commit: 64fabbc32105b814d1ad90f2e71f7309f1e2da1e
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 7 20:53:31 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Apr 7 20:55:26 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=64fabbc3
sys-libs/musl: add verify-sig
Signed-off-by: Sam James <sam <AT> gentoo.org>
sys-libs/musl/Manifest | 1 +
sys-libs/musl/musl-1.2.2-r8.ebuild | 32 ++++++++++++++++++++++++--------
sys-libs/musl/musl-9999.ebuild | 32 ++++++++++++++++++++++++--------
3 files changed, 49 insertions(+), 16 deletions(-)
diff --git a/sys-libs/musl/Manifest b/sys-libs/musl/Manifest
index 33b6ddc01148..c94ab71e6cf2 100644
--- a/sys-libs/musl/Manifest
+++ b/sys-libs/musl/Manifest
@@ -1,4 +1,5 @@
DIST getconf.c 11614 BLAKE2B
ba49a573fc16d51780a0b0b81fbf7b64a1142f1dbad203c9609a59b6b07e7404f676c415383ae88c0aede95694821f6ee381bffd93cc3330501e17dc07d122bd
SHA512
0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d
DIST iconv.c 2577 BLAKE2B
070ca87b30c90ab98c27d5faf7a2fcb64ff7c67ca212ee6072165b2146979c551f714954dbd465462a171837c59b6ea027e0206458a2df0f977e45f01be3ce48
SHA512
9d42d66fb1facce2b85dad919be5be819ee290bd26ca2db00982b2f8e055a0196290a008711cbe2b18ec9eee8d2270e3b3a4692c5a1b807013baa5c2b70a2bbf
DIST musl-1.2.2.tar.gz 1055220 BLAKE2B
a000357ed52e417d8cebe5537df658dc0f8f02f2da3efcd79125544ad63e11e05fa96136551d0bfeb09a3f6c9a2260bffcfbd329ea92e6a7b62aa690f48968aa
SHA512
5344b581bd6463d71af8c13e91792fa51f25a96a1ecbea81e42664b63d90b325aeb421dfbc8c22e187397ca08e84d9296a0c0c299ba04fa2b751d6864914bd82
+DIST musl-1.2.2.tar.gz.asc 490 BLAKE2B
8eb21bcfcbaf9d567c0a2bba468055d4ed86a9fb33126f50870ed0cb192ec8ab826d64dc129a0b4e78a7808309c006ce4fe5edae1099bc4c516c1ad4382a591d
SHA512
9d76bd9d88438e21689d37d7c519bc5575fa72b121ddf89c55c1a2246ecf423664d8e5199192720d652f6d08229f9b17b5520465d49b12ed2ba80814d1d8e9d8
DIST musl-getent-93a08815f8598db442d8b766b463d0150ed8e2ab.c 11656 BLAKE2B
1b7bf7102a1eb91a8cb881ed8ca65eb8eed911dd50238e97dc2952d89d4c6ebed6bfd046a2b38776c550b2872ab54ced8cb452fcc2ad56e5616f722debda761f
SHA512
7f5b9d934d82deb5f8b23e16169a5d9b99ccab3a4708df06a95d685e1b24a3a3e69b3dcf4942f2f66c12a3d4bf0c5827e2ee2e8c4d7b1997359fccc2ac212dee
diff --git a/sys-libs/musl/musl-1.2.2-r8.ebuild
b/sys-libs/musl/musl-1.2.2-r8.ebuild
index 34fc6172b105..0f071f2ac487 100644
--- a/sys-libs/musl/musl-1.2.2-r8.ebuild
+++ b/sys-libs/musl/musl-1.2.2-r8.ebuild
@@ -8,8 +8,14 @@ if [[ ${PV} == "9999" ]] ; then
EGIT_REPO_URI="git://git.musl-libc.org/musl"
inherit git-r3
else
- SRC_URI="http://www.musl-libc.org/releases/${P}.tar.gz";
+ VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/musl.asc
+ inherit verify-sig
+
+ SRC_URI="https://musl.libc.org/releases/${P}.tar.gz";
+ SRC_URI+=" verify-sig? ( https://musl.libc.org/releases/${P}.tar.gz.asc
)"
KEYWORDS="-* ~amd64 ~arm ~arm64 ~mips ~ppc ~ppc64 ~riscv ~x86"
+
+ BDEPEND="verify-sig? ( sec-keys/openpgp-keys-musl )"
fi
GETENT_COMMIT="93a08815f8598db442d8b766b463d0150ed8e2ab"
GETENT_FILE="musl-getent-${GETENT_COMMIT}.c"
@@ -60,19 +66,29 @@ pkg_setup() {
}
src_unpack() {
- if [[ ${PV} == 9999 ]]; then
+ if [[ ${PV} == 9999 ]] ; then
git-r3_src_unpack
- else
- unpack "${P}.tar.gz"
+ elif use verify-sig ; then
+ # We only verify the release; not the additional (fixed, safe)
files
+ # we download.
+ verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
fi
- mkdir misc || die
- cp "${DISTDIR}"/getconf.c misc/getconf.c || die
- cp "${DISTDIR}/${GETENT_FILE}" misc/getent.c || die
- cp "${DISTDIR}"/iconv.c misc/iconv.c || die
+
+ default
+}
+
+src_prepare() {
+ default
+
+ mkdir "${WORKDIR}"/misc || die
+ cp "${DISTDIR}"/getconf.c "${WORKDIR}"/misc/getconf.c || die
+ cp "${DISTDIR}/${GETENT_FILE}" "${WORKDIR}"/misc/getent.c || die
+ cp "${DISTDIR}"/iconv.c "${WORKDIR}"/misc/iconv.c || die
}
src_configure() {
tc-getCC ${CTARGET}
+
just_headers && export CC=true
local sysroot
diff --git a/sys-libs/musl/musl-9999.ebuild b/sys-libs/musl/musl-9999.ebuild
index 34fc6172b105..0f071f2ac487 100644
--- a/sys-libs/musl/musl-9999.ebuild
+++ b/sys-libs/musl/musl-9999.ebuild
@@ -8,8 +8,14 @@ if [[ ${PV} == "9999" ]] ; then
EGIT_REPO_URI="git://git.musl-libc.org/musl"
inherit git-r3
else
- SRC_URI="http://www.musl-libc.org/releases/${P}.tar.gz";
+ VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/musl.asc
+ inherit verify-sig
+
+ SRC_URI="https://musl.libc.org/releases/${P}.tar.gz";
+ SRC_URI+=" verify-sig? ( https://musl.libc.org/releases/${P}.tar.gz.asc
)"
KEYWORDS="-* ~amd64 ~arm ~arm64 ~mips ~ppc ~ppc64 ~riscv ~x86"
+
+ BDEPEND="verify-sig? ( sec-keys/openpgp-keys-musl )"
fi
GETENT_COMMIT="93a08815f8598db442d8b766b463d0150ed8e2ab"
GETENT_FILE="musl-getent-${GETENT_COMMIT}.c"
@@ -60,19 +66,29 @@ pkg_setup() {
}
src_unpack() {
- if [[ ${PV} == 9999 ]]; then
+ if [[ ${PV} == 9999 ]] ; then
git-r3_src_unpack
- else
- unpack "${P}.tar.gz"
+ elif use verify-sig ; then
+ # We only verify the release; not the additional (fixed, safe)
files
+ # we download.
+ verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
fi
- mkdir misc || die
- cp "${DISTDIR}"/getconf.c misc/getconf.c || die
- cp "${DISTDIR}/${GETENT_FILE}" misc/getent.c || die
- cp "${DISTDIR}"/iconv.c misc/iconv.c || die
+
+ default
+}
+
+src_prepare() {
+ default
+
+ mkdir "${WORKDIR}"/misc || die
+ cp "${DISTDIR}"/getconf.c "${WORKDIR}"/misc/getconf.c || die
+ cp "${DISTDIR}/${GETENT_FILE}" "${WORKDIR}"/misc/getent.c || die
+ cp "${DISTDIR}"/iconv.c "${WORKDIR}"/misc/iconv.c || die
}
src_configure() {
tc-getCC ${CTARGET}
+
just_headers && export CC=true
local sysroot
