commit: d1f1a74992c1830bc8b9c317a3caa6e2c5b61c5a
Author: Lucio Sauer <watermanpaint <AT> posteo <DOT> net>
AuthorDate: Thu Jan 15 16:43:11 2026 +0000
Commit: Lucio Sauer <watermanpaint <AT> posteo <DOT> net>
CommitDate: Sat Jan 17 09:13:52 2026 +0000
URL: https://gitweb.gentoo.org/repo/proj/guru.git/commit/?id=d1f1a749
dev-util/google-antigravity: use more verify-sig functions
* Replace sha256sum --check --strict with verify-sig_unsigned_checksums.
Use the fact that verify-sig_unsigned_checksums in sha256 mode ignores
any line in <checksum-file>
- that doesn't match the expected format "${checksum} ${filename}".
- whose ${filename} wasn't passed as an argument.
With that knowledge, we fix the format only for the arguments of
verify-sig_unsigned_checksums only for that line.
* Check pipe status with eapi9-pipestatus instead of die.
Fixes: 24744c624e30b298f9897f135786c5f23cec40a4
Signed-off-by: Lucio Sauer <watermanpaint <AT> posteo.net>
.../google-antigravity-1.14.2.ebuild | 36 +++++++++-------------
1 file changed, 14 insertions(+), 22 deletions(-)
diff --git a/dev-util/google-antigravity/google-antigravity-1.14.2.ebuild
b/dev-util/google-antigravity/google-antigravity-1.14.2.ebuild
index 2d2c4d563c..a1c2df480e 100644
--- a/dev-util/google-antigravity/google-antigravity-1.14.2.ebuild
+++ b/dev-util/google-antigravity/google-antigravity-1.14.2.ebuild
@@ -9,7 +9,7 @@ CHROMIUM_LANGS="af am ar bg bn ca cs da de el en-GB en-US
es-419 es et fa fi
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/google-artifact-registry.asc
-inherit chromium-2 optfeature pax-utils unpacker verify-sig xdg
+inherit eapi9-pipestatus chromium-2 optfeature pax-utils unpacker verify-sig
xdg
BASE_SRC_URI="https://us-central1-apt.pkg.dev/projects/antigravity-auto-updater-dev/pool/antigravity-debian";
@@ -94,27 +94,19 @@ src_unpack() {
# InRelease (signed) -> Packages (checksum) -> .deb (checksum)
# ${BASE_SRC_URI}/InRelease
# ${BASE_SRC_URI}/main/binary-${ARCH}/Packages
- verify-sig_verify_message "${FILESDIR}/InRelease" Release || \
- die "InRelease signature verification failed"
-
- sed -n '/^SHA256:/,/^[^ ]/p' Release \
- | awk -v f="${FILESDIR}/Packages.${ARCH}" \
- '/binary-'"${ARCH}"'\/Packages/ {print $1 " "
f}' \
- | sha256sum -c --strict - || die "Packages hash
mismatch"
-
- local version="${PV}-"
- use amd64 && version+="${BUILD_ID_AMD64}"
- use arm64 && version+="${BUILD_ID_ARM64}"
- awk -v v="${version}" -v f="${DISTDIR}/${P}_${ARCH}.deb" \
- 'BEGIN {RS=""} {
- m=0; h=""
- for(i=1; i<NF; ++i) {
- if ($i == "Version:" && $(i+1) == v) m=1
- if ($i == "SHA256:") { h=$(i+1); break }
- }
- if (m && h) { print h " " f; exit }
- }' "${FILESDIR}/Packages.${ARCH}" \
- | sha256sum -c --strict - || die ".deb archive hash
mismatch"
+ cd "${FILESDIR}" > /dev/null || die
+ verify-sig_verify_message InRelease - \
+ | sed "s,[0-9]\+
main/binary-${ARCH}.*,Packages.${ARCH}," \
+ | verify-sig_verify_unsigned_checksums - sha256
Packages.${ARCH}
+ pipestatus || die
+
+ cd "${DISTDIR}" > /dev/null || die
+ local BUILD_ID_ARCH=BUILD_ID_${ARCH^^}
+ sed -n "/^Version: ${PV}-${!BUILD_ID_ARCH}/,/^SHA256:/p" \
+ "${FILESDIR}/Packages.${ARCH}" \
+ | sed "s,^SHA256: \(.*\),\1 ${P}_${ARCH}.deb," \
+ | verify-sig_verify_unsigned_checksums - sha256
${P}_${ARCH}.deb
+ pipestatus || die
fi
}
