commit: 525681a915a6e79d5b2a583c702a00856e2d3c86
Author: Matthias Schwarzott <zzam <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 5 06:32:31 2024 +0000
Commit: Matthias Schwarzott <zzam <AT> gentoo <DOT> org>
CommitDate: Wed Jun 5 06:32:31 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=525681a9
dev-util/pahole: verify src tarball
Signed-off-by: Matthias Schwarzott <zzam <AT> gentoo.org>
dev-util/pahole/Manifest | 1 +
.../{pahole-9999.ebuild => pahole-1.26-r1.ebuild} | 27 +++++++++++++++++++++-
dev-util/pahole/pahole-9999.ebuild | 27 +++++++++++++++++++++-
3 files changed, 53 insertions(+), 2 deletions(-)
diff --git a/dev-util/pahole/Manifest b/dev-util/pahole/Manifest
index 2d64ff51848d..768a7b64de02 100644
--- a/dev-util/pahole/Manifest
+++ b/dev-util/pahole/Manifest
@@ -1,4 +1,5 @@
DIST dwarves-1.24.tar.xz 875744 BLAKE2B
6766b5a5ecbf64013227e7cd459af662fc213f230b5b1279354fcaaccebfa3d74f9a2254542dc4f3f1bb4a5def1d4c77e2445fa8b531fa8b9e331cdfc23155fe
SHA512
3cdca183cf68ec46fd9a0301ae4a8a30b23a8139c65ffba64ae11f85f9e942f7341dca6f88a4a3b49f32bfd880927193a80fa011726e4a33d3e5a1a146326c06
DIST dwarves-1.25.tar.xz 2244876 BLAKE2B
1926fa1fa123fc3ad0f7f063406260b1e1e2611c563fedebee4c837e491164571fdb40408421c0c4ea2fd24e89c54a7a1ea669313b6dd6d7dcfa4934e2c1336e
SHA512
104bfb8712d863e04d0c827c008b23ebc49543b17bfb5b44ce276a5b3d39f12cf71f721055ae2e5f430aa77a3c70f85f6eeaf72fd8c1cdf547260488bc5b5070
+DIST dwarves-1.26.tar.sign 228 BLAKE2B
211f73da11d6ed61383fc0470c298360e7acae5fbeb2f963533fd3a984257f35b5626f04de9de92326723f06bea95a38903cee7f602146b12b1333cea2b720d0
SHA512
2f92951019847cddbfe90cd0e49a5746ca4886e25a9f8e26697688bec25d667255556bdc1ab897021eaa739d067a8d3e4fbbd0d7c9f7f56934676616fa11bce8
DIST dwarves-1.26.tar.xz 2250036 BLAKE2B
cb86bf964f22633432e80d335937379c2096877c6130f49dbe03f2653b7c932bb1c5d87621ac93383be9e4f35294a4f95aadb6392491fb782812db519b39b666
SHA512
72e3c708ac6304d28daaab1c4365b66252d016987cbf33ec6d18456718478d7b96d6916dc3686069a386e97a9db355bb1e5e078c0c7b40e93bd7e8bd0b0380be
DIST pahole-1.24_p20221024-patches.tar.xz 22088 BLAKE2B
b39458400411dd7da0f568257f42164952e170b952e4893a92d769e17ce4cf0de88b727808a38195438fe10e5537f245bf101f647f383b6df7642c5446fa5d45
SHA512
93f160f01023c5402535a34d59005f0a3e056662a2764722480d71b6e522f3bfef0d642084467d1fbea96e23386b4cbb708243713d59eb84f4f767c1ac5ab3f5
diff --git a/dev-util/pahole/pahole-9999.ebuild
b/dev-util/pahole/pahole-1.26-r1.ebuild
similarity index 63%
copy from dev-util/pahole/pahole-9999.ebuild
copy to dev-util/pahole/pahole-1.26-r1.ebuild
index aaef5d2f6e6c..e9c3238b4568 100644
--- a/dev-util/pahole/pahole-9999.ebuild
+++ b/dev-util/pahole/pahole-1.26-r1.ebuild
@@ -16,7 +16,10 @@ if [[ ${PV} == 9999 ]] ; then
EGIT_REPO_URI="https://git.kernel.org/pub/scm/devel/pahole/pahole.git";
inherit git-r3
else
- SRC_URI="http://fedorapeople.org/~acme/${MY_PN}/${MY_P}.tar.xz";
+
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/arnaldocarvalhodemelo.asc
+ inherit verify-sig
+ SRC_URI="http://fedorapeople.org/~acme/${MY_PN}/${MY_P}.tar.xz
+ verify-sig? (
http://fedorapeople.org/~acme/${MY_PN}/${MY_P}.tar.sign )"
if [[ ${PV} == *_p* ]] ; then
# Patch rollups from git format-patch. Sometimes there are
important
# fixes in git which haven't been released (and no release in
sight).
@@ -25,6 +28,7 @@ else
SRC_URI+="
https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-patches.tar.xz";
fi
S="${WORKDIR}"/${MY_P}
+ BDEPEND="verify-sig? ( sec-keys/openpgp-keys-arnaldocarvalhodemelo )"
KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86"
fi
@@ -44,6 +48,27 @@ PATCHES=(
"${FILESDIR}"/${PN}-1.10-python-import.patch
)
+src_unpack() {
+ if [[ ${PV} == 9999 ]] ; then
+ git-r3_src_unpack
+ return
+ elif use verify-sig ; then
+ mkdir "${T}"/verify-sig || die
+ pushd "${T}"/verify-sig &>/dev/null || die
+
+ # Upstream sign the decompressed .tar
+ # Let's do it separately in ${T} then cleanup to avoid external
+ # effects on normal unpack.
+ xz -d -c "${DISTDIR}"/${MY_P}.tar.xz > ${MY_P}.tar || die
+ verify-sig_verify_detached ${MY_P}.tar
"${DISTDIR}"/${MY_P}.tar.sign
+
+ popd &>/dev/null || die
+ rm -r "${T}"/verify-sig || die
+ fi
+
+ default
+}
+
src_prepare() {
[[ -d "${WORKDIR}"/${P}-patches ]] && PATCHES+=(
"${WORKDIR}"/${P}-patches )
diff --git a/dev-util/pahole/pahole-9999.ebuild
b/dev-util/pahole/pahole-9999.ebuild
index aaef5d2f6e6c..e9c3238b4568 100644
--- a/dev-util/pahole/pahole-9999.ebuild
+++ b/dev-util/pahole/pahole-9999.ebuild
@@ -16,7 +16,10 @@ if [[ ${PV} == 9999 ]] ; then
EGIT_REPO_URI="https://git.kernel.org/pub/scm/devel/pahole/pahole.git";
inherit git-r3
else
- SRC_URI="http://fedorapeople.org/~acme/${MY_PN}/${MY_P}.tar.xz";
+
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/arnaldocarvalhodemelo.asc
+ inherit verify-sig
+ SRC_URI="http://fedorapeople.org/~acme/${MY_PN}/${MY_P}.tar.xz
+ verify-sig? (
http://fedorapeople.org/~acme/${MY_PN}/${MY_P}.tar.sign )"
if [[ ${PV} == *_p* ]] ; then
# Patch rollups from git format-patch. Sometimes there are
important
# fixes in git which haven't been released (and no release in
sight).
@@ -25,6 +28,7 @@ else
SRC_URI+="
https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-patches.tar.xz";
fi
S="${WORKDIR}"/${MY_P}
+ BDEPEND="verify-sig? ( sec-keys/openpgp-keys-arnaldocarvalhodemelo )"
KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86"
fi
@@ -44,6 +48,27 @@ PATCHES=(
"${FILESDIR}"/${PN}-1.10-python-import.patch
)
+src_unpack() {
+ if [[ ${PV} == 9999 ]] ; then
+ git-r3_src_unpack
+ return
+ elif use verify-sig ; then
+ mkdir "${T}"/verify-sig || die
+ pushd "${T}"/verify-sig &>/dev/null || die
+
+ # Upstream sign the decompressed .tar
+ # Let's do it separately in ${T} then cleanup to avoid external
+ # effects on normal unpack.
+ xz -d -c "${DISTDIR}"/${MY_P}.tar.xz > ${MY_P}.tar || die
+ verify-sig_verify_detached ${MY_P}.tar
"${DISTDIR}"/${MY_P}.tar.sign
+
+ popd &>/dev/null || die
+ rm -r "${T}"/verify-sig || die
+ fi
+
+ default
+}
+
src_prepare() {
[[ -d "${WORKDIR}"/${P}-patches ]] && PATCHES+=(
"${WORKDIR}"/${P}-patches )
