From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1672085-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 763D8158083
	for <garchives@archives.gentoo.org>; Fri, 20 Sep 2024 09:43:39 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 5B1A6E29A4;
	Fri, 20 Sep 2024 09:43:38 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 40CE3E29A4
	for <gentoo-commits@lists.gentoo.org>; Fri, 20 Sep 2024 09:43:38 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 5AB9E3431D7
	for <gentoo-commits@lists.gentoo.org>; Fri, 20 Sep 2024 09:43:37 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 7FE73EAF
	for <gentoo-commits@lists.gentoo.org>; Fri, 20 Sep 2024 09:43:35 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1726825386.f93db2b73aa60f6fe6fa47014c0f0cddbb5c7d90.sam@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: sec-keys/openpgp-keys-openssl/
X-VCS-Repository: repo/gentoo
X-VCS-Files: sec-keys/openpgp-keys-openssl/Manifest sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20240920.ebuild
X-VCS-Directories: sec-keys/openpgp-keys-openssl/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: f93db2b73aa60f6fe6fa47014c0f0cddbb5c7d90
X-VCS-Branch: master
Date: Fri, 20 Sep 2024 09:43:35 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: a0c1d23d-52d8-40da-8457-9e7325f9d6d7
X-Archives-Hash: 6398251ba82c53b00746a4482008f130

commit:     f93db2b73aa60f6fe6fa47014c0f0cddbb5c7d90
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 20 08:49:02 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Sep 20 09:43:06 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f93db2b7

sec-keys/openpgp-keys-openssl: add 20240920

With the big rework upstream mentioned in 03960013634a39f41a1e0fdc7daabf29a6f4e5b5,
they seem to have changed their signing setup again.

Per https://openssl-library.org/source/, we now have:
"""
PGP keys for the signatures of old releases are available from the OTC page
and can also be signed with a key with the fingerprint:
EFC0 A467 D613 CB83 C7ED 6D30 D894 E2CE 8B3D 79F5.

The current releases are signed by the OpenSSL key with fingerprint
BA54 73A2 B058 7B07 FB27 CF2D 2160 94DF D0CB 81EF.
"""

We keep the older keys in this package's keyring for now to allow
older versions of openssl to be verified rather than having
awkward deps.

Bug: https://bugs.gentoo.org/939110
Signed-off-by: Sam James <sam <AT> gentoo.org>

 sec-keys/openpgp-keys-openssl/Manifest             |  1 +
 .../openpgp-keys-openssl-20240920.ebuild           | 65 ++++++++++++++++++++++
 2 files changed, 66 insertions(+)

diff --git a/sec-keys/openpgp-keys-openssl/Manifest b/sec-keys/openpgp-keys-openssl/Manifest
index f2bcbb49c70a..03682613fa24 100644
--- a/sec-keys/openpgp-keys-openssl/Manifest
+++ b/sec-keys/openpgp-keys-openssl/Manifest
@@ -30,3 +30,4 @@ DIST openssl-keys-20240424-A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C.asc 5194 BLA
 DIST openssl-keys-20240424-B7C1C14360F353A36862E4D5231C84CDDCC69C45.asc 2249 BLAKE2B a9913d00635a73636dae7ea30bf16ade55a8f56d6fa3a804ebaf736705cfb3628b4838289c9b9847d1809da94dd4c9c23d01fe0521701dd164ff5036cfa78ec3 SHA512 c7927ff7643ac4aa12f516103d76af4c56e25f3d3a3d4064ec5d11f30d9447899b18c22cfb7217488b2e5b912220269e78668655343db52f486d29788e4759fc
 DIST openssl-keys-20240424-E5E52560DD91C556DDBDA5D02064C53641C25E5D.asc 6131 BLAKE2B 36e076cb5ab722c5efe378fc70a9109c30db12bf59af3634af0b7df1cc6beaec8d1fdf5099ffbfb66ce59d51581009ed59278336238755122ba5126cf1b191e5 SHA512 ee72fff17111f437b372b0bbfaa851075125da524a8d0f861232fe9bec2da0c0933c4d0ab3fa9ad1aa9015f9ae302773d0f5eb25bea270f0a5884f0d5b9b6fc1
 DIST openssl-keys-20240424-EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5.asc 4216 BLAKE2B c32204394c4e1240fd53197100429abf51600e71fc0e979c43a7c1f99212d4200d1df7408f08c514aed014162fb1e4bbedbf4b7cd69a80a0ca3b814da98843b3 SHA512 ad0e2a6ea817ed6ae18988bc0216bafe35fb817807c6d507efcfb957b0df238f0b326d63c5c494c9a26ce64408f81f2e021b009bc7729dc213e691b72ac31c41
+DIST openssl-keys-20240920-BA5473A2B0587B07FB27CF2D216094DFD0CB81EF.asc 1747 BLAKE2B e79fd1c91a737e0835e27a49b17dffbb16f96c41a1ad5d4b5e7ffe0d1ea24648f0d17a8cc4eab19a89ea37cc1053611515bcae2d33dd3b1b6f186b61337c90bc SHA512 00012ef3d08dfc56f1f57094cf3202bb71d7518252557049ac78b6933237d05fb0f66d754205583d0569465c55b05310bdcf00182cfa843c6b0b14e5354ca1e0

