* [gentoo-dev] [PATCH 1/2] verify-sig.eclass: Use gemato openpgp-verify-detached
@ 2023-01-29 13:03 Michał Górny
2023-01-29 13:03 ` [gentoo-dev] [PATCH 2/2] verify-sig.eclass: Accept 1-out-of-n sigs on multisig files Michał Górny
0 siblings, 1 reply; 3+ messages in thread
From: Michał Górny @ 2023-01-29 13:03 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
eclass/verify-sig.eclass | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass
index 394ce2e44427..95e8b357893a 100644
--- a/eclass/verify-sig.eclass
+++ b/eclass/verify-sig.eclass
@@ -65,8 +65,9 @@ case ${VERIFY_SIG_METHOD} in
BDEPEND="
verify-sig? (
app-crypt/gnupg
- >=app-portage/gemato-16
- )"
+ >=app-portage/gemato-18.0
+ )
+ "
;;
signify)
BDEPEND="verify-sig? ( app-crypt/signify )"
@@ -144,8 +145,9 @@ verify-sig_verify_detached() {
# gpg can't handle very long TMPDIR
# https://bugs.gentoo.org/854492
local -x TMPDIR=/tmp
- gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \
- gpg --verify "${sig}" "${file}" ||
+ gemato openpgp-verify-detached -K "${key}" \
+ "${extra_args[@]}" \
+ "${sig}" "${file}" ||
die "PGP signature verification failed"
;;
signify)
--
2.39.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-dev] [PATCH 2/2] verify-sig.eclass: Accept 1-out-of-n sigs on multisig files
2023-01-29 13:03 [gentoo-dev] [PATCH 1/2] verify-sig.eclass: Use gemato openpgp-verify-detached Michał Górny
@ 2023-01-29 13:03 ` Michał Górny
0 siblings, 0 replies; 3+ messages in thread
From: Michał Górny @ 2023-01-29 13:03 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
If a distfile has multiple detached signatures, pass verification
if at least one of them can be verified rather than requiring all
of them. This is particularly helpful for upstreams where the whole
set of release keys is hard to come by.
Closes: https://bugs.gentoo.org/873211
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
eclass/verify-sig.eclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass
index 95e8b357893a..2c8311db49f9 100644
--- a/eclass/verify-sig.eclass
+++ b/eclass/verify-sig.eclass
@@ -146,7 +146,7 @@ verify-sig_verify_detached() {
# https://bugs.gentoo.org/854492
local -x TMPDIR=/tmp
gemato openpgp-verify-detached -K "${key}" \
- "${extra_args[@]}" \
+ "${extra_args[@]}" --no-require-all-good \
"${sig}" "${file}" ||
die "PGP signature verification failed"
;;
--
2.39.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-dev] [PATCH 2/2] verify-sig.eclass: Accept 1-out-of-n sigs on multisig files
2024-01-05 10:52 [gentoo-dev] [PATCH 1/2] verify-sig.eclass: Remove <dev-python/gemato-20 support Michał Górny
@ 2024-01-05 10:52 ` Michał Górny
0 siblings, 0 replies; 3+ messages in thread
From: Michał Górny @ 2024-01-05 10:52 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
If a distfile has multiple detached signatures, pass verification
if at least one of them can be verified rather than requiring all
of them. This is particularly helpful for upstreams where the whole
set of release keys is hard to come by.
Closes: https://bugs.gentoo.org/873211
Closes: https://github.com/gentoo/gentoo/pull/29224
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
eclass/verify-sig.eclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass
index 31e3cca09379..8b9e21b03e2f 100644
--- a/eclass/verify-sig.eclass
+++ b/eclass/verify-sig.eclass
@@ -160,7 +160,7 @@ verify-sig_verify_detached() {
# https://bugs.gentoo.org/854492
local -x TMPDIR=/tmp
gemato openpgp-verify-detached -K "${key}" \
- "${extra_args[@]}" \
+ "${extra_args[@]}" --no-require-all-good \
"${sig}" "${file}" ||
die "PGP signature verification failed"
;;
--
2.43.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-01-05 10:52 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-01-29 13:03 [gentoo-dev] [PATCH 1/2] verify-sig.eclass: Use gemato openpgp-verify-detached Michał Górny
2023-01-29 13:03 ` [gentoo-dev] [PATCH 2/2] verify-sig.eclass: Accept 1-out-of-n sigs on multisig files Michał Górny
-- strict thread matches above, loose matches on Subject: below --
2024-01-05 10:52 [gentoo-dev] [PATCH 1/2] verify-sig.eclass: Remove <dev-python/gemato-20 support Michał Górny
2024-01-05 10:52 ` [gentoo-dev] [PATCH 2/2] verify-sig.eclass: Accept 1-out-of-n sigs on multisig files Michał Górny
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox