From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id EF76715852A for ; Fri, 16 Aug 2024 01:50:16 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3C2E6E29E9; Fri, 16 Aug 2024 01:50:15 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 1A327E29E9 for ; Fri, 16 Aug 2024 01:50:15 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id ED5DE3430A5 for ; Fri, 16 Aug 2024 01:50:13 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 2A74D1EF3 for ; Fri, 16 Aug 2024 01:50:12 +0000 (UTC) From: "Lucio Sauer" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Lucio Sauer" Message-ID: <1723771949.1743d40a1f3911a846ab3ad69f339a05e7720902.watermanpaint@gentoo> Subject: [gentoo-commits] repo/proj/guru:dev commit in: net-p2p/p2pool/ X-VCS-Repository: repo/proj/guru X-VCS-Files: net-p2p/p2pool/Manifest net-p2p/p2pool/p2pool-4.1.ebuild X-VCS-Directories: net-p2p/p2pool/ X-VCS-Committer: watermanpaint X-VCS-Committer-Name: Lucio Sauer X-VCS-Revision: 1743d40a1f3911a846ab3ad69f339a05e7720902 X-VCS-Branch: dev Date: Fri, 16 Aug 2024 01:50:12 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 38f0782f-9011-452a-bc89-aaa0c9c1f2aa X-Archives-Hash: 42dc0c4476ebcc58ba4d1299a9f6cc5d commit: 1743d40a1f3911a846ab3ad69f339a05e7720902 Author: Lucio Sauer posteo net> AuthorDate: Fri Aug 16 01:31:33 2024 +0000 Commit: Lucio Sauer posteo net> CommitDate: Fri Aug 16 01:32:29 2024 +0000 URL: https://gitweb.gentoo.org/repo/proj/guru.git/commit/?id=1743d40a net-p2p/p2pool: reapply simplify verify-sig logic (5265984de) Signed-off-by: Lucio Sauer posteo.net> net-p2p/p2pool/Manifest | 2 +- net-p2p/p2pool/p2pool-4.1.ebuild | 52 +++++++++++----------------------------- 2 files changed, 15 insertions(+), 39 deletions(-) diff --git a/net-p2p/p2pool/Manifest b/net-p2p/p2pool/Manifest index d10a9a7b0..6214cb820 100644 --- a/net-p2p/p2pool/Manifest +++ b/net-p2p/p2pool/Manifest @@ -1,4 +1,4 @@ DIST p2pool-4.0.tar.xz 127772256 BLAKE2B 77de14bd19f43483fa7da0e65f8a27d5f6cf8c2daf5d8d5e07be373c752794bd35c421fd812b65328acd22004766ff235e9ad6e7e613d08ca3c27ac95153cbc3 SHA512 ea37993d13342b303902e6aa6acb090a908ba99ae304d9415480ff39a3647c84a963ab80b317c9c78a9f11631e0ca9547a08c6e0c23b83892037b63d4beef7a2 +DIST p2pool-4.1.tar.xz 127754740 BLAKE2B 6d46920d5fe116f65950bb9dd2fee7feed45f911817302a6c5047602431febac1abacd508fa6f64a84303014212426994a64a26db124501127aee5aed5da1825 SHA512 c0d90fa6b1390a9e0744772b574ab48f78a95980a263d03970adcf51bf7abdf40cefdcafb95daca16c004674b593647f48960bfc8c2630f4852d1c0a9c3b0bb0 DIST p2pool-4.0_shasums.asc 2038 BLAKE2B f8f20875a9fa4771753b1eade7c609be761f007ac32a0641109d87890bdd7f2123f11a203d56ffcca5b74b16667e0d8288479688938935434b86875c6c72959c SHA512 bf4a933a81ce9bd48bf293a26d3e4e75b82c67fcfd48d79c57dd86aaac2c2cd54def43b47b05222e0b93fd61623d2c116c403531500a93d45059bca4a0dd3cb4 DIST p2pool-4.1_shasums.asc 2007 BLAKE2B 29dfa3e0620f1ce88ed4a0dcad45f0d5b0eb00d2dd063fe83feb9d027e8e58b6e15cdc9244832a9d6f406a3ee3c8fe2b710554336b93d5af71d17b17acd3b0f5 SHA512 a17784e5ec3d181c0218016c2bb69b5b467f33eac3dea0a31e146703b02d6de202bc6f6628abda439aa9846b7e86773d0ae1440453d0a9a5532a097ad5d974f8 -DIST p2pool-4.1_source.tar.xz 127754740 BLAKE2B 6d46920d5fe116f65950bb9dd2fee7feed45f911817302a6c5047602431febac1abacd508fa6f64a84303014212426994a64a26db124501127aee5aed5da1825 SHA512 c0d90fa6b1390a9e0744772b574ab48f78a95980a263d03970adcf51bf7abdf40cefdcafb95daca16c004674b593647f48960bfc8c2630f4852d1c0a9c3b0bb0 diff --git a/net-p2p/p2pool/p2pool-4.1.ebuild b/net-p2p/p2pool/p2pool-4.1.ebuild index fd912d246..0b1c5ce15 100644 --- a/net-p2p/p2pool/p2pool-4.1.ebuild +++ b/net-p2p/p2pool/p2pool-4.1.ebuild @@ -1,7 +1,6 @@ -# Copyright 2022 Gentoo Authors +# Copyright 2022-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -#TODO: verify hell script is safe #TODO: enable/fix GRPC dependency and add it as USE flag (https://github.com/SChernykh/p2pool/issues/313) EAPI=8 @@ -11,7 +10,7 @@ inherit cmake verify-sig DESCRIPTION="Decentralized pool for Monero mining" HOMEPAGE="https://p2pool.io" SRC_URI=" - https://github.com/SChernykh/p2pool/releases/download/v${PV}/p2pool_source.tar.xz -> ${P}_source.tar.xz + https://github.com/SChernykh/p2pool/releases/download/v${PV}/p2pool_source.tar.xz -> ${P}.tar.xz verify-sig? ( https://github.com/SChernykh/p2pool/releases/download/v${PV}/sha256sums.txt.asc -> ${P}_shasums.asc ) " @@ -28,44 +27,21 @@ BDEPEND=" verify-sig? ( sec-keys/openpgp-keys-schernykh ) " -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/SChernykh.asc - src_unpack() { if use verify-sig; then - #what we want to do is `verify-sig_verify_signed_checksums ${P}_shasums.asc sha512 p2pool_source.tar.xz` - verify-sig_verify_message "${DISTDIR}/${P}_shasums.asc" "${WORKDIR}/p2pool_shasums.txt" - - #start of hell script - hellscript_stage=0 - tr -d '\r' < p2pool_shasums.txt | while IFS='' read -r LINE; do - if [ "$hellscript_stage" -eq 0 ] && [ "$LINE" = "Name: p2pool_source.tar.xz" ]; then - hellscript_stage=1 - continue - fi - if [ "$hellscript_stage" -eq 1 ]; then - hellscript_sizestring="Size: $(cat ${DISTDIR}/${P}_source.tar.xz | wc -c) bytes" - if [ "${LINE:0:"${#hellscript_sizestring}"}" = "$hellscript_sizestring" ]; then - hellscript_stage=2 - continue - else - die - fi - fi - if [ "$hellscript_stage" -eq 2 ]; then - hellscript_shaprefix="SHA256: " - if [ "${LINE:0:"${#hellscript_shaprefix}"}" = "$hellscript_shaprefix" ]; then - echo "$(echo "${LINE:"${#hellscript_shaprefix}"}" | tr '[:upper:]' '[:lower:]') ${DISTDIR}/${P}_source.tar.xz" \ - > "${WORKDIR}/src_shasum.txt" - else - die - fi - break - fi - done - verify-sig_verify_unsigned_checksums "${WORKDIR}/src_shasum.txt" sha256 "${DISTDIR}/${P}_source.tar.xz" - #end of hell script + local VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/SChernykh.asc + pushd "${DISTDIR}" > /dev/null || die + verify-sig_verify_message ${P}_shasums.asc - | \ + tr \\r \\n | \ + tr '[:upper:]' '[:lower:]' | \ + sed -n '/p2pool_source/,$p' | \ + grep -m 1 sha256: | \ + sed "s/sha256: \(.*\)/\1 ${P}.tar.xz/" | \ + verify-sig_verify_unsigned_checksums - sha256 ${P}.tar.xz + assert + popd || die fi - unpack ${P}_source.tar.xz + unpack ${P}.tar.xz mv -T "${WORKDIR}"/${PN} "${WORKDIR}"/${P} || die }