gentoo auto-resync : 04:08:2023 - 15:17:45

author: V3n3RiX <venerix@koprulu.sector> 2023-08-04 15:17:45 +0100
committer: V3n3RiX <venerix@koprulu.sector> 2023-08-04 15:17:45 +0100
commit: 2273b13517c999048fff4aa7714d14415478de1d (patch)
tree: d0ff945bd67ab1efccbaa9c7bcc077c8f8032338 /sec-keys
parent: 5e0e6a28799c4a5134e55d203b373f1d6811c004 (diff)
8 files changed, 6 insertions, 711 deletions
diff --git a/sec-keys/Manifest.gz b/sec-keys/Manifest.gz
index a4a38287e2fa..d908a8410db6 100644
--- a/sec-keys/Manifest.gz
+++ b/sec-keys/Manifest.gz
diff --git a/sec-keys/openpgp-keys-gentoo-developers/Manifest b/sec-keys/openpgp-keys-gentoo-developers/Manifest
index afc3f25b9c54..cdab5ad11df3 100644
--- a/sec-keys/openpgp-keys-gentoo-developers/Manifest
+++ b/sec-keys/openpgp-keys-gentoo-developers/Manifest
@@ -1,15 +1,9 @@
 AUX keyring-mangler.py 3061 BLAKE2B a5acb20346c8eb4b036773562625ac39469d378a343c8bfcbb23391a61876f57aae7015f2d78e468a606330275686f2187d7a8a81a7d940a1e8329c2ea916a62 SHA512 60f7174319f77484eb389486e6f74c23a27d8211128d261497b3d095e3f7a8744c5402c29ae84a6e4833b77406e301dfd5c7b4cf8d5ffb062e298f177a1ff052
-DIST openpgp-keys-gentoo-developers-20230612-active-devs.gpg 3093884 BLAKE2B bd8ca7f39b9b31187479f73031358af3285b5ca320794e660af3f93750c38e75be4e1d19fafc5735fc46d1ba6bebdc82a5e1954e72b1f2bf01b3e348ba0389a1 SHA512 8a98a086f6696632552e4b6a40168bafffae85f8da8fc9a993125c0c03fb45174fa46f05572c3c17d3effe3a77ccaeef5ab34cf1ebd430d0bbfff140ecf617c1
-DIST openpgp-keys-gentoo-developers-20230619-active-devs.gpg 3104963 BLAKE2B 1a23171097c697d2991617b6e0920cfed2d78f111241436251db1ed97e1a79ed5649931a788013a85402f928f5e348620d99144e6ea50f9639869bfe1a477766 SHA512 3b82bdcffc2663891bf962b566754cd15608c0227ef928b357133b87576c82f9e31b082e5969192ddbf5cf02d854483b96bf81386c7369c074537edefa62d35e
-DIST openpgp-keys-gentoo-developers-20230626-active-devs.gpg 3115295 BLAKE2B 60f1aa4c7ac4a7066c27b888ec815ea92eb66c028435ca45fdb7db7067dc80fd6a639054cd98acd0780cea0a90dfd58875e7979e8d1825762290c3e21d807d80 SHA512 fb9e7324b7f029ca63b96406477a725fd53a8d3e2020e8d0b25b6ea1e94dc9723bfcf57fcffabed090f879c325f5a533e32554b1a2896cb8c6dc08f9516c057c
-DIST openpgp-keys-gentoo-developers-20230703-active-devs.gpg 3133493 BLAKE2B e87e34262d41b1fe1c49ed3cf7da93268a7c5b451ed06ab6e28554b7f09fafcc01b0c1171d1014539105891bde55f3b91fbefbe28538eda35a4e0d85fdf220e2 SHA512 f94890230712bf71ffc25e17566249d974c7b2dc956356770db29ab0eec8ea9fcf09d99e65ece232643dbd9e088b29eb691100c73e5fcd09abb027bd61dcd77d
-DIST openpgp-keys-gentoo-developers-20230710-active-devs.gpg 3133493 BLAKE2B e87e34262d41b1fe1c49ed3cf7da93268a7c5b451ed06ab6e28554b7f09fafcc01b0c1171d1014539105891bde55f3b91fbefbe28538eda35a4e0d85fdf220e2 SHA512 f94890230712bf71ffc25e17566249d974c7b2dc956356770db29ab0eec8ea9fcf09d99e65ece232643dbd9e088b29eb691100c73e5fcd09abb027bd61dcd77d
 DIST openpgp-keys-gentoo-developers-20230717-active-devs.gpg 3104679 BLAKE2B 81777f536f342de356bdc9e5bc6b8b3319bec058c5fff663c80db6b9acbfc625703bf66bbc271c9dbb53de714dc581637ae01bfcd750174579410813c64717c4 SHA512 6f6f5d50d24acaec7774497fb8dc01e240e9b8f93578b5b08ef097b02299c2116deb87264fa3ce3144dc6fbb28d9e2d7363ed2505f5e264d783901b581262105
-EBUILD openpgp-keys-gentoo-developers-20230612.ebuild 7523 BLAKE2B 2b3f5c5c1694b782ac318bdfd0dc7941ce47ed8f60fc2d715b88bf1404cd59639797e65e45891fad1aba9b456c3d356d7cadc1b79a9919cce0a8b1587364f7e5 SHA512 a013e480059fb7b0de2da5581f8d6c01b9eecb0593751fda7b57b4d4e98db2ab6b21a2aaefce7aec0c0981e6dc22fd9fc202bea6dedaf170816bd05c1031311e
-EBUILD openpgp-keys-gentoo-developers-20230619.ebuild 7531 BLAKE2B 6047cb6478855d2603cb60e76524742994e06b71c0dbe29d69bff1866ae66a712422d95e8a8495c35b66f3c40fdaf74ea53d34338650b9428e5caa45d7fe5a0c SHA512 e271c6b583c1f2a1c61bc034e24696ae93dbce52f1a541901df12eb64496bf07fced1c99f4d83eb7d20131f666507ba24a460608076f75fbddb58126cd6a6840
-EBUILD openpgp-keys-gentoo-developers-20230626.ebuild 7531 BLAKE2B 6047cb6478855d2603cb60e76524742994e06b71c0dbe29d69bff1866ae66a712422d95e8a8495c35b66f3c40fdaf74ea53d34338650b9428e5caa45d7fe5a0c SHA512 e271c6b583c1f2a1c61bc034e24696ae93dbce52f1a541901df12eb64496bf07fced1c99f4d83eb7d20131f666507ba24a460608076f75fbddb58126cd6a6840
-EBUILD openpgp-keys-gentoo-developers-20230703.ebuild 7531 BLAKE2B 6047cb6478855d2603cb60e76524742994e06b71c0dbe29d69bff1866ae66a712422d95e8a8495c35b66f3c40fdaf74ea53d34338650b9428e5caa45d7fe5a0c SHA512 e271c6b583c1f2a1c61bc034e24696ae93dbce52f1a541901df12eb64496bf07fced1c99f4d83eb7d20131f666507ba24a460608076f75fbddb58126cd6a6840
-EBUILD openpgp-keys-gentoo-developers-20230710.ebuild 7531 BLAKE2B 6047cb6478855d2603cb60e76524742994e06b71c0dbe29d69bff1866ae66a712422d95e8a8495c35b66f3c40fdaf74ea53d34338650b9428e5caa45d7fe5a0c SHA512 e271c6b583c1f2a1c61bc034e24696ae93dbce52f1a541901df12eb64496bf07fced1c99f4d83eb7d20131f666507ba24a460608076f75fbddb58126cd6a6840
-EBUILD openpgp-keys-gentoo-developers-20230717.ebuild 7531 BLAKE2B 6047cb6478855d2603cb60e76524742994e06b71c0dbe29d69bff1866ae66a712422d95e8a8495c35b66f3c40fdaf74ea53d34338650b9428e5caa45d7fe5a0c SHA512 e271c6b583c1f2a1c61bc034e24696ae93dbce52f1a541901df12eb64496bf07fced1c99f4d83eb7d20131f666507ba24a460608076f75fbddb58126cd6a6840
+DIST openpgp-keys-gentoo-developers-20230724-active-devs.gpg 3104679 BLAKE2B 81777f536f342de356bdc9e5bc6b8b3319bec058c5fff663c80db6b9acbfc625703bf66bbc271c9dbb53de714dc581637ae01bfcd750174579410813c64717c4 SHA512 6f6f5d50d24acaec7774497fb8dc01e240e9b8f93578b5b08ef097b02299c2116deb87264fa3ce3144dc6fbb28d9e2d7363ed2505f5e264d783901b581262105
+DIST openpgp-keys-gentoo-developers-20230731-active-devs.gpg 3108002 BLAKE2B c21a16fe51f5d98f994299969a231fd77ba4904afe13acb40a8238f64f93efdfe824867897d607327d8208c7c59b4aad839453d88ff92b24b52e093c38d6e594 SHA512 4065ea276b0a911841faf8bec4f5b5c0a763fef0243d1538bae0c29e89cd0e1278d95143e0b9f24efdfd0bef5fd4f945a8666bb0b59f58fc0ede117228e6f45d
+EBUILD openpgp-keys-gentoo-developers-20230717.ebuild 7523 BLAKE2B 2b3f5c5c1694b782ac318bdfd0dc7941ce47ed8f60fc2d715b88bf1404cd59639797e65e45891fad1aba9b456c3d356d7cadc1b79a9919cce0a8b1587364f7e5 SHA512 a013e480059fb7b0de2da5581f8d6c01b9eecb0593751fda7b57b4d4e98db2ab6b21a2aaefce7aec0c0981e6dc22fd9fc202bea6dedaf170816bd05c1031311e
+EBUILD openpgp-keys-gentoo-developers-20230724.ebuild 7531 BLAKE2B 6047cb6478855d2603cb60e76524742994e06b71c0dbe29d69bff1866ae66a712422d95e8a8495c35b66f3c40fdaf74ea53d34338650b9428e5caa45d7fe5a0c SHA512 e271c6b583c1f2a1c61bc034e24696ae93dbce52f1a541901df12eb64496bf07fced1c99f4d83eb7d20131f666507ba24a460608076f75fbddb58126cd6a6840
+EBUILD openpgp-keys-gentoo-developers-20230731.ebuild 7531 BLAKE2B 6047cb6478855d2603cb60e76524742994e06b71c0dbe29d69bff1866ae66a712422d95e8a8495c35b66f3c40fdaf74ea53d34338650b9428e5caa45d7fe5a0c SHA512 e271c6b583c1f2a1c61bc034e24696ae93dbce52f1a541901df12eb64496bf07fced1c99f4d83eb7d20131f666507ba24a460608076f75fbddb58126cd6a6840
 EBUILD openpgp-keys-gentoo-developers-99999999.ebuild 7531 BLAKE2B 6047cb6478855d2603cb60e76524742994e06b71c0dbe29d69bff1866ae66a712422d95e8a8495c35b66f3c40fdaf74ea53d34338650b9428e5caa45d7fe5a0c SHA512 e271c6b583c1f2a1c61bc034e24696ae93dbce52f1a541901df12eb64496bf07fced1c99f4d83eb7d20131f666507ba24a460608076f75fbddb58126cd6a6840
 MISC metadata.xml 264 BLAKE2B 630ac0044f623dc63de725aae23da036b649a2d65331c06fbe9eb66d18ad1a4d3fd804cdffc4703500662b01272063af346680d2550f2fb6a262d6acee8c6789 SHA512 3cf1981080b4a7634537d20a3e837fa802c52ae5ee750531cc4aa3f8478cda78579375602bc058abbd75f9393f9681b79603c3ddd9af809a1e72f7336a708056
diff --git a/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230612.ebuild b/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230612.ebuild
deleted file mode 100644
index a8a3226d3007..000000000000
--- a/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230612.ebuild
+++ /dev/null
@@ -1,233 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{10..12} )
-inherit edo python-any-r1
-
-DESCRIPTION="Gentoo Authority Keys (GLEP 79)"
-HOMEPAGE="https://www.gentoo.org/downloads/signatures/"
-if [[ ${PV} == 9999* ]] ; then
-	PROPERTIES="live"
-
-	BDEPEND="net-misc/curl"
-else
-	SRC_URI="https://qa-reports.gentoo.org/output/keys/active-devs-${PV}.gpg -> ${P}-active-devs.gpg"
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv sparc x86"
-fi
-
-S="${WORKDIR}"
-
-LICENSE="public-domain"
-SLOT="0"
-IUSE="test"
-RESTRICT="!test? ( test )"
-
-BDEPEND+="
-	$(python_gen_any_dep 'dev-python/python-gnupg[${PYTHON_USEDEP}]')
-	sec-keys/openpgp-keys-gentoo-auth
-	test? (
-		app-crypt/gnupg
-		sys-apps/grep[pcre]
-	)
-"
-
-python_check_deps() {
-	python_has_version "dev-python/python-gnupg[${PYTHON_USEDEP}]"
-}
-
-src_unpack() {
-	if [[ ${PV} == 9999* ]] ; then
-		curl https://qa-reports.gentoo.org/output/active-devs.gpg -o ${P}-active-devs.gpg || die
-	else
-		default
-	fi
-}
-
-src_compile() {
-	export GNUPGHOME="${T}"/.gnupg
-
-	get_gpg_keyring_dir() {
-		if [[ ${PV} == 9999* ]] ; then
-			echo "${WORKDIR}"
-		else
-			echo "${DISTDIR}"
-		fi
-	}
-
-	local mygpgargs=(
-		--no-autostart
-		--no-default-keyring
-		--homedir "${GNUPGHOME}"
-	)
-
-	# From verify-sig.eclass:
-	# "GPG upstream knows better than to follow the spec, so we can't
-	# override this directory.  However, there is a clean fallback
-	# to GNUPGHOME."
-	addpredict /run/user
-
-	mkdir "${GNUPGHOME}" || die
-	chmod 700 "${GNUPGHOME}" || die
-
-	# Convert the binary keyring into an armored one so we can process it
-	edo gpg "${mygpgargs[@]}" --import "$(get_gpg_keyring_dir)"/${P}-active-devs.gpg
-	edo gpg "${mygpgargs[@]}" --export --armor > "${WORKDIR}"/gentoo-developers.asc
-
-	# Now strip out the keys which are expired and/or missing a signature
-	# from our L2 developer authority key
-	edo "${EPYTHON}" "${FILESDIR}"/keyring-mangler.py \
-			"${BROOT}"/usr/share/openpgp-keys/gentoo-auth.asc \
-			"${WORKDIR}"/gentoo-developers.asc \
-			"${WORKDIR}"/gentoo-developers-sanitised.asc
-}
-
-src_test() {
-	export GNUPGHOME="${T}"/tests/.gnupg
-
-	local mygpgargs=(
-		# We don't have --no-autostart here because we need
-		# to let it spawn an agent for the key generation.
-		--no-default-keyring
-		--homedir "${GNUPGHOME}"
-	)
-
-	# From verify-sig.eclass:
-	# "GPG upstream knows better than to follow the spec, so we can't
-	# override this directory.  However, there is a clean fallback
-	# to GNUPGHOME."
-	addpredict /run/user
-
-	# Check each of the keys to verify they're trusted by
-	# the L2 developer key.
-	mkdir -p "${GNUPGHOME}" || die
-	chmod 700 "${GNUPGHOME}" || die
-	cd "${T}"/tests || die
-
-	# First, grab the L1 key, and mark it as ultimately trusted.
-	edo gpg "${mygpgargs[@]}" --import "${BROOT}"/usr/share/openpgp-keys/gentoo-auth.asc
-	edo gpg "${mygpgargs[@]}" --import-ownertrust "${BROOT}"/usr/share/openpgp-keys/gentoo-auth-ownertrust.txt
-
-	# Generate a temporary key which isn't signed by anything to check
-	# whether we're detecting unexpected keys.
-	#
-	# The test is whether this appears in the sanitised keyring we
-	# produce in src_compile (it should not be in there).
-	#
-	# https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html
-	edo gpg "${mygpgargs[@]}" --batch --gen-key <<-EOF
-		%echo Generating temporary key for testing...
-
-		%no-protection
-		%transient-key
-		%pubring ${P}-ebuild-test-key.asc
-
-		Key-Type: 1
-		Key-Length: 2048
-		Subkey-Type: 1
-		Subkey-Length: 2048
-		Name-Real: Larry The Cow
-		Name-Email: larry@example.com
-		Expire-Date: 0
-		Handle: ${P}-ebuild-test-key
-
-		%commit
-		%echo Temporary key generated!
-	EOF
-
-	# Import the new injected key that shouldn't be signed by anything into a temporary testing keyring
-	edo gpg "${mygpgargs[@]}" --import "${T}"/tests/${P}-ebuild-test-key.asc
-
-	# Sign a tiny file with the to-be-injected key for testing rejection below
-	echo "Hello world!" > "${T}"/tests/signme || die
-	edo gpg "${mygpgargs[@]}" -u "Larry The Cow <larry@example.com>" --sign "${T}"/tests/signme || die
-
-	edo gpg "${mygpgargs[@]}" --export --armor > "${T}"/tests/tainted-keyring.asc
-
-	# keyring-mangler.py should now produce a keyring *without* it
-	edo "${EPYTHON}" "${FILESDIR}"/keyring-mangler.py \
-			"${BROOT}"/usr/share/openpgp-keys/gentoo-auth.asc \
-			"${T}"/tests/tainted-keyring.asc \
-			"${T}"/tests/gentoo-developers-sanitised.asc | tee "${T}"/tests/keyring-mangler.log
-	assert "Key mangling in tests failed?"
-
-	# Check the log to verify the injected key got detected
-	grep -q "Dropping key.*Larry The Cow" "${T}"/tests/keyring-mangler.log || die "Did not remove injected key from test keyring!"
-
-	# gnupg doesn't have an easy way for us to actually just.. ask
-	# if a key is known via WoT. So, sign a file using the key
-	# we just made, and then try to gpg --verify it, and check exit code.
-	#
-	# Let's now double check by seeing if a file signed by the injected key
-	# is rejected.
-	if gpg "${mygpgargs[@]}" --keyring "${T}"/tests/gentoo-developers-sanitised.asc --verify "${T}"/tests/signme.gpg ; then
-		die "'gpg --verify' using injected test key succeeded! This shouldn't happen!"
-	fi
-
-	# Bonus lame sanity check
-	edo gpg "${mygpgargs[@]}" --check-trustdb 2>&1 | tee "${T}"/tests/trustdb.log
-	assert "trustdb call failed!"
-
-	check_trust_levels() {
-		local mode=${1}
-
-		while IFS= read -r line; do
-			# gpg: depth: 0  valid:   1  signed:   2  trust: 0-, 0q, 0n, 0m, 0f, 1u
-			# gpg: depth: 1  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 2f, 0u
-			if [[ ${line} == *depth* ]] ; then
-				depth=$(echo ${line} | grep -Po "depth: [0-9]")
-				trust=$(echo ${line} | grep -Po "trust:.*")
-
-				trust_uncalculated=$(echo ${trust} | grep -Po "[0-9]-")
-				[[ ${trust_uncalculated} == 0 ]] || ${mode}
-
-				trust_insufficient=$(echo ${trust} | grep -Po "[0-9]q")
-				[[ ${trust_insufficient} == 0 ]] || ${mode}
-
-				trust_never=$(echo ${trust} | grep -Po "[0-9]n")
-				[[ ${trust_never} == 0 ]] || ${mode}
-
-				trust_marginal=$(echo ${trust} | grep -Po "[0-9]m")
-				[[ ${trust_marginal} == 0 ]] || ${mode}
-
-				trust_full=$(echo ${trust} | grep -Po "[0-9]f")
-				[[ ${trust_full} != 0 ]] || ${mode}
-
-				trust_ultimate=$(echo ${trust} | grep -Po "[0-9]u")
-				[[ ${trust_ultimate} == 1 ]] || ${mode}
-
-				echo "${trust_uncalculated}, ${trust_insufficient}"
-			fi
-		done < "${T}"/tests/trustdb.log
-	}
-
-	# First, check with the bad key still in the test keyring.
-	# This is supposed to fail, so we want it to return 1
-	check_trust_levels "return 1" && die "Trustdb passed when it should have failed!"
-
-	# Now check without the bad key in the test keyring.
-	# This one should pass.
-	#
-	# Drop the bad key first (https://superuser.com/questions/174583/how-to-delete-gpg-secret-keys-by-force-without-fingerprint)
-	keys=$(gpg "${mygpgargs[@]}" --fingerprint --with-colons --batch "Larry The Cow <larry@example.com>" \
-		| grep "^fpr" \
-		| sed -n 's/^fpr:::::::::\([[:alnum:]]\+\):/\1/p')
-
-	local key
-	for key in ${keys[@]} ; do
-		nonfatal edo gpg "${mygpgargs[@]}" --batch --yes --delete-secret-keys ${key}
-	done
-
-	edo gpg "${mygpgargs[@]}" --batch --yes --delete-keys "Larry The Cow <larry@example.com>"
-	check_trust_levels "return 0" || die "Trustdb failed when it should have passed!"
-
-	gpgconf --kill gpg-agent || die
-}
-
-src_install() {
-	insinto /usr/share/openpgp-keys
-	newins gentoo-developers-sanitised.asc gentoo-developers.asc
-
-	# TODO: install an ownertrust file like sec-keys/openpgp-keys-gentoo-auth?
-}
diff --git a/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230703.ebuild b/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230703.ebuild
deleted file mode 100644
index fda85a259ff6..000000000000
--- a/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230703.ebuild
+++ /dev/null
@@ -1,233 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{10..12} )
-inherit edo python-any-r1
-
-DESCRIPTION="Gentoo Authority Keys (GLEP 79)"
-HOMEPAGE="https://www.gentoo.org/downloads/signatures/"
-if [[ ${PV} == 9999* ]] ; then
-	PROPERTIES="live"
-
-	BDEPEND="net-misc/curl"
-else
-	SRC_URI="https://qa-reports.gentoo.org/output/keys/active-devs-${PV}.gpg -> ${P}-active-devs.gpg"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
-fi
-
-S="${WORKDIR}"
-
-LICENSE="public-domain"
-SLOT="0"
-IUSE="test"
-RESTRICT="!test? ( test )"
-
-BDEPEND+="
-	$(python_gen_any_dep 'dev-python/python-gnupg[${PYTHON_USEDEP}]')
-	sec-keys/openpgp-keys-gentoo-auth
-	test? (
-		app-crypt/gnupg
-		sys-apps/grep[pcre]
-	)
-"
-
-python_check_deps() {
-	python_has_version "dev-python/python-gnupg[${PYTHON_USEDEP}]"
-}
-
-src_unpack() {
-	if [[ ${PV} == 9999* ]] ; then
-		curl https://qa-reports.gentoo.org/output/active-devs.gpg -o ${P}-active-devs.gpg || die
-	else
-		default
-	fi
-}
-
-src_compile() {
-	export GNUPGHOME="${T}"/.gnupg
-
-	get_gpg_keyring_dir() {
-		if [[ ${PV} == 9999* ]] ; then
-			echo "${WORKDIR}"
-		else
-			echo "${DISTDIR}"
-		fi
-	}
-
-	local mygpgargs=(
-		--no-autostart
-		--no-default-keyring
-		--homedir "${GNUPGHOME}"
-	)
-
-	# From verify-sig.eclass:
-	# "GPG upstream knows better than to follow the spec, so we can't
-	# override this directory.  However, there is a clean fallback
-	# to GNUPGHOME."
-	addpredict /run/user
-
-	mkdir "${GNUPGHOME}" || die
-	chmod 700 "${GNUPGHOME}" || die
-
-	# Convert the binary keyring into an armored one so we can process it
-	edo gpg "${mygpgargs[@]}" --import "$(get_gpg_keyring_dir)"/${P}-active-devs.gpg
-	edo gpg "${mygpgargs[@]}" --export --armor > "${WORKDIR}"/gentoo-developers.asc
-
-	# Now strip out the keys which are expired and/or missing a signature
-	# from our L2 developer authority key
-	edo "${EPYTHON}" "${FILESDIR}"/keyring-mangler.py \
-			"${BROOT}"/usr/share/openpgp-keys/gentoo-auth.asc \
-			"${WORKDIR}"/gentoo-developers.asc \
-			"${WORKDIR}"/gentoo-developers-sanitised.asc
-}
-
-src_test() {
-	export GNUPGHOME="${T}"/tests/.gnupg
-
-	local mygpgargs=(
-		# We don't have --no-autostart here because we need
-		# to let it spawn an agent for the key generation.
-		--no-default-keyring
-		--homedir "${GNUPGHOME}"
-	)
-
-	# From verify-sig.eclass:
-	# "GPG upstream knows better than to follow the spec, so we can't
-	# override this directory.  However, there is a clean fallback
-	# to GNUPGHOME."
-	addpredict /run/user
-
-	# Check each of the keys to verify they're trusted by
-	# the L2 developer key.
-	mkdir -p "${GNUPGHOME}" || die
-	chmod 700 "${GNUPGHOME}" || die
-	cd "${T}"/tests || die
-
-	# First, grab the L1 key, and mark it as ultimately trusted.
-	edo gpg "${mygpgargs[@]}" --import "${BROOT}"/usr/share/openpgp-keys/gentoo-auth.asc
-	edo gpg "${mygpgargs[@]}" --import-ownertrust "${BROOT}"/usr/share/openpgp-keys/gentoo-auth-ownertrust.txt
-
-	# Generate a temporary key which isn't signed by anything to check
-	# whether we're detecting unexpected keys.
-	#
-	# The test is whether this appears in the sanitised keyring we
-	# produce in src_compile (it should not be in there).
-	#
-	# https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html
-	edo gpg "${mygpgargs[@]}" --batch --gen-key <<-EOF
-		%echo Generating temporary key for testing...
-
-		%no-protection
-		%transient-key
-		%pubring ${P}-ebuild-test-key.asc
-
-		Key-Type: 1
-		Key-Length: 2048
-		Subkey-Type: 1
-		Subkey-Length: 2048
-		Name-Real: Larry The Cow
-		Name-Email: larry@example.com
-		Expire-Date: 0
-		Handle: ${P}-ebuild-test-key
-
-		%commit
-		%echo Temporary key generated!
-	EOF
-
-	# Import the new injected key that shouldn't be signed by anything into a temporary testing keyring
-	edo gpg "${mygpgargs[@]}" --import "${T}"/tests/${P}-ebuild-test-key.asc
-
-	# Sign a tiny file with the to-be-injected key for testing rejection below
-	echo "Hello world!" > "${T}"/tests/signme || die
-	edo gpg "${mygpgargs[@]}" -u "Larry The Cow <larry@example.com>" --sign "${T}"/tests/signme || die
-
-	edo gpg "${mygpgargs[@]}" --export --armor > "${T}"/tests/tainted-keyring.asc
-
-	# keyring-mangler.py should now produce a keyring *without* it
-	edo "${EPYTHON}" "${FILESDIR}"/keyring-mangler.py \
-			"${BROOT}"/usr/share/openpgp-keys/gentoo-auth.asc \
-			"${T}"/tests/tainted-keyring.asc \
-			"${T}"/tests/gentoo-developers-sanitised.asc | tee "${T}"/tests/keyring-mangler.log
-	assert "Key mangling in tests failed?"
-
-	# Check the log to verify the injected key got detected
-	grep -q "Dropping key.*Larry The Cow" "${T}"/tests/keyring-mangler.log || die "Did not remove injected key from test keyring!"
-
-	# gnupg doesn't have an easy way for us to actually just.. ask
-	# if a key is known via WoT. So, sign a file using the key
-	# we just made, and then try to gpg --verify it, and check exit code.
-	#
-	# Let's now double check by seeing if a file signed by the injected key
-	# is rejected.
-	if gpg "${mygpgargs[@]}" --keyring "${T}"/tests/gentoo-developers-sanitised.asc --verify "${T}"/tests/signme.gpg ; then
-		die "'gpg --verify' using injected test key succeeded! This shouldn't happen!"
-	fi
-
-	# Bonus lame sanity check
-	edo gpg "${mygpgargs[@]}" --check-trustdb 2>&1 | tee "${T}"/tests/trustdb.log
-	assert "trustdb call failed!"
-
-	check_trust_levels() {
-		local mode=${1}
-
-		while IFS= read -r line; do
-			# gpg: depth: 0  valid:   1  signed:   2  trust: 0-, 0q, 0n, 0m, 0f, 1u
-			# gpg: depth: 1  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 2f, 0u
-			if [[ ${line} == *depth* ]] ; then
-				depth=$(echo ${line} | grep -Po "depth: [0-9]")
-				trust=$(echo ${line} | grep -Po "trust:.*")
-
-				trust_uncalculated=$(echo ${trust} | grep -Po "[0-9]-")
-				[[ ${trust_uncalculated} == 0 ]] || ${mode}
-
-				trust_insufficient=$(echo ${trust} | grep -Po "[0-9]q")
-				[[ ${trust_insufficient} == 0 ]] || ${mode}
-
-				trust_never=$(echo ${trust} | grep -Po "[0-9]n")
-				[[ ${trust_never} == 0 ]] || ${mode}
-
-				trust_marginal=$(echo ${trust} | grep -Po "[0-9]m")
-				[[ ${trust_marginal} == 0 ]] || ${mode}
-
-				trust_full=$(echo ${trust} | grep -Po "[0-9]f")
-				[[ ${trust_full} != 0 ]] || ${mode}
-
-				trust_ultimate=$(echo ${trust} | grep -Po "[0-9]u")
-				[[ ${trust_ultimate} == 1 ]] || ${mode}
-
-				echo "${trust_uncalculated}, ${trust_insufficient}"
-			fi
-		done < "${T}"/tests/trustdb.log
-	}
-
-	# First, check with the bad key still in the test keyring.
-	# This is supposed to fail, so we want it to return 1
-	check_trust_levels "return 1" && die "Trustdb passed when it should have failed!"
-
-	# Now check without the bad key in the test keyring.
-	# This one should pass.
-	#
-	# Drop the bad key first (https://superuser.com/questions/174583/how-to-delete-gpg-secret-keys-by-force-without-fingerprint)
-	keys=$(gpg "${mygpgargs[@]}" --fingerprint --with-colons --batch "Larry The Cow <larry@example.com>" \
-		| grep "^fpr" \
-		| sed -n 's/^fpr:::::::::\([[:alnum:]]\+\):/\1/p')
-
-	local key
-	for key in ${keys[@]} ; do
-		nonfatal edo gpg "${mygpgargs[@]}" --batch --yes --delete-secret-keys ${key}
-	done
-
-	edo gpg "${mygpgargs[@]}" --batch --yes --delete-keys "Larry The Cow <larry@example.com>"
-	check_trust_levels "return 0" || die "Trustdb failed when it should have passed!"
-
-	gpgconf --kill gpg-agent || die
-}
-
-src_install() {
-	insinto /usr/share/openpgp-keys
-	newins gentoo-developers-sanitised.asc gentoo-developers.asc
-
-	# TODO: install an ownertrust file like sec-keys/openpgp-keys-gentoo-auth?
