diff options
author | Sam James <sam@gentoo.org> | 2022-04-07 21:53:31 +0100 |
---|---|---|
committer | Sam James <sam@gentoo.org> | 2022-04-07 21:55:26 +0100 |
commit | 64fabbc32105b814d1ad90f2e71f7309f1e2da1e (patch) | |
tree | dac9524adb344668afe0d5873231ef8ad26a071c /sys-libs | |
parent | sec-keys/openpgp-keys-musl: new package, add 20220407 (diff) | |
download | gentoo-64fabbc32105b814d1ad90f2e71f7309f1e2da1e.tar.gz gentoo-64fabbc32105b814d1ad90f2e71f7309f1e2da1e.tar.bz2 gentoo-64fabbc32105b814d1ad90f2e71f7309f1e2da1e.zip |
sys-libs/musl: add verify-sig
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'sys-libs')
-rw-r--r-- | sys-libs/musl/Manifest | 1 | ||||
-rw-r--r-- | sys-libs/musl/musl-1.2.2-r8.ebuild | 32 | ||||
-rw-r--r-- | sys-libs/musl/musl-9999.ebuild | 32 |
3 files changed, 49 insertions, 16 deletions
diff --git a/sys-libs/musl/Manifest b/sys-libs/musl/Manifest index 33b6ddc01148..c94ab71e6cf2 100644 --- a/sys-libs/musl/Manifest +++ b/sys-libs/musl/Manifest @@ -1,4 +1,5 @@ DIST getconf.c 11614 BLAKE2B ba49a573fc16d51780a0b0b81fbf7b64a1142f1dbad203c9609a59b6b07e7404f676c415383ae88c0aede95694821f6ee381bffd93cc3330501e17dc07d122bd SHA512 0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d DIST iconv.c 2577 BLAKE2B 070ca87b30c90ab98c27d5faf7a2fcb64ff7c67ca212ee6072165b2146979c551f714954dbd465462a171837c59b6ea027e0206458a2df0f977e45f01be3ce48 SHA512 9d42d66fb1facce2b85dad919be5be819ee290bd26ca2db00982b2f8e055a0196290a008711cbe2b18ec9eee8d2270e3b3a4692c5a1b807013baa5c2b70a2bbf DIST musl-1.2.2.tar.gz 1055220 BLAKE2B a000357ed52e417d8cebe5537df658dc0f8f02f2da3efcd79125544ad63e11e05fa96136551d0bfeb09a3f6c9a2260bffcfbd329ea92e6a7b62aa690f48968aa SHA512 5344b581bd6463d71af8c13e91792fa51f25a96a1ecbea81e42664b63d90b325aeb421dfbc8c22e187397ca08e84d9296a0c0c299ba04fa2b751d6864914bd82 +DIST musl-1.2.2.tar.gz.asc 490 BLAKE2B 8eb21bcfcbaf9d567c0a2bba468055d4ed86a9fb33126f50870ed0cb192ec8ab826d64dc129a0b4e78a7808309c006ce4fe5edae1099bc4c516c1ad4382a591d SHA512 9d76bd9d88438e21689d37d7c519bc5575fa72b121ddf89c55c1a2246ecf423664d8e5199192720d652f6d08229f9b17b5520465d49b12ed2ba80814d1d8e9d8 DIST musl-getent-93a08815f8598db442d8b766b463d0150ed8e2ab.c 11656 BLAKE2B 1b7bf7102a1eb91a8cb881ed8ca65eb8eed911dd50238e97dc2952d89d4c6ebed6bfd046a2b38776c550b2872ab54ced8cb452fcc2ad56e5616f722debda761f SHA512 7f5b9d934d82deb5f8b23e16169a5d9b99ccab3a4708df06a95d685e1b24a3a3e69b3dcf4942f2f66c12a3d4bf0c5827e2ee2e8c4d7b1997359fccc2ac212dee diff --git a/sys-libs/musl/musl-1.2.2-r8.ebuild b/sys-libs/musl/musl-1.2.2-r8.ebuild index 34fc6172b105..0f071f2ac487 100644 --- a/sys-libs/musl/musl-1.2.2-r8.ebuild +++ b/sys-libs/musl/musl-1.2.2-r8.ebuild @@ -8,8 +8,14 @@ if [[ ${PV} == "9999" ]] ; then EGIT_REPO_URI="git://git.musl-libc.org/musl" inherit git-r3 else - SRC_URI="http://www.musl-libc.org/releases/${P}.tar.gz" + VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/musl.asc + inherit verify-sig + + SRC_URI="https://musl.libc.org/releases/${P}.tar.gz" + SRC_URI+=" verify-sig? ( https://musl.libc.org/releases/${P}.tar.gz.asc )" KEYWORDS="-* ~amd64 ~arm ~arm64 ~mips ~ppc ~ppc64 ~riscv ~x86" + + BDEPEND="verify-sig? ( sec-keys/openpgp-keys-musl )" fi GETENT_COMMIT="93a08815f8598db442d8b766b463d0150ed8e2ab" GETENT_FILE="musl-getent-${GETENT_COMMIT}.c" @@ -60,19 +66,29 @@ pkg_setup() { } src_unpack() { - if [[ ${PV} == 9999 ]]; then + if [[ ${PV} == 9999 ]] ; then git-r3_src_unpack - else - unpack "${P}.tar.gz" + elif use verify-sig ; then + # We only verify the release; not the additional (fixed, safe) files + # we download. + verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} fi - mkdir misc || die - cp "${DISTDIR}"/getconf.c misc/getconf.c || die - cp "${DISTDIR}/${GETENT_FILE}" misc/getent.c || die - cp "${DISTDIR}"/iconv.c misc/iconv.c || die + + default +} + +src_prepare() { + default + + mkdir "${WORKDIR}"/misc || die + cp "${DISTDIR}"/getconf.c "${WORKDIR}"/misc/getconf.c || die + cp "${DISTDIR}/${GETENT_FILE}" "${WORKDIR}"/misc/getent.c || die + cp "${DISTDIR}"/iconv.c "${WORKDIR}"/misc/iconv.c || die } src_configure() { tc-getCC ${CTARGET} + just_headers && export CC=true local sysroot diff --git a/sys-libs/musl/musl-9999.ebuild b/sys-libs/musl/musl-9999.ebuild index 34fc6172b105..0f071f2ac487 100644 --- a/sys-libs/musl/musl-9999.ebuild +++ b/sys-libs/musl/musl-9999.ebuild @@ -8,8 +8,14 @@ if [[ ${PV} == "9999" ]] ; then EGIT_REPO_URI="git://git.musl-libc.org/musl" inherit git-r3 else - SRC_URI="http://www.musl-libc.org/releases/${P}.tar.gz" + VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/musl.asc + inherit verify-sig + + SRC_URI="https://musl.libc.org/releases/${P}.tar.gz" + SRC_URI+=" verify-sig? ( https://musl.libc.org/releases/${P}.tar.gz.asc )" KEYWORDS="-* ~amd64 ~arm ~arm64 ~mips ~ppc ~ppc64 ~riscv ~x86" + + BDEPEND="verify-sig? ( sec-keys/openpgp-keys-musl )" fi GETENT_COMMIT="93a08815f8598db442d8b766b463d0150ed8e2ab" GETENT_FILE="musl-getent-${GETENT_COMMIT}.c" @@ -60,19 +66,29 @@ pkg_setup() { } src_unpack() { - if [[ ${PV} == 9999 ]]; then + if [[ ${PV} == 9999 ]] ; then git-r3_src_unpack - else - unpack "${P}.tar.gz" + elif use verify-sig ; then + # We only verify the release; not the additional (fixed, safe) files + # we download. + verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} fi - mkdir misc || die - cp "${DISTDIR}"/getconf.c misc/getconf.c || die - cp "${DISTDIR}/${GETENT_FILE}" misc/getent.c || die - cp "${DISTDIR}"/iconv.c misc/iconv.c || die + + default +} + +src_prepare() { + default + + mkdir "${WORKDIR}"/misc || die + cp "${DISTDIR}"/getconf.c "${WORKDIR}"/misc/getconf.c || die + cp "${DISTDIR}/${GETENT_FILE}" "${WORKDIR}"/misc/getent.c || die + cp "${DISTDIR}"/iconv.c "${WORKDIR}"/misc/iconv.c || die } src_configure() { tc-getCC ${CTARGET} + just_headers && export CC=true local sysroot |