diff --git a/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20240920.ebuild b/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20240920.ebuild
new file mode 100644
index 000000000000..6ff1445c4b76
--- /dev/null
+++ b/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20240920.ebuild
@@ -0,0 +1,65 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DESCRIPTION="OpenPGP keys used by OpenSSL"
+HOMEPAGE="https://www.openssl.org/"
+
+OSSL_FINGERPRINTS=(
+	# OpenSSL <openssl@openssl.org>
+	# See https://openssl-library.org/source/
+	BA5473A2B0587B07FB27CF2D216094DFD0CB81EF
+)
+
+# We keep older keys here for now to allow verifying older & newer
+# releases with the same keyring package. We'll drop them eventually.
+#
+# https://github.com/openssl/openssl/issues/19566
+# https://github.com/openssl/openssl/issues/19567
+OSSL_OLD_FINGERPRINTS=(
+	# Matt Caswell <matt@openssl.org>
+	5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33
+
+	# Paul Dale <pauli@openssl.org>
+	8657ABB260F056B1E5190839D9C4D26D0E604491
+
+	# Tim Hudson <tjh@openssl.org>
+	B7C1C14360F353A36862E4D5231C84CDDCC69C45
+
+	# Hugo Landau <hlandau@openssl.org>
+	95A9908DDFA16830BE9FB9003D30A3A9FF1360DC
+
+	# Tomas Mraz <tomas@openssl.org>
+	A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C
+
+	# Richard Levitte <levitte@openssl.org>
+	7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C
+
+	# Kurt Roeckx <kurt@openssl.org>
+	E5E52560DD91C556DDBDA5D02064C53641C25E5D
+
+	# OpenSSL OMC (see https://github.com/openssl/openssl/commit/f925bfebbb287321133b9251e72bee869a0f58b4)
+	EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5
+)
+
+ossl_key=
+for ossl_key in "${OSSL_FINGERPRINTS[@]}" ; do
+	SRC_URI+=" https://keys.openpgp.org/vks/v1/by-fingerprint/${ossl_key} -> openssl-keys-${PV}-${ossl_key}.asc"
+done
+for ossl_key in "${OSSL_OLD_FINGERPRINTS[@]}" ; do
+	SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/openssl-keys-20240424-${ossl_key}.asc"
+done
+unset ossl_key
+
+S="${WORKDIR}"
+
+LICENSE="public-domain"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
+
+src_install() {
+	local files=( ${A} )
+	insinto /usr/share/openpgp-keys
+	newins - openssl.org.asc < <(cat "${files[@]/#/${DISTDIR}/}" || die)
+}