From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id A6CF3158089 for ; Tue, 31 Oct 2023 19:55:22 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id EA4812BC15B; Tue, 31 Oct 2023 19:55:21 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D003A2BC15B for ; Tue, 31 Oct 2023 19:55:21 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 14B6B335CDF for ; Tue, 31 Oct 2023 19:55:21 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id B5AC21302 for ; Tue, 31 Oct 2023 19:55:19 +0000 (UTC) From: "Mike Gilbert" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Gilbert" Message-ID: <1698782107.ae2c13bac13880dac42851e25968073d99238391.floppym@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: eclass/ X-VCS-Repository: repo/gentoo X-VCS-Files: eclass/verify-sig.eclass X-VCS-Directories: eclass/ X-VCS-Committer: floppym X-VCS-Committer-Name: Mike Gilbert X-VCS-Revision: ae2c13bac13880dac42851e25968073d99238391 X-VCS-Branch: master Date: Tue, 31 Oct 2023 19:55:19 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 58ef54cc-d4cc-41d8-a689-771272dac02f X-Archives-Hash: dfd1818e2f1cc1affe07b0137abdfa94 commit: ae2c13bac13880dac42851e25968073d99238391 Author: Mike Gilbert gentoo org> AuthorDate: Tue Oct 31 18:03:30 2023 +0000 Commit: Mike Gilbert gentoo org> CommitDate: Tue Oct 31 19:55:07 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae2c13ba verify-sig.eclass: prepend BROOT to VERIFY_SIG_OPENPGP_KEY_PATH PMS does not allow use of BROOT in global scope, so move the BROOT logic into the relevant functions. Signed-off-by: Mike Gilbert gentoo.org> eclass/verify-sig.eclass | 37 +++++++++++++++++++++++++++---------- 1 file changed, 27 insertions(+), 10 deletions(-) diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass index bb847bb80cc6..0397152fd628 100644 --- a/eclass/verify-sig.eclass +++ b/eclass/verify-sig.eclass @@ -87,6 +87,8 @@ esac # when using default src_unpack. Alternatively, the key path can be # passed directly to the verification functions. # +# The value of BROOT will be prepended to this path automatically. +# # NB: this variable is also used for non-OpenPGP signatures. The name # contains "OPENPGP" for historical reasons. @@ -119,10 +121,15 @@ esac verify-sig_verify_detached() { local file=${1} local sig=${2} - local key=${3:-${VERIFY_SIG_OPENPGP_KEY_PATH}} + local key=${3} - [[ -n ${key} ]] || - die "${FUNCNAME}: no key passed and VERIFY_SIG_OPENPGP_KEY_PATH unset" + if [[ -z ${key} ]]; then + if [[ -z ${VERIFY_SIG_OPENPGP_KEY_PATH} ]]; then + die "${FUNCNAME}: no key passed and VERIFY_SIG_OPENPGP_KEY_PATH unset" + else + key="${BROOT}${VERIFY_SIG_OPENPGP_KEY_PATH}" + fi + fi local extra_args=() [[ ${VERIFY_SIG_OPENPGP_KEY_REFRESH} == yes ]] || extra_args+=( -R ) @@ -182,10 +189,15 @@ verify-sig_verify_detached() { verify-sig_verify_message() { local file=${1} local output_file=${2} - local key=${3:-${VERIFY_SIG_OPENPGP_KEY_PATH}} + local key=${3} - [[ -n ${key} ]] || - die "${FUNCNAME}: no key passed and VERIFY_SIG_OPENPGP_KEY_PATH unset" + if [[ -z ${key} ]]; then + if [[ -z ${VERIFY_SIG_OPENPGP_KEY_PATH} ]]; then + die "${FUNCNAME}: no key passed and VERIFY_SIG_OPENPGP_KEY_PATH unset" + else + key="${BROOT}${VERIFY_SIG_OPENPGP_KEY_PATH}" + fi + fi local extra_args=() [[ ${VERIFY_SIG_OPENPGP_KEY_REFRESH} == yes ]] || extra_args+=( -R ) @@ -313,7 +325,7 @@ _gpg_verify_signed_checksums() { local checksum_file=${1} local algo=${2} local files=${3} - local key=${4:-${VERIFY_SIG_OPENPGP_KEY_PATH}} + local key=${4} verify-sig_verify_unsigned_checksums - "${algo}" "${files}" < <( verify-sig_verify_message "${checksum_file}" - "${key}" @@ -336,10 +348,15 @@ verify-sig_verify_signed_checksums() { local algo=${2} local files=() read -r -d '' -a files <<<"${3}" - local key=${4:-${VERIFY_SIG_OPENPGP_KEY_PATH}} + local key=${4} - [[ -n ${key} ]] || - die "${FUNCNAME}: no key passed and VERIFY_SIG_OPENPGP_KEY_PATH unset" + if [[ -z ${key} ]]; then + if [[ -z ${VERIFY_SIG_OPENPGP_KEY_PATH} ]]; then + die "${FUNCNAME}: no key passed and VERIFY_SIG_OPENPGP_KEY_PATH unset" + else + key="${BROOT}${VERIFY_SIG_OPENPGP_KEY_PATH}" + fi + fi case ${VERIFY_SIG_METHOD} in openpgp)