From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 6D6AC15808B for ; Thu, 7 Apr 2022 20:55:45 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 699DAE0920; Thu, 7 Apr 2022 20:55:44 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D1681E0920 for ; Thu, 7 Apr 2022 20:55:40 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 3C33F341092 for ; Thu, 7 Apr 2022 20:55:38 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id B2F7738C for ; Thu, 7 Apr 2022 20:55:36 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1649364926.64fabbc32105b814d1ad90f2e71f7309f1e2da1e.sam@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: sys-libs/musl/ X-VCS-Repository: repo/gentoo X-VCS-Files: sys-libs/musl/Manifest sys-libs/musl/musl-1.2.2-r8.ebuild sys-libs/musl/musl-9999.ebuild X-VCS-Directories: sys-libs/musl/ X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: 64fabbc32105b814d1ad90f2e71f7309f1e2da1e X-VCS-Branch: master Date: Thu, 7 Apr 2022 20:55:36 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 2d9f05b8-b557-4a30-accd-dbdb52be2f2a X-Archives-Hash: 3b3a7467e910cd576a9670dd580954d7 commit: 64fabbc32105b814d1ad90f2e71f7309f1e2da1e Author: Sam James gentoo org> AuthorDate: Thu Apr 7 20:53:31 2022 +0000 Commit: Sam James gentoo org> CommitDate: Thu Apr 7 20:55:26 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=64fabbc3 sys-libs/musl: add verify-sig Signed-off-by: Sam James gentoo.org> sys-libs/musl/Manifest | 1 + sys-libs/musl/musl-1.2.2-r8.ebuild | 32 ++++++++++++++++++++++++-------- sys-libs/musl/musl-9999.ebuild | 32 ++++++++++++++++++++++++-------- 3 files changed, 49 insertions(+), 16 deletions(-) diff --git a/sys-libs/musl/Manifest b/sys-libs/musl/Manifest index 33b6ddc01148..c94ab71e6cf2 100644 --- a/sys-libs/musl/Manifest +++ b/sys-libs/musl/Manifest @@ -1,4 +1,5 @@ DIST getconf.c 11614 BLAKE2B ba49a573fc16d51780a0b0b81fbf7b64a1142f1dbad203c9609a59b6b07e7404f676c415383ae88c0aede95694821f6ee381bffd93cc3330501e17dc07d122bd SHA512 0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d DIST iconv.c 2577 BLAKE2B 070ca87b30c90ab98c27d5faf7a2fcb64ff7c67ca212ee6072165b2146979c551f714954dbd465462a171837c59b6ea027e0206458a2df0f977e45f01be3ce48 SHA512 9d42d66fb1facce2b85dad919be5be819ee290bd26ca2db00982b2f8e055a0196290a008711cbe2b18ec9eee8d2270e3b3a4692c5a1b807013baa5c2b70a2bbf DIST musl-1.2.2.tar.gz 1055220 BLAKE2B a000357ed52e417d8cebe5537df658dc0f8f02f2da3efcd79125544ad63e11e05fa96136551d0bfeb09a3f6c9a2260bffcfbd329ea92e6a7b62aa690f48968aa SHA512 5344b581bd6463d71af8c13e91792fa51f25a96a1ecbea81e42664b63d90b325aeb421dfbc8c22e187397ca08e84d9296a0c0c299ba04fa2b751d6864914bd82 +DIST musl-1.2.2.tar.gz.asc 490 BLAKE2B 8eb21bcfcbaf9d567c0a2bba468055d4ed86a9fb33126f50870ed0cb192ec8ab826d64dc129a0b4e78a7808309c006ce4fe5edae1099bc4c516c1ad4382a591d SHA512 9d76bd9d88438e21689d37d7c519bc5575fa72b121ddf89c55c1a2246ecf423664d8e5199192720d652f6d08229f9b17b5520465d49b12ed2ba80814d1d8e9d8 DIST musl-getent-93a08815f8598db442d8b766b463d0150ed8e2ab.c 11656 BLAKE2B 1b7bf7102a1eb91a8cb881ed8ca65eb8eed911dd50238e97dc2952d89d4c6ebed6bfd046a2b38776c550b2872ab54ced8cb452fcc2ad56e5616f722debda761f SHA512 7f5b9d934d82deb5f8b23e16169a5d9b99ccab3a4708df06a95d685e1b24a3a3e69b3dcf4942f2f66c12a3d4bf0c5827e2ee2e8c4d7b1997359fccc2ac212dee diff --git a/sys-libs/musl/musl-1.2.2-r8.ebuild b/sys-libs/musl/musl-1.2.2-r8.ebuild index 34fc6172b105..0f071f2ac487 100644 --- a/sys-libs/musl/musl-1.2.2-r8.ebuild +++ b/sys-libs/musl/musl-1.2.2-r8.ebuild @@ -8,8 +8,14 @@ if [[ ${PV} == "9999" ]] ; then EGIT_REPO_URI="git://git.musl-libc.org/musl" inherit git-r3 else - SRC_URI="http://www.musl-libc.org/releases/${P}.tar.gz" + VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/musl.asc + inherit verify-sig + + SRC_URI="https://musl.libc.org/releases/${P}.tar.gz" + SRC_URI+=" verify-sig? ( https://musl.libc.org/releases/${P}.tar.gz.asc )" KEYWORDS="-* ~amd64 ~arm ~arm64 ~mips ~ppc ~ppc64 ~riscv ~x86" + + BDEPEND="verify-sig? ( sec-keys/openpgp-keys-musl )" fi GETENT_COMMIT="93a08815f8598db442d8b766b463d0150ed8e2ab" GETENT_FILE="musl-getent-${GETENT_COMMIT}.c" @@ -60,19 +66,29 @@ pkg_setup() { } src_unpack() { - if [[ ${PV} == 9999 ]]; then + if [[ ${PV} == 9999 ]] ; then git-r3_src_unpack - else - unpack "${P}.tar.gz" + elif use verify-sig ; then + # We only verify the release; not the additional (fixed, safe) files + # we download. + verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} fi - mkdir misc || die - cp "${DISTDIR}"/getconf.c misc/getconf.c || die - cp "${DISTDIR}/${GETENT_FILE}" misc/getent.c || die - cp "${DISTDIR}"/iconv.c misc/iconv.c || die + + default +} + +src_prepare() { + default + + mkdir "${WORKDIR}"/misc || die + cp "${DISTDIR}"/getconf.c "${WORKDIR}"/misc/getconf.c || die + cp "${DISTDIR}/${GETENT_FILE}" "${WORKDIR}"/misc/getent.c || die + cp "${DISTDIR}"/iconv.c "${WORKDIR}"/misc/iconv.c || die } src_configure() { tc-getCC ${CTARGET} + just_headers && export CC=true local sysroot diff --git a/sys-libs/musl/musl-9999.ebuild b/sys-libs/musl/musl-9999.ebuild index 34fc6172b105..0f071f2ac487 100644 --- a/sys-libs/musl/musl-9999.ebuild +++ b/sys-libs/musl/musl-9999.ebuild @@ -8,8 +8,14 @@ if [[ ${PV} == "9999" ]] ; then EGIT_REPO_URI="git://git.musl-libc.org/musl" inherit git-r3 else - SRC_URI="http://www.musl-libc.org/releases/${P}.tar.gz" + VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/musl.asc + inherit verify-sig + + SRC_URI="https://musl.libc.org/releases/${P}.tar.gz" + SRC_URI+=" verify-sig? ( https://musl.libc.org/releases/${P}.tar.gz.asc )" KEYWORDS="-* ~amd64 ~arm ~arm64 ~mips ~ppc ~ppc64 ~riscv ~x86" + + BDEPEND="verify-sig? ( sec-keys/openpgp-keys-musl )" fi GETENT_COMMIT="93a08815f8598db442d8b766b463d0150ed8e2ab" GETENT_FILE="musl-getent-${GETENT_COMMIT}.c" @@ -60,19 +66,29 @@ pkg_setup() { } src_unpack() { - if [[ ${PV} == 9999 ]]; then + if [[ ${PV} == 9999 ]] ; then git-r3_src_unpack - else - unpack "${P}.tar.gz" + elif use verify-sig ; then + # We only verify the release; not the additional (fixed, safe) files + # we download. + verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} fi - mkdir misc || die - cp "${DISTDIR}"/getconf.c misc/getconf.c || die - cp "${DISTDIR}/${GETENT_FILE}" misc/getent.c || die - cp "${DISTDIR}"/iconv.c misc/iconv.c || die + + default +} + +src_prepare() { + default + + mkdir "${WORKDIR}"/misc || die + cp "${DISTDIR}"/getconf.c "${WORKDIR}"/misc/getconf.c || die + cp "${DISTDIR}/${GETENT_FILE}" "${WORKDIR}"/misc/getent.c || die + cp "${DISTDIR}"/iconv.c "${WORKDIR}"/misc/iconv.c || die } src_configure() { tc-getCC ${CTARGET} + just_headers && export CC=true local sysroot