From 93a93e9a3b53c1a73142a305ea1f8136846942ee Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 22 Dec 2021 14:08:05 +0000 Subject: gentoo resync : 22.12.2021 --- eclass/Manifest.gz | Bin 36359 -> 36378 bytes eclass/dist-kernel-utils.eclass | 3 +- eclass/dune.eclass | 58 ++++++++++------ eclass/flag-o-matic.eclass | 3 +- eclass/gnome2-utils.eclass | 13 ++-- eclass/gnome2.eclass | 12 ++-- eclass/go-module.eclass | 31 ++++++--- eclass/kernel-install.eclass | 9 +++ eclass/llvm.org.eclass | 9 ++- eclass/mount-boot.eclass | 4 +- eclass/tmpfiles.eclass | 4 +- eclass/toolchain-funcs.eclass | 2 + eclass/tree-sitter-grammar.eclass | 20 +++--- eclass/vala.eclass | 9 ++- eclass/vdr-plugin-2.eclass | 2 +- eclass/verify-sig.eclass | 143 +++++++++++++++++++++++++++++--------- 16 files changed, 225 insertions(+), 97 deletions(-) (limited to 'eclass') diff --git a/eclass/Manifest.gz b/eclass/Manifest.gz index 508cb7bd790f..620acda3be65 100644 Binary files a/eclass/Manifest.gz and b/eclass/Manifest.gz differ diff --git a/eclass/dist-kernel-utils.eclass b/eclass/dist-kernel-utils.eclass index 9ab65b097b32..f514a3da65a9 100644 --- a/eclass/dist-kernel-utils.eclass +++ b/eclass/dist-kernel-utils.eclass @@ -72,7 +72,8 @@ dist-kernel_get_image_path() { arm) echo arch/arm/boot/zImage ;; - ppc64) + ppc|ppc64) + # https://www.kernel.org/doc/html/latest/powerpc/bootwrapper.html # ./ is required because of ${image_path%/*} # substitutions in the code echo ./vmlinux diff --git a/eclass/dune.eclass b/eclass/dune.eclass index 02a8a870ef43..4653db3ae791 100644 --- a/eclass/dune.eclass +++ b/eclass/dune.eclass @@ -8,7 +8,7 @@ # ML # @AUTHOR: # Rafael Kitover -# @SUPPORTED_EAPIS: 5 6 7 +# @SUPPORTED_EAPIS: 6 7 8 # @BLURB: Provides functions for installing Dune packages. # @DESCRIPTION: # Provides dependencies on dDne and OCaml and default src_compile, src_test and @@ -19,9 +19,10 @@ # @DESCRIPTION: # Sets the actual Dune package name, if different from Gentoo package name. # Set before inheriting the eclass. +: ${DUNE_PKG_NAME:=${PN}} case ${EAPI:-0} in - 5|6|7) ;; + 6|7|8) ;; *) die "${ECLASS}: EAPI ${EAPI} not supported" ;; esac @@ -32,7 +33,7 @@ EXPORT_FUNCTIONS src_compile src_test src_install RDEPEND=">=dev-lang/ocaml-4:=[ocamlopt?] dev-ml/dune:=" case ${EAPI:-0} in - 5|6) + 6) DEPEND="${RDEPEND} dev-ml/dune" ;; *) @@ -42,11 +43,15 @@ case ${EAPI:-0} in esac dune_src_compile() { - dune build @install --profile release || die + ebegin "Building" + dune build @install --profile release + eend $? || die } dune_src_test() { - dune runtest || die + ebegin "Testing" + dune runtest + eend $? || die } # @FUNCTION: dune-install @@ -54,26 +59,37 @@ dune_src_test() { # @DESCRIPTION: # Installs the dune packages given as arguments. For each "${pkg}" element in # that list, "${pkg}.install" must be readable from "${PWD}/_build/default" +# +# Example use: +# @CODE +# dune-install menhir menhirLib menhirSdk +# @CODE dune-install() { + local -a pkgs=( "${@}" ) + + [[ ${#pkgs[@]} -eq 0 ]] && pkgs=( "${DUNE_PKG_NAME}" ) + + local -a myduneopts=( + --prefix="${ED%/}/usr" + --libdir="${D%/}$(ocamlc -where)" + --mandir="${ED%/}/usr/share/man" + ) + local pkg - for pkg ; do - dune install \ - --prefix="${ED%/}/usr" \ - --libdir="${D%/}$(ocamlc -where)" \ - --mandir="${ED%/}/usr/share/man" \ - "${pkg}" || die + for pkg in "${pkgs[@]}" ; do + ebegin "Installing ${pkg}" + dune install ${myduneopts[@]} ${pkg} + eend $? || die + + # Move docs to the appropriate place. + if [ -d "${ED%/}/usr/doc/${pkg}" ] ; then + mkdir -p "${ED%/}/usr/share/doc/${PF}/" || die + mv "${ED%/}/usr/doc/${pkg}" "${ED%/}/usr/share/doc/${PF}/" || die + rm -rf "${ED%/}/usr/doc" || die + fi done } dune_src_install() { - local pkg="${1:-${DUNE_PKG_NAME:-${PN}}}" - - dune-install "${pkg}" - - # Move docs to the appropriate place. - if [ -d "${ED%/}/usr/doc/${pkg}" ] ; then - mkdir -p "${ED%/}/usr/share/doc/${PF}/" || die - mv "${ED%/}/usr/doc/${pkg}/"* "${ED%/}/usr/share/doc/${PF}/" || die - rm -rf "${ED%/}/usr/doc" || die - fi + dune-install ${1:-${DUNE_PKG_NAME}} } diff --git a/eclass/flag-o-matic.eclass b/eclass/flag-o-matic.eclass index d262a60b6bb2..32119cb9a526 100644 --- a/eclass/flag-o-matic.eclass +++ b/eclass/flag-o-matic.eclass @@ -193,7 +193,8 @@ filter-lfs-flags() { # _LARGEFILE_SOURCE: enable support for new LFS funcs (ftello/etc...) # _LARGEFILE64_SOURCE: enable support for 64bit variants (off64_t/fseeko64/etc...) # _FILE_OFFSET_BITS: default to 64bit variants (off_t is defined as off64_t) - filter-flags -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE + # _TIME_BITS: default to 64bit time_t (requires _FILE_OFFSET_BITS=64) + filter-flags -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_TIME_BITS=64 } # @FUNCTION: filter-ldflags diff --git a/eclass/gnome2-utils.eclass b/eclass/gnome2-utils.eclass index f7d45090f820..97b845c7b88b 100644 --- a/eclass/gnome2-utils.eclass +++ b/eclass/gnome2-utils.eclass @@ -1,10 +1,10 @@ -# Copyright 1999-2020 Gentoo Authors +# Copyright 1999-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 # @ECLASS: gnome2-utils.eclass # @MAINTAINER: # gnome@gentoo.org -# @SUPPORTED_EAPIS: 5 6 7 +# @SUPPORTED_EAPIS: 5 6 7 8 # @PROVIDES: xdg-utils # @BLURB: Auxiliary functions commonly used by Gnome packages. # @DESCRIPTION: @@ -16,14 +16,13 @@ # * scrollkeeper (old Gnome help system) management [[ ${EAPI} == 5 ]] && inherit multilib -# eutils.eclass: emktemp # toolchain-funs.eclass: tc-is-cross-compiler # xdg-utils.eclass: xdg_environment_reset, xdg_icon_cache_update -inherit eutils toolchain-funcs xdg-utils +inherit toolchain-funcs xdg-utils case ${EAPI} in - 5|6|7) ;; - *) die "EAPI=${EAPI} is not supported" ;; + 5|6|7|8) ;; + *) die "${ECLASS}: EAPI ${EAPI:-0} not supported" ;; esac # @ECLASS-VARIABLE: GCONFTOOL_BIN @@ -379,7 +378,7 @@ gnome2_gdk_pixbuf_update() { fi ebegin "Updating gdk-pixbuf loader cache" - local tmp_file=$(emktemp) + local tmp_file=$(mktemp "${T}"/tmp.XXXXXXXXXX) || die "Failed to create temporary file" ${updater} 1> "${tmp_file}" && chmod 0644 "${tmp_file}" && cp -f "${tmp_file}" "${EROOT%/}/usr/$(get_libdir)/gdk-pixbuf-2.0/2.10.0/loaders.cache" && diff --git a/eclass/gnome2.eclass b/eclass/gnome2.eclass index 6fab55785be5..0414d5cd5f3a 100644 --- a/eclass/gnome2.eclass +++ b/eclass/gnome2.eclass @@ -1,10 +1,10 @@ -# Copyright 1999-2020 Gentoo Authors +# Copyright 1999-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 # @ECLASS: gnome2.eclass # @MAINTAINER: # gnome@gentoo.org -# @SUPPORTED_EAPIS: 5 6 7 +# @SUPPORTED_EAPIS: 5 6 7 8 # @PROVIDES: gnome2-utils # @BLURB: Provides phases for Gnome/Gtk+ based packages. # @DESCRIPTION: @@ -21,14 +21,14 @@ GNOME2_EAUTORECONF=${GNOME2_EAUTORECONF:-""} [[ ${EAPI} == [56] ]] && inherit eutils ltprune inherit libtool gnome.org gnome2-utils xdg -case ${EAPI:-0} in +case ${EAPI} in 5) EXPORT_FUNCTIONS src_unpack src_prepare src_configure src_compile src_install pkg_preinst pkg_postinst pkg_postrm ;; - 6|7) + 6|7|8) EXPORT_FUNCTIONS src_prepare src_configure src_compile src_install pkg_preinst pkg_postinst pkg_postrm ;; - *) die "EAPI=${EAPI} is not supported" ;; + *) die "${ECLASS}: EAPI ${EAPI:-0} not supported" ;; esac # @ECLASS-VARIABLE: ELTCONF @@ -96,7 +96,7 @@ gnome2_src_unpack() { # Prepare environment for build, fix build of scrollkeeper documentation, # run elibtoolize. gnome2_src_prepare() { - xdg_src_prepare + [[ ${EAPI} != 5 ]] && default # Prevent assorted access violations and test failures gnome2_environment_reset diff --git a/eclass/go-module.eclass b/eclass/go-module.eclass index 3ad8542a28ae..c9eb90ac62ea 100644 --- a/eclass/go-module.eclass +++ b/eclass/go-module.eclass @@ -1,4 +1,4 @@ -# Copyright 2019-2020 Gentoo Authors +# Copyright 2019-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 # @ECLASS: go-module.eclass @@ -55,13 +55,17 @@ if [[ -z ${_GO_MODULE} ]]; then _GO_MODULE=1 -BDEPEND=">=dev-lang/go-1.12" +if [[ ! ${GO_OPTIONAL} ]]; then + BDEPEND=">=dev-lang/go-1.12" -# Workaround for pkgcheck false positive: https://github.com/pkgcore/pkgcheck/issues/214 -# MissingUnpackerDep: version ...: missing BDEPEND="app-arch/unzip" -# Added here rather than to each affected package, so it can be cleaned up just -# once when pkgcheck is improved. -BDEPEND+=" app-arch/unzip" + # Workaround for pkgcheck false positive: https://github.com/pkgcore/pkgcheck/issues/214 + # MissingUnpackerDep: version ...: missing BDEPEND="app-arch/unzip" + # Added here rather than to each affected package, so it can be cleaned up just + # once when pkgcheck is improved. + BDEPEND+=" app-arch/unzip" + + EXPORT_FUNCTIONS src_unpack +fi # Force go to build in module mode. # In this mode the GOPATH environment variable is ignored. @@ -83,8 +87,6 @@ QA_FLAGS_IGNORED='.*' # Go packages should not be stripped with strip(1). RESTRICT+=" strip" -EXPORT_FUNCTIONS src_unpack - # @ECLASS-VARIABLE: EGO_SUM # @DESCRIPTION: # This is an array based on the go.sum content from inside the target package. @@ -147,6 +149,17 @@ EXPORT_FUNCTIONS src_unpack # directory structure. declare -A -g _GOMODULE_GOSUM_REVERSE_MAP +# @ECLASS-VARIABLE: GO_OPTIONAL +# @DEFAULT_UNSET +# @PRE_INHERIT +# @DESCRIPTION: +# If set to a non-null value before inherit, then the Go part of the +# ebuild will be considered optional. No dependencies will be added and +# no phase functions will be exported. +# +# If you enable GO_OPTIONAL, you have to set BDEPEND on >=dev-lang/go-1.12 +# for your package and call go-module_src_unpack manually. + # @FUNCTION: go-module_set_globals # @DESCRIPTION: # Convert the information in EGO_SUM for other usage in the ebuild. diff --git a/eclass/kernel-install.eclass b/eclass/kernel-install.eclass index 609afa754deb..3f98c4a53443 100644 --- a/eclass/kernel-install.eclass +++ b/eclass/kernel-install.eclass @@ -73,6 +73,7 @@ BDEPEND=" sys-fs/e2fsprogs amd64? ( app-emulation/qemu[qemu_softmmu_targets_x86_64] ) arm64? ( app-emulation/qemu[qemu_softmmu_targets_aarch64] ) + ppc? ( app-emulation/qemu[qemu_softmmu_targets_ppc] ) ppc64? ( app-emulation/qemu[qemu_softmmu_targets_ppc64] ) x86? ( app-emulation/qemu[qemu_softmmu_targets_i386] ) )" @@ -161,6 +162,9 @@ kernel-install_get_qemu_arch() { arm64) echo aarch64 ;; + ppc) + echo ppc + ;; ppc64) echo ppc64 ;; @@ -295,6 +299,11 @@ kernel-install_test() { qemu_extra_args="-cpu max" qemu_extra_append="console=ttyS0,115200n8" ;; + ppc) + # https://wiki.qemu.org/Documentation/Platforms/PowerPC#Command_line_options + qemu_extra_args="-boot d -L pc-bios -M mac99,via=pmu" + qemu_extra_append="console=ttyS0,115200n8" + ;; ppc64) qemu_extra_args="-nodefaults" ;; diff --git a/eclass/llvm.org.eclass b/eclass/llvm.org.eclass index f33599c3bb58..7ad6d1efe94e 100644 --- a/eclass/llvm.org.eclass +++ b/eclass/llvm.org.eclass @@ -135,13 +135,20 @@ case ${PV} in 10*|11*|12*) # this API is not present for old LLVM versions ;; - *) + 13*) ALL_LLVM_EXPERIMENTAL_TARGETS=( ARC CSKY M68k VE ) ALL_LLVM_PRODUCTION_TARGETS=( AArch64 AMDGPU ARM AVR BPF Hexagon Lanai Mips MSP430 NVPTX PowerPC RISCV Sparc SystemZ WebAssembly X86 XCore ) ;; + *) + ALL_LLVM_EXPERIMENTAL_TARGETS=( ARC CSKY M68k ) + ALL_LLVM_PRODUCTION_TARGETS=( + AArch64 AMDGPU ARM AVR BPF Hexagon Lanai Mips MSP430 NVPTX + PowerPC RISCV Sparc SystemZ VE WebAssembly X86 XCore + ) + ;; esac ALL_LLVM_TARGET_FLAGS=( diff --git a/eclass/mount-boot.eclass b/eclass/mount-boot.eclass index 2b07160231a6..3111d9dcb9b5 100644 --- a/eclass/mount-boot.eclass +++ b/eclass/mount-boot.eclass @@ -4,7 +4,7 @@ # @ECLASS: mount-boot.eclass # @MAINTAINER: # base-system@gentoo.org -# @SUPPORTED_EAPIS: 6 7 +# @SUPPORTED_EAPIS: 6 7 8 # @BLURB: functions for packages that install files into /boot # @DESCRIPTION: # This eclass is really only useful for bootloaders. @@ -14,7 +14,7 @@ # error if it can't. It does nothing if /boot isn't a separate partition. case ${EAPI:-0} in - 6|7) ;; + 6|7|8) ;; *) die "${ECLASS}: EAPI ${EAPI:-0} not supported" ;; esac diff --git a/eclass/tmpfiles.eclass b/eclass/tmpfiles.eclass index b9238a6434a0..7a0e2cb72657 100644 --- a/eclass/tmpfiles.eclass +++ b/eclass/tmpfiles.eclass @@ -8,7 +8,7 @@ # @AUTHOR: # Mike Gilbert # William Hubbs -# @SUPPORTED_EAPIS: 5 6 7 +# @SUPPORTED_EAPIS: 5 6 7 8 # @BLURB: Functions related to tmpfiles.d files # @DESCRIPTION: # This eclass provides functionality related to installing and @@ -56,7 +56,7 @@ if [[ -z ${TMPFILES_ECLASS} ]]; then TMPFILES_ECLASS=1 case "${EAPI}" in -5|6|7) ;; +5|6|7|8) ;; *) die "API is undefined for EAPI ${EAPI}" ;; esac diff --git a/eclass/toolchain-funcs.eclass b/eclass/toolchain-funcs.eclass index 563d9deef40b..77fb304940b2 100644 --- a/eclass/toolchain-funcs.eclass +++ b/eclass/toolchain-funcs.eclass @@ -675,6 +675,7 @@ ninj() { [[ ${type} == "kern" ]] && echo $1 || echo $2 ; } fi ;; ia64*) echo ia64;; + loongarch*) ninj loongarch loong;; m68*) echo m68k;; metag*) echo metag;; microblaze*) echo microblaze;; @@ -752,6 +753,7 @@ tc-endian() { hppa*) echo big;; i?86*) echo little;; ia64*) echo little;; + loongarch*) echo little;; m68*) echo big;; mips*l*) echo little;; mips*) echo big;; diff --git a/eclass/tree-sitter-grammar.eclass b/eclass/tree-sitter-grammar.eclass index 46573027f96f..7207ecf3ddd7 100644 --- a/eclass/tree-sitter-grammar.eclass +++ b/eclass/tree-sitter-grammar.eclass @@ -40,15 +40,13 @@ EXPORT_FUNCTIONS src_compile src_install # @INTERNAL # @DESCRIPTION: # This internal function determines the ABI version of a grammar library based -# on the package version. +# on a constant in the source file. _get_tsg_abi_ver() { - if ver_test -gt 0.21; then - die "Grammar too new; unknown ABI version" - elif ver_test -ge 0.19.0; then - echo 13 - else - die "Grammar too old; unknown ABI version" - fi + # This sed script finds ABI definition string in parser source file, + # substitutes all the string until the ABI number, and prints remains + # (the ABI number itself) + sed -n 's/#define LANGUAGE_VERSION //p' "${S}"/parser.c || + die "Unable to extract ABI version for this grammar" } # @FUNCTION: tree-sitter-grammar_src_compile @@ -89,8 +87,10 @@ tree-sitter-grammar_src_compile() { tree-sitter-grammar_src_install() { debug-print-function ${FUNCNAME} "${@}" - dolib.so "${WORKDIR}"/lib${PN}$(get_libname $(_get_tsg_abi_ver)) - dosym lib${PN}$(get_libname $(_get_tsg_abi_ver)) \ + local soname=lib${PN}$(get_libname $(_get_tsg_abi_ver)) + + dolib.so "${WORKDIR}/${soname}" + dosym "${soname}" \ /usr/$(get_libdir)/lib${PN}$(get_libname) } fi diff --git a/eclass/vala.eclass b/eclass/vala.eclass index c7ee9fe3648d..677520748c62 100644 --- a/eclass/vala.eclass +++ b/eclass/vala.eclass @@ -28,8 +28,8 @@ _VALA_ECLASS=1 # @ECLASS-VARIABLE: VALA_MIN_API_VERSION # @DESCRIPTION: -# Minimum vala API version (e.g. 0.44). -VALA_MIN_API_VERSION=${VALA_MIN_API_VERSION:-0.44} +# Minimum vala API version (e.g. 0.46). +VALA_MIN_API_VERSION=${VALA_MIN_API_VERSION:-0.46} # @ECLASS-VARIABLE: VALA_MAX_API_VERSION # @DESCRIPTION: @@ -52,12 +52,11 @@ vala_api_versions() { local minimal_supported_minor_version minor_version # Dependency atoms are not generated for Vala versions older than 0.${minimal_supported_minor_version}. - minimal_supported_minor_version="44" + minimal_supported_minor_version="46" for ((minor_version = ${VALA_MAX_API_VERSION#*.}; minor_version >= ${VALA_MIN_API_VERSION#*.}; minor_version = minor_version - 2)); do - # 0.38 was never in main tree; remove the special case once minimal_supported_minor_version >= 40 # 0.42 is EOL and removed from tree; remove special case once minimal_support_minor_version >= 44 - if ((minor_version >= minimal_supported_minor_version)) && ((minor_version != 38)) && ((minor_version != 42)); then + if ((minor_version >= minimal_supported_minor_version)) && ((minor_version != 42)); then echo "0.${minor_version}" fi done diff --git a/eclass/vdr-plugin-2.eclass b/eclass/vdr-plugin-2.eclass index 8964ecbaf741..c2f31003fd87 100644 --- a/eclass/vdr-plugin-2.eclass +++ b/eclass/vdr-plugin-2.eclass @@ -9,7 +9,7 @@ # Joerg Bornkessel # Christian Ruppert # (undisclosed contributors) -# @SUPPORTED_EAPIS: 5 6 7 +# @SUPPORTED_EAPIS: 5 6 7 8 # @BLURB: common vdr plugin ebuild functions # @DESCRIPTION: # Eclass for easing maintenance of vdr plugin ebuilds diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass index 2bc5bd5ddba9..3693eb16ff41 100644 --- a/eclass/verify-sig.eclass +++ b/eclass/verify-sig.eclass @@ -20,7 +20,11 @@ # signatures to SRC_URI and set VERