From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 940CC158089 for ; Fri, 15 Sep 2023 03:16:18 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4E51C2BC020; Fri, 15 Sep 2023 03:16:14 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 16D9D2BC017 for ; Fri, 15 Sep 2023 03:16:14 +0000 (UTC) From: Sam James To: gentoo-dev@lists.gentoo.org Cc: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= , Sam James Subject: [gentoo-dev] [PATCH 1/3] verify-sig.eclass: minisig support Date: Fri, 15 Sep 2023 04:15:50 +0100 Message-ID: <20230915031555.754545-1-sam@gentoo.org> X-Mailer: git-send-email 2.42.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Archives-Salt: 3fe8b583-062b-4cfc-933e-6e803865d72c X-Archives-Hash: ec172c75b1b2758a1ea79a2f783cebfb Closes: https://bugs.gentoo.org/783066 Signed-off-by: Sam James --- eclass/verify-sig.eclass | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass index 49557b633c87f..bb847bb80cc64 100644 --- a/eclass/verify-sig.eclass +++ b/eclass/verify-sig.eclass @@ -55,17 +55,22 @@ IUSE="verify-sig" # @DESCRIPTION: # Signature verification method to use. The allowed value are: # +# - minisig -- verify signatures with (base64) Ed25519 public key using app-crypt/minisign # - openpgp -- verify PGP signatures using app-crypt/gnupg (the default) # - signify -- verify signatures with Ed25519 public key using app-crypt/signify : "${VERIFY_SIG_METHOD:=openpgp}" case ${VERIFY_SIG_METHOD} in + minisig) + BDEPEND="verify-sig? ( app-crypt/minisign )" + ;; openpgp) BDEPEND=" verify-sig? ( app-crypt/gnupg >=app-portage/gemato-16 - )" + ) + " ;; signify) BDEPEND="verify-sig? ( app-crypt/signify )" @@ -139,6 +144,10 @@ verify-sig_verify_detached() { [[ ${file} == - ]] && filename='(stdin)' einfo "Verifying ${filename} ..." case ${VERIFY_SIG_METHOD} in + minisig) + minisign -V -P "$(<"${key}")" -x "${sig}" -m "${file}" || + die "minisig signature verification failed" + ;; openpgp) # gpg can't handle very long TMPDIR # https://bugs.gentoo.org/854492 @@ -198,6 +207,10 @@ verify-sig_verify_message() { [[ ${file} == - ]] && filename='(stdin)' einfo "Verifying ${filename} ..." case ${VERIFY_SIG_METHOD} in + minisig) + minisign -V -P "$(<"${key}")" -x "${sig}" -o "${output_file}" -m "${file}" || + die "minisig signature verification failed" + ;; openpgp) # gpg can't handle very long TMPDIR # https://bugs.gentoo.org/854492 @@ -356,7 +369,7 @@ verify-sig_src_unpack() { # find all distfiles and signatures, and combine them for f in ${A}; do found= - for suffix in .asc .sig; do + for suffix in .asc .sig .minisig; do if [[ ${f} == *${suffix} ]]; then signatures+=( "${f}" ) found=sig -- 2.42.0