-}
diff --git a/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230710.ebuild b/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230710.ebuild
deleted file mode 100644
index fda85a259ff6..000000000000
--- a/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230710.ebuild
+++ /dev/null
@@ -1,233 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{10..12} )
-inherit edo python-any-r1
-
-DESCRIPTION="Gentoo Authority Keys (GLEP 79)"
-HOMEPAGE="https://www.gentoo.org/downloads/signatures/"
-if [[ ${PV} == 9999* ]] ; then
-	PROPERTIES="live"
-
-	BDEPEND="net-misc/curl"
-else
-	SRC_URI="https://qa-reports.gentoo.org/output/keys/active-devs-${PV}.gpg -> ${P}-active-devs.gpg"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
-fi
-
-S="${WORKDIR}"
-
-LICENSE="public-domain"
-SLOT="0"
-IUSE="test"
-RESTRICT="!test? ( test )"
-
-BDEPEND+="
-	$(python_gen_any_dep 'dev-python/python-gnupg[${PYTHON_USEDEP}]')
-	sec-keys/openpgp-keys-gentoo-auth
-	test? (
-		app-crypt/gnupg
-		sys-apps/grep[pcre]
-	)
-"
-
-python_check_deps() {
-	python_has_version "dev-python/python-gnupg[${PYTHON_USEDEP}]"
-}
-
-src_unpack() {
-	if [[ ${PV} == 9999* ]] ; then
-		curl https://qa-reports.gentoo.org/output/active-devs.gpg -o ${P}-active-devs.gpg || die
-	else
-		default
-	fi
-}
-
-src_compile() {
-	export GNUPGHOME="${T}"/.gnupg
-
-	get_gpg_keyring_dir() {
-		if [[ ${PV} == 9999* ]] ; then
-			echo "${WORKDIR}"
-		else
-			echo "${DISTDIR}"
-		fi
-	}
-
-	local mygpgargs=(
-		--no-autostart
-		--no-default-keyring
-		--homedir "${GNUPGHOME}"
-	)
-
-	# From verify-sig.eclass:
-	# "GPG upstream knows better than to follow the spec, so we can't
-	# override this directory.  However, there is a clean fallback
-	# to GNUPGHOME."
-	addpredict /run/user
-
-	mkdir "${GNUPGHOME}" || die
-	chmod 700 "${GNUPGHOME}" || die
-
-	# Convert the binary keyring into an armored one so we can process it
-	edo gpg "${mygpgargs[@]}" --import "$(get_gpg_keyring_dir)"/${P}-active-devs.gpg
-	edo gpg "${mygpgargs[@]}" --export --armor > "${WORKDIR}"/gentoo-developers.asc
-
-	# Now strip out the keys which are expired and/or missing a signature
-	# from our L2 developer authority key
-	edo "${EPYTHON}" "${FILESDIR}"/keyring-mangler.py \
-			"${BROOT}"/usr/share/openpgp-keys/gentoo-auth.asc \
-			"${WORKDIR}"/gentoo-developers.asc \
-			"${WORKDIR}"/gentoo-developers-sanitised.asc
-}
-
-src_test() {
-	export GNUPGHOME="${T}"/tests/.gnupg
-
-	local mygpgargs=(
-		# We don't have --no-autostart here because we need
-		# to let it spawn an agent for the key generation.
-		--no-default-keyring
-		--homedir "${GNUPGHOME}"
-	)
-
-	# From verify-sig.eclass:
-	# "GPG upstream knows better than to follow the spec, so we can't
-	# override this directory.  However, there is a clean fallback
-	# to GNUPGHOME."
-	addpredict /run/user
-
-	# Check each of the keys to verify they're trusted by
-	# the L2 developer key.
-	mkdir -p "${GNUPGHOME}" || die
-	chmod 700 "${GNUPGHOME}" || die
-	cd "${T}"/tests || die
-
-	# First, grab the L1 key, and mark it as ultimately trusted.
-	edo gpg "${mygpgargs[@]}" --import "${BROOT}"/usr/share/openpgp-keys/gentoo-auth.asc
-	edo gpg "${mygpgargs[@]}" --import-ownertrust "${BROOT}"/usr/share/openpgp-keys/gentoo-auth-ownertrust.txt
-
-	# Generate a temporary key which isn't signed by anything to check
-	# whether we're detecting unexpected keys.
-	#
-	# The test is whether this appears in the sanitised keyring we
-	# produce in src_compile (it should not be in there).
-	#
-	# https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html
-	edo gpg "${mygpgargs[@]}" --batch --gen-key <<-EOF
-		%echo Generating temporary key for testing...
-
-		%no-protection
-		%transient-key
-		%pubring ${P}-ebuild-test-key.asc
-
-		Key-Type: 1
-		Key-Length: 2048
-		Subkey-Type: 1
-		Subkey-Length: 2048
-		Name-Real: Larry The Cow
-		Name-Email: larry@example.com
-		Expire-Date: 0
-		Handle: ${P}-ebuild-test-key
-
-		%commit
-		%echo Temporary key generated!
-	EOF
-
-	# Import the new injected key that shouldn't be signed by anything into a temporary testing keyring
-	edo gpg "${mygpgargs[@]}" --import "${T}"/tests/${P}-ebuild-test-key.asc
-
-	# Sign a tiny file with the to-be-injected key for testing rejection below
-	echo "Hello world!" > "${T}"/tests/signme || die
-	edo gpg "${mygpgargs[@]}" -u "Larry The Cow <larry@example.com>" --sign "${T}"/tests/signme || die
-
-	edo gpg "${mygpgargs[@]}" --export --armor > "${T}"/tests/tainted-keyring.asc
-
-	# keyring-mangler.py should now produce a keyring *without* it
-	edo "${EPYTHON}" "${FILESDIR}"/keyring-mangler.py \
-			"${BROOT}"/usr/share/openpgp-keys/gentoo-auth.asc \
-			"${T}"/tests/tainted-keyring.asc \
-			"${T}"/tests/gentoo-developers-sanitised.asc | tee "${T}"/tests/keyring-mangler.log
-	assert "Key mangling in tests failed?"
