commit: 092db4b12b022b3de298b4f33233c448e412e16c Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Thu Apr 7 03:30:16 2022 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Thu Apr 7 03:37:47 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=092db4b1
dev-util/cmake: add verify-sig Signed-off-by: Sam James <sam <AT> gentoo.org> dev-util/cmake/Manifest | 2 ++ dev-util/cmake/cmake-3.23.0.ebuild | 26 ++++++++++++++++++++++++++ dev-util/cmake/cmake-9999.ebuild | 26 ++++++++++++++++++++++++++ 3 files changed, 54 insertions(+) diff --git a/dev-util/cmake/Manifest b/dev-util/cmake/Manifest index 10e9e6b40b94..f5928f1d86b5 100644 --- a/dev-util/cmake/Manifest +++ b/dev-util/cmake/Manifest @@ -1,3 +1,5 @@ DIST cmake-3.22.2.tar.gz 9779456 BLAKE2B 5f1c76344fe2d6fba012b0d745dc990ec1ed4bf32c99beac1e538f4b83c1d695aee757d2780e635b67c0a185935a6a70b344a733259e3a91d01c4b83e94e2730 SHA512 86e95f9ce773bcc7513a1c3901561a1b09d06830936b8b1d44e075fe3bac55cfa636eccdedfa94a9939f5e12eb965224559fac30a17c64314ee023acb2a3e53f DIST cmake-3.22.3.tar.gz 9779118 BLAKE2B 917b722701481cb87cc282a19083ec3299d845eeb633369bf29a961d1eef8a0f1157d0000866d983c4720a9b0524b81d647b5947a06281089a0a106146df2936 SHA512 a35003468153b99770ac6bbdeaa611a231a1104560da36aca0f393b8b71dbb44d854378504d2ec6b4af615f78efe18d91453fe15a1b7ec58129aa0289a5a1507 +DIST cmake-3.23.0-SHA-256.txt 1452 BLAKE2B 5b57c57389ba203222297ae1fa9868062cea839707d8e14c020543e1997acd804e34d29f98848f3ef2a4c5a7fb8516f34d8544d7cfab8f90839611c62823902a SHA512 77866404fb5ab0206bc527c74599c43e465e6d32cde3149ae2a82eadddc4bf3572f4b5ed06b38abd27162890ee47e9a2dac6e649b131dd0dd29047e1a300211a +DIST cmake-3.23.0-SHA-256.txt.asc 833 BLAKE2B 003db47ac8f5df3eabf06cb9a8d26c809fb43b2a1aca0510ae82a2d5db5514458cf578f42cc3885dbcb1fb68e1c5b679ea01af2a3111cf5280b588ea5640145b SHA512 a42ff36ee4d93f005205fd105b999b6fbd3b8644eec7b0aa25d043b18bd4f0a249b48574f1114a532e4c43c5041e473209836a29364bee7e78e0a6dd3373dedb DIST cmake-3.23.0.tar.gz 9981221 BLAKE2B 280b82af7bc345926f0e8cf47bfb5d6128b3807bed5f331e6a488c00ab72940b723d83638662f5a07367d4f651d7250a8f78abfadcc8c7c66bc2195171b9879b SHA512 bcde8f2bf2fff6c4ab37a28c115b4b53d5fef0d4e38305420966cbd9f0026a4ffdcd4137f917a83458c1f380a137f7a7bd78f6fbd4d92fdcc5cf1dfbe4c02003 diff --git a/dev-util/cmake/cmake-3.23.0.ebuild b/dev-util/cmake/cmake-3.23.0.ebuild index 402d531d597d..5f6e6cf173e7 100644 --- a/dev-util/cmake/cmake-3.23.0.ebuild +++ b/dev-util/cmake/cmake-3.23.0.ebuild @@ -21,6 +21,14 @@ if [[ ${PV} == 9999 ]] ; then else SRC_URI="https://cmake.org/files/v$(ver_cut 1-2)/${MY_P}.tar.gz" if [[ ${PV} != *_rc* ]] ; then + VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/bradking.asc + inherit verify-sig + + SRC_URI+=" verify-sig? ( + https://github.com/Kitware/CMake/releases/download/v$(ver_cut 1-3)/${MY_P}-SHA-256.txt + https://github.com/Kitware/CMake/releases/download/v$(ver_cut 1-3)/${MY_P}-SHA-256.txt.asc + )" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" fi fi @@ -100,6 +108,24 @@ cmake_src_bootstrap() { || die "Bootstrap failed" } +src_unpack() { + if [[ ${PV} == 9999 ]] ; then + git-r3_src_unpack + elif ! use verify-sig || [[ ${PV} == *_rc ]] ; then + default + else + cd "${DISTDIR}" || die + + # See https://mgorny.pl/articles/verify-sig-by-example.html#verifying-using-a-checksum-file-with-a-detached-signature + verify-sig_verify_detached ${MY_P}-SHA-256.txt{,.asc} + verify-sig_verify_unsigned_checksums ${MY_P}-SHA-256.txt sha256 cmake-3.23.0.tar.gz + + cd "${WORKDIR}" || die + + default + fi +} + src_prepare() { cmake_src_prepare diff --git a/dev-util/cmake/cmake-9999.ebuild b/dev-util/cmake/cmake-9999.ebuild index 402d531d597d..5f6e6cf173e7 100644 --- a/dev-util/cmake/cmake-9999.ebuild +++ b/dev-util/cmake/cmake-9999.ebuild @@ -21,6 +21,14 @@ if [[ ${PV} == 9999 ]] ; then else SRC_URI="https://cmake.org/files/v$(ver_cut 1-2)/${MY_P}.tar.gz" if [[ ${PV} != *_rc* ]] ; then + VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/bradking.asc + inherit verify-sig + + SRC_URI+=" verify-sig? ( + https://github.com/Kitware/CMake/releases/download/v$(ver_cut 1-3)/${MY_P}-SHA-256.txt + https://github.com/Kitware/CMake/releases/download/v$(ver_cut 1-3)/${MY_P}-SHA-256.txt.asc + )" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" fi fi @@ -100,6 +108,24 @@ cmake_src_bootstrap() { || die "Bootstrap failed" } +src_unpack() { + if [[ ${PV} == 9999 ]] ; then + git-r3_src_unpack + elif ! use verify-sig || [[ ${PV} == *_rc ]] ; then + default + else + cd "${DISTDIR}" || die + + # See https://mgorny.pl/articles/verify-sig-by-example.html#verifying-using-a-checksum-file-with-a-detached-signature + verify-sig_verify_detached ${MY_P}-SHA-256.txt{,.asc} + verify-sig_verify_unsigned_checksums ${MY_P}-SHA-256.txt sha256 cmake-3.23.0.tar.gz + + cd "${WORKDIR}" || die + + default + fi +} + src_prepare() { cmake_src_prepare