Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/eclass/verify-sig.eclass
Commit message (Collapse)AuthorAgeFilesLines
* verify-sig.eclass: Support verifying checksum listsMichał Górny2020-11-081-1/+54
| | | | Signed-off-by: Michał Górny <mgorny@gentoo.org>
* verify-sig.eclass: Add a function to verify PGP signed messagesMichał Górny2020-11-081-0/+36
| | | | | | | | Add a function to verify files containing PGP signed messages (i.e. not using detached signatures). This will be used for projects that publish signed checksum lists. Signed-off-by: Michał Górny <mgorny@gentoo.org>
* verify-sig.eclass: Account for verifying stdinMichał Górny2020-11-031-1/+3
| | | | Signed-off-by: Michał Górny <mgorny@gentoo.org>
* verify-sig.eclass: Predict attempted writes to /run/userMichał Górny2020-10-311-0/+5
| | | | Signed-off-by: Michał Górny <mgorny@gentoo.org>
* verify-sig.eclass: allow .asc PGP signaturesJoonas Niilola2020-10-141-1/+1
| | | | Signed-off-by: Joonas Niilola <juippis@gentoo.org>
* verify-sig.eclass: Fix eclassdocMichał Górny2020-10-101-2/+0
| | | | Signed-off-by: Michał Górny <mgorny@gentoo.org>
* verify-sig.eclass: New eclass to verify OpenPGP sigsMichał Górny2020-10-101-0/+177
verify-sig eclass provides a streamlined approach to verifying upstream signatures on distfiles. Its primary purpose is to permit developers to easily verify signatures while bumping packages. The eclass removes the risk of developer forgetting to perform the verification, or performing it incorrectly, e.g. due to additional keys in the local keyring. It also permits users to verify the developer's work. Signed-off-by: Michał Górny <mgorny@gentoo.org>