-
-	# Check the log to verify the injected key got detected
-	grep -q "Dropping key.*Larry The Cow" "${T}"/tests/keyring-mangler.log || die "Did not remove injected key from test keyring!"
-
-	# gnupg doesn't have an easy way for us to actually just.. ask
-	# if a key is known via WoT. So, sign a file using the key
-	# we just made, and then try to gpg --verify it, and check exit code.
-	#
-	# Let's now double check by seeing if a file signed by the injected key
-	# is rejected.
-	if gpg "${mygpgargs[@]}" --keyring "${T}"/tests/gentoo-developers-sanitised.asc --verify "${T}"/tests/signme.gpg ; then
-		die "'gpg --verify' using injected test key succeeded! This shouldn't happen!"
-	fi
-
-	# Bonus lame sanity check
-	edo gpg "${mygpgargs[@]}" --check-trustdb 2>&1 | tee "${T}"/tests/trustdb.log
-	assert "trustdb call failed!"
-
-	check_trust_levels() {
-		local mode=${1}
-
-		while IFS= read -r line; do
-			# gpg: depth: 0  valid:   1  signed:   2  trust: 0-, 0q, 0n, 0m, 0f, 1u
-			# gpg: depth: 1  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 2f, 0u
-			if [[ ${line} == *depth* ]] ; then
-				depth=$(echo ${line} | grep -Po "depth: [0-9]")
-				trust=$(echo ${line} | grep -Po "trust:.*")
-
-				trust_uncalculated=$(echo ${trust} | grep -Po "[0-9]-")
-				[[ ${trust_uncalculated} == 0 ]] || ${mode}
-
-				trust_insufficient=$(echo ${trust} | grep -Po "[0-9]q")
-				[[ ${trust_insufficient} == 0 ]] || ${mode}
-
-				trust_never=$(echo ${trust} | grep -Po "[0-9]n")
-				[[ ${trust_never} == 0 ]] || ${mode}
-
-				trust_marginal=$(echo ${trust} | grep -Po "[0-9]m")
-				[[ ${trust_marginal} == 0 ]] || ${mode}
-
-				trust_full=$(echo ${trust} | grep -Po "[0-9]f")
-				[[ ${trust_full} != 0 ]] || ${mode}
-
-				trust_ultimate=$(echo ${trust} | grep -Po "[0-9]u")
-				[[ ${trust_ultimate} == 1 ]] || ${mode}
-
-				echo "${trust_uncalculated}, ${trust_insufficient}"
-			fi
-		done < "${T}"/tests/trustdb.log
-	}
-
-	# First, check with the bad key still in the test keyring.
-	# This is supposed to fail, so we want it to return 1
-	check_trust_levels "return 1" && die "Trustdb passed when it should have failed!"
-
-	# Now check without the bad key in the test keyring.
-	# This one should pass.
-	#
-	# Drop the bad key first (https://superuser.com/questions/174583/how-to-delete-gpg-secret-keys-by-force-without-fingerprint)
-	keys=$(gpg "${mygpgargs[@]}" --fingerprint --with-colons --batch "Larry The Cow <larry@example.com>" \
-		| grep "^fpr" \
-		| sed -n 's/^fpr:::::::::\([[:alnum:]]\+\):/\1/p')
-
-	local key
-	for key in ${keys[@]} ; do
-		nonfatal edo gpg "${mygpgargs[@]}" --batch --yes --delete-secret-keys ${key}
-	done
-
-	edo gpg "${mygpgargs[@]}" --batch --yes --delete-keys "Larry The Cow <larry@example.com>"
-	check_trust_levels "return 0" || die "Trustdb failed when it should have passed!"
-
-	gpgconf --kill gpg-agent || die
-}
-
-src_install() {
-	insinto /usr/share/openpgp-keys
-	newins gentoo-developers-sanitised.asc gentoo-developers.asc
-
-	# TODO: install an ownertrust file like sec-keys/openpgp-keys-gentoo-auth?
-}
diff --git a/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230717.ebuild b/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230717.ebuild
index fda85a259ff6..a8a3226d3007 100644
--- a/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230717.ebuild
+++ b/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230717.ebuild
@@ -14,7 +14,7 @@ if [[ ${PV} == 9999* ]] ; then
 	BDEPEND="net-misc/curl"
 else
 	SRC_URI="https://qa-reports.gentoo.org/output/keys/active-devs-${PV}.gpg -> ${P}-active-devs.gpg"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv sparc x86"
 fi
 
 S="${WORKDIR}"
diff --git a/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230619.ebuild b/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230724.ebuild
index fda85a259ff6..fda85a259ff6 100644
--- a/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230619.ebuild
+++ b/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230724.ebuild
diff --git a/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230626.ebuild b/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230731.ebuild
index fda85a259ff6..fda85a259ff6 100644
--- a/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230626.ebuild
+++ b/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230731.ebuild
author	V3n3RiX <venerix@koprulu.sector>	2023-08-04 15:17:45 +0100
committer	V3n3RiX <venerix@koprulu.sector>	2023-08-04 15:17:45 +0100
commit	2273b13517c999048fff4aa7714d14415478de1d (patch)
tree	d0ff945bd67ab1efccbaa9c7bcc077c8f8032338 /sec-keys
parent	5e0e6a28799c4a5134e55d203b373f1d6811c004 (diff)