[gentoo-commits] repo/proj/guru:dev commit in: net-p2p/p2pool/, sec-keys/openpgp-keys-schernykh/

Fri, 02 Aug 2024 17:00:14 -0700 

commit:     4c2441b92e050bf1de11b4ac34877525eeb4943c
Author:     Adam Pimentel <adam.pimentel <AT> protonmail <DOT> com>
AuthorDate: Fri Aug  2 23:59:14 2024 +0000
Commit:     Adam Pimentel <adam.pimentel <AT> protonmail <DOT> com>
CommitDate: Fri Aug  2 23:59:14 2024 +0000
URL:        https://gitweb.gentoo.org/repo/proj/guru.git/commit/?id=4c2441b9

net-p2p/p2pool: Add signature verification script for sources

Signed-off-by: Adam Pimentel <adam.pimentel <AT> protonmail.com>

 net-p2p/p2pool/Manifest                            |  3 +-
 net-p2p/p2pool/p2pool-4.0.ebuild                   | 51 ++++++++++++++++++++--
 sec-keys/openpgp-keys-schernykh/Manifest           |  1 +
 sec-keys/openpgp-keys-schernykh/metadata.xml       |  8 ++++
 .../openpgp-keys-schernykh-20210409.ebuild         | 19 ++++++++
 5 files changed, 78 insertions(+), 4 deletions(-)

diff --git a/net-p2p/p2pool/Manifest b/net-p2p/p2pool/Manifest
index 42c22fbcc..0e40af431 100644
--- a/net-p2p/p2pool/Manifest
+++ b/net-p2p/p2pool/Manifest
@@ -1 +1,2 @@
-DIST p2pool-4.0.tar.xz 127772256 BLAKE2B 
77de14bd19f43483fa7da0e65f8a27d5f6cf8c2daf5d8d5e07be373c752794bd35c421fd812b65328acd22004766ff235e9ad6e7e613d08ca3c27ac95153cbc3
 SHA512 
ea37993d13342b303902e6aa6acb090a908ba99ae304d9415480ff39a3647c84a963ab80b317c9c78a9f11631e0ca9547a08c6e0c23b83892037b63d4beef7a2
+DIST p2pool-4.0_shasums.asc 2038 BLAKE2B 
f8f20875a9fa4771753b1eade7c609be761f007ac32a0641109d87890bdd7f2123f11a203d56ffcca5b74b16667e0d8288479688938935434b86875c6c72959c
 SHA512 
bf4a933a81ce9bd48bf293a26d3e4e75b82c67fcfd48d79c57dd86aaac2c2cd54def43b47b05222e0b93fd61623d2c116c403531500a93d45059bca4a0dd3cb4
+DIST p2pool-4.0_source.tar.xz 127772256 BLAKE2B 
77de14bd19f43483fa7da0e65f8a27d5f6cf8c2daf5d8d5e07be373c752794bd35c421fd812b65328acd22004766ff235e9ad6e7e613d08ca3c27ac95153cbc3
 SHA512 
ea37993d13342b303902e6aa6acb090a908ba99ae304d9415480ff39a3647c84a963ab80b317c9c78a9f11631e0ca9547a08c6e0c23b83892037b63d4beef7a2

diff --git a/net-p2p/p2pool/p2pool-4.0.ebuild b/net-p2p/p2pool/p2pool-4.0.ebuild
index 57ceb6d33..5168a4e13 100644
--- a/net-p2p/p2pool/p2pool-4.0.ebuild
+++ b/net-p2p/p2pool/p2pool-4.0.ebuild
@@ -1,13 +1,19 @@
 # Copyright 2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
+#TODO: verify hell script is safe
+#TODO: enable/fix GRPC dependency and add it as USE flag 
(https://github.com/SChernykh/p2pool/issues/313)
+
 EAPI=8
 
-inherit cmake
+inherit cmake verify-sig
 
 DESCRIPTION="Decentralized pool for Monero mining"
 HOMEPAGE="https://p2pool.io";
-SRC_URI=" 
https://github.com/SChernykh/p2pool/releases/download/v${PV}/p2pool_source.tar.xz
 -> ${P}.tar.xz"
+SRC_URI="
+       
https://github.com/SChernykh/p2pool/releases/download/v${PV}/p2pool_source.tar.xz
 -> ${P}_source.tar.xz
+       verify-sig? ( 
https://github.com/SChernykh/p2pool/releases/download/v${PV}/sha256sums.txt.asc 
-> ${P}_shasums.asc )
+"
 
 LICENSE="BSD GPL-3+ ISC LGPL-3+ MIT"
 SLOT="0"
@@ -17,9 +23,48 @@ DEPEND="
        dev-libs/libsodium
        net-libs/czmq
 "
+BDEPEND="
+       verify-sig? ( sec-keys/openpgp-keys-schernykh )
+"
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/SChernykh.asc
 
 src_unpack() {
-       unpack ${P}.tar.xz
+       if use verify-sig; then
+               #what we want to do is `verify-sig_verify_signed_checksums 
${P}_shasums.asc sha512 p2pool_source.tar.xz`
+               verify-sig_verify_message "${DISTDIR}/${P}_shasums.asc" 
"${WORKDIR}/p2pool_shasums.txt"
+               
+               #start of hell script
+               hellscript_stage=0
+               tr -d '\r' < p2pool_shasums.txt | while IFS='' read -r LINE; do
+                       if [ "$hellscript_stage" -eq 0 ] && [ "$LINE" = "Name: 
p2pool_source.tar.xz" ]; then
+                               hellscript_stage=1
+                               continue
+                       fi
+                       if [ "$hellscript_stage" -eq 1 ]; then
+                               hellscript_sizestring="Size: $(cat 
${DISTDIR}/${P}_source.tar.xz | wc -c) bytes"
+                               if [ "${LINE:0:"${#hellscript_sizestring}"}" = 
"$hellscript_sizestring" ]; then
+                                       hellscript_stage=2
+                                       continue
+                               else
+                                       die
+                               fi
+                       fi
+                       if [ "$hellscript_stage" -eq 2 ]; then
+                               hellscript_shaprefix="SHA256: "
+                               if [ "${LINE:0:"${#hellscript_shaprefix}"}" = 
"$hellscript_shaprefix" ]; then
+                                       echo "$(echo 
"${LINE:"${#hellscript_shaprefix}"}" | tr '[:upper:]' '[:lower:]')  
${DISTDIR}/${P}_source.tar.xz" \
+                                        > "${WORKDIR}/src_shasum.txt"
+                               else
+                                       die
+                               fi
+                               break
+                       fi
+               done
+               verify-sig_verify_unsigned_checksums 
"${WORKDIR}/src_shasum.txt" sha256 "${DISTDIR}/${P}_source.tar.xz"
+               #end of hell script
+       fi
+       unpack ${P}_source.tar.xz
        mv -T "${WORKDIR}"/${PN} "${WORKDIR}"/${P} || die
 }
 

diff --git a/sec-keys/openpgp-keys-schernykh/Manifest 
b/sec-keys/openpgp-keys-schernykh/Manifest
new file mode 100644
index 000000000..7a1406539
--- /dev/null
+++ b/sec-keys/openpgp-keys-schernykh/Manifest
@@ -0,0 +1 @@
+DIST SChernykh.asc 3139 BLAKE2B 
97d27eea4ae8a7822acbf0b5c1470dc711d66c461a35b4d6ea7737cb173d706466e75262c97581222bbb218838070f048840274dd4dfdb400b64a7be45429855
 SHA512 
d7674c286dd628e0f4a3146cd2b16dab690752db89713630dd1be43febca159be18623b25cdef15273de4c8c0eb16b289203c0130ef7ac03f0371b3767bcd121

diff --git a/sec-keys/openpgp-keys-schernykh/metadata.xml 
b/sec-keys/openpgp-keys-schernykh/metadata.xml
new file mode 100644
index 000000000..b9a17c96c
--- /dev/null
+++ b/sec-keys/openpgp-keys-schernykh/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd";>
+<pkgmetadata>
+       <maintainer type="person">
+               <email>[email protected]</email>
+               <name>Adam Pimentel</name>
+       </maintainer>
+</pkgmetadata>

diff --git 
a/sec-keys/openpgp-keys-schernykh/openpgp-keys-schernykh-20210409.ebuild 
b/sec-keys/openpgp-keys-schernykh/openpgp-keys-schernykh-20210409.ebuild
new file mode 100644
index 000000000..6decd5f85
--- /dev/null
+++ b/sec-keys/openpgp-keys-schernykh/openpgp-keys-schernykh-20210409.ebuild
@@ -0,0 +1,19 @@
+# Copyright 2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DESCRIPTION="OpenPGP keys used to sign P2Pool releases"
+HOMEPAGE="https://p2pool.io/";
+SRC_URI="https://p2pool.io/SChernykh.asc";
+S="${WORKDIR}"
+
+LICENSE="public-domain"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv 
~s390 ~sparc ~x86"
+
+src_install() {
+       local files=( ${A} )
+       insinto /usr/share/openpgp-keys
+       newins - SChernykh.asc < <(cat "${files[@]/#/${DISTDIR}/}")
+}

Reply via email to