[gentoo-commits] repo/gentoo:master commit in: dev-util/cmake/

Wed, 06 Apr 2022 20:38:10 -0700 

commit:     092db4b12b022b3de298b4f33233c448e412e16c
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Apr  7 03:30:16 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Apr  7 03:37:47 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=092db4b1

dev-util/cmake: add verify-sig

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-util/cmake/Manifest            |  2 ++
 dev-util/cmake/cmake-3.23.0.ebuild | 26 ++++++++++++++++++++++++++
 dev-util/cmake/cmake-9999.ebuild   | 26 ++++++++++++++++++++++++++
 3 files changed, 54 insertions(+)

diff --git a/dev-util/cmake/Manifest b/dev-util/cmake/Manifest
index 10e9e6b40b94..f5928f1d86b5 100644
--- a/dev-util/cmake/Manifest
+++ b/dev-util/cmake/Manifest
@@ -1,3 +1,5 @@
 DIST cmake-3.22.2.tar.gz 9779456 BLAKE2B 
5f1c76344fe2d6fba012b0d745dc990ec1ed4bf32c99beac1e538f4b83c1d695aee757d2780e635b67c0a185935a6a70b344a733259e3a91d01c4b83e94e2730
 SHA512 
86e95f9ce773bcc7513a1c3901561a1b09d06830936b8b1d44e075fe3bac55cfa636eccdedfa94a9939f5e12eb965224559fac30a17c64314ee023acb2a3e53f
 DIST cmake-3.22.3.tar.gz 9779118 BLAKE2B 
917b722701481cb87cc282a19083ec3299d845eeb633369bf29a961d1eef8a0f1157d0000866d983c4720a9b0524b81d647b5947a06281089a0a106146df2936
 SHA512 
a35003468153b99770ac6bbdeaa611a231a1104560da36aca0f393b8b71dbb44d854378504d2ec6b4af615f78efe18d91453fe15a1b7ec58129aa0289a5a1507
+DIST cmake-3.23.0-SHA-256.txt 1452 BLAKE2B 
5b57c57389ba203222297ae1fa9868062cea839707d8e14c020543e1997acd804e34d29f98848f3ef2a4c5a7fb8516f34d8544d7cfab8f90839611c62823902a
 SHA512 
77866404fb5ab0206bc527c74599c43e465e6d32cde3149ae2a82eadddc4bf3572f4b5ed06b38abd27162890ee47e9a2dac6e649b131dd0dd29047e1a300211a
+DIST cmake-3.23.0-SHA-256.txt.asc 833 BLAKE2B 
003db47ac8f5df3eabf06cb9a8d26c809fb43b2a1aca0510ae82a2d5db5514458cf578f42cc3885dbcb1fb68e1c5b679ea01af2a3111cf5280b588ea5640145b
 SHA512 
a42ff36ee4d93f005205fd105b999b6fbd3b8644eec7b0aa25d043b18bd4f0a249b48574f1114a532e4c43c5041e473209836a29364bee7e78e0a6dd3373dedb
 DIST cmake-3.23.0.tar.gz 9981221 BLAKE2B 
280b82af7bc345926f0e8cf47bfb5d6128b3807bed5f331e6a488c00ab72940b723d83638662f5a07367d4f651d7250a8f78abfadcc8c7c66bc2195171b9879b
 SHA512 
bcde8f2bf2fff6c4ab37a28c115b4b53d5fef0d4e38305420966cbd9f0026a4ffdcd4137f917a83458c1f380a137f7a7bd78f6fbd4d92fdcc5cf1dfbe4c02003

diff --git a/dev-util/cmake/cmake-3.23.0.ebuild 
b/dev-util/cmake/cmake-3.23.0.ebuild
index 402d531d597d..5f6e6cf173e7 100644
--- a/dev-util/cmake/cmake-3.23.0.ebuild
+++ b/dev-util/cmake/cmake-3.23.0.ebuild
@@ -21,6 +21,14 @@ if [[ ${PV} == 9999 ]] ; then
 else
        SRC_URI="https://cmake.org/files/v$(ver_cut 1-2)/${MY_P}.tar.gz"
        if [[ ${PV} != *_rc* ]] ; then
+               
VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/bradking.asc
+               inherit verify-sig
+
+               SRC_URI+=" verify-sig? (
+                       
https://github.com/Kitware/CMake/releases/download/v$(ver_cut 
1-3)/${MY_P}-SHA-256.txt
+                       
https://github.com/Kitware/CMake/releases/download/v$(ver_cut 
1-3)/${MY_P}-SHA-256.txt.asc
+               )"
+
                KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips 
~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos 
~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
        fi
 fi
@@ -100,6 +108,24 @@ cmake_src_bootstrap() {
                || die "Bootstrap failed"
 }
 
+src_unpack() {
+       if [[ ${PV} == 9999 ]] ; then
+               git-r3_src_unpack
+       elif ! use verify-sig || [[ ${PV} == *_rc ]] ; then
+               default
+       else
+               cd "${DISTDIR}" || die
+
+               # See 
https://mgorny.pl/articles/verify-sig-by-example.html#verifying-using-a-checksum-file-with-a-detached-signature
+               verify-sig_verify_detached ${MY_P}-SHA-256.txt{,.asc}
+               verify-sig_verify_unsigned_checksums ${MY_P}-SHA-256.txt sha256 
cmake-3.23.0.tar.gz
+
+               cd "${WORKDIR}" || die
+
+               default
+       fi
+}
+
 src_prepare() {
        cmake_src_prepare
 

diff --git a/dev-util/cmake/cmake-9999.ebuild b/dev-util/cmake/cmake-9999.ebuild
index 402d531d597d..5f6e6cf173e7 100644
--- a/dev-util/cmake/cmake-9999.ebuild
+++ b/dev-util/cmake/cmake-9999.ebuild
@@ -21,6 +21,14 @@ if [[ ${PV} == 9999 ]] ; then
 else
        SRC_URI="https://cmake.org/files/v$(ver_cut 1-2)/${MY_P}.tar.gz"
        if [[ ${PV} != *_rc* ]] ; then
+               
VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/bradking.asc
+               inherit verify-sig
+
+               SRC_URI+=" verify-sig? (
+                       
https://github.com/Kitware/CMake/releases/download/v$(ver_cut 
1-3)/${MY_P}-SHA-256.txt
+                       
https://github.com/Kitware/CMake/releases/download/v$(ver_cut 
1-3)/${MY_P}-SHA-256.txt.asc
+               )"
+
                KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips 
~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos 
~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
        fi
 fi
@@ -100,6 +108,24 @@ cmake_src_bootstrap() {
                || die "Bootstrap failed"
 }
 
+src_unpack() {
+       if [[ ${PV} == 9999 ]] ; then
+               git-r3_src_unpack
+       elif ! use verify-sig || [[ ${PV} == *_rc ]] ; then
+               default
+       else
+               cd "${DISTDIR}" || die
+
+               # See 
https://mgorny.pl/articles/verify-sig-by-example.html#verifying-using-a-checksum-file-with-a-detached-signature
+               verify-sig_verify_detached ${MY_P}-SHA-256.txt{,.asc}
+               verify-sig_verify_unsigned_checksums ${MY_P}-SHA-256.txt sha256 
cmake-3.23.0.tar.gz
+
+               cd "${WORKDIR}" || die
+
+               default
+       fi
+}
+
 src_prepare() {
        cmake_src_prepare

Reply via email to