summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* verify-sig.eclass: Quote argument of ":" commandUlrich Müller2023-03-261-2/+2
| | | | | | This avoids globbing, see: https://www.shellcheck.net/wiki/SC2223 Signed-off-by: Ulrich Müller <ulm@gentoo.org>
* eclass: standardize prologue/epilogueDavid Seifert2023-03-171-4/+4
| | | | | Closes: https://github.com/gentoo/gentoo/pull/30061 Signed-off-by: David Seifert <soap@gentoo.org>
* verify-sig.eclass: Use gemato openpgp-verify-detached w/ 20.0+Michał Górny2023-03-101-3/+10
| | | | | | | | Use openpgp-verify-detached when app-portage/gemato-20.0 is installed. This lets us test the new code paths on ~arch with minimal risk of breakage on stable. Signed-off-by: Michał Górny <mgorny@gentoo.org>
* verify-sig.eclass: Revert "Use gemato openpgp-verify-detached"Michał Górny2023-02-131-6/+4
| | | | | | | | | This is causing verification failures when verifying old signatures made with now-expired keys. Reverts: 75ea89a43b8d3efb6b264296f819d04d3c18c3af Bug: https://bugs.gentoo.org/894164 Signed-off-by: Michał Górny <mgorny@gentoo.org>
* verify-sig.eclass: Revert "Accept 1-out-of-n sigs on multisig files"Michał Górny2023-02-131-1/+1
| | | | | Reverts: 89c2617afbfe6250ee7dfd4ee4641c8f74c54004 Signed-off-by: Michał Górny <mgorny@gentoo.org>
* verify-sig.eclass: Accept 1-out-of-n sigs on multisig filesMichał Górny2023-02-121-1/+1
| | | | | | | | | | | If a distfile has multiple detached signatures, pass verification if at least one of them can be verified rather than requiring all of them. This is particularly helpful for upstreams where the whole set of release keys is hard to come by. Closes: https://bugs.gentoo.org/873211 Closes: https://github.com/gentoo/gentoo/pull/29224 Signed-off-by: Michał Górny <mgorny@gentoo.org>
* verify-sig.eclass: Use gemato openpgp-verify-detachedMichał Górny2023-02-121-5/+7
| | | | Signed-off-by: Michał Górny <mgorny@gentoo.org>
* verify-sig.eclass: Workaround GPG problems with long TMPDIRMichał Górny2022-11-101-0/+6
| | | | | | | | Force using TMPDIR=/tmp to workaround GPG failing when TMPDIR happens to be long enough to cause UNIX socket paths to exceed the system limit. Closes: https://bugs.gentoo.org/854492 Signed-off-by: Michał Górny <mgorny@gentoo.org>
* *.eclass: @ECLASS-VARIABLE renamed to @ECLASS_VARIABLEUlrich Müller2022-03-241-4/+4
| | | | | Bug: https://bugs.gentoo.org/835396 Signed-off-by: Ulrich Müller <ulm@gentoo.org>
* verify-sig.eclass: Link to the guideMichał Górny2022-02-251-1/+5
| | | | Signed-off-by: Michał Górny <mgorny@gentoo.org>
* verify-sig.eclass: Add a function to verify pure checksumsMichał Górny2022-02-161-7/+38
| | | | | | | | | Split the logic for verifying checksums into a dedicated functions that can also be used directly when dealing with a checksum file that uses a detached signature. Signed-off-by: Michał Górny <mgorny@gentoo.org> Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
* verify-sig.eclass: add app-crypt/signify supportAnna Vyalkova2021-12-191-31/+112
| | | | | | | | It is useful for verifying distfiles that come from OpenBSD folks, since signify produces signatures incompatible with GnuPG. Signed-off-by: Anna Vyalkova <cyber+gentoo@sysrq.in> Signed-off-by: Michał Górny <mgorny@gentoo.org>
* verify-sig.eclass: Fix the example to use BROOTMichał Górny2021-07-291-1/+1
| | | | Signed-off-by: Michał Górny <mgorny@gentoo.org>
* verify-sig.eclass: Enable EAPI 8 supportMichał Górny2021-07-021-11/+5
| | | | Signed-off-by: Michał Górny <mgorny@gentoo.org>
* verify-sig.eclass: Support verifying checksum listsMichał Górny2020-11-081-1/+54
| | | | Signed-off-by: Michał Górny <mgorny@gentoo.org>
* verify-sig.eclass: Add a function to verify PGP signed messagesMichał Górny2020-11-081-0/+36
| | | | | | | | Add a function to verify files containing PGP signed messages (i.e. not using detached signatures). This will be used for projects that publish signed checksum lists. Signed-off-by: Michał Górny <mgorny@gentoo.org>
* verify-sig.eclass: Account for verifying stdinMichał Górny2020-11-031-1/+3
| | | | Signed-off-by: Michał Górny <mgorny@gentoo.org>
* verify-sig.eclass: Predict attempted writes to /run/userMichał Górny2020-10-311-0/+5
| | | | Signed-off-by: Michał Górny <mgorny@gentoo.org>
* verify-sig.eclass: allow .asc PGP signaturesJoonas Niilola2020-10-141-1/+1
| | | | Signed-off-by: Joonas Niilola <juippis@gentoo.org>
* verify-sig.eclass: Fix eclassdocMichał Górny2020-10-101-2/+0
| | | | Signed-off-by: Michał Górny <mgorny@gentoo.org>
* verify-sig.eclass: New eclass to verify OpenPGP sigsMichał Górny2020-10-101-0/+177
verify-sig eclass provides a streamlined approach to verifying upstream signatures on distfiles. Its primary purpose is to permit developers to easily verify signatures while bumping packages. The eclass removes the risk of developer forgetting to perform the verification, or performing it incorrectly, e.g. due to additional keys in the local keyring. It also permits users to verify the developer's work. Signed-off-by: Michał Górny <mgorny@gentoo.org>