diff options
| author |   Sam James <sam@gentoo.org> | 2023-09-14 03:38:13 +0100 |
|---|---|---|
| committer | Sam James <sam@gentoo.org> | 2023-09-16 10:43:05 +0100 |
| commit | 9e9067d309e8b9f8a73b2312d409883f348b0ea5 (patch) | |
| tree | a4797fd0b938cbe04bf6c3948bf9fdf12489f696 /eclass | |
| parent | sys-libs/glibc: 2.37 and 2.38 patchset bumps, untested (diff) | |
| download | gentoo-9e9067d309e8b9f8a73b2312d409883f348b0ea5.tar.gz gentoo-9e9067d309e8b9f8a73b2312d409883f348b0ea5.tar.bz2 gentoo-9e9067d309e8b9f8a73b2312d409883f348b0ea5.zip | |
verify-sig.eclass: minisig support
Closes: https://bugs.gentoo.org/783066
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'eclass')
| -rw-r--r-- | eclass/verify-sig.eclass | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass index 49557b633c87..bb847bb80cc6 100644 --- a/eclass/verify-sig.eclass +++ b/eclass/verify-sig.eclass @@ -55,17 +55,22 @@ IUSE="verify-sig" # @DESCRIPTION: # Signature verification method to use. The allowed value are: # +# - minisig -- verify signatures with (base64) Ed25519 public key using app-crypt/minisign # - openpgp -- verify PGP signatures using app-crypt/gnupg (the default) # - signify -- verify signatures with Ed25519 public key using app-crypt/signify : "${VERIFY_SIG_METHOD:=openpgp}" case ${VERIFY_SIG_METHOD} in + minisig) + BDEPEND="verify-sig? ( app-crypt/minisign )" + ;; openpgp) BDEPEND=" verify-sig? ( app-crypt/gnupg >=app-portage/gemato-16 - )" + ) + " ;; signify) BDEPEND="verify-sig? ( app-crypt/signify )" @@ -139,6 +144,10 @@ verify-sig_verify_detached() { [[ ${file} == - ]] && filename='(stdin)' einfo "Verifying ${filename} ..." case ${VERIFY_SIG_METHOD} in + minisig) + minisign -V -P "$(<"${key}")" -x "${sig}" -m "${file}" || + die "minisig signature verification failed" + ;; openpgp) # gpg can't handle very long TMPDIR # https://bugs.gentoo.org/854492 @@ -198,6 +207,10 @@ verify-sig_verify_message() { [[ ${file} == - ]] && filename='(stdin)' einfo "Verifying ${filename} ..." case ${VERIFY_SIG_METHOD} in + minisig) + minisign -V -P "$(<"${key}")" -x "${sig}" -o "${output_file}" -m "${file}" || + die "minisig signature verification failed" + ;; openpgp) # gpg can't handle very long TMPDIR # https://bugs.gentoo.org/854492 @@ -356,7 +369,7 @@ verify-sig_src_unpack() { # find all distfiles and signatures, and combine them for f in ${A}; do found= - for suffix in .asc .sig; do + for suffix in .asc .sig .minisig; do if [[ ${f} == *${suffix} ]]; then signatures+=( "${f}" ) found=sig |