbird ']'
+ url_var=GIT_URL_app_thunderbird
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-app-thunderbird.git
+ '[' -n '' ']'
+ branch_var=BRANCH_app_thunderbird
+ '[' -n master ']'
+ BRANCH=master
+ echo '-> Updating sources for app-thunderbird...'
-> Updating sources for app-thunderbird...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-app-thunderbird.git master...'
--> Fetching from https://github.com/QubesOS/qubes-app-thunderbird.git master...
+ '[' qubes-src/app-thunderbird == . -o -d qubes-src/app-thunderbird -a '' '!=' 1 ']'
+ cd qubes-src/app-thunderbird
+ git fetch -q https://github.com/QubesOS/qubes-app-thunderbird.git --tags master
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn app-thunderbird
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/app-thunderbird FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/app-thunderbird
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.O08kJL
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.O08kJL/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.O08kJL
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v1.2.8
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.q4TpEJ
+ git cat-file tag v1.2.8
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v1.2.8
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.q4TpEJ/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.q4TpEJ
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/app-linux-pdf-converter ']'
++ basename qubes-src/app-linux-pdf-converter
+ COMPONENT=app-linux-pdf-converter
+ '[' qubes-src/app-linux-pdf-converter == . ']'
+ '[' -z app-linux-pdf-converter ']'
+ '[' -z qubes-src/app-linux-pdf-converter ']'
+ url_var=GIT_URL_app_linux_pdf_converter
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-app-linux-pdf-converter.git
+ '[' -n '' ']'
+ branch_var=BRANCH_app_linux_pdf_converter
+ '[' -n master ']'
+ BRANCH=master
+ echo '-> Updating sources for app-linux-pdf-converter...'
-> Updating sources for app-linux-pdf-converter...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-app-linux-pdf-converter.git master...'
--> Fetching from https://github.com/QubesOS/qubes-app-linux-pdf-converter.git master...
+ '[' qubes-src/app-linux-pdf-converter == . -o -d qubes-src/app-linux-pdf-converter -a '' '!=' 1 ']'
+ cd qubes-src/app-linux-pdf-converter
+ git fetch -q https://github.com/QubesOS/qubes-app-linux-pdf-converter.git --tags master
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn app-linux-pdf-converter
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/app-linux-pdf-converter FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/app-linux-pdf-converter
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.cyckvU
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.cyckvU/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.cyckvU
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.SA3DRh
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.SA3DRh/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.SA3DRh
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.4gvRoY
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.4gvRoY/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.4gvRoY
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v2.0.4
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.Uk58ts
+ git cat-file tag v2.0.4
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v2.0.4
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.Uk58ts/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.Uk58ts
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/app-linux-img-converter ']'
++ basename qubes-src/app-linux-img-converter
+ COMPONENT=app-linux-img-converter
+ '[' qubes-src/app-linux-img-converter == . ']'
+ '[' -z app-linux-img-converter ']'
+ '[' -z qubes-src/app-linux-img-converter ']'
+ url_var=GIT_URL_app_linux_img_converter
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-app-linux-img-converter.git
+ '[' -n '' ']'
+ branch_var=BRANCH_app_linux_img_converter
+ '[' -n master ']'
+ BRANCH=master
+ echo '-> Updating sources for app-linux-img-converter...'
-> Updating sources for app-linux-img-converter...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-app-linux-img-converter.git master...'
--> Fetching from https://github.com/QubesOS/qubes-app-linux-img-converter.git master...
+ '[' qubes-src/app-linux-img-converter == . -o -d qubes-src/app-linux-img-converter -a '' '!=' 1 ']'
+ cd qubes-src/app-linux-img-converter
+ git fetch -q https://github.com/QubesOS/qubes-app-linux-img-converter.git --tags master
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn app-linux-img-converter
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/app-linux-img-converter FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/app-linux-img-converter
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.0
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.OKz44L
+ git cat-file tag R3.0
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.0
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.OKz44L/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.OKz44L
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.0-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.AQcGX4
+ git cat-file tag R3.0-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.0-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.AQcGX4/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.AQcGX4
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.0-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.Kk6tbC
+ git cat-file tag R3.0-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.0-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.Kk6tbC/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.Kk6tbC
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.TEbBbV
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.TEbBbV/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.TEbBbV
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.e5VBXY
+ git cat-file tag R3.1-rc1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.e5VBXY/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.e5VBXY
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.weTFX3
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.weTFX3/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.weTFX3
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.11Qx3f
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.11Qx3f/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.11Qx3f
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v1.1.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.1tBYoG
+ git cat-file tag v1.1.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v1.1.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.1tBYoG/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.1tBYoG
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/app-linux-input-proxy ']'
++ basename qubes-src/app-linux-input-proxy
+ COMPONENT=app-linux-input-proxy
+ '[' qubes-src/app-linux-input-proxy == . ']'
+ '[' -z app-linux-input-proxy ']'
+ '[' -z qubes-src/app-linux-input-proxy ']'
+ url_var=GIT_URL_app_linux_input_proxy
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-app-linux-input-proxy.git
+ '[' -n '' ']'
+ branch_var=BRANCH_app_linux_input_proxy
+ '[' -n master ']'
+ BRANCH=master
+ echo '-> Updating sources for app-linux-input-proxy...'
-> Updating sources for app-linux-input-proxy...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-app-linux-input-proxy.git master...'
--> Fetching from https://github.com/QubesOS/qubes-app-linux-input-proxy.git master...
+ '[' qubes-src/app-linux-input-proxy == . -o -d qubes-src/app-linux-input-proxy -a '' '!=' 1 ']'
+ cd qubes-src/app-linux-input-proxy
+ git fetch -q https://github.com/QubesOS/qubes-app-linux-input-proxy.git --tags master
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn app-linux-input-proxy
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/app-linux-input-proxy FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/app-linux-input-proxy
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v1.0.4
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.MpMyeE
+ git cat-file tag v1.0.4
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v1.0.4
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.MpMyeE/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.MpMyeE
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/mgmt-salt ']'
++ basename qubes-src/mgmt-salt
+ COMPONENT=mgmt-salt
+ '[' qubes-src/mgmt-salt == . ']'
+ '[' -z mgmt-salt ']'
+ '[' -z qubes-src/mgmt-salt ']'
+ url_var=GIT_URL_mgmt_salt
+ '[' -n '' ']'
+ '[' -n https://github.com/QubesOS/qubes-mgmt-salt.git ']'
+ GIT_URL=https://github.com/QubesOS/qubes-mgmt-salt.git
+ '[' -n '' ']'
+ branch_var=BRANCH_mgmt_salt
+ '[' -n '' ']'
+ echo '-> Updating sources for mgmt-salt...'
-> Updating sources for mgmt-salt...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt.git release3.1...
+ '[' qubes-src/mgmt-salt == . -o -d qubes-src/mgmt-salt -a '' '!=' 1 ']'
+ cd qubes-src/mgmt-salt
+ git fetch -q https://github.com/QubesOS/qubes-mgmt-salt.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn mgmt-salt
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/mgmt-salt FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/mgmt-salt
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.08PeYD
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.08PeYD/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.08PeYD
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.0ABSLI
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.0ABSLI/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.0ABSLI
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.0W43MN
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.0W43MN/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.0W43MN
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.YizBq8
+ git cat-file tag v3.1.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.YizBq8/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.YizBq8
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/mgmt-salt-base ']'
++ basename qubes-src/mgmt-salt-base
+ COMPONENT=mgmt-salt-base
+ '[' qubes-src/mgmt-salt-base == . ']'
+ '[' -z mgmt-salt-base ']'
+ '[' -z qubes-src/mgmt-salt-base ']'
+ url_var=GIT_URL_mgmt_salt_base
+ '[' -n '' ']'
+ '[' -n https://github.com/QubesOS/qubes-mgmt-salt-base.git ']'
+ GIT_URL=https://github.com/QubesOS/qubes-mgmt-salt-base.git
+ '[' -n '' ']'
+ branch_var=BRANCH_mgmt_salt_base
+ '[' -n '' ']'
+ echo '-> Updating sources for mgmt-salt-base...'
-> Updating sources for mgmt-salt-base...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-base.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-base.git release3.1...
+ '[' qubes-src/mgmt-salt-base == . -o -d qubes-src/mgmt-salt-base -a '' '!=' 1 ']'
+ cd qubes-src/mgmt-salt-base
+ git fetch -q https://github.com/QubesOS/qubes-mgmt-salt-base.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn mgmt-salt-base
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/mgmt-salt-base FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/mgmt-salt-base
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.JsWE1z
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.JsWE1z/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.JsWE1z
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.Kqr2fS
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.Kqr2fS/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.Kqr2fS
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.PCNSXg
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.PCNSXg/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.PCNSXg
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.J0Un7i
+ git cat-file tag v3.1.3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.J0Un7i/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.J0Un7i
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/mgmt-salt-base-topd ']'
++ basename qubes-src/mgmt-salt-base-topd
+ COMPONENT=mgmt-salt-base-topd
+ '[' qubes-src/mgmt-salt-base-topd == . ']'
+ '[' -z mgmt-salt-base-topd ']'
+ '[' -z qubes-src/mgmt-salt-base-topd ']'
+ url_var=GIT_URL_mgmt_salt_base_topd
+ '[' -n '' ']'
+ '[' -n https://github.com/QubesOS/qubes-mgmt-salt-base-topd.git ']'
+ GIT_URL=https://github.com/QubesOS/qubes-mgmt-salt-base-topd.git
+ '[' -n '' ']'
+ branch_var=BRANCH_mgmt_salt_base_topd
+ '[' -n '' ']'
+ echo '-> Updating sources for mgmt-salt-base-topd...'
-> Updating sources for mgmt-salt-base-topd...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-base-topd.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-base-topd.git release3.1...
+ '[' qubes-src/mgmt-salt-base-topd == . -o -d qubes-src/mgmt-salt-base-topd -a '' '!=' 1 ']'
+ cd qubes-src/mgmt-salt-base-topd
+ git fetch -q https://github.com/QubesOS/qubes-mgmt-salt-base-topd.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn mgmt-salt-base-topd
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/mgmt-salt-base-topd FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/mgmt-salt-base-topd
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.MWfngb
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.MWfngb/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.MWfngb
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.N8UTzL
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.N8UTzL/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.N8UTzL
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.jT2vaO
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.jT2vaO/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.jT2vaO
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.fTOwR1
+ git cat-file tag v3.1.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.fTOwR1/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.fTOwR1
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/mgmt-salt-base-config ']'
++ basename qubes-src/mgmt-salt-base-config
+ COMPONENT=mgmt-salt-base-config
+ '[' qubes-src/mgmt-salt-base-config == . ']'
+ '[' -z mgmt-salt-base-config ']'
+ '[' -z qubes-src/mgmt-salt-base-config ']'
+ url_var=GIT_URL_mgmt_salt_base_config
+ '[' -n '' ']'
+ '[' -n https://github.com/QubesOS/qubes-mgmt-salt-base-config.git ']'
+ GIT_URL=https://github.com/QubesOS/qubes-mgmt-salt-base-config.git
+ '[' -n '' ']'
+ branch_var=BRANCH_mgmt_salt_base_config
+ '[' -n '' ']'
+ echo '-> Updating sources for mgmt-salt-base-config...'
-> Updating sources for mgmt-salt-base-config...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-base-config.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-base-config.git release3.1...
+ '[' qubes-src/mgmt-salt-base-config == . -o -d qubes-src/mgmt-salt-base-config -a '' '!=' 1 ']'
+ cd qubes-src/mgmt-salt-base-config
+ git fetch -q https://github.com/QubesOS/qubes-mgmt-salt-base-config.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn mgmt-salt-base-config
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/mgmt-salt-base-config FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/mgmt-salt-base-config
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.ERj5z5
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.ERj5z5/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.ERj5z5
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.0B1fxI
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.0B1fxI/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.0B1fxI
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.Vnko22
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.Vnko22/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.Vnko22
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.uVYqm4
+ git cat-file tag v3.1.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.uVYqm4/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.uVYqm4
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/mgmt-salt-base-overrides ']'
++ basename qubes-src/mgmt-salt-base-overrides
+ COMPONENT=mgmt-salt-base-overrides
+ '[' qubes-src/mgmt-salt-base-overrides == . ']'
+ '[' -z mgmt-salt-base-overrides ']'
+ '[' -z qubes-src/mgmt-salt-base-overrides ']'
+ url_var=GIT_URL_mgmt_salt_base_overrides
+ '[' -n '' ']'
+ '[' -n https://github.com/QubesOS/qubes-mgmt-salt-base-overrides.git ']'
+ GIT_URL=https://github.com/QubesOS/qubes-mgmt-salt-base-overrides.git
+ '[' -n '' ']'
+ branch_var=BRANCH_mgmt_salt_base_overrides
+ '[' -n '' ']'
+ echo '-> Updating sources for mgmt-salt-base-overrides...'
-> Updating sources for mgmt-salt-base-overrides...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-base-overrides.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-base-overrides.git release3.1...
+ '[' qubes-src/mgmt-salt-base-overrides == . -o -d qubes-src/mgmt-salt-base-overrides -a '' '!=' 1 ']'
+ cd qubes-src/mgmt-salt-base-overrides
+ git fetch -q https://github.com/QubesOS/qubes-mgmt-salt-base-overrides.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn mgmt-salt-base-overrides
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/mgmt-salt-base-overrides FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/mgmt-salt-base-overrides
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.y3262s
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.y3262s/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.y3262s
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.wQNjUf
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.wQNjUf/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.wQNjUf
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.sCyLmf
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.sCyLmf/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.sCyLmf
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.ZE8lQD
+ git cat-file tag v3.1.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.ZE8lQD/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.ZE8lQD
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/mgmt-salt-dom0-qvm ']'
++ basename qubes-src/mgmt-salt-dom0-qvm
+ COMPONENT=mgmt-salt-dom0-qvm
+ '[' qubes-src/mgmt-salt-dom0-qvm == . ']'
+ '[' -z mgmt-salt-dom0-qvm ']'
+ '[' -z qubes-src/mgmt-salt-dom0-qvm ']'
+ url_var=GIT_URL_mgmt_salt_dom0_qvm
+ '[' -n '' ']'
+ '[' -n https://github.com/QubesOS/qubes-mgmt-salt-dom0-qvm.git ']'
+ GIT_URL=https://github.com/QubesOS/qubes-mgmt-salt-dom0-qvm.git
+ '[' -n '' ']'
+ branch_var=BRANCH_mgmt_salt_dom0_qvm
+ '[' -n '' ']'
+ echo '-> Updating sources for mgmt-salt-dom0-qvm...'
-> Updating sources for mgmt-salt-dom0-qvm...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-dom0-qvm.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-dom0-qvm.git release3.1...
+ '[' qubes-src/mgmt-salt-dom0-qvm == . -o -d qubes-src/mgmt-salt-dom0-qvm -a '' '!=' 1 ']'
+ cd qubes-src/mgmt-salt-dom0-qvm
+ git fetch -q https://github.com/QubesOS/qubes-mgmt-salt-dom0-qvm.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn mgmt-salt-dom0-qvm
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/mgmt-salt-dom0-qvm FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/mgmt-salt-dom0-qvm
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.857Mit
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.857Mit/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.857Mit
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.FGgyfZ
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.FGgyfZ/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.FGgyfZ
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.UhADXS
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.UhADXS/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.UhADXS
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.3YlsQX
+ git cat-file tag v3.1.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.3YlsQX/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.3YlsQX
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/mgmt-salt-dom0-virtual-machines ']'
++ basename qubes-src/mgmt-salt-dom0-virtual-machines
+ COMPONENT=mgmt-salt-dom0-virtual-machines
+ '[' qubes-src/mgmt-salt-dom0-virtual-machines == . ']'
+ '[' -z mgmt-salt-dom0-virtual-machines ']'
+ '[' -z qubes-src/mgmt-salt-dom0-virtual-machines ']'
+ url_var=GIT_URL_mgmt_salt_dom0_virtual_machines
+ '[' -n '' ']'
+ '[' -n https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines.git ']'
+ GIT_URL=https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines.git
+ '[' -n '' ']'
+ branch_var=BRANCH_mgmt_salt_dom0_virtual_machines
+ '[' -n '' ']'
+ echo '-> Updating sources for mgmt-salt-dom0-virtual-machines...'
-> Updating sources for mgmt-salt-dom0-virtual-machines...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines.git release3.1...
+ '[' qubes-src/mgmt-salt-dom0-virtual-machines == . -o -d qubes-src/mgmt-salt-dom0-virtual-machines -a '' '!=' 1 ']'
+ cd qubes-src/mgmt-salt-dom0-virtual-machines
+ git fetch -q https://github.com/QubesOS/qubes-mgmt-salt-dom0-virtual-machines.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn mgmt-salt-dom0-virtual-machines
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/mgmt-salt-dom0-virtual-machines FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/mgmt-salt-dom0-virtual-machines
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.Fth7Jl
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.Fth7Jl/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.Fth7Jl
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.AzKobr
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.AzKobr/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.AzKobr
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.1.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.DkHAXb
+ git cat-file tag v3.1.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.1.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.DkHAXb/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.DkHAXb
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/mgmt-salt-dom0-update ']'
++ basename qubes-src/mgmt-salt-dom0-update
+ COMPONENT=mgmt-salt-dom0-update
+ '[' qubes-src/mgmt-salt-dom0-update == . ']'
+ '[' -z mgmt-salt-dom0-update ']'
+ '[' -z qubes-src/mgmt-salt-dom0-update ']'
+ url_var=GIT_URL_mgmt_salt_dom0_update
+ '[' -n '' ']'
+ '[' -n https://github.com/QubesOS/qubes-mgmt-salt-dom0-update.git ']'
+ GIT_URL=https://github.com/QubesOS/qubes-mgmt-salt-dom0-update.git
+ '[' -n '' ']'
+ branch_var=BRANCH_mgmt_salt_dom0_update
+ '[' -n '' ']'
+ echo '-> Updating sources for mgmt-salt-dom0-update...'
-> Updating sources for mgmt-salt-dom0-update...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-dom0-update.git release3.1...'
--> Fetching from https://github.com/QubesOS/qubes-mgmt-salt-dom0-update.git release3.1...
+ '[' qubes-src/mgmt-salt-dom0-update == . -o -d qubes-src/mgmt-salt-dom0-update -a '' '!=' 1 ']'
+ cd qubes-src/mgmt-salt-dom0-update
+ git fetch -q https://github.com/QubesOS/qubes-mgmt-salt-dom0-update.git --tags release3.1
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn mgmt-salt-dom0-update
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/mgmt-salt-dom0-update FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/mgmt-salt-dom0-update
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.iNfDEo
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.iNfDEo/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.iNfDEo
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.t2fIkN
+ git cat-file tag R3.1-rc2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.t2fIkN/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.t2fIkN
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.IaBfgr
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.IaBfgr/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.IaBfgr
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.0.2
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.zpqqhK
+ git cat-file tag v3.0.2
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.0.2
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.zpqqhK/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.zpqqhK
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n qubes-src/linux-template-builder ']'
++ basename qubes-src/linux-template-builder
+ COMPONENT=linux-template-builder
+ '[' qubes-src/linux-template-builder == . ']'
+ '[' -z linux-template-builder ']'
+ '[' -z qubes-src/linux-template-builder ']'
+ url_var=GIT_URL_linux_template_builder
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-linux-template-builder.git
+ '[' -n '' ']'
+ branch_var=BRANCH_linux_template_builder
+ '[' -n master ']'
+ BRANCH=master
+ echo '-> Updating sources for linux-template-builder...'
-> Updating sources for linux-template-builder...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-linux-template-builder.git master...'
--> Fetching from https://github.com/QubesOS/qubes-linux-template-builder.git master...
+ '[' qubes-src/linux-template-builder == . -o -d qubes-src/linux-template-builder -a '' '!=' 1 ']'
+ cd qubes-src/linux-template-builder
+ git fetch -q https://github.com/QubesOS/qubes-linux-template-builder.git --tags master
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn linux-template-builder
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag qubes-src/linux-template-builder FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd qubes-src/linux-template-builder
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.hSFLdZ
+ git cat-file tag R3.1
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.hSFLdZ/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.hSFLdZ
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag R3.1-rc3
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.ELIQtr
+ git cat-file tag R3.1-rc3
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag R3.1-rc3
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.ELIQtr/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.ELIQtr
+ return 0
+ VALID_TAG_FOUND=1
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag v3.0.5
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.QsbuAC
+ git cat-file tag v3.0.5
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag v3.0.5
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.QsbuAC/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.QsbuAC
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
+ '[' -n . ']'
++ basename .
+ COMPONENT=.
+ '[' . == . ']'
+ COMPONENT=builder
+ '[' -z builder ']'
+ '[' -z . ']'
+ url_var=GIT_URL_builder
+ '[' -n '' ']'
+ '[' -n '' ']'
+ GIT_URL=https://github.com/QubesOS/qubes-builder.git
+ '[' -n '' ']'
+ branch_var=BRANCH_builder
+ '[' -n master ']'
+ BRANCH=master
+ echo '-> Updating sources for builder...'
-> Updating sources for builder...
+ echo '--> Fetching from https://github.com/QubesOS/qubes-builder.git master...'
--> Fetching from https://github.com/QubesOS/qubes-builder.git master...
+ '[' . == . -o -d . -a '' '!=' 1 ']'
+ cd .
+ git fetch -q https://github.com/QubesOS/qubes-builder.git --tags master
+ VERIFY_REF=FETCH_HEAD
+ cd -
+ verify=true
+ '[' '' == 1 ']'
+ elementIn builder
+ local element
+ return 1
+ '[' true == true ']'
+ echo '--> Verifying tags...'
--> Verifying tags...
++ dirname /home/user/qubes-builder/scripts/get-sources
+ /home/user/qubes-builder/scripts/verify-git-tag . FETCH_HEAD
+ set -o pipefail
+ '[' '' == 1 ']'
+ '[' -n /home/user/qubes-builder/keyrings/git ']'
++ readlink -m /home/user/qubes-builder/keyrings/git
+ export GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ GNUPGHOME=/home/user/qubes-builder/keyrings/git
+ '[' '!' -d /home/user/qubes-builder/keyrings/git ']'
+ '[' qubes-developers-keys.asc -nt /home/user/qubes-builder/keyrings/git/pubring.gpg ']'
+ pushd .
+ '[' -n FETCH_HEAD ']'
+ REF=FETCH_HEAD
+ VALID_TAG_FOUND=0
++ git tag --points-at=FETCH_HEAD
+ for tag in '$(git tag --points-at="$REF")'
+ verify_tag mm_24e7557c
+ sig_header='-----BEGIN PGP SIGNATURE-----'
++ mktemp -d sig-verify.XXXXXX
+ temp_name=sig-verify.Fh8OfR
+ git cat-file tag mm_24e7557c
+ sed '/-----BEGIN PGP SIGNATURE-----/,//d'
+ git cat-file tag mm_24e7557c
+ sed -n '/-----BEGIN PGP SIGNATURE-----/,//p'
+ gpg --verify --status-fd=1 sig-verify.Fh8OfR/content.asc
+ grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)$'
+ ret=0
+ rm -r sig-verify.Fh8OfR
+ return 0
+ VALID_TAG_FOUND=1
+ '[' 1 -eq 0 ']'
+ exit 0
+ '[' 1 == 1 ']'
+ exit 0
Changes to be merged:
user@qubes-build:~/qubes-builder$ 

[marmarek]

On Fri, May 06, 2016 at 07:04:45PM -0700, Patrick Schleizer wrote:

A fix for that is attached above. Is it preferred by to send a pull request or do you wish to just get the fix from my branch?

I've already merged the fix from your branch and started new build.
There is one commit difference between our branch - my attempt to change
chroot->chroot_cmd (done at the time of this change in
linux-template-builder). During a merge I've chosen your implementation,
but can you merge my branch to have fast forward in the future? Or
should I reset --hard it? (I'd rather avoid this on "master" branch...).

---

There is a different issue now. make prepare-merge does not iterate over qubes-template-whonix. Did I mess up something required for being a proper builder plugin or is it a qubes-builder bug?

Do you have it in COMPONENTS setting?

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

[marmarek]

On Fri, May 06, 2016 at 07:04:45PM -0700, Patrick Schleizer wrote:

A fix for that is attached above. Is it preferred by to send a pull request or do you wish to just get the fix from my branch?

I've already merged the fix from your branch and started new build.
There is one commit difference between our branch - my attempt to change
chroot->chroot_cmd (done at the time of this change in
linux-template-builder). During a merge I've chosen your implementation,
but can you merge my branch to have fast forward in the future? Or
should I reset --hard it? (I'd rather avoid this on "master" branch...).

---

There is a different issue now. make prepare-merge does not iterate over qubes-template-whonix. Did I mess up something required for being a proper builder plugin or is it a qubes-builder bug?

Do you have it in COMPONENTS setting?

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

[adrelanos]

Done, merged.

https://github.com/adrelanos/qubes-template-whonix/blob/master/builder.conf#L85

COMPONENTS += template-whonix

Does that look alright?

Also salt should be added to builder plugins now, right? I had to manually select it, but it should have been automatically selected, I guess.

[adrelanos]

Done, merged.

https://github.com/adrelanos/qubes-template-whonix/blob/master/builder.conf#L85

COMPONENTS += template-whonix

Does that look alright?

Also salt should be added to builder plugins now, right? I had to manually select it, but it should have been automatically selected, I guess.

[marmarek]

Generally I'd avoid modifying COMPONENTS setting automatically. This one setting should be under ultimate user control, so you really know what you are going to do exactly in cases of make prepare-merge or even make do-merge. This includes the cases when you have the plugin enabled, but don't want to have it in COMPONENTS this time (to download updated sources of selected other component).

[marmarek]

Generally I'd avoid modifying COMPONENTS setting automatically. This one setting should be under ultimate user control, so you really know what you are going to do exactly in cases of make prepare-merge or even make do-merge. This includes the cases when you have the plugin enabled, but don't want to have it in COMPONENTS this time (to download updated sources of selected other component).

[adrelanos]

qubes-template-whonix builder.conf has various issues.

• make sure make prepare-merge iterates over it
• avoid modifying COMPONENTS setting automatically
• make the flavor +salt the default for DIST whonix-gateway / whonix-workstation?
• setup Downloading additional sources for template-whonix... this is no longer required. No idea where this is configured.
• Automatically add mgmt-salt? Builder Plugins Selection currently:

                            │ │ [*] template-whonix    Requires: builder-debian 
                            │ │ [ ] mgmt-salt

Should be...

                            │ │ [*] template-whonix    Requires: builder-debian mgmt-salt 
                            │ │ [*] mgmt-salt

...?

---

Here is the builder.conf that I guess how it should be looking like...

###############################################################################
# To enable this flavor, add it to the builder.conf `BUILDER_PLUGINS`:
#   BUILDER_PLUGINS += whonix
###############################################################################

# Uncomment to enable the `+whonix` template flavor
# BUILDER_PLUGINS += template-whonix

################################################################################
# Extra Whonix Build Options
################################################################################

# Whonix repository.
WHONIX_APT_REPOSITORY_OPTS ?= stable
#WHONIX_APT_REPOSITORY_OPTS = off

# Use turbo mode to build template
BUILDER_TURBO_MODE ?= 1

# Enable Tor by default (0: disable; 1: enable)
WHONIX_ENABLE_TOR ?= 0

################################################################################
#                           S E L F   N A M E
################################################################################
_self := $(strip $(lastword 1,$(subst /, ,$(dir $(lastword $(MAKEFILE_LIST))))))

################################################################################
#                     L I S T   O F   D I S T   V M ' S
################################################################################
# List of all build template variations that will be offered in the 'setup'
# DISTS_VM dialog to be able to choose from
#
# Available template flavors may be added the the template build by appending
# `+flavor_name`
ifeq "$(SETUP_MODE)" "1"
  DISTS_VM += whonix-gateway
  DISTS_VM += whonix-workstation
endif

################################################################################
#                     T E M P L A T E   A L I A S
################################################################################
# TEMPLATE_ALIAS can be used to choose a shorter name in DISTS_VM that
# include some other TEMPLATE_FLAVORs.  A TEMPLATE_LABEL will automatically
# be created if one does not exist that will use the alias name as the
# template name.  Plus signs (+) will be converted to hyphens (-).
TEMPLATE_ALIAS += whonix-gateway:jessie+whonix-gateway+minimal+no-recommends+salt
TEMPLATE_ALIAS += whonix-workstation:jessie+whonix-workstation+minimal+no-recommends+salt

################################################################################
#                 T E M P L A T E   C O N F I G U R A T I O N
################################################################################
# TEMPLATE_LABEL allows control over the final template name.  There is a limit
# of 31 characters for the final template name
#
# TEMPLATE_LABEL += <DIST_VM name as listed above>:<desired final template name>
TEMPLATE_LABEL += jessie+whonix-gateway+minimal+no-recommends+salt:whonix-gw
TEMPLATE_LABEL += jessie+whonix-workstation+minimal+no-recommends+salt:whonix-ws

$(strip $(foreach _alias, $(TEMPLATE_ALIAS), $(_aliases)))

################################################################################
#                              W H O N I X
################################################################################
# ------------------------------------------------------------------------------
# Define flavor directory location (here)
# ------------------------------------------------------------------------------
WHONIX_DIR := $(BUILDER_DIR)/$(SRC_DIR)/Whonix
APPMENUS_DIR := $(BUILDER_DIR)/$(SRC_DIR)/$(_self)
TEMPLATE_FLAVOR_DIR += +whonix-gateway:$(BUILDER_DIR)/$(SRC_DIR)/$(_self)
TEMPLATE_FLAVOR_DIR += +whonix-workstation:$(BUILDER_DIR)/$(SRC_DIR)/$(_self)

# ------------------------------------------------------------------------------
# Add builder-debian PLUGIN if it's not already added
# ------------------------------------------------------------------------------
ifeq (,$(findstring builder-debian, $(BUILDER_PLUGINS)))
  BUILDER_PLUGINS += builder-debian
  #COMPONENTS := $(COMPONENTS) $(_components)
endif

# ------------------------------------------------------------------------------
# Add mgmt-salt PLUGIN if it's not already added
# ------------------------------------------------------------------------------
ifeq (,$(findstring mgmt-salt, $(BUILDER_PLUGINS)))
  BUILDER_PLUGINS += mgmt-salt
  #COMPONENTS := $(COMPONENTS) $(_components)
endif

#COMPONENTS += template-whonix

qubes-vm::
    @true

about::
    @echo "template-whonix/builder.conf"

# vim: filetype=make

---

...but then Whonix just completely disappears from setup Template Distribution Selection. I don't see through all of that make / qubes-builder stuff. Could you patch that please?

[adrelanos]

qubes-template-whonix builder.conf has various issues.

• make sure make prepare-merge iterates over it
• avoid modifying COMPONENTS setting automatically
• make the flavor +salt the default for DIST whonix-gateway / whonix-workstation?
• setup Downloading additional sources for template-whonix... this is no longer required. No idea where this is configured.
• Automatically add mgmt-salt? Builder Plugins Selection currently:

                            │ │ [*] template-whonix    Requires: builder-debian 
                            │ │ [ ] mgmt-salt

Should be...

                            │ │ [*] template-whonix    Requires: builder-debian mgmt-salt 
                            │ │ [*] mgmt-salt

...?

---

Here is the builder.conf that I guess how it should be looking like...

###############################################################################
# To enable this flavor, add it to the builder.conf `BUILDER_PLUGINS`:
#   BUILDER_PLUGINS += whonix
###############################################################################

# Uncomment to enable the `+whonix` template flavor
# BUILDER_PLUGINS += template-whonix

################################################################################
# Extra Whonix Build Options
################################################################################

# Whonix repository.
WHONIX_APT_REPOSITORY_OPTS ?= stable
#WHONIX_APT_REPOSITORY_OPTS = off

# Use turbo mode to build template
BUILDER_TURBO_MODE ?= 1

# Enable Tor by default (0: disable; 1: enable)
WHONIX_ENABLE_TOR ?= 0

################################################################################
#                           S E L F   N A M E
################################################################################
_self := $(strip $(lastword 1,$(subst /, ,$(dir $(lastword $(MAKEFILE_LIST))))))

################################################################################
#                     L I S T   O F   D I S T   V M ' S
################################################################################
# List of all build template variations that will be offered in the 'setup'
# DISTS_VM dialog to be able to choose from
#
# Available template flavors may be added the the template build by appending
# `+flavor_name`
ifeq "$(SETUP_MODE)" "1"
  DISTS_VM += whonix-gateway
  DISTS_VM += whonix-workstation
endif

################################################################################
#                     T E M P L A T E   A L I A S
################################################################################
# TEMPLATE_ALIAS can be used to choose a shorter name in DISTS_VM that
# include some other TEMPLATE_FLAVORs.  A TEMPLATE_LABEL will automatically
# be created if one does not exist that will use the alias name as the
# template name.  Plus signs (+) will be converted to hyphens (-).
TEMPLATE_ALIAS += whonix-gateway:jessie+whonix-gateway+minimal+no-recommends+salt
TEMPLATE_ALIAS += whonix-workstation:jessie+whonix-workstation+minimal+no-recommends+salt

################################################################################
#                 T E M P L A T E   C O N F I G U R A T I O N
################################################################################
# TEMPLATE_LABEL allows control over the final template name.  There is a limit
# of 31 characters for the final template name
#
# TEMPLATE_LABEL += <DIST_VM name as listed above>:<desired final template name>
TEMPLATE_LABEL += jessie+whonix-gateway+minimal+no-recommends+salt:whonix-gw
TEMPLATE_LABEL += jessie+whonix-workstation+minimal+no-recommends+salt:whonix-ws

$(strip $(foreach _alias, $(TEMPLATE_ALIAS), $(_aliases)))

################################################################################
#                              W H O N I X
################################################################################
# ------------------------------------------------------------------------------
# Define flavor directory location (here)
# ------------------------------------------------------------------------------
WHONIX_DIR := $(BUILDER_DIR)/$(SRC_DIR)/Whonix
APPMENUS_DIR := $(BUILDER_DIR)/$(SRC_DIR)/$(_self)
TEMPLATE_FLAVOR_DIR += +whonix-gateway:$(BUILDER_DIR)/$(SRC_DIR)/$(_self)
TEMPLATE_FLAVOR_DIR += +whonix-workstation:$(BUILDER_DIR)/$(SRC_DIR)/$(_self)

# ------------------------------------------------------------------------------
# Add builder-debian PLUGIN if it's not already added
# ------------------------------------------------------------------------------
ifeq (,$(findstring builder-debian, $(BUILDER_PLUGINS)))
  BUILDER_PLUGINS += builder-debian
  #COMPONENTS := $(COMPONENTS) $(_components)
endif

# ------------------------------------------------------------------------------
# Add mgmt-salt PLUGIN if it's not already added
# ------------------------------------------------------------------------------
ifeq (,$(findstring mgmt-salt, $(BUILDER_PLUGINS)))
  BUILDER_PLUGINS += mgmt-salt
  #COMPONENTS := $(COMPONENTS) $(_components)
endif

#COMPONENTS += template-whonix

qubes-vm::
    @true

about::
    @echo "template-whonix/builder.conf"

# vim: filetype=make

---

...but then Whonix just completely disappears from setup Template Distribution Selection. I don't see through all of that make / qubes-builder stuff. Could you patch that please?

[marmarek]

• make sure make prepare-merge iterates over it

This should be done by manually (or by setup script) add template-whonix to builder.conf / override.conf.

• avoid modifying COMPONENTS setting automatically

That's easy.

• make the flavor +salt the default for DIST whonix-gateway / whonix-workstation?

Since we've chosen salt-ssh approach, nothing additional is needed in VM, +salt flavor isn't needed anywhere.

• setup Downloading additional sources for template-whonix... this is no longer required. No idea where this is configured.
• Automatically add mgmt-salt? Builder Plugins Selection currently:

That's a good idea for dom0 - mgmt-salt builder pluging is required to build dom0 mgmt components.

Could you patch that please?

Yes, but I need to find out how setup tool configuration works, because that part was maintained by Jason...

[marmarek]

• make sure make prepare-merge iterates over it

This should be done by manually (or by setup script) add template-whonix to builder.conf / override.conf.

• avoid modifying COMPONENTS setting automatically

That's easy.

• make the flavor +salt the default for DIST whonix-gateway / whonix-workstation?

Since we've chosen salt-ssh approach, nothing additional is needed in VM, +salt flavor isn't needed anywhere.

• setup Downloading additional sources for template-whonix... this is no longer required. No idea where this is configured.
• Automatically add mgmt-salt? Builder Plugins Selection currently:

That's a good idea for dom0 - mgmt-salt builder pluging is required to build dom0 mgmt components.

Could you patch that please?

Yes, but I need to find out how setup tool configuration works, because that part was maintained by Jason...

[marmarek]

Whonix build: this time much better. It's done, build logs:
gateway
workstation
Packages uploaded to unstable repo:

-rw-rw-r-- 1 user user 544482578 May  8 03:32 qubes-template-whonix-gw-3.0.5-201605072153.noarch.rpm
-rw-rw-r-- 1 user user 718918710 May  8 03:32 qubes-template-whonix-ws-3.0.5-201605080022.noarch.rpm

[marmarek]

Whonix build: this time much better. It's done, build logs:
gateway
workstation
Packages uploaded to unstable repo:

-rw-rw-r-- 1 user user 544482578 May  8 03:32 qubes-template-whonix-gw-3.0.5-201605072153.noarch.rpm
-rw-rw-r-- 1 user user 718918710 May  8 03:32 qubes-template-whonix-ws-3.0.5-201605080022.noarch.rpm

[adrelanos]

How is salt being invoked? When I yum remove the Whonix template rpms
and reinstall them (either build by myself or from the repo), it does
not automate the creation of anon-whonix and so forth. Should that be
the case? If not, how would I test it, manually invoke salt?

[adrelanos]

How is salt being invoked? When I yum remove the Whonix template rpms
and reinstall them (either build by myself or from the repo), it does
not automate the creation of anon-whonix and so forth. Should that be
the case? If not, how would I test it, manually invoke salt?

[marmarek]

https://www.qubes-os.org/doc/salt/
TL;DR: sudo qubesctl state.highstate

[marmarek]

https://www.qubes-os.org/doc/salt/
TL;DR: sudo qubesctl state.highstate

[adrelanos]

Does not work for me. A known issue? Log:

sudo qubesctl state.highstate
[ERROR   ] Command 'systemctl status salt-minion.service' failed with return code: 3
[ERROR   ] output: salt-minion.service - The Salt Minion
   Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; disabled)
   Active: inactive (dead)
[ERROR   ] Command 'systemctl is-active salt-minion.service' failed with return code: 3
[ERROR   ] output: unknown
local:
----------
          ID: directory_srv_pillar
    Function: file.directory
        Name: /srv/pillar
      Result: True
     Comment: Directory /srv/pillar updated
     Started: 00:54:37.997000
    Duration: 18.628 ms
     Changes:   
              ----------
              mode:
                  0640
----------
          ID: directory_srv_salt
    Function: file.directory
        Name: /srv/salt
      Result: True
     Comment: Directory /srv/salt updated
     Started: 00:54:38.017220
    Duration: 35.935 ms
     Changes:   
              ----------
              mode:
                  0640
----------
          ID: directory_srv_reactor
    Function: file.directory
        Name: /srv/reactor
      Result: True
     Comment: Directory /srv/reactor updated
     Started: 00:54:38.054540
    Duration: 1.748 ms
     Changes:   
              ----------
              mode:
                  0640
----------
          ID: directory_srv_formulas
    Function: file.directory
        Name: /srv/formulas
      Result: True
     Comment: Directory /srv/formulas updated
     Started: 00:54:38.057649
    Duration: 19.565 ms
     Changes:   
              ----------
              mode:
                  0640
----------
          ID: directory_srv_spm
    Function: file.directory
        Name: /srv/spm
      Result: True
     Comment: Directory /srv/spm updated
     Started: 00:54:38.078681
    Duration: 1.268 ms
     Changes:   
              ----------
              /srv/spm:
                  New Dir
----------
          ID: topd-always-passes
    Function: test.succeed_without_changes
        Name: foo
      Result: True
     Comment: Success!
     Started: 00:54:38.081350
    Duration: 0.203 ms
     Changes:   
----------
          ID: salt-standalone-config
    Function: file.recurse
        Name: /etc/salt/minion.d
      Result: True
     Comment: The directory /etc/salt/minion.d is in the correct state
     Started: 00:54:38.082932
    Duration: 79.161 ms
     Changes:   
----------
          ID: salt-standalone-config
    Function: service.dead
        Name: salt-minion
      Result: True
     Comment: Service salt-minion is already disabled, and is in the desired state
     Started: 00:54:38.163975
    Duration: 776.327 ms
     Changes:   
----------
          ID: directory_srv_user_salt
    Function: file.directory
        Name: /srv/user_salt
      Result: True
     Comment: Directory /srv/user_salt updated
     Started: 00:54:38.942083
    Duration: 1.282 ms
     Changes:   
              ----------
              /srv/user_salt:
                  New Dir
----------
          ID: directory_srv_user_pillar
    Function: file.directory
        Name: /srv/user_pillar
      Result: True
     Comment: Directory /srv/user_pillar updated
     Started: 00:54:38.944745
    Duration: 0.96 ms
     Changes:   
              ----------
              /srv/user_pillar:
                  New Dir
----------
          ID: directory_srv_user_formulas
    Function: file.directory
        Name: /srv/user_formulas
      Result: True
     Comment: Directory /srv/user_formulas updated
     Started: 00:54:38.947098
    Duration: 0.955 ms
     Changes:   
              ----------
              /srv/user_formulas:
                  New Dir
----------
          ID: /srv/user_salt/top.sls
    Function: file.managed
      Result: True
     Comment: File /srv/user_salt/top.sls updated
     Started: 00:54:38.950069
    Duration: 4.486 ms
     Changes:   
              ----------
              diff:
                  New file
              mode:
                  0640
----------
          ID: /srv/user_pillar/top.sls
    Function: file.managed
      Result: True
     Comment: File /srv/user_pillar/top.sls updated
     Started: 00:54:38.956416
    Duration: 2.355 ms
     Changes:   
              ----------
              diff:
                  New file
              mode:
                  0640
----------
          ID: /srv/user_salt/locale
    Function: file.directory
      Result: True
     Comment: Directory /srv/user_salt/locale updated
     Started: 00:54:38.960210
    Duration: 0.952 ms
     Changes:   
              ----------
              /srv/user_salt/locale:
                  New Dir
----------
          ID: /srv/user_salt/locale/init.sls
    Function: file.managed
      Result: True
     Comment: File /srv/user_salt/locale/init.sls updated
     Started: 00:54:38.962869
    Duration: 2.159 ms
     Changes:   
              ----------
              diff:
                  New file
              mode:
                  0640

Summary
-------------
Succeeded: 15 (changed=12)
Failed:     0
-------------
Total states run:     15

[adrelanos]

Does not work for me. A known issue? Log:

sudo qubesctl state.highstate
[ERROR   ] Command 'systemctl status salt-minion.service' failed with return code: 3
[ERROR   ] output: salt-minion.service - The Salt Minion
   Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; disabled)
   Active: inactive (dead)
[ERROR   ] Command 'systemctl is-active salt-minion.service' failed with return code: 3
[ERROR   ] output: unknown
local:
----------
          ID: directory_srv_pillar
    Function: file.directory
        Name: /srv/pillar
      Result: True
     Comment: Directory /srv/pillar updated
     Started: 00:54:37.997000
    Duration: 18.628 ms
     Changes:   
              ----------
              mode:
                  0640
----------
          ID: directory_srv_salt
    Function: file.directory
        Name: /srv/salt
      Result: True
     Comment: Directory /srv/salt updated
     Started: 00:54:38.017220
    Duration: 35.935 ms
     Changes:   
              ----------
              mode:
                  0640
----------
          ID: directory_srv_reactor
    Function: file.directory
        Name: /srv/reactor
      Result: True
     Comment: Directory /srv/reactor updated
     Started: 00:54:38.054540
    Duration: 1.748 ms
     Changes:   
              ----------
              mode:
                  0640
----------
          ID: directory_srv_formulas
    Function: file.directory
        Name: /srv/formulas
      Result: True
     Comment: Directory /srv/formulas updated
     Started: 00:54:38.057649
    Duration: 19.565 ms
     Changes:   
              ----------
              mode:
                  0640
----------
          ID: directory_srv_spm
    Function: file.directory
        Name: /srv/spm
      Result: True
     Comment: Directory /srv/spm updated
     Started: 00:54:38.078681
    Duration: 1.268 ms
     Changes:   
              ----------
              /srv/spm:
                  New Dir
----------
          ID: topd-always-passes
    Function: test.succeed_without_changes
        Name: foo
      Result: True
     Comment: Success!
     Started: 00:54:38.081350
    Duration: 0.203 ms
     Changes:   
----------
          ID: salt-standalone-config
    Function: file.recurse
        Name: /etc/salt/minion.d
      Result: True
     Comment: The directory /etc/salt/minion.d is in the correct state
     Started: 00:54:38.082932
    Duration: 79.161 ms
     Changes:   
----------
          ID: salt-standalone-config
    Function: service.dead
        Name: salt-minion
      Result: True
     Comment: Service salt-minion is already disabled, and is in the desired state
     Started: 00:54:38.163975
    Duration: 776.327 ms
     Changes:   
----------
          ID: directory_srv_user_salt
    Function: file.directory
        Name: /srv/user_salt
      Result: True
     Comment: Directory /srv/user_salt updated
     Started: 00:54:38.942083
    Duration: 1.282 ms
     Changes:   
              ----------
              /srv/user_salt:
                  New Dir
----------
          ID: directory_srv_user_pillar
    Function: file.directory
        Name: /srv/user_pillar
      Result: True
     Comment: Directory /srv/user_pillar updated
     Started: 00:54:38.944745
    Duration: 0.96 ms
     Changes:   
              ----------
              /srv/user_pillar:
                  New Dir
----------
          ID: directory_srv_user_formulas
    Function: file.directory
        Name: /srv/user_formulas
      Result: True
     Comment: Directory /srv/user_formulas updated
     Started: 00:54:38.947098
    Duration: 0.955 ms
     Changes:   
              ----------
              /srv/user_formulas:
                  New Dir
----------
          ID: /srv/user_salt/top.sls
    Function: file.managed
      Result: True
     Comment: File /srv/user_salt/top.sls updated
     Started: 00:54:38.950069
    Duration: 4.486 ms
     Changes:   
              ----------
              diff:
                  New file
              mode:
                  0640
----------
          ID: /srv/user_pillar/top.sls
    Function: file.managed
      Result: True
     Comment: File /srv/user_pillar/top.sls updated
     Started: 00:54:38.956416
    Duration: 2.355 ms
     Changes:   
              ----------
              diff:
                  New file
              mode:
                  0640
----------
          ID: /srv/user_salt/locale
    Function: file.directory
      Result: True
     Comment: Directory /srv/user_salt/locale updated
     Started: 00:54:38.960210
    Duration: 0.952 ms
     Changes:   
              ----------
              /srv/user_salt/locale:
                  New Dir
----------
          ID: /srv/user_salt/locale/init.sls
    Function: file.managed
      Result: True
     Comment: File /srv/user_salt/locale/init.sls updated
     Started: 00:54:38.962869
    Duration: 2.159 ms
     Changes:   
              ----------
              diff:
                  New file
              mode:
                  0640

Summary
-------------
Succeeded: 15 (changed=12)
Failed:     0
-------------
Total states run:     15

[marmarek]

Did you have Whonix configuration enabled previously? If not, take a look at sudo qubesctl top.disabled and enable appropriate entries: sudo qubesctl top.enable qvm.sys-whonix qvm.anon-whonix, then retry with highstate.

[marmarek]

Did you have Whonix configuration enabled previously? If not, take a look at sudo qubesctl top.disabled and enable appropriate entries: sudo qubesctl top.enable qvm.sys-whonix qvm.anon-whonix, then retry with highstate.

[adrelanos]

Did you have Whonix configuration enabled previously?

You tell me. This system was upgraded R3 -> R3.1. Whonix template rpms very installed and uninstalled many times. I did not manually invoke salt before. Hope that answers your question.

In meanwhile I experimented with systemd enabling and starting the salt-minion service. Not sure that had any influence or was sane.

VMs are not properly created and configured. However, the first part of running highstate indicates an error. Please tell me if that is expected.

[ERROR ] Command 'systemctl status salt-minion.service' failed with return code: 3
[ERROR ] output: salt-minion.service - The Salt Minion

---

sudo qubesctl top.disabled
local:
    ----------
    dom0:
        - /srv/formulas/dom0/virtual-machines-formula/qvm/sys-net.top
        - /srv/formulas/dom0/virtual-machines-formula/qvm/sys-net-with-usb.top
        - /srv/formulas/dom0/virtual-machines-formula/qvm/anon-whonix.top
        - /srv/formulas/dom0/virtual-machines-formula/qvm/untrusted.top
        - /srv/formulas/dom0/virtual-machines-formula/qvm/vault.top
        - /srv/formulas/dom0/virtual-machines-formula/qvm/personal.top
        - /srv/formulas/dom0/virtual-machines-formula/qvm/work.top
        - /srv/formulas/dom0/virtual-machines-formula/qvm/sys-usb.top
        - /srv/formulas/dom0/virtual-machines-formula/qvm/sys-whonix.top
        - /srv/formulas/dom0/virtual-machines-formula/qvm/sys-firewall.top
    test:
        - /srv/formulas/test/update-formula/update/tests.top
        - /srv/formulas/test/qvm-formula/qvm/init.top

sudo qubesctl top.enable qvm.sys-whonix qvm.anon-whonix
local:
    ----------
    qvm.anon-whonix.top:
        ----------
        status:
            enabled
    qvm.sys-whonix.top:
        ----------
        status:
            enabled

sudo qubesctl state.highstate
[ERROR   ] Command 'systemctl status salt-minion.service' failed with return code: 3
[ERROR   ] output: salt-minion.service - The Salt Minion
   Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; disabled)
   Active: inactive (dead)

May 10 01:00:46 dom0 systemd[1]: Starting The Salt Minion...
May 10 01:00:46 dom0 systemd[1]: Started The Salt Minion.
May 10 01:00:56 dom0 systemd[1]: Stopping The Salt Minion...
May 10 01:00:56 dom0 systemd[1]: Stopped The Salt Minion.
May 10 01:01:53 dom0 systemd[1]: Starting The Salt Minion...
May 10 01:01:53 dom0 systemd[1]: Started The Salt Minion.
May 10 01:02:43 dom0 systemd[1]: Stopping The Salt Minion...
May 10 01:02:43 dom0 systemd[1]: Stopped The Salt Minion.
[ERROR   ] Command 'systemctl is-active salt-minion.service' failed with return code: 3
[ERROR   ] output: unknown
local:
----------
          ID: template-whonix-ws
    Function: pkg.installed
        Name: qubes-template-whonix-ws
      Result: True
     Comment: Package qubes-template-whonix-ws is already installed.
     Started: 01:10:46.108998
    Duration: 2687.926 ms
     Changes:
----------
          ID: template-whonix-gw
    Function: pkg.installed
        Name: qubes-template-whonix-gw
      Result: True
     Comment: Package qubes-template-whonix-gw is already installed.
     Started: 01:10:48.797026
    Duration: 0.294 ms
     Changes:
----------
          ID: sys-net
    Function: qvm.exists
      Result: True
     Comment: /usr/bin/qvm-check sys-net
              A VM with the name 'sys-net' does exist.
     Started: 01:10:48.842578
    Duration: 308.739 ms
     Changes:
----------
          ID: sys-firewall
    Function: qvm.exists
      Result: True
     Comment: /usr/bin/qvm-check sys-firewall
              A VM with the name 'sys-firewall' does exist.
     Started: 01:10:49.153415
    Duration: 294.567 ms
     Changes:
----------
          ID: sys-whonix
    Function: qvm.vm
      Result: True
     Comment: ====== ['present'] ======
              /usr/bin/qvm-check sys-whonix
              A VM with the name 'sys-whonix' does exist.

              ====== ['prefs'] ======
              /usr/bin/qvm-prefs  --set sys-whonix autostart "True"
              /usr/bin/qvm-prefs  --set sys-whonix netvm "sys-firewall"
     Started: 01:10:49.450863
    Duration: 7349.147 ms
     Changes:
              ----------
              qvm.prefs:
                  ----------
                  qvm.create:
                      ----------
                      autostart:
                          ----------
                          new:
                              True
                          old:
                              False
                      netvm:
                          ----------
                          new:
                              sys-firewall
                          old:
                              None
----------
          ID: whonix-gw
    Function: qvm.vm
      Result: True
     Comment: ====== ['prefs'] ======
              /usr/bin/qvm-prefs  --set whonix-gw netvm "sys-whonix"
     Started: 01:10:56.802858
    Duration: 328.621 ms
     Changes:
              ----------
              qvm.prefs:
                  ----------
                  qvm.create:
                      ----------
                      netvm:
                          ----------
                          new:
                              sys-whonix
                          old:
                              sys-firewall
----------
          ID: anon-whonix
    Function: qvm.vm
      Result: True
     Comment: ====== ['present'] ======
              /usr/bin/qvm-check anon-whonix
              A VM with the name 'anon-whonix' does exist.

              ====== ['prefs'] ======
              /usr/bin/qvm-prefs  --set anon-whonix netvm "sys-whonix"
     Started: 01:10:57.134462
    Duration: 5326.416 ms
     Changes:
              ----------
              qvm.prefs:
                  ----------
                  qvm.create:
                      ----------
                      netvm:
                          ----------
                          new:
                              sys-whonix
                          old:
                              sys-firewall
----------
          ID: whonix-ws
    Function: qvm.vm
      Result: True
     Comment: ====== ['prefs'] ======
              /usr/bin/qvm-prefs  --set whonix-ws netvm "sys-whonix"
     Started: 01:11:02.463583
    Duration: 334.221 ms
     Changes:
              ----------
              qvm.prefs:
                  ----------
                  qvm.create:
                      ----------
                      netvm:
                          ----------
                          new:
                              sys-whonix
                          old:
                              sys-firewall
----------
          ID: directory_srv_pillar
    Function: file.directory
        Name: /srv/pillar
      Result: True
     Comment: Directory /srv/pillar is in the correct state
     Started: 01:11:02.799872
    Duration: 7.383 ms
     Changes:
----------
          ID: directory_srv_salt
    Function: file.directory
        Name: /srv/salt
      Result: True
     Comment: Directory /srv/salt updated
     Started: 01:11:02.808812
    Duration: 26.92 ms
     Changes:
              ----------
              mode:
                  0750
----------
          ID: directory_srv_reactor
    Function: file.directory
        Name: /srv/reactor
      Result: True
     Comment: Directory /srv/reactor is in the correct state
     Started: 01:11:02.837396
    Duration: 1.017 ms
     Changes:
----------
          ID: directory_srv_formulas
    Function: file.directory
        Name: /srv/formulas
      Result: True
     Comment: Directory /srv/formulas is in the correct state
     Started: 01:11:02.839948
    Duration: 13.396 ms
     Changes:
----------
          ID: directory_srv_spm
    Function: file.directory
        Name: /srv/spm
      Result: True
     Comment: Directory /srv/spm is in the correct state
     Started: 01:11:02.855090
    Duration: 0.572 ms
     Changes:
----------
          ID: topd-always-passes
    Function: test.succeed_without_changes
        Name: foo
      Result: True
     Comment: Success!
     Started: 01:11:02.857192
    Duration: 0.395 ms
     Changes:
----------
          ID: salt-standalone-config
    Function: file.recurse
        Name: /etc/salt/minion.d
      Result: True
     Comment: The directory /etc/salt/minion.d is in the correct state
     Started: 01:11:02.859013
    Duration: 82.01 ms
     Changes:
----------
          ID: salt-standalone-config
    Function: service.dead
        Name: salt-minion
      Result: True
     Comment: Service salt-minion is already disabled, and is in the desired state
     Started: 01:11:02.942853
    Duration: 622.096 ms
     Changes:
----------
          ID: directory_srv_user_salt
    Function: file.directory
        Name: /srv/user_salt
      Result: True
     Comment: Directory /srv/user_salt is in the correct state
     Started: 01:11:03.567107
    Duration: 1.676 ms
     Changes:
----------
          ID: directory_srv_user_pillar
    Function: file.directory
        Name: /srv/user_pillar
      Result: True
     Comment: Directory /srv/user_pillar is in the correct state
     Started: 01:11:03.570345
    Duration: 0.962 ms
     Changes:
----------
          ID: directory_srv_user_formulas
    Function: file.directory
        Name: /srv/user_formulas
      Result: True
     Comment: Directory /srv/user_formulas is in the correct state
     Started: 01:11:03.572822
    Duration: 0.563 ms
     Changes:
----------
          ID: /srv/user_salt/top.sls
    Function: file.managed
      Result: True
     Comment: File /srv/user_salt/top.sls exists with proper permissions. No changes made.
     Started: 01:11:03.575288
    Duration: 0.629 ms
     Changes:
----------
          ID: /srv/user_pillar/top.sls
    Function: file.managed
      Result: True
     Comment: File /srv/user_pillar/top.sls exists with proper permissions. No changes made.
     Started: 01:11:03.577717
    Duration: 0.533 ms
     Changes:
----------
          ID: /srv/user_salt/locale
    Function: file.directory
      Result: True
     Comment: Directory /srv/user_salt/locale is in the correct state
     Started: 01:11:03.580096
    Duration: 0.82 ms
     Changes:
----------
          ID: /srv/user_salt/locale/init.sls
    Function: file.managed
      Result: True
     Comment: File /srv/user_salt/locale/init.sls exists with proper permissions. No changes made.
     Started: 01:11:03.582680
    Duration: 0.532 ms
     Changes:

Summary
-------------
Succeeded: 23 (changed=5)
Failed:     0
-------------
Total states run:     23

[adrelanos]

Did you have Whonix configuration enabled previously?

You tell me. This system was upgraded R3 -> R3.1. Whonix template rpms very installed and uninstalled many times. I did not manually invoke salt before. Hope that answers your question.

In meanwhile I experimented with systemd enabling and starting the salt-minion service. Not sure that had any influence or was sane.

VMs are not properly created and configured. However, the first part of running highstate indicates an error. Please tell me if that is expected.

[ERROR ] Command 'systemctl status salt-minion.service' failed with return code: 3
[ERROR ] output: salt-minion.service - The Salt Minion

---

sudo qubesctl top.disabled
local:
    ----------
    dom0:
        - /srv/formulas/dom0/virtual-machines-formula/qvm/sys-net.top
        - /srv/formulas/dom0/virtual-machines-formula/qvm/sys-net-with-usb.top
        - /srv/formulas/dom0/virtual-machines-formula/qvm/anon-whonix.top
        - /srv/formulas/dom0/virtual-machines-formula/qvm/untrusted.top
        - /srv/formulas/dom0/virtual-machines-formula/qvm/vault.top
        - /srv/formulas/dom0/virtual-machines-formula/qvm/personal.top
        - /srv/formulas/dom0/virtual-machines-formula/qvm/work.top
        - /srv/formulas/dom0/virtual-machines-formula/qvm/sys-usb.top
        - /srv/formulas/dom0/virtual-machines-formula/qvm/sys-whonix.top
        - /srv/formulas/dom0/virtual-machines-formula/qvm/sys-firewall.top
    test:
        - /srv/formulas/test/update-formula/update/tests.top
        - /srv/formulas/test/qvm-formula/qvm/init.top

sudo qubesctl top.enable qvm.sys-whonix qvm.anon-whonix
local:
    ----------
    qvm.anon-whonix.top:
        ----------
        status:
            enabled
    qvm.sys-whonix.top:
        ----------
        status:
            enabled

sudo qubesctl state.highstate
[ERROR   ] Command 'systemctl status salt-minion.service' failed with return code: 3
[ERROR   ] output: salt-minion.service - The Salt Minion
   Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; disabled)
   Active: inactive (dead)

May 10 01:00:46 dom0 systemd[1]: Starting The Salt Minion...
May 10 01:00:46 dom0 systemd[1]: Started The Salt Minion.
May 10 01:00:56 dom0 systemd[1]: Stopping The Salt Minion...
May 10 01:00:56 dom0 systemd[1]: Stopped The Salt Minion.
May 10 01:01:53 dom0 systemd[1]: Starting The Salt Minion...
May 10 01:01:53 dom0 systemd[1]: Started The Salt Minion.
May 10 01:02:43 dom0 systemd[1]: Stopping The Salt Minion...
May 10 01:02:43 dom0 systemd[1]: Stopped The Salt Minion.
[ERROR   ] Command 'systemctl is-active salt-minion.service' failed with return code: 3
[ERROR   ] output: unknown
local:
----------
          ID: template-whonix-ws
    Function: pkg.installed
        Name: qubes-template-whonix-ws
      Result: True
     Comment: Package qubes-template-whonix-ws is already installed.
     Started: 01:10:46.108998
    Duration: 2687.926 ms
     Changes:
----------
          ID: template-whonix-gw
    Function: pkg.installed
        Name: qubes-template-whonix-gw
      Result: True
     Comment: Package qubes-template-whonix-gw is already installed.
     Started: 01:10:48.797026
    Duration: 0.294 ms
     Changes:
----------
          ID: sys-net
    Function: qvm.exists
      Result: True
     Comment: /usr/bin/qvm-check sys-net
              A VM with the name 'sys-net' does exist.
     Started: 01:10:48.842578
    Duration: 308.739 ms
     Changes:
----------
          ID: sys-firewall
    Function: qvm.exists
      Result: True
     Comment: /usr/bin/qvm-check sys-firewall
              A VM with the name 'sys-firewall' does exist.
     Started: 01:10:49.153415
    Duration: 294.567 ms
     Changes:
----------
          ID: sys-whonix
    Function: qvm.vm
      Result: True
     Comment: ====== ['present'] ======
              /usr/bin/qvm-check sys-whonix
              A VM with the name 'sys-whonix' does exist.

              ====== ['prefs'] ======
              /usr/bin/qvm-prefs  --set sys-whonix autostart "True"
              /usr/bin/qvm-prefs  --set sys-whonix netvm "sys-firewall"
     Started: 01:10:49.450863
    Duration: 7349.147 ms
     Changes:
              ----------
              qvm.prefs:
                  ----------
                  qvm.create:
                      ----------
                      autostart:
                          ----------
                          new:
                              True
                          old:
                              False
                      netvm:
                          ----------
                          new:
                              sys-firewall
                          old:
                              None
----------
          ID: whonix-gw
    Function: qvm.vm
      Result: True
     Comment: ====== ['prefs'] ======
              /usr/bin/qvm-prefs  --set whonix-gw netvm "sys-whonix"
     Started: 01:10:56.802858
    Duration: 328.621 ms
     Changes:
              ----------
              qvm.prefs:
                  ----------
                  qvm.create:
                      ----------
                      netvm:
                          ----------
                          new:
                              sys-whonix
                          old:
                              sys-firewall
----------
          ID: anon-whonix
    Function: qvm.vm
      Result: True
     Comment: ====== ['present'] ======
              /usr/bin/qvm-check anon-whonix
              A VM with the name 'anon-whonix' does exist.

              ====== ['prefs'] ======
              /usr/bin/qvm-prefs  --set anon-whonix netvm "sys-whonix"
     Started: 01:10:57.134462
    Duration: 5326.416 ms
     Changes:
              ----------
              qvm.prefs:
                  ----------
                  qvm.create:
                      ----------
                      netvm:
                          ----------
                          new:
                              sys-whonix
                          old:
                              sys-firewall
----------
          ID: whonix-ws
    Function: qvm.vm
      Result: True
     Comment: ====== ['prefs'] ======
              /usr/bin/qvm-prefs  --set whonix-ws netvm "sys-whonix"
     Started: 01:11:02.463583
    Duration: 334.221 ms
     Changes:
              ----------
              qvm.prefs:
                  ----------
                  qvm.create:
                      ----------
                      netvm:
                          ----------
                          new:
                              sys-whonix
                          old:
                              sys-firewall
----------
          ID: directory_srv_pillar
    Function: file.directory
        Name: /srv/pillar
      Result: True
     Comment: Directory /srv/pillar is in the correct state
     Started: 01:11:02.799872
    Duration: 7.383 ms
     Changes:
----------
          ID: directory_srv_salt
    Function: file.directory
        Name: /srv/salt
      Result: True
     Comment: Directory /srv/salt updated
     Started: 01:11:02.808812
    Duration: 26.92 ms
     Changes:
              ----------
              mode:
                  0750
----------
          ID: directory_srv_reactor
    Function: file.directory
        Name: /srv/reactor
      Result: True
     Comment: Directory /srv/reactor is in the correct state
     Started: 01:11:02.837396
    Duration: 1.017 ms
     Changes:
----------
          ID: directory_srv_formulas
    Function: file.directory
        Name: /srv/formulas
      Result: True
     Comment: Directory /srv/formulas is in the correct state
     Started: 01:11:02.839948
    Duration: 13.396 ms
     Changes:
----------
          ID: directory_srv_spm
    Function: file.directory
        Name: /srv/spm
      Result: True
     Comment: Directory /srv/spm is in the correct state
     Started: 01:11:02.855090
    Duration: 0.572 ms
     Changes:
----------
          ID: topd-always-passes
    Function: test.succeed_without_changes
        Name: foo
      Result: True
     Comment: Success!
     Started: 01:11:02.857192
    Duration: 0.395 ms
     Changes:
----------
          ID: salt-standalone-config
    Function: file.recurse
        Name: /etc/salt/minion.d
      Result: True
     Comment: The directory /etc/salt/minion.d is in the correct state
     Started: 01:11:02.859013
    Duration: 82.01 ms
     Changes:
----------
          ID: salt-standalone-config
    Function: service.dead
        Name: salt-minion
      Result: True
     Comment: Service salt-minion is already disabled, and is in the desired state
     Started: 01:11:02.942853
    Duration: 622.096 ms
     Changes:
----------
          ID: directory_srv_user_salt
    Function: file.directory
        Name: /srv/user_salt
      Result: True
     Comment: Directory /srv/user_salt is in the correct state
     Started: 01:11:03.567107
    Duration: 1.676 ms
     Changes:
----------
          ID: directory_srv_user_pillar
    Function: file.directory
        Name: /srv/user_pillar
      Result: True
     Comment: Directory /srv/user_pillar is in the correct state
     Started: 01:11:03.570345
    Duration: 0.962 ms
     Changes:
----------
          ID: directory_srv_user_formulas
    Function: file.directory
        Name: /srv/user_formulas
      Result: True
     Comment: Directory /srv/user_formulas is in the correct state
     Started: 01:11:03.572822
    Duration: 0.563 ms
     Changes:
----------
          ID: /srv/user_salt/top.sls
    Function: file.managed
      Result: True
     Comment: File /srv/user_salt/top.sls exists with proper permissions. No changes made.
     Started: 01:11:03.575288
    Duration: 0.629 ms
     Changes:
----------
          ID: /srv/user_pillar/top.sls
    Function: file.managed
      Result: True
     Comment: File /srv/user_pillar/top.sls exists with proper permissions. No changes made.
     Started: 01:11:03.577717
    Duration: 0.533 ms
     Changes:
----------
          ID: /srv/user_salt/locale
    Function: file.directory
      Result: True
     Comment: Directory /srv/user_salt/locale is in the correct state
     Started: 01:11:03.580096
    Duration: 0.82 ms
     Changes:
----------
          ID: /srv/user_salt/locale/init.sls
    Function: file.managed
      Result: True
     Comment: File /srv/user_salt/locale/init.sls exists with proper permissions. No changes made.
     Started: 01:11:03.582680
    Duration: 0.532 ms
     Changes:

Summary
-------------
Succeeded: 23 (changed=5)
Failed:     0
-------------
Total states run:     23

[marmarek]

On Mon, May 09, 2016 at 04:16:52PM -0700, Patrick Schleizer wrote:

Did you have Whonix configuration enabled previously?

You tell me. This system was upgraded R3 -> R3.1. Whonix template rpms very installed and uninstalled many times. I did not manually invoke salt before. Hope that answers your question.

This means you haven't it enabled.

In meanwhile I experimented with systemd enabling and starting the salt-minion service. Not sure that had any influence or was sane.

Shouldn't break anythink, but does not help either, as we're not using
salt-minion service.

VMs are not properly created and configured. However, the first part of running highstate indicates an error. Please tell me if that is expected.

[ERROR ] Command 'systemctl status salt-minion.service' failed with return code: 3
[ERROR ] output: salt-minion.service - The Salt Minion

Yes, that's safe to ignore.

(...)

local:

      ID: template-whonix-ws
Function: pkg.installed
    Name: qubes-template-whonix-ws
  Result: True
 Comment: Package qubes-template-whonix-ws is already installed.
 Started: 01:10:46.108998
Duration: 2687.926 ms
 Changes:

---

      ID: template-whonix-gw
Function: pkg.installed
    Name: qubes-template-whonix-gw
  Result: True
 Comment: Package qubes-template-whonix-gw is already installed.
 Started: 01:10:48.797026
Duration: 0.294 ms
 Changes:

---

      ID: sys-net
Function: qvm.exists
  Result: True
 Comment: /usr/bin/qvm-check sys-net
          A VM with the name 'sys-net' does exist.
 Started: 01:10:48.842578
Duration: 308.739 ms
 Changes:

---

      ID: sys-firewall
Function: qvm.exists
  Result: True
 Comment: /usr/bin/qvm-check sys-firewall
          A VM with the name 'sys-firewall' does exist.
 Started: 01:10:49.153415
Duration: 294.567 ms
 Changes:

---

      ID: sys-whonix
Function: qvm.vm
  Result: True
 Comment: ====== ['present'] ======
          /usr/bin/qvm-check sys-whonix
          A VM with the name 'sys-whonix' does exist.

          ====== ['prefs'] ======
          /usr/bin/qvm-prefs  --set sys-whonix autostart "True"
          /usr/bin/qvm-prefs  --set sys-whonix netvm "sys-firewall"
 Started: 01:10:49.450863
Duration: 7349.147 ms
 Changes:
          ----------
          qvm.prefs:
              ----------
              qvm.create:
                  ----------
                  autostart:
                      ----------
                      new:
                          True
                      old:
                          False
                  netvm:
                      ----------
                      new:
                          sys-firewall
                      old:
                          None

---

      ID: whonix-gw
Function: qvm.vm
  Result: True
 Comment: ====== ['prefs'] ======
          /usr/bin/qvm-prefs  --set whonix-gw netvm "sys-whonix"
 Started: 01:10:56.802858
Duration: 328.621 ms
 Changes:
          ----------
          qvm.prefs:
              ----------
              qvm.create:
                  ----------
                  netvm:
                      ----------
                      new:
                          sys-whonix
                      old:
                          sys-firewall

---

      ID: anon-whonix
Function: qvm.vm
  Result: True
 Comment: ====== ['present'] ======
          /usr/bin/qvm-check anon-whonix
          A VM with the name 'anon-whonix' does exist.

          ====== ['prefs'] ======
          /usr/bin/qvm-prefs  --set anon-whonix netvm "sys-whonix"
 Started: 01:10:57.134462
Duration: 5326.416 ms
 Changes:
          ----------
          qvm.prefs:
              ----------
              qvm.create:
                  ----------
                  netvm:
                      ----------
                      new:
                          sys-whonix
                      old:
                          sys-firewall

---

      ID: whonix-ws
Function: qvm.vm
  Result: True
 Comment: ====== ['prefs'] ======
          /usr/bin/qvm-prefs  --set whonix-ws netvm "sys-whonix"
 Started: 01:11:02.463583
Duration: 334.221 ms
 Changes:
          ----------
          qvm.prefs:
              ----------
              qvm.create:
                  ----------
                  netvm:
                      ----------
                      new:
                          sys-whonix
                      old:
                          sys-firewall

(...)

Summary

Succeeded: 23 (changed=5)

Failed: 0

Total states run: 23

Looks like a success.

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

[marmarek]

On Mon, May 09, 2016 at 04:16:52PM -0700, Patrick Schleizer wrote:

Did you have Whonix configuration enabled previously?

You tell me. This system was upgraded R3 -> R3.1. Whonix template rpms very installed and uninstalled many times. I did not manually invoke salt before. Hope that answers your question.

This means you haven't it enabled.

In meanwhile I experimented with systemd enabling and starting the salt-minion service. Not sure that had any influence or was sane.

Shouldn't break anythink, but does not help either, as we're not using
salt-minion service.

VMs are not properly created and configured. However, the first part of running highstate indicates an error. Please tell me if that is expected.

[ERROR ] Command 'systemctl status salt-minion.service' failed with return code: 3
[ERROR ] output: salt-minion.service - The Salt Minion

Yes, that's safe to ignore.

(...)

local:

      ID: template-whonix-ws
Function: pkg.installed
    Name: qubes-template-whonix-ws
  Result: True
 Comment: Package qubes-template-whonix-ws is already installed.
 Started: 01:10:46.108998
Duration: 2687.926 ms
 Changes:

---

      ID: template-whonix-gw
Function: pkg.installed
    Name: qubes-template-whonix-gw
  Result: True
 Comment: Package qubes-template-whonix-gw is already installed.
 Started: 01:10:48.797026
Duration: 0.294 ms
 Changes:

---

      ID: sys-net
Function: qvm.exists
  Result: True
 Comment: /usr/bin/qvm-check sys-net
          A VM with the name 'sys-net' does exist.
 Started: 01:10:48.842578
Duration: 308.739 ms
 Changes:

---

      ID: sys-firewall
Function: qvm.exists
  Result: True
 Comment: /usr/bin/qvm-check sys-firewall
          A VM with the name 'sys-firewall' does exist.
 Started: 01:10:49.153415
Duration: 294.567 ms
 Changes:

---

      ID: sys-whonix
Function: qvm.vm
  Result: True
 Comment: ====== ['present'] ======
          /usr/bin/qvm-check sys-whonix
          A VM with the name 'sys-whonix' does exist.

          ====== ['prefs'] ======
          /usr/bin/qvm-prefs  --set sys-whonix autostart "True"
          /usr/bin/qvm-prefs  --set sys-whonix netvm "sys-firewall"
 Started: 01:10:49.450863
Duration: 7349.147 ms
 Changes:
          ----------
          qvm.prefs:
              ----------
              qvm.create:
                  ----------
                  autostart:
                      ----------
                      new:
                          True
                      old:
                          False
                  netvm:
                      ----------
                      new:
                          sys-firewall
                      old:
                          None

---

      ID: whonix-gw
Function: qvm.vm
  Result: True
 Comment: ====== ['prefs'] ======
          /usr/bin/qvm-prefs  --set whonix-gw netvm "sys-whonix"
 Started: 01:10:56.802858
Duration: 328.621 ms
 Changes:
          ----------
          qvm.prefs:
              ----------
              qvm.create:
                  ----------
                  netvm:
                      ----------
                      new:
                          sys-whonix
                      old:
                          sys-firewall

---

      ID: anon-whonix
Function: qvm.vm
  Result: True
 Comment: ====== ['present'] ======
          /usr/bin/qvm-check anon-whonix
          A VM with the name 'anon-whonix' does exist.

          ====== ['prefs'] ======
          /usr/bin/qvm-prefs  --set anon-whonix netvm "sys-whonix"
 Started: 01:10:57.134462
Duration: 5326.416 ms
 Changes:
          ----------
          qvm.prefs:
              ----------
              qvm.create:
                  ----------
                  netvm:
                      ----------
                      new:
                          sys-whonix
                      old:
                          sys-firewall

---

      ID: whonix-ws
Function: qvm.vm
  Result: True
 Comment: ====== ['prefs'] ======
          /usr/bin/qvm-prefs  --set whonix-ws netvm "sys-whonix"
 Started: 01:11:02.463583
Duration: 334.221 ms
 Changes:
          ----------
          qvm.prefs:
              ----------
              qvm.create:
                  ----------
                  netvm:
                      ----------
                      new:
                          sys-whonix
                      old:
                          sys-firewall

(...)

Summary

Succeeded: 23 (changed=5)

Failed: 0

Total states run: 23

Looks like a success.

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

[marmarek]

Github, seriously? Pasting the same via web...
On Mon, May 09, 2016 at 04:16:52PM -0700, Patrick Schleizer wrote:

Did you have Whonix configuration enabled previously?

You tell me. This system was upgraded R3 -> R3.1. Whonix template rpms very installed and
uninstalled many times. I did not manually invoke salt before. Hope that answers your question.

This means you haven't it enabled.

In meanwhile I experimented with systemd enabling and starting the salt-minion service. Not
sure that had any influence or was sane.

Shouldn't break anythink, but does not help either, as we're not using
salt-minion service.

VMs are not properly created and configured. However, the first part of running highstate
indicates an error. Please tell me if that is expected.

[ERROR ] Command 'systemctl status salt-minion.service' failed with return code: 3
[ERROR ] output: salt-minion.service - The Salt Minion

Yes, that's safe to ignore.

(...)

local:
----------
          ID: template-whonix-ws
    Function: pkg.installed
        Name: qubes-template-whonix-ws
      Result: True
     Comment: Package qubes-template-whonix-ws is already installed.
     Started: 01:10:46.108998
    Duration: 2687.926 ms
     Changes:
----------
          ID: template-whonix-gw
    Function: pkg.installed
        Name: qubes-template-whonix-gw
      Result: True
     Comment: Package qubes-template-whonix-gw is already installed.
     Started: 01:10:48.797026
    Duration: 0.294 ms
     Changes:
----------
          ID: sys-net
    Function: qvm.exists
      Result: True
     Comment: /usr/bin/qvm-check sys-net
              A VM with the name 'sys-net' does exist.
     Started: 01:10:48.842578
    Duration: 308.739 ms
     Changes:
----------
          ID: sys-firewall
    Function: qvm.exists
      Result: True
     Comment: /usr/bin/qvm-check sys-firewall
              A VM with the name 'sys-firewall' does exist.
     Started: 01:10:49.153415
    Duration: 294.567 ms
     Changes:
----------
          ID: sys-whonix
    Function: qvm.vm
      Result: True
     Comment: ====== ['present'] ======
              /usr/bin/qvm-check sys-whonix
              A VM with the name 'sys-whonix' does exist.

