* [gentoo-dev] [PATCH v2] verify-sig.eclass: Use gemato openpgp-verify-detached w/ 20.0+
@ 2023-03-08 16:33 Michał Górny
2023-03-08 22:54 ` Sam James
0 siblings, 1 reply; 3+ messages in thread
From: Michał Górny @ 2023-03-08 16:33 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
Use openpgp-verify-detached when app-portage/gemato-20.0 is installed.
This lets us test the new code paths on ~arch with minimal risk
of breakage on stable.
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
eclass/verify-sig.eclass | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
This is roughly the same patch that I've sent before, except that now
it features a has_version condition to restrict the changes to ~arch
gemato version.
diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass
index 91433bf53453..f67a3b10a0bf 100644
--- a/eclass/verify-sig.eclass
+++ b/eclass/verify-sig.eclass
@@ -144,9 +144,16 @@ verify-sig_verify_detached() {
# gpg can't handle very long TMPDIR
# https://bugs.gentoo.org/854492
local -x TMPDIR=/tmp
- gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \
- gpg --verify "${sig}" "${file}" ||
- die "PGP signature verification failed"
+ if has_version -b ">=app-portage/gemato-20"; then
+ gemato openpgp-verify-detached -K "${key}" \
+ "${extra_args[@]}" \
+ "${sig}" "${file}" ||
+ die "PGP signature verification failed"
+ else
+ gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \
+ gpg --verify "${sig}" "${file}" ||
+ die "PGP signature verification failed"
+ fi
;;
signify)
signify -V -p "${key}" -m "${file}" -x "${sig}" ||
--
2.39.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [gentoo-dev] [PATCH v2] verify-sig.eclass: Use gemato openpgp-verify-detached w/ 20.0+
2023-03-08 16:33 [gentoo-dev] [PATCH v2] verify-sig.eclass: Use gemato openpgp-verify-detached w/ 20.0+ Michał Górny
@ 2023-03-08 22:54 ` Sam James
2023-03-09 5:56 ` Michał Górny
0 siblings, 1 reply; 3+ messages in thread
From: Sam James @ 2023-03-08 22:54 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 1196 bytes --]
On Wed, 8 Mar 2023 17:33:24 +0100
Michał Górny <mgorny@gentoo.org> wrote:
> Use openpgp-verify-detached when app-portage/gemato-20.0 is installed.
> This lets us test the new code paths on ~arch with minimal risk
> of breakage on stable.
>
> Signed-off-by: Michał Górny <mgorny@gentoo.org>
> ---
> eclass/verify-sig.eclass | 13 ++++++++++---
> 1 file changed, 10 insertions(+), 3 deletions(-)
>
> This is roughly the same patch that I've sent before, except that now
> it features a has_version condition to restrict the changes to ~arch
> gemato version.
>
> diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass
> index 91433bf53453..f67a3b10a0bf 100644
> --- a/eclass/verify-sig.eclass
> +++ b/eclass/verify-sig.eclass
> @@ -144,9 +144,16 @@ verify-sig_verify_detached() {
> # gpg can't handle very long TMPDIR
> # https://bugs.gentoo.org/854492
> local -x TMPDIR=/tmp
> - gemato gpg-wrap -K "${key}"
> "${extra_args[@]}" -- \
> - gpg --verify "${sig}" "${file}" ||
> - die "PGP signature verification
> failed"
> + if has_version -b ">=app-portage/gemato-20";
Do we want to log when taking this path temporarily?
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 358 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [gentoo-dev] [PATCH v2] verify-sig.eclass: Use gemato openpgp-verify-detached w/ 20.0+
2023-03-08 22:54 ` Sam James
@ 2023-03-09 5:56 ` Michał Górny
0 siblings, 0 replies; 3+ messages in thread
From: Michał Górny @ 2023-03-09 5:56 UTC (permalink / raw
To: gentoo-dev
On Wed, 2023-03-08 at 22:54 +0000, Sam James wrote:
> On Wed, 8 Mar 2023 17:33:24 +0100
> Michał Górny <mgorny@gentoo.org> wrote:
>
> > Use openpgp-verify-detached when app-portage/gemato-20.0 is installed.
> > This lets us test the new code paths on ~arch with minimal risk
> > of breakage on stable.
> >
> > Signed-off-by: Michał Górny <mgorny@gentoo.org>
> > ---
> > eclass/verify-sig.eclass | 13 ++++++++++---
> > 1 file changed, 10 insertions(+), 3 deletions(-)
> >
> > This is roughly the same patch that I've sent before, except that now
> > it features a has_version condition to restrict the changes to ~arch
> > gemato version.
> >
> > diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass
> > index 91433bf53453..f67a3b10a0bf 100644
> > --- a/eclass/verify-sig.eclass
> > +++ b/eclass/verify-sig.eclass
> > @@ -144,9 +144,16 @@ verify-sig_verify_detached() {
> > # gpg can't handle very long TMPDIR
> > # https://bugs.gentoo.org/854492
> > local -x TMPDIR=/tmp
> > - gemato gpg-wrap -K "${key}"
> > "${extra_args[@]}" -- \
> > - gpg --verify "${sig}" "${file}" ||
> > - die "PGP signature verification
> > failed"
> > + if has_version -b ">=app-portage/gemato-20";
>
> Do we want to log when taking this path temporarily?
>
I don't think it's necessary, the output is clearly distinguishable.
--
Best regards,
Michał Górny
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-03-09 5:56 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-03-08 16:33 [gentoo-dev] [PATCH v2] verify-sig.eclass: Use gemato openpgp-verify-detached w/ 20.0+ Michał Górny
2023-03-08 22:54 ` Sam James
2023-03-09 5:56 ` Michał Górny
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox