* [gentoo-dev] [PATCH 1/3] verify-sig.eclass: minisig support
@ 2023-09-15 3:15 Sam James
2023-09-15 3:15 ` [gentoo-dev] [PATCH 2/3] sec-keys/minisig-keys-libsodium: new package, add 20230914 Sam James
2023-09-15 3:15 ` [gentoo-dev] [PATCH 3/3] dev-libs/libsodium: use new verify-sig minisign support Sam James
0 siblings, 2 replies; 3+ messages in thread
From: Sam James @ 2023-09-15 3:15 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny, Sam James
Closes: https://bugs.gentoo.org/783066
Signed-off-by: Sam James <sam@gentoo.org>
---
eclass/verify-sig.eclass | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass
index 49557b633c87f..bb847bb80cc64 100644
--- a/eclass/verify-sig.eclass
+++ b/eclass/verify-sig.eclass
@@ -55,17 +55,22 @@ IUSE="verify-sig"
# @DESCRIPTION:
# Signature verification method to use. The allowed value are:
#
+# - minisig -- verify signatures with (base64) Ed25519 public key using app-crypt/minisign
# - openpgp -- verify PGP signatures using app-crypt/gnupg (the default)
# - signify -- verify signatures with Ed25519 public key using app-crypt/signify
: "${VERIFY_SIG_METHOD:=openpgp}"
case ${VERIFY_SIG_METHOD} in
+ minisig)
+ BDEPEND="verify-sig? ( app-crypt/minisign )"
+ ;;
openpgp)
BDEPEND="
verify-sig? (
app-crypt/gnupg
>=app-portage/gemato-16
- )"
+ )
+ "
;;
signify)
BDEPEND="verify-sig? ( app-crypt/signify )"
@@ -139,6 +144,10 @@ verify-sig_verify_detached() {
[[ ${file} == - ]] && filename='(stdin)'
einfo "Verifying ${filename} ..."
case ${VERIFY_SIG_METHOD} in
+ minisig)
+ minisign -V -P "$(<"${key}")" -x "${sig}" -m "${file}" ||
+ die "minisig signature verification failed"
+ ;;
openpgp)
# gpg can't handle very long TMPDIR
# https://bugs.gentoo.org/854492
@@ -198,6 +207,10 @@ verify-sig_verify_message() {
[[ ${file} == - ]] && filename='(stdin)'
einfo "Verifying ${filename} ..."
case ${VERIFY_SIG_METHOD} in
+ minisig)
+ minisign -V -P "$(<"${key}")" -x "${sig}" -o "${output_file}" -m "${file}" ||
+ die "minisig signature verification failed"
+ ;;
openpgp)
# gpg can't handle very long TMPDIR
# https://bugs.gentoo.org/854492
@@ -356,7 +369,7 @@ verify-sig_src_unpack() {
# find all distfiles and signatures, and combine them
for f in ${A}; do
found=
- for suffix in .asc .sig; do
+ for suffix in .asc .sig .minisig; do
if [[ ${f} == *${suffix} ]]; then
signatures+=( "${f}" )
found=sig
--
2.42.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-dev] [PATCH 2/3] sec-keys/minisig-keys-libsodium: new package, add 20230914
2023-09-15 3:15 [gentoo-dev] [PATCH 1/3] verify-sig.eclass: minisig support Sam James
@ 2023-09-15 3:15 ` Sam James
2023-09-15 3:15 ` [gentoo-dev] [PATCH 3/3] dev-libs/libsodium: use new verify-sig minisign support Sam James
1 sibling, 0 replies; 3+ messages in thread
From: Sam James @ 2023-09-15 3:15 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny, Sam James
Signed-off-by: Sam James <sam@gentoo.org>
---
.../metadata.xml | 0
.../minisig-keys-libsodium-20230914.ebuild} | 11 +++++------
2 files changed, 5 insertions(+), 6 deletions(-)
copy sec-keys/{openpgp-keys-adamspiers => minisig-keys-libsodium}/metadata.xml (100%)
copy sec-keys/{openpgp-keys-karelzak/openpgp-keys-karelzak-20230517.ebuild => minisig-keys-libsodium/minisig-keys-libsodium-20230914.ebuild} (51%)
diff --git a/sec-keys/openpgp-keys-adamspiers/metadata.xml b/sec-keys/minisig-keys-libsodium/metadata.xml
similarity index 100%
copy from sec-keys/openpgp-keys-adamspiers/metadata.xml
copy to sec-keys/minisig-keys-libsodium/metadata.xml
diff --git a/sec-keys/openpgp-keys-karelzak/openpgp-keys-karelzak-20230517.ebuild b/sec-keys/minisig-keys-libsodium/minisig-keys-libsodium-20230914.ebuild
similarity index 51%
copy from sec-keys/openpgp-keys-karelzak/openpgp-keys-karelzak-20230517.ebuild
copy to sec-keys/minisig-keys-libsodium/minisig-keys-libsodium-20230914.ebuild
index 524e114f27746..27bc79712eae6 100644
--- a/sec-keys/openpgp-keys-karelzak/openpgp-keys-karelzak-20230517.ebuild
+++ b/sec-keys/minisig-keys-libsodium/minisig-keys-libsodium-20230914.ebuild
@@ -3,10 +3,8 @@
EAPI=8
-DESCRIPTION="OpenPGP keys used by Karel Zak"
-HOMEPAGE="https://kzak.redcrew.org/doku.php?id=me"
-# Grabbed from HOMEPAGE but it's HTML
-SRC_URI="https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}.asc"
+DESCRIPTION="OpenPGP keys used for libsodium"
+HOMEPAGE="https://doc.libsodium.org/installation#integrity-checking"
S="${WORKDIR}"
LICENSE="public-domain"
@@ -14,7 +12,8 @@ SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
src_install() {
- local files=( ${A} )
insinto /usr/share/openpgp-keys
- newins - karelzak.asc < <(cat "${files[@]/#/${DISTDIR}/}" || die)
+ newins - libsodium.minisig <<-EOF
+ RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3
+ EOF
}
--
2.42.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-dev] [PATCH 3/3] dev-libs/libsodium: use new verify-sig minisign support
2023-09-15 3:15 [gentoo-dev] [PATCH 1/3] verify-sig.eclass: minisig support Sam James
2023-09-15 3:15 ` [gentoo-dev] [PATCH 2/3] sec-keys/minisig-keys-libsodium: new package, add 20230914 Sam James
@ 2023-09-15 3:15 ` Sam James
1 sibling, 0 replies; 3+ messages in thread
From: Sam James @ 2023-09-15 3:15 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny, Sam James
Closes: https://bugs.gentoo.org/783066
Signed-off-by: Sam James <sam@gentoo.org>
---
dev-libs/libsodium/libsodium-1.0.19-r1.ebuild | 20 +++----------------
1 file changed, 3 insertions(+), 17 deletions(-)
diff --git a/dev-libs/libsodium/libsodium-1.0.19-r1.ebuild b/dev-libs/libsodium/libsodium-1.0.19-r1.ebuild
index cb3ef0373a0fa..d175a5ffc7f5a 100644
--- a/dev-libs/libsodium/libsodium-1.0.19-r1.ebuild
+++ b/dev-libs/libsodium/libsodium-1.0.19-r1.ebuild
@@ -3,7 +3,9 @@
EAPI=8
-inherit autotools multilib-minimal
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/libsodium.key
+VERIFY_SIG_METHOD=minisig
+inherit autotools multilib-minimal verify-sig
DESCRIPTION="Portable fork of NaCl, a higher-level cryptographic library"
HOMEPAGE="https://libsodium.org"
@@ -41,22 +43,6 @@ PATCHES=(
"${FILESDIR}"/${PN}-1.0.10-cpuflags.patch
)
-src_unpack() {
- # TODO: Could verify-sig.eclass support minisig? bug #783066
- MINISIGN_KEY="RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"
-
- if use verify-sig ; then
- ebegin "Verifying signature using app-crypt/minisign"
- minisign -V \
- -P ${MINISIGN_KEY} \
- -x "${DISTDIR}"/${P}.tar.gz.minisig \
- -m "${DISTDIR}"/${P}.tar.gz
- eend $? || die "Failed to verify distfile using minisign!"
- fi
-
- default
-}
-
src_prepare() {
default
--
2.42.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-09-15 3:16 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-09-15 3:15 [gentoo-dev] [PATCH 1/3] verify-sig.eclass: minisig support Sam James
2023-09-15 3:15 ` [gentoo-dev] [PATCH 2/3] sec-keys/minisig-keys-libsodium: new package, add 20230914 Sam James
2023-09-15 3:15 ` [gentoo-dev] [PATCH 3/3] dev-libs/libsodium: use new verify-sig minisign support Sam James
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox