Include a repo.postsync.d hook to verify the rsync checkout using
gemato. Given that not all people will want to have it enabled
unconditionally, no setup.py rules are included -- instead, the file
would be installed conditionally by the ebuild.
---
MANIFEST.in | 2 +-
misc/repo.postsync.d/00gemato | 14 ++++++++++++++
2 files changed, 15 insertions(+), 1 deletion(-)
create mode 100644 misc/repo.postsync.d/00gemato
diff --git a/MANIFEST.in b/MANIFEST.in
index 4f6cac162..edc6704e7 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -14,4 +14,4 @@ include cnf/make.conf.example.*
include .portage_not_installed
# extra scripts
-include misc/*
+graft misc
diff --git a/misc/repo.postsync.d/00gemato b/misc/repo.postsync.d/00gemato
new file mode 100644
index 000000000..758716f16
--- /dev/null
+++ b/misc/repo.postsync.d/00gemato
@@ -0,0 +1,14 @@
+#!/bin/bash
+# repo.postsync.d hook to verify ::gentoo checkout using gemato
+
+name=${1}
+url=${2}
+path=${3}
+
+# keyring installed by gentoo-keys
+openpgp_key=/var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg
+
+# apply only to ::gentoo, when synced over rsync.
+if [[ ${name} == gentoo && ${url} == rsync://* ]]; then
+ gemato verify -K "${openpgp_key}" -s "${path}"
+fi
--
2.16.0.rc2
