From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id ECDC4159C9B for ; Tue, 13 Aug 2024 00:42:49 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3C21CE2AFB; Tue, 13 Aug 2024 00:42:49 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 1910BE2AFB for ; Tue, 13 Aug 2024 00:42:49 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 120FE343011 for ; Tue, 13 Aug 2024 00:42:48 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 73CF41E93 for ; Tue, 13 Aug 2024 00:42:46 +0000 (UTC) From: "Lucio Sauer" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Lucio Sauer" Message-ID: <1723509753.5265984de682a7e984e5d6c8b7b9b18aae4710ed.watermanpaint@gentoo> Subject: [gentoo-commits] repo/proj/guru:dev commit in: net-p2p/p2pool/ X-VCS-Repository: repo/proj/guru X-VCS-Files: net-p2p/p2pool/Manifest net-p2p/p2pool/p2pool-4.0.ebuild X-VCS-Directories: net-p2p/p2pool/ X-VCS-Committer: watermanpaint X-VCS-Committer-Name: Lucio Sauer X-VCS-Revision: 5265984de682a7e984e5d6c8b7b9b18aae4710ed X-VCS-Branch: dev Date: Tue, 13 Aug 2024 00:42:46 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 4ba71fbb-3363-46f7-af61-0ea5d6ad8961 X-Archives-Hash: 27e3a2980af46900ded9761b85b77b47 commit: 5265984de682a7e984e5d6c8b7b9b18aae4710ed Author: Lucio Sauer posteo net> AuthorDate: Mon Aug 5 13:11:23 2024 +0000 Commit: Lucio Sauer posteo net> CommitDate: Tue Aug 13 00:42:33 2024 +0000 URL: https://gitweb.gentoo.org/repo/proj/guru.git/commit/?id=5265984d net-p2p/p2pool: simplify verify-sig logic Signed-off-by: Lucio Sauer posteo.net> net-p2p/p2pool/Manifest | 2 +- net-p2p/p2pool/p2pool-4.0.ebuild | 52 +++++++++++----------------------------- 2 files changed, 15 insertions(+), 39 deletions(-) diff --git a/net-p2p/p2pool/Manifest b/net-p2p/p2pool/Manifest index 0e40af431..eb3221a12 100644 --- a/net-p2p/p2pool/Manifest +++ b/net-p2p/p2pool/Manifest @@ -1,2 +1,2 @@ DIST p2pool-4.0_shasums.asc 2038 BLAKE2B f8f20875a9fa4771753b1eade7c609be761f007ac32a0641109d87890bdd7f2123f11a203d56ffcca5b74b16667e0d8288479688938935434b86875c6c72959c SHA512 bf4a933a81ce9bd48bf293a26d3e4e75b82c67fcfd48d79c57dd86aaac2c2cd54def43b47b05222e0b93fd61623d2c116c403531500a93d45059bca4a0dd3cb4 -DIST p2pool-4.0_source.tar.xz 127772256 BLAKE2B 77de14bd19f43483fa7da0e65f8a27d5f6cf8c2daf5d8d5e07be373c752794bd35c421fd812b65328acd22004766ff235e9ad6e7e613d08ca3c27ac95153cbc3 SHA512 ea37993d13342b303902e6aa6acb090a908ba99ae304d9415480ff39a3647c84a963ab80b317c9c78a9f11631e0ca9547a08c6e0c23b83892037b63d4beef7a2 +DIST p2pool-4.0.tar.xz 127772256 BLAKE2B 77de14bd19f43483fa7da0e65f8a27d5f6cf8c2daf5d8d5e07be373c752794bd35c421fd812b65328acd22004766ff235e9ad6e7e613d08ca3c27ac95153cbc3 SHA512 ea37993d13342b303902e6aa6acb090a908ba99ae304d9415480ff39a3647c84a963ab80b317c9c78a9f11631e0ca9547a08c6e0c23b83892037b63d4beef7a2 diff --git a/net-p2p/p2pool/p2pool-4.0.ebuild b/net-p2p/p2pool/p2pool-4.0.ebuild index 5168a4e13..b4dbe4ef2 100644 --- a/net-p2p/p2pool/p2pool-4.0.ebuild +++ b/net-p2p/p2pool/p2pool-4.0.ebuild @@ -1,7 +1,6 @@ -# Copyright 2022 Gentoo Authors +# Copyright 2022-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -#TODO: verify hell script is safe #TODO: enable/fix GRPC dependency and add it as USE flag (https://github.com/SChernykh/p2pool/issues/313) EAPI=8 @@ -11,7 +10,7 @@ inherit cmake verify-sig DESCRIPTION="Decentralized pool for Monero mining" HOMEPAGE="https://p2pool.io" SRC_URI=" - https://github.com/SChernykh/p2pool/releases/download/v${PV}/p2pool_source.tar.xz -> ${P}_source.tar.xz + https://github.com/SChernykh/p2pool/releases/download/v${PV}/p2pool_source.tar.xz -> ${P}.tar.xz verify-sig? ( https://github.com/SChernykh/p2pool/releases/download/v${PV}/sha256sums.txt.asc -> ${P}_shasums.asc ) " @@ -27,44 +26,21 @@ BDEPEND=" verify-sig? ( sec-keys/openpgp-keys-schernykh ) " -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/SChernykh.asc - src_unpack() { if use verify-sig; then - #what we want to do is `verify-sig_verify_signed_checksums ${P}_shasums.asc sha512 p2pool_source.tar.xz` - verify-sig_verify_message "${DISTDIR}/${P}_shasums.asc" "${WORKDIR}/p2pool_shasums.txt" - - #start of hell script - hellscript_stage=0 - tr -d '\r' < p2pool_shasums.txt | while IFS='' read -r LINE; do - if [ "$hellscript_stage" -eq 0 ] && [ "$LINE" = "Name: p2pool_source.tar.xz" ]; then - hellscript_stage=1 - continue - fi - if [ "$hellscript_stage" -eq 1 ]; then - hellscript_sizestring="Size: $(cat ${DISTDIR}/${P}_source.tar.xz | wc -c) bytes" - if [ "${LINE:0:"${#hellscript_sizestring}"}" = "$hellscript_sizestring" ]; then - hellscript_stage=2 - continue - else - die - fi - fi - if [ "$hellscript_stage" -eq 2 ]; then - hellscript_shaprefix="SHA256: " - if [ "${LINE:0:"${#hellscript_shaprefix}"}" = "$hellscript_shaprefix" ]; then - echo "$(echo "${LINE:"${#hellscript_shaprefix}"}" | tr '[:upper:]' '[:lower:]') ${DISTDIR}/${P}_source.tar.xz" \ - > "${WORKDIR}/src_shasum.txt" - else - die - fi - break - fi - done - verify-sig_verify_unsigned_checksums "${WORKDIR}/src_shasum.txt" sha256 "${DISTDIR}/${P}_source.tar.xz" - #end of hell script + local VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/SChernykh.asc + pushd "${DISTDIR}" > /dev/null || die + verify-sig_verify_message ${P}_shasums.asc - | \ + tr \\r \\n | \ + tr '[:upper:]' '[:lower:]' | \ + sed -n '/p2pool_source/,$p' | \ + grep -m 1 sha256: | \ + sed "s/sha256: \(.*\)/\1 ${P}.tar.xz/" | \ + verify-sig_verify_unsigned_checksums - sha256 ${P}.tar.xz + assert + popd || die fi - unpack ${P}_source.tar.xz + unpack ${P}.tar.xz mv -T "${WORKDIR}"/${PN} "${WORKDIR}"/${P} || die } From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id D58D2159C9B for ; Tue, 13 Aug 2024 15:39:39 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id AEF15E2B9E; Tue, 13 Aug 2024 15:39:38 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 91C9CE2B9E for ; Tue, 13 Aug 2024 15:39:38 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id ADF82343092 for ; Tue, 13 Aug 2024 15:39:37 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 2F6DA1EEC for ; Tue, 13 Aug 2024 15:39:35 +0000 (UTC) From: "Lucio Sauer" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Lucio Sauer" Message-ID: <1723509753.5265984de682a7e984e5d6c8b7b9b18aae4710ed.watermanpaint@gentoo> Subject: [gentoo-commits] repo/proj/guru:master commit in: net-p2p/p2pool/ X-VCS-Repository: repo/proj/guru X-VCS-Files: net-p2p/p2pool/Manifest net-p2p/p2pool/p2pool-4.0.ebuild X-VCS-Directories: net-p2p/p2pool/ X-VCS-Committer: watermanpaint X-VCS-Committer-Name: Lucio Sauer X-VCS-Revision: 5265984de682a7e984e5d6c8b7b9b18aae4710ed X-VCS-Branch: master Date: Tue, 13 Aug 2024 15:39:35 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 9f12c9ea-c200-4c84-88d7-ffc88a7810bb X-Archives-Hash: 02a5dcb100b8bb53936a588b99bea935 Message-ID: <20240813153935.zCvWs4Sr9Pam6R3CDxJCAO38BkCCzGMmRO7O5Lc3WqM@z> commit: 5265984de682a7e984e5d6c8b7b9b18aae4710ed Author: Lucio Sauer posteo net> AuthorDate: Mon Aug 5 13:11:23 2024 +0000 Commit: Lucio Sauer posteo net> CommitDate: Tue Aug 13 00:42:33 2024 +0000 URL: https://gitweb.gentoo.org/repo/proj/guru.git/commit/?id=5265984d net-p2p/p2pool: simplify verify-sig logic Signed-off-by: Lucio Sauer posteo.net> net-p2p/p2pool/Manifest | 2 +- net-p2p/p2pool/p2pool-4.0.ebuild | 52 +++++++++++----------------------------- 2 files changed, 15 insertions(+), 39 deletions(-) diff --git a/net-p2p/p2pool/Manifest b/net-p2p/p2pool/Manifest index 0e40af431..eb3221a12 100644 --- a/net-p2p/p2pool/Manifest +++ b/net-p2p/p2pool/Manifest @@ -1,2 +1,2 @@ DIST p2pool-4.0_shasums.asc 2038 BLAKE2B f8f20875a9fa4771753b1eade7c609be761f007ac32a0641109d87890bdd7f2123f11a203d56ffcca5b74b16667e0d8288479688938935434b86875c6c72959c SHA512 bf4a933a81ce9bd48bf293a26d3e4e75b82c67fcfd48d79c57dd86aaac2c2cd54def43b47b05222e0b93fd61623d2c116c403531500a93d45059bca4a0dd3cb4 -DIST p2pool-4.0_source.tar.xz 127772256 BLAKE2B 77de14bd19f43483fa7da0e65f8a27d5f6cf8c2daf5d8d5e07be373c752794bd35c421fd812b65328acd22004766ff235e9ad6e7e613d08ca3c27ac95153cbc3 SHA512 ea37993d13342b303902e6aa6acb090a908ba99ae304d9415480ff39a3647c84a963ab80b317c9c78a9f11631e0ca9547a08c6e0c23b83892037b63d4beef7a2 +DIST p2pool-4.0.tar.xz 127772256 BLAKE2B 77de14bd19f43483fa7da0e65f8a27d5f6cf8c2daf5d8d5e07be373c752794bd35c421fd812b65328acd22004766ff235e9ad6e7e613d08ca3c27ac95153cbc3 SHA512 ea37993d13342b303902e6aa6acb090a908ba99ae304d9415480ff39a3647c84a963ab80b317c9c78a9f11631e0ca9547a08c6e0c23b83892037b63d4beef7a2 diff --git a/net-p2p/p2pool/p2pool-4.0.ebuild b/net-p2p/p2pool/p2pool-4.0.ebuild index 5168a4e13..b4dbe4ef2 100644 --- a/net-p2p/p2pool/p2pool-4.0.ebuild +++ b/net-p2p/p2pool/p2pool-4.0.ebuild @@ -1,7 +1,6 @@ -# Copyright 2022 Gentoo Authors +# Copyright 2022-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -#TODO: verify hell script is safe #TODO: enable/fix GRPC dependency and add it as USE flag (https://github.com/SChernykh/p2pool/issues/313) EAPI=8 @@ -11,7 +10,7 @@ inherit cmake verify-sig DESCRIPTION="Decentralized pool for Monero mining" HOMEPAGE="https://p2pool.io" SRC_URI=" - https://github.com/SChernykh/p2pool/releases/download/v${PV}/p2pool_source.tar.xz -> ${P}_source.tar.xz + https://github.com/SChernykh/p2pool/releases/download/v${PV}/p2pool_source.tar.xz -> ${P}.tar.xz verify-sig? ( https://github.com/SChernykh/p2pool/releases/download/v${PV}/sha256sums.txt.asc -> ${P}_shasums.asc ) " @@ -27,44 +26,21 @@ BDEPEND=" verify-sig? ( sec-keys/openpgp-keys-schernykh ) " -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/SChernykh.asc - src_unpack() { if use verify-sig; then - #what we want to do is `verify-sig_verify_signed_checksums ${P}_shasums.asc sha512 p2pool_source.tar.xz` - verify-sig_verify_message "${DISTDIR}/${P}_shasums.asc" "${WORKDIR}/p2pool_shasums.txt" - - #start of hell script - hellscript_stage=0 - tr -d '\r' < p2pool_shasums.txt | while IFS='' read -r LINE; do - if [ "$hellscript_stage" -eq 0 ] && [ "$LINE" = "Name: p2pool_source.tar.xz" ]; then - hellscript_stage=1 - continue - fi - if [ "$hellscript_stage" -eq 1 ]; then - hellscript_sizestring="Size: $(cat ${DISTDIR}/${P}_source.tar.xz | wc -c) bytes" - if [ "${LINE:0:"${#hellscript_sizestring}"}" = "$hellscript_sizestring" ]; then - hellscript_stage=2 - continue - else - die - fi - fi - if [ "$hellscript_stage" -eq 2 ]; then - hellscript_shaprefix="SHA256: " - if [ "${LINE:0:"${#hellscript_shaprefix}"}" = "$hellscript_shaprefix" ]; then - echo "$(echo "${LINE:"${#hellscript_shaprefix}"}" | tr '[:upper:]' '[:lower:]') ${DISTDIR}/${P}_source.tar.xz" \ - > "${WORKDIR}/src_shasum.txt" - else - die - fi - break - fi - done - verify-sig_verify_unsigned_checksums "${WORKDIR}/src_shasum.txt" sha256 "${DISTDIR}/${P}_source.tar.xz" - #end of hell script + local VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/SChernykh.asc + pushd "${DISTDIR}" > /dev/null || die + verify-sig_verify_message ${P}_shasums.asc - | \ + tr \\r \\n | \ + tr '[:upper:]' '[:lower:]' | \ + sed -n '/p2pool_source/,$p' | \ + grep -m 1 sha256: | \ + sed "s/sha256: \(.*\)/\1 ${P}.tar.xz/" | \ + verify-sig_verify_unsigned_checksums - sha256 ${P}.tar.xz + assert + popd || die fi - unpack ${P}_source.tar.xz + unpack ${P}.tar.xz mv -T "${WORKDIR}"/${PN} "${WORKDIR}"/${P} || die }