moving libusb1 from PyPI to GitHub releases

it looks like the upstream PyPI signature bugs are more widespread than just python_gnupg I've worked with the devs to ensure releases are getting uploaded to GitHub so our builds aren't blocked by PyPI bugs breaking PGP signatures * #78 * vsajip/python-gnupg#234 * vpelletier/python-libusb1#96 Now we download from GitHub's website instead of PyPI's website, so 404 errors from PyPI won't break the builds. TODO: update this to query the GitHub API and grab the latest release (currently they're just hardcoded & pinned as a quick fix)
BusKill · Mar 6, 2024 · 35ec014 · 35ec014
1 parent a103f30
commit 35ec014
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/build/linux/buildAppImage.sh b/build/linux/buildAppImage.sh
@@ -233,6 +233,7 @@ pushd "${tmpDir}"
 # changing to use the files on GitHub, since the sigs are no longer available
 # from PyPI
 # * https://github.com/BusKill/buskill-app/issues/78
+# TODO: update this to query the GitHub API and grab the latest release
 #${SUDO} ${SU} -c "${PYTHON} -m pip download python-gnupg"
 #signature_url=`${SUDO} ${SU} -c "curl -s https://pypi.org/simple/python-gnupg/" | grep -oE "https://.*${filename}#" | sed 's/#/.asc/'`
 file_url='https://github.com/vsajip/python-gnupg/releases/download/0.5.2/python_gnupg-0.5.2-py2.py3-none-any.whl'
@@ -264,9 +265,17 @@ tmpDir="`mktemp -d`" || exit 1
 ${SUDO} chown ${DOWNLOAD_USERNAME}:${CURRENT_GROUP} "${tmpDir}"
 ${SUDO} chmod 0770 "${tmpDir}"
 pushd "${tmpDir}"
-${SUDO} ${SU} -c "${PYTHON} -m pip download libusb1"
+
+# changing to use the files on GitHub, since the sigs are no longer available
+# from PyPI
+# * https://github.com/BusKill/buskill-app/issues/78
+# TODO: update this to query the GitHub API and grab the latest release
+#${SUDO} ${SU} -c "${PYTHON} -m pip download libusb1"
+#signature_url=`${SUDO} ${SU} -c "curl -s https://pypi.org/simple/libusb1/" | grep -oE "https://.*${filename}#" | sed 's/#/.asc/'`
+file_url='https://github.com/vpelletier/python-libusb1/releases/download/3.1.0/libusb1-3.1.0-py3-none-any.whl.asc'
+signature_url='https://github.com/vpelletier/python-libusb1/releases/download/3.1.0/libusb1-3.1.0-py3-none-any.whl.asc'
+${SUDO} ${SU} -c "wget \"${file_url}\""
 filename="`ls -1 | head -n1`"
-signature_url=`${SUDO} ${SU} -c "curl -s https://pypi.org/simple/libusb1/" | grep -oE "https://.*${filename}#" | sed 's/#/.asc/'`
 ${SUDO} ${SU} -c "wget \"${signature_url}\""
 
 mkdir gnupg