diff options
| author |   Michał Górny <mgorny@gentoo.org> | 2020-11-03 20:33:55 +0100 |
|---|---|---|
| committer | Michał Górny <mgorny@gentoo.org> | 2020-11-03 20:37:12 +0100 |
| commit | 99c530b4f0d0da375137507e903db5ba0bf4f098 (patch) | |
| tree | ea80d43a5db7ce26db0813de75c709041b724255 | |
| parent | app-crypt/openpgp-keys-kernel: Add a package for kernel.org keys (diff) | |
| download | gentoo-99c530b4f0d0da375137507e903db5ba0bf4f098.tar.gz gentoo-99c530b4f0d0da375137507e903db5ba0bf4f098.tar.bz2 gentoo-99c530b4f0d0da375137507e903db5ba0bf4f098.zip | |
sys-kernel/vanilla-kernel: Enable .tar signature verification
Signed-off-by: Michał Górny <mgorny@gentoo.org>
| -rw-r--r-- | sys-kernel/vanilla-kernel/Manifest | 3 | ||||
| -rw-r--r-- | sys-kernel/vanilla-kernel/vanilla-kernel-5.4.74.ebuild | 21 | ||||
| -rw-r--r-- | sys-kernel/vanilla-kernel/vanilla-kernel-5.8.18.ebuild | 21 | ||||
| -rw-r--r-- | sys-kernel/vanilla-kernel/vanilla-kernel-5.9.3.ebuild | 21 |
4 files changed, 60 insertions, 6 deletions
diff --git a/sys-kernel/vanilla-kernel/Manifest b/sys-kernel/vanilla-kernel/Manifest index 82290313a649..0927f88506d8 100644 --- a/sys-kernel/vanilla-kernel/Manifest +++ b/sys-kernel/vanilla-kernel/Manifest @@ -16,10 +16,13 @@ DIST kernel-x86_64-fedora.config.5.9.2 202282 BLAKE2B 5172fb3f682f912b14c4b2f15e DIST kernel-x86_64.config.5.4.21 184907 BLAKE2B 0eb2b07c14cea7545350fcdf3a94f2a531f0137c502ebda9299cacf44da5385686e2049b480b28bc153c9d413d453cfe682b9655eefe70428cb720f57c7bd200 SHA512 f3b3ee6841555ac3a9cc11536a7d44e1a5a8df2bab14ba341fda7df1ceb0de45cf1c799a1d54a64f2858fd1272d348bb52cf269ffa396878c5402baf2730237f DIST linux-5.4.72.tar.xz 109606972 BLAKE2B 90dfea3370a78742c851d7c9ee21c6fe17204f6c6825f82ebef4bf9c23bb59ae62bafc71cd4bdccad151c6042a33c43df8449d10e93f71d41bdfe3006255b5ba SHA512 6f8b191732b1f73249f8d350500ade946f61309791b3c4021deec80e4781738141afd5e4a11d071d329ec792fc87ce2e6386e151417db0fbf344b6a5659bddf7 DIST linux-5.4.73.tar.xz 109611940 BLAKE2B df2e3af9e3d6605769de7d4fb0a6fe24d259d59e48a6cc4d4eea2dbcca7cd6cdcf36370401fd12a1ecf3da5887e98b20176fb551758c41ecdb737c6e7813e8f6 SHA512 c5b285d5511888576ed775810294f53612f68b834f119b41127bfcbd6fa3fdfd710f56a5589af8a933e6148fed93f4a23ff48ca9c4b9682d6de2e9039c4bd3bc +DIST linux-5.4.74.tar.sign 989 BLAKE2B 5aa44c868beeb50f49ee0a4be705da864b991d8cf220084106d962ef28038a53edf8f52117e446d68e36987460235209c0f830c5f205732c5de672d1074413cf SHA512 7cb4608aead5b9da74bb05d3d8691ffb5c53842daa7010208cf8750e2733ec7ae2bff1f13f12b240b1e50724c204f230d145cb1038d248f097e5151266463c89 DIST linux-5.4.74.tar.xz 109609988 BLAKE2B 4bec2074e2f3ac587b35f67531d2a2feaf1c6e76b7c1325a43cc4c7d7171f1a21f2c3f6e3b7bc4ffc64dcfa65633f9f05c600c275063f3828c41028f044714e9 SHA512 1085e2a773ba9d3aa013673c5ee1bd0769f48e3791d0c964d56854f7a8566671147454450600738c83b7443fc1e2546b0dacd3ee92c7572240a92c49b9784790 DIST linux-5.8.16.tar.xz 114513732 BLAKE2B 3f75ba3272a066c55845cf7d5e33f340d76e9b9d024b1d182be4067ba1d621bd44c78ee89bea1f7329b7e83933a23e8ed34e2eda0e415cc3a4b4e6863da2dfde SHA512 7d191257a70d2eeccd5db80ff03a8356bb5a2a5eba1f04acf2558d81fa764d18ef025315e992fe64b62b8ccdcdf4d9d9efe3b35ecf57ebc55746c976b391df0e DIST linux-5.8.17.tar.xz 114533684 BLAKE2B de4a89df5ad9d7624b604ae66371a0e799ef2c2c0d23f37eed657bfdfbd772d3499a9b79eb27b28987e1d9a6e7fa757c78d4253a442daa5051dc4d178919ded3 SHA512 6b87381c02612c878d49cdee5afaf4ba986d56dc3d64c024c25f9fe66ab2911ef29de6e45cf2d4c0aa7a417e849df59d34d74ec0a3702f812705779e3d7462e4 +DIST linux-5.8.18.tar.sign 989 BLAKE2B 9f1bc3e72ef5559ad4a473ea6caf51b2ecedb033b2972ab74a293a839f17da7adac80ac55bf84ce81405b21da511a5537ac40271b96a116bd92e3e067fe1c95c SHA512 c1c1dd87f7305ee20ef6e06b89342865aeab672ae725b5f349528ac09b07b9e15816075e37fb5b62a2d0933882b0aec7e835ed96eb43a58872bcaca3ecb03158 DIST linux-5.8.18.tar.xz 114530192 BLAKE2B 0c5b631b3ab1e00cbec4dc1cf477b634475ed187e19324dfc54f38c36291186a5c3e46fb7495e5421463973fccb98539e39bc06c782f11a018ca7cea21453a3f SHA512 77429204cfb88c6775d911f03b658b62095b6f592421d985daae5da25e9deef51dfb463c3394ea69e5d0861f5c7f14496037cfad3862c9445cc54a7878e9af9b DIST linux-5.9.1.tar.xz 115502916 BLAKE2B 65eeccf077194ce03d5dbc1e8ea8f6022d709bc930945a49880fb87d71992e0614cf5ee92eb1b60fe2e3ed41fe17f0c176bbbad5f2cf0a2a349e1b08e6236558 SHA512 96af08c1dc964e5dbb3d221880ef8ca246f13370d2dc2f5ae64039f0352efc687c7446a2b4f86dad553b776ee75f78bbf58bb9bc845c9b57a9013ece63264874 DIST linux-5.9.2.tar.xz 115519708 BLAKE2B 22ba992df3a1d73fa16efb31bb0d62eacd106fb6f4d6dd1ebe522dc09b94c8df689cdb594ed105076ab5e1be4bd00eb834019dc19b6f58f6bee04f53e5de961e SHA512 98efc0d10e76685eb3280546d8d9b0251062a8ede05959d0de95df18414d2a07ced0a585ba58dd5aad188ad2761d7c5150cd8a8435a6bb53d692702f434732a9 +DIST linux-5.9.3.tar.sign 987 BLAKE2B 9419f8d7a592ea26ced8022b61d04fbc7df8fac8fb5b0df58e97cf63d3ded29653ff950092d61be1211a23b91311fb7bacad7ed54fa6fd3e6823b9180c6adc50 SHA512 74e82b6e495ece56c3300d4362c55b91274dfd97121ce7290901c98b95ddf53c839cd45a04e8f5820865a12462286dd3105066013734e20d851a1498fe26443f DIST linux-5.9.3.tar.xz 115525348 BLAKE2B 9f739fe4eb5d6ba38df54cee41d7342076fbd757fd25f50614ff3681ec9ed9afd9a5e134831a64e1fbcf4c31d2436ad2892cd6e9c50f664abbe6dbaa7ef2856e SHA512 5207dfb30803e1daeb4025dbf2887ebd4fa37f1b5ddadb2dda1f2ab1815309ec9d4a9fad61922b0ce28c422f61ef94b88de16c911956734634cc47c4f5031b3d diff --git a/sys-kernel/vanilla-kernel/vanilla-kernel-5.4.74.ebuild b/sys-kernel/vanilla-kernel/vanilla-kernel-5.4.74.ebuild index ee1e12c459a7..044218e07529 100644 --- a/sys-kernel/vanilla-kernel/vanilla-kernel-5.4.74.ebuild +++ b/sys-kernel/vanilla-kernel/vanilla-kernel-5.4.74.ebuild @@ -3,7 +3,7 @@ EAPI=7 -inherit kernel-build +inherit kernel-build verify-sig MY_P=linux-${PV} # https://koji.fedoraproject.org/koji/packageinfo?packageID=8 @@ -13,6 +13,9 @@ CONFIG_HASH=2809b7faa6a8cb232cd825096c146b7bdc1e08ea DESCRIPTION="Linux kernel built from vanilla upstream sources" HOMEPAGE="https://www.kernel.org/" SRC_URI+=" https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/${MY_P}.tar.xz + verify-sig? ( + https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/${MY_P}.tar.sign + ) amd64? ( https://src.fedoraproject.org/rpms/kernel/raw/${CONFIG_HASH}/f/kernel-x86_64.config -> kernel-x86_64.config.${CONFIG_VER} @@ -38,7 +41,10 @@ IUSE="debug" RDEPEND=" !sys-kernel/vanilla-kernel-bin:${SLOT}" BDEPEND=" - debug? ( dev-util/dwarves )" + debug? ( dev-util/dwarves ) + verify-sig? ( app-crypt/openpgp-keys-kernel )" + +VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/kernel.org.asc pkg_pretend() { ewarn "Starting with 5.4.52, Distribution Kernels are switching from Arch" @@ -47,6 +53,17 @@ pkg_pretend() { kernel-install_pkg_pretend } +src_unpack() { + if use verify-sig; then + einfo "Unpacking linux-${PV}.tar.xz ..." + verify-sig_verify_detached - "${DISTDIR}"/linux-${PV}.tar.sign \ + < <(xz -cd "${DISTDIR}"/linux-${PV}.tar.xz | tee >(tar -x)) + assert "Unpack failed" + else + default + fi +} + src_prepare() { default diff --git a/sys-kernel/vanilla-kernel/vanilla-kernel-5.8.18.ebuild b/sys-kernel/vanilla-kernel/vanilla-kernel-5.8.18.ebuild index 540a5ea3c744..d59b9d257458 100644 --- a/sys-kernel/vanilla-kernel/vanilla-kernel-5.8.18.ebuild +++ b/sys-kernel/vanilla-kernel/vanilla-kernel-5.8.18.ebuild @@ -3,7 +3,7 @@ EAPI=7 -inherit kernel-build +inherit kernel-build verify-sig MY_P=linux-${PV} # https://koji.fedoraproject.org/koji/packageinfo?packageID=8 @@ -13,6 +13,9 @@ CONFIG_HASH=af8da8d54d21231fd8c7b943216bb985f0a4e223 DESCRIPTION="Linux kernel built from vanilla upstream sources" HOMEPAGE="https://www.kernel.org/" SRC_URI+=" https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/${MY_P}.tar.xz + verify-sig? ( + https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/${MY_P}.tar.sign + ) amd64? ( https://src.fedoraproject.org/rpms/kernel/raw/${CONFIG_HASH}/f/kernel-x86_64-fedora.config -> kernel-x86_64-fedora.config.${CONFIG_VER} @@ -40,7 +43,10 @@ REQUIRED_USE=" RDEPEND=" !sys-kernel/vanilla-kernel-bin:${SLOT}" BDEPEND=" - debug? ( dev-util/dwarves )" + debug? ( dev-util/dwarves ) + verify-sig? ( app-crypt/openpgp-keys-kernel )" + +VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/kernel.org.asc pkg_pretend() { ewarn "Starting with 5.7.9, Distribution Kernels are switching from Arch" @@ -49,6 +55,17 @@ pkg_pretend() { kernel-install_pkg_pretend } +src_unpack() { + if use verify-sig; then + einfo "Unpacking linux-${PV}.tar.xz ..." + verify-sig_verify_detached - "${DISTDIR}"/linux-${PV}.tar.sign \ + < <(xz -cd "${DISTDIR}"/linux-${PV}.tar.xz | tee >(tar -x)) + assert "Unpack failed" + else + default + fi +} + src_prepare() { default diff --git a/sys-kernel/vanilla-kernel/vanilla-kernel-5.9.3.ebuild b/sys-kernel/vanilla-kernel/vanilla-kernel-5.9.3.ebuild index 634d6fe9b8ee..63c2f94bed05 100644 --- a/sys-kernel/vanilla-kernel/vanilla-kernel-5.9.3.ebuild +++ b/sys-kernel/vanilla-kernel/vanilla-kernel-5.9.3.ebuild @@ -3,7 +3,7 @@ EAPI=7 -inherit kernel-build +inherit kernel-build verify-sig MY_P=linux-${PV} # https://koji.fedoraproject.org/koji/packageinfo?packageID=8 @@ -13,6 +13,9 @@ CONFIG_HASH=94a4277f8827d1b2c911deabe56e7d929dc93146 DESCRIPTION="Linux kernel built from vanilla upstream sources" HOMEPAGE="https://www.kernel.org/" SRC_URI+=" https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/${MY_P}.tar.xz + verify-sig? ( + https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/${MY_P}.tar.sign + ) amd64? ( https://src.fedoraproject.org/rpms/kernel/raw/${CONFIG_HASH}/f/kernel-x86_64-fedora.config -> kernel-x86_64-fedora.config.${CONFIG_VER} @@ -40,7 +43,10 @@ REQUIRED_USE=" RDEPEND=" !sys-kernel/vanilla-kernel-bin:${SLOT}" BDEPEND=" - debug? ( dev-util/dwarves )" + debug? ( dev-util/dwarves ) + verify-sig? ( app-crypt/openpgp-keys-kernel )" + +VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/kernel.org.asc pkg_pretend() { ewarn "Starting with 5.7.9, Distribution Kernels are switching from Arch" @@ -49,6 +55,17 @@ pkg_pretend() { kernel-install_pkg_pretend } +src_unpack() { + if use verify-sig; then + einfo "Unpacking linux-${PV}.tar.xz ..." + verify-sig_verify_detached - "${DISTDIR}"/linux-${PV}.tar.sign \ + < <(xz -cd "${DISTDIR}"/linux-${PV}.tar.xz | tee >(tar -x)) + assert "Unpack failed" + else + default + fi +} + src_prepare() { default |