On Tue, 2020-10-06 at 13:26 +0200, Ulrich Mueller wrote:
> > > > > > On Tue, 06 Oct 2020, Michał Górny wrote:
> > Signed-off-by: Michał Górny
> > ---
> > app-crypt/openpgp-keys-miniupnp/Manifest | 2 ++
> > app-crypt/openpgp-keys-miniupnp/metadata.xml | 9
> > .../openpgp-keys-miniupnp-20201006.ebuild | 23 +++
> > 3 files changed, 34 insertions(+)
> > create mode 100644 app-crypt/openpgp-keys-miniupnp/Manifest
> > create mode 100644 app-crypt/openpgp-keys-miniupnp/metadata.xml
> > create mode 100644
> > app-crypt/openpgp-keys-miniupnp/openpgp-keys-miniupnp-20201006.ebuild
> > diff --git a/app-crypt/openpgp-keys-miniupnp/Manifest
> > b/app-crypt/openpgp-keys-miniupnp/Manifest
> > new file mode 100644
> > index ..c8f82da42fa6
> > --- /dev/null
> > +++ b/app-crypt/openpgp-keys-miniupnp/Manifest
> > @@ -0,0 +1,2 @@
> > +DIST A31ACAAF.asc 3139 BLAKE2B
> > 4574c3f37965fafa4e2d703276a585d1f17b0da862042620681bac591062b3b70c52cbe5481da543d3c3193a640c06e9d86c3cef1568ae3a3f62901a6ad200ab
> > SHA512
> > ecad52850fdcc7c21bab81917b3cea85c48b751534427d3db5750c43cbce73916ec4879e4f5535d4b87b7eca927ad249e384c5597702a0052afa89c23c5719b9
> > +DIST A5C0863C.asc 3098 BLAKE2B
> > fdbc8629fd462b9cc72c568b0af5607951055abc03a1e344e4c1b411fb87bfa285c2e29d2781f9e9b02ec0bc63eacf55e5dc19198056a417ba3358dba445cc0c
> > SHA512
> > adebff655374dbc8a045f9ab148f9fc343b043e80cb7e4e14c66aa56bfb2f0f5521e294c7600ca708893efc84679f788116d82ef5818370f1425f03dea0a77b9
> > diff --git a/app-crypt/openpgp-keys-miniupnp/metadata.xml
> > b/app-crypt/openpgp-keys-miniupnp/metadata.xml
> > new file mode 100644
> > index ..5a5a3aaf4299
> > --- /dev/null
> > +++ b/app-crypt/openpgp-keys-miniupnp/metadata.xml
> > @@ -0,0 +1,9 @@
> > +
> > +http://www.gentoo.org/dtd/metadata.dtd;>
> > +
> > +
> > + mgo...@gentoo.org
> > + Michał Górny
> > +
> > +
> > +
> > diff --git
> > a/app-crypt/openpgp-keys-miniupnp/openpgp-keys-miniupnp-20201006.ebuild
> > b/app-crypt/openpgp-keys-miniupnp/openpgp-keys-miniupnp-20201006.ebuild
> > new file mode 100644
> > index ..4b07eeca6024
> > --- /dev/null
> > +++ b/app-crypt/openpgp-keys-miniupnp/openpgp-keys-miniupnp-20201006.ebuild
> > @@ -0,0 +1,23 @@
> > +# Copyright 1999-2020 Gentoo Authors
> > +# Distributed under the terms of the GNU General Public License v2
> > +
> > +EAPI=7
> > +
> > +DESCRIPTION="OpenPGP keys used to sign miniupnp* packages"
> > +HOMEPAGE="http://miniupnp.free.fr/files/;
> > +SRC_URI="
> > + http://miniupnp.free.fr/A31ACAAF.asc
> > + http://miniupnp.free.fr/A5C0863C.asc
> > +"
> > +
> > +LICENSE="public-domain"
> > +SLOT="0"
> > +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv
> > s390 sparc x86"
> > +
> > +S=${WORKDIR}
> > +
> > +src_install() {
> > + local files=( ${A} )
> > + insinto /usr/share/openpgp-keys
> > + newins - miniupnp.asc < <(cat "${files[@]/#/${DISTDIR}/}")
> > +}
> > --
> > 2.28.0
>
> This relies again on Manifest digests for the integrity of the key
> distfiles themselves. What do we gain by this indirection, as compared
> to validating the distfiles of the target package by their Manifest?
>
We gain the ability of verifying it *before* generating Manifest.
--
Best regards,
Michał Górny
signature.asc
Description: This is a digitally signed message part