summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSam James <sam@gentoo.org>2022-04-07 21:53:31 +0100
committerSam James <sam@gentoo.org>2022-04-07 21:55:26 +0100
commit64fabbc32105b814d1ad90f2e71f7309f1e2da1e (patch)
treedac9524adb344668afe0d5873231ef8ad26a071c /sys-libs
parentsec-keys/openpgp-keys-musl: new package, add 20220407 (diff)
downloadgentoo-64fabbc32105b814d1ad90f2e71f7309f1e2da1e.tar.gz
gentoo-64fabbc32105b814d1ad90f2e71f7309f1e2da1e.tar.bz2
gentoo-64fabbc32105b814d1ad90f2e71f7309f1e2da1e.zip
sys-libs/musl: add verify-sig
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'sys-libs')
-rw-r--r--sys-libs/musl/Manifest1
-rw-r--r--sys-libs/musl/musl-1.2.2-r8.ebuild32
-rw-r--r--sys-libs/musl/musl-9999.ebuild32
3 files changed, 49 insertions, 16 deletions
diff --git a/sys-libs/musl/Manifest b/sys-libs/musl/Manifest
index 33b6ddc01148..c94ab71e6cf2 100644
--- a/sys-libs/musl/Manifest
+++ b/sys-libs/musl/Manifest
@@ -1,4 +1,5 @@
DIST getconf.c 11614 BLAKE2B ba49a573fc16d51780a0b0b81fbf7b64a1142f1dbad203c9609a59b6b07e7404f676c415383ae88c0aede95694821f6ee381bffd93cc3330501e17dc07d122bd SHA512 0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d
DIST iconv.c 2577 BLAKE2B 070ca87b30c90ab98c27d5faf7a2fcb64ff7c67ca212ee6072165b2146979c551f714954dbd465462a171837c59b6ea027e0206458a2df0f977e45f01be3ce48 SHA512 9d42d66fb1facce2b85dad919be5be819ee290bd26ca2db00982b2f8e055a0196290a008711cbe2b18ec9eee8d2270e3b3a4692c5a1b807013baa5c2b70a2bbf
DIST musl-1.2.2.tar.gz 1055220 BLAKE2B a000357ed52e417d8cebe5537df658dc0f8f02f2da3efcd79125544ad63e11e05fa96136551d0bfeb09a3f6c9a2260bffcfbd329ea92e6a7b62aa690f48968aa SHA512 5344b581bd6463d71af8c13e91792fa51f25a96a1ecbea81e42664b63d90b325aeb421dfbc8c22e187397ca08e84d9296a0c0c299ba04fa2b751d6864914bd82
+DIST musl-1.2.2.tar.gz.asc 490 BLAKE2B 8eb21bcfcbaf9d567c0a2bba468055d4ed86a9fb33126f50870ed0cb192ec8ab826d64dc129a0b4e78a7808309c006ce4fe5edae1099bc4c516c1ad4382a591d SHA512 9d76bd9d88438e21689d37d7c519bc5575fa72b121ddf89c55c1a2246ecf423664d8e5199192720d652f6d08229f9b17b5520465d49b12ed2ba80814d1d8e9d8
DIST musl-getent-93a08815f8598db442d8b766b463d0150ed8e2ab.c 11656 BLAKE2B 1b7bf7102a1eb91a8cb881ed8ca65eb8eed911dd50238e97dc2952d89d4c6ebed6bfd046a2b38776c550b2872ab54ced8cb452fcc2ad56e5616f722debda761f SHA512 7f5b9d934d82deb5f8b23e16169a5d9b99ccab3a4708df06a95d685e1b24a3a3e69b3dcf4942f2f66c12a3d4bf0c5827e2ee2e8c4d7b1997359fccc2ac212dee
diff --git a/sys-libs/musl/musl-1.2.2-r8.ebuild b/sys-libs/musl/musl-1.2.2-r8.ebuild
index 34fc6172b105..0f071f2ac487 100644
--- a/sys-libs/musl/musl-1.2.2-r8.ebuild
+++ b/sys-libs/musl/musl-1.2.2-r8.ebuild
@@ -8,8 +8,14 @@ if [[ ${PV} == "9999" ]] ; then
EGIT_REPO_URI="git://git.musl-libc.org/musl"
inherit git-r3
else
- SRC_URI="http://www.musl-libc.org/releases/${P}.tar.gz"
+ VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/musl.asc
+ inherit verify-sig
+
+ SRC_URI="https://musl.libc.org/releases/${P}.tar.gz"
+ SRC_URI+=" verify-sig? ( https://musl.libc.org/releases/${P}.tar.gz.asc )"
KEYWORDS="-* ~amd64 ~arm ~arm64 ~mips ~ppc ~ppc64 ~riscv ~x86"
+
+ BDEPEND="verify-sig? ( sec-keys/openpgp-keys-musl )"
fi
GETENT_COMMIT="93a08815f8598db442d8b766b463d0150ed8e2ab"
GETENT_FILE="musl-getent-${GETENT_COMMIT}.c"
@@ -60,19 +66,29 @@ pkg_setup() {
}
src_unpack() {
- if [[ ${PV} == 9999 ]]; then
+ if [[ ${PV} == 9999 ]] ; then
git-r3_src_unpack
- else
- unpack "${P}.tar.gz"
+ elif use verify-sig ; then
+ # We only verify the release; not the additional (fixed, safe) files
+ # we download.
+ verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
fi
- mkdir misc || die
- cp "${DISTDIR}"/getconf.c misc/getconf.c || die
- cp "${DISTDIR}/${GETENT_FILE}" misc/getent.c || die
- cp "${DISTDIR}"/iconv.c misc/iconv.c || die
+
+ default
+}
+
+src_prepare() {
+ default
+
+ mkdir "${WORKDIR}"/misc || die
+ cp "${DISTDIR}"/getconf.c "${WORKDIR}"/misc/getconf.c || die
+ cp "${DISTDIR}/${GETENT_FILE}" "${WORKDIR}"/misc/getent.c || die
+ cp "${DISTDIR}"/iconv.c "${WORKDIR}"/misc/iconv.c || die
}
src_configure() {
tc-getCC ${CTARGET}
+
just_headers && export CC=true
local sysroot
diff --git a/sys-libs/musl/musl-9999.ebuild b/sys-libs/musl/musl-9999.ebuild
index 34fc6172b105..0f071f2ac487 100644
--- a/sys-libs/musl/musl-9999.ebuild
+++ b/sys-libs/musl/musl-9999.ebuild
@@ -8,8 +8,14 @@ if [[ ${PV} == "9999" ]] ; then
EGIT_REPO_URI="git://git.musl-libc.org/musl"
inherit git-r3
else
- SRC_URI="http://www.musl-libc.org/releases/${P}.tar.gz"
+ VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/musl.asc
+ inherit verify-sig
+
+ SRC_URI="https://musl.libc.org/releases/${P}.tar.gz"
+ SRC_URI+=" verify-sig? ( https://musl.libc.org/releases/${P}.tar.gz.asc )"
KEYWORDS="-* ~amd64 ~arm ~arm64 ~mips ~ppc ~ppc64 ~riscv ~x86"
+
+ BDEPEND="verify-sig? ( sec-keys/openpgp-keys-musl )"
fi
GETENT_COMMIT="93a08815f8598db442d8b766b463d0150ed8e2ab"
GETENT_FILE="musl-getent-${GETENT_COMMIT}.c"
@@ -60,19 +66,29 @@ pkg_setup() {
}
src_unpack() {
- if [[ ${PV} == 9999 ]]; then
+ if [[ ${PV} == 9999 ]] ; then
git-r3_src_unpack
- else
- unpack "${P}.tar.gz"
+ elif use verify-sig ; then
+ # We only verify the release; not the additional (fixed, safe) files
+ # we download.
+ verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
fi
- mkdir misc || die
- cp "${DISTDIR}"/getconf.c misc/getconf.c || die
- cp "${DISTDIR}/${GETENT_FILE}" misc/getent.c || die
- cp "${DISTDIR}"/iconv.c misc/iconv.c || die
+
+ default
+}
+
+src_prepare() {
+ default
+
+ mkdir "${WORKDIR}"/misc || die
+ cp "${DISTDIR}"/getconf.c "${WORKDIR}"/misc/getconf.c || die
+ cp "${DISTDIR}/${GETENT_FILE}" "${WORKDIR}"/misc/getent.c || die
+ cp "${DISTDIR}"/iconv.c "${WORKDIR}"/misc/iconv.c || die
}
src_configure() {
tc-getCC ${CTARGET}
+
just_headers && export CC=true
local sysroot