              ====== ['prefs'] ======
              /usr/bin/qvm-prefs  --set sys-whonix autostart "True"
              /usr/bin/qvm-prefs  --set sys-whonix netvm "sys-firewall"
     Started: 01:10:49.450863
    Duration: 7349.147 ms
     Changes:
              ----------
              qvm.prefs:
                  ----------
                  qvm.create:
                      ----------
                      autostart:
                          ----------
                          new:
                              True
                          old:
                              False
                      netvm:
                          ----------
                          new:
                              sys-firewall
                          old:
                              None
----------
          ID: whonix-gw
    Function: qvm.vm
      Result: True
     Comment: ====== ['prefs'] ======
              /usr/bin/qvm-prefs  --set whonix-gw netvm "sys-whonix"
     Started: 01:10:56.802858
    Duration: 328.621 ms
     Changes:
              ----------
              qvm.prefs:
                  ----------
                  qvm.create:
                      ----------
                      netvm:
                          ----------
                          new:
                              sys-whonix
                          old:
                              sys-firewall
----------
          ID: anon-whonix
    Function: qvm.vm
      Result: True
     Comment: ====== ['present'] ======
              /usr/bin/qvm-check anon-whonix
              A VM with the name 'anon-whonix' does exist.

              ====== ['prefs'] ======
              /usr/bin/qvm-prefs  --set anon-whonix netvm "sys-whonix"
     Started: 01:10:57.134462
    Duration: 5326.416 ms
     Changes:
              ----------
              qvm.prefs:
                  ----------
                  qvm.create:
                      ----------
                      netvm:
                          ----------
                          new:
                              sys-whonix
                          old:
                              sys-firewall
----------
          ID: whonix-ws
    Function: qvm.vm
      Result: True
     Comment: ====== ['prefs'] ======
              /usr/bin/qvm-prefs  --set whonix-ws netvm "sys-whonix"
     Started: 01:11:02.463583
    Duration: 334.221 ms
     Changes:
              ----------
              qvm.prefs:
                  ----------
                  qvm.create:
                      ----------
                      netvm:
                          ----------
                          new:
                              sys-whonix
                          old:
                              sys-firewall

(...)

Summary
-------------
Succeeded: 23 (changed=5)
Failed:     0
-------------
Total states run:     23

Looks like a success.

[marmarek]

Github, seriously? Pasting the same via web...
On Mon, May 09, 2016 at 04:16:52PM -0700, Patrick Schleizer wrote:

Did you have Whonix configuration enabled previously?

You tell me. This system was upgraded R3 -> R3.1. Whonix template rpms very installed and
uninstalled many times. I did not manually invoke salt before. Hope that answers your question.

This means you haven't it enabled.

In meanwhile I experimented with systemd enabling and starting the salt-minion service. Not
sure that had any influence or was sane.

Shouldn't break anythink, but does not help either, as we're not using
salt-minion service.

VMs are not properly created and configured. However, the first part of running highstate
indicates an error. Please tell me if that is expected.

[ERROR ] Command 'systemctl status salt-minion.service' failed with return code: 3
[ERROR ] output: salt-minion.service - The Salt Minion

Yes, that's safe to ignore.

(...)

local:
----------
          ID: template-whonix-ws
    Function: pkg.installed
        Name: qubes-template-whonix-ws
      Result: True
     Comment: Package qubes-template-whonix-ws is already installed.
     Started: 01:10:46.108998
    Duration: 2687.926 ms
     Changes:
----------
          ID: template-whonix-gw
    Function: pkg.installed
        Name: qubes-template-whonix-gw
      Result: True
     Comment: Package qubes-template-whonix-gw is already installed.
     Started: 01:10:48.797026
    Duration: 0.294 ms
     Changes:
----------
          ID: sys-net
    Function: qvm.exists
      Result: True
     Comment: /usr/bin/qvm-check sys-net
              A VM with the name 'sys-net' does exist.
     Started: 01:10:48.842578
    Duration: 308.739 ms
     Changes:
----------
          ID: sys-firewall
    Function: qvm.exists
      Result: True
     Comment: /usr/bin/qvm-check sys-firewall
              A VM with the name 'sys-firewall' does exist.
     Started: 01:10:49.153415
    Duration: 294.567 ms
     Changes:
----------
          ID: sys-whonix
    Function: qvm.vm
      Result: True
     Comment: ====== ['present'] ======
              /usr/bin/qvm-check sys-whonix
              A VM with the name 'sys-whonix' does exist.

              ====== ['prefs'] ======
              /usr/bin/qvm-prefs  --set sys-whonix autostart "True"
              /usr/bin/qvm-prefs  --set sys-whonix netvm "sys-firewall"
     Started: 01:10:49.450863
    Duration: 7349.147 ms
     Changes:
              ----------
              qvm.prefs:
                  ----------
                  qvm.create:
                      ----------
                      autostart:
                          ----------
                          new:
                              True
                          old:
                              False
                      netvm:
                          ----------
                          new:
                              sys-firewall
                          old:
                              None
----------
          ID: whonix-gw
    Function: qvm.vm
      Result: True
     Comment: ====== ['prefs'] ======
              /usr/bin/qvm-prefs  --set whonix-gw netvm "sys-whonix"
     Started: 01:10:56.802858
    Duration: 328.621 ms
     Changes:
              ----------
              qvm.prefs:
                  ----------
                  qvm.create:
                      ----------
                      netvm:
                          ----------
                          new:
                              sys-whonix
                          old:
                              sys-firewall
----------
          ID: anon-whonix
    Function: qvm.vm
      Result: True
     Comment: ====== ['present'] ======
              /usr/bin/qvm-check anon-whonix
              A VM with the name 'anon-whonix' does exist.

              ====== ['prefs'] ======
              /usr/bin/qvm-prefs  --set anon-whonix netvm "sys-whonix"
     Started: 01:10:57.134462
    Duration: 5326.416 ms
     Changes:
              ----------
              qvm.prefs:
                  ----------
                  qvm.create:
                      ----------
                      netvm:
                          ----------
                          new:
                              sys-whonix
                          old:
                              sys-firewall
----------
          ID: whonix-ws
    Function: qvm.vm
      Result: True
     Comment: ====== ['prefs'] ======
              /usr/bin/qvm-prefs  --set whonix-ws netvm "sys-whonix"
     Started: 01:11:02.463583
    Duration: 334.221 ms
     Changes:
              ----------
              qvm.prefs:
                  ----------
                  qvm.create:
                      ----------
                      netvm:
                          ----------
                          new:
                              sys-whonix
                          old:
                              sys-firewall

(...)

Summary
-------------
Succeeded: 23 (changed=5)
Failed:     0
-------------
Total states run:     23

Looks like a success.

[adrelanos]

The only minor issue so far. Probably not caused by Qubes-Whonix
specifically. libxenstore3.0 xen-utils-common xenstore-utils in the
template are older than in the repository.

(This happened also to builds created by myself.)

Since other packages will require updating as the template ages, perhaps
something worth fixing but not something justifying a new template build.

user@host:~$ sudo apt-get dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
  libxenstore3.0 xen-utils-common xenstore-utils
3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 186 kB of archives.
After this operation, 4,096 B disk space will be freed.
Do you want to continue? [Y/n]
Get:1 http://deb.qubes-os.org/r3.1/vm/ jessie/main libxenstore3.0 amd64
2001:4.6.0-13+deb8u1 [19.2 kB]
Get:2 http://deb.qubes-os.org/r3.1/vm/ jessie/main xenstore-utils amd64
2001:4.6.0-13+deb8u1 [15.9 kB]
Get:3 http://deb.qubes-os.org/r3.1/vm/ jessie/main xen-utils-common all
2001:4.6.0-13+deb8u1 [151 kB]

[adrelanos]

The only minor issue so far. Probably not caused by Qubes-Whonix
specifically. libxenstore3.0 xen-utils-common xenstore-utils in the
template are older than in the repository.

(This happened also to builds created by myself.)

Since other packages will require updating as the template ages, perhaps
something worth fixing but not something justifying a new template build.

user@host:~$ sudo apt-get dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
  libxenstore3.0 xen-utils-common xenstore-utils
3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 186 kB of archives.
After this operation, 4,096 B disk space will be freed.
Do you want to continue? [Y/n]
Get:1 http://deb.qubes-os.org/r3.1/vm/ jessie/main libxenstore3.0 amd64
2001:4.6.0-13+deb8u1 [19.2 kB]
Get:2 http://deb.qubes-os.org/r3.1/vm/ jessie/main xenstore-utils amd64
2001:4.6.0-13+deb8u1 [15.9 kB]
Get:3 http://deb.qubes-os.org/r3.1/vm/ jessie/main xen-utils-common all
2001:4.6.0-13+deb8u1 [151 kB]

[adrelanos]

Do we want to migrate into the templates testing repository? If so, I
think now is justified.

Then I'll write a blog post to encourage testing and move Whonix
packages to Whonix testers repository.

[adrelanos]

Do we want to migrate into the templates testing repository? If so, I
think now is justified.

Then I'll write a blog post to encourage testing and move Whonix
packages to Whonix testers repository.

[marmarek]

Not sure about that... While I see some benefits from having appropriately named templates-testing repository, in practice it will be rarely used (only Whonix major releases?). So maybe "unstable" is good enough. You don't need to enable it permanently, just use qubes-dom0-update --enablerepo=qubes-dom0-unstable for the template installation.

[marmarek]

Not sure about that... While I see some benefits from having appropriately named templates-testing repository, in practice it will be rarely used (only Whonix major releases?). So maybe "unstable" is good enough. You don't need to enable it permanently, just use qubes-dom0-update --enablerepo=qubes-dom0-unstable for the template installation.

[adrelanos]

That is fine. (I had a misconception that we do have such a templates-testing repository. But since we do not, I am not suggesting it.)

Should salt be automatically invoked after manual template installation? Is there an existing ticket or is this a sane feature request?

[adrelanos]

That is fine. (I had a misconception that we do have such a templates-testing repository. But since we do not, I am not suggesting it.)

Should salt be automatically invoked after manual template installation? Is there an existing ticket or is this a sane feature request?

[marmarek]

Actually it is the opposite - salt will install the template if not already installed.

[marmarek]

Actually it is the opposite - salt will install the template if not already installed.

[adrelanos]

On template uninstallation and reinstallation using
yum/qubes-dom0-update, would it make sense for salt to automatically run?

Or after template uninstallation, the reinstallation of Whonix would be
rather recommended using some salt command? Which one?

[adrelanos]

On template uninstallation and reinstallation using
yum/qubes-dom0-update, would it make sense for salt to automatically run?

Or after template uninstallation, the reinstallation of Whonix would be
rather recommended using some salt command? Which one?

[marmarek]

Or after template uninstallation, the reinstallation of Whonix would be rather recommended using some salt command? Which one?

I think this would be a better option. Command - the same as for initial installation - sudo qubesctl state.highstate. But keep in mind it will install from template-community repository (not unstable).

And generally, I think normal users (not developers/testers) do not need to reinstall template ever. Instead - apply standard updates.

[marmarek]

Or after template uninstallation, the reinstallation of Whonix would be rather recommended using some salt command? Which one?

I think this would be a better option. Command - the same as for initial installation - sudo qubesctl state.highstate. But keep in mind it will install from template-community repository (not unstable).

And generally, I think normal users (not developers/testers) do not need to reinstall template ever. Instead - apply standard updates.

[adrelanos]

Since this is done, I propose to close this ticket.

https://www.whonix.org/blog/qubes-whonix-13-0-0-0-7-testers-wanted

[adrelanos]

Since this is done, I propose to close this ticket.

https://www.whonix.org/blog/qubes-whonix-13-0-0-0-7-testers-wanted