summaryrefslogtreecommitdiff
path: root/eclass
diff options
context:
space:
mode:
authorSam James <sam@gentoo.org>2023-09-14 03:38:13 +0100
committerSam James <sam@gentoo.org>2023-09-16 10:43:05 +0100
commit9e9067d309e8b9f8a73b2312d409883f348b0ea5 (patch)
treea4797fd0b938cbe04bf6c3948bf9fdf12489f696 /eclass
parentsys-libs/glibc: 2.37 and 2.38 patchset bumps, untested (diff)
downloadgentoo-9e9067d309e8b9f8a73b2312d409883f348b0ea5.tar.gz
gentoo-9e9067d309e8b9f8a73b2312d409883f348b0ea5.tar.bz2
gentoo-9e9067d309e8b9f8a73b2312d409883f348b0ea5.zip
verify-sig.eclass: minisig support
Closes: https://bugs.gentoo.org/783066 Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'eclass')
-rw-r--r--eclass/verify-sig.eclass17
1 files changed, 15 insertions, 2 deletions
diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass
index 49557b633c87..bb847bb80cc6 100644
--- a/eclass/verify-sig.eclass
+++ b/eclass/verify-sig.eclass
@@ -55,17 +55,22 @@ IUSE="verify-sig"
# @DESCRIPTION:
# Signature verification method to use. The allowed value are:
#
+# - minisig -- verify signatures with (base64) Ed25519 public key using app-crypt/minisign
# - openpgp -- verify PGP signatures using app-crypt/gnupg (the default)
# - signify -- verify signatures with Ed25519 public key using app-crypt/signify
: "${VERIFY_SIG_METHOD:=openpgp}"
case ${VERIFY_SIG_METHOD} in
+ minisig)
+ BDEPEND="verify-sig? ( app-crypt/minisign )"
+ ;;
openpgp)
BDEPEND="
verify-sig? (
app-crypt/gnupg
>=app-portage/gemato-16
- )"
+ )
+ "
;;
signify)
BDEPEND="verify-sig? ( app-crypt/signify )"
@@ -139,6 +144,10 @@ verify-sig_verify_detached() {
[[ ${file} == - ]] && filename='(stdin)'
einfo "Verifying ${filename} ..."
case ${VERIFY_SIG_METHOD} in
+ minisig)
+ minisign -V -P "$(<"${key}")" -x "${sig}" -m "${file}" ||
+ die "minisig signature verification failed"
+ ;;
openpgp)
# gpg can't handle very long TMPDIR
# https://bugs.gentoo.org/854492
@@ -198,6 +207,10 @@ verify-sig_verify_message() {
[[ ${file} == - ]] && filename='(stdin)'
einfo "Verifying ${filename} ..."
case ${VERIFY_SIG_METHOD} in
+ minisig)
+ minisign -V -P "$(<"${key}")" -x "${sig}" -o "${output_file}" -m "${file}" ||
+ die "minisig signature verification failed"
+ ;;
openpgp)
# gpg can't handle very long TMPDIR
# https://bugs.gentoo.org/854492
@@ -356,7 +369,7 @@ verify-sig_src_unpack() {
# find all distfiles and signatures, and combine them
for f in ${A}; do
found=
- for suffix in .asc .sig; do
+ for suffix in .asc .sig .minisig; do
if [[ ${f} == *${suffix} ]]; then
signatures+=( "${f}" )
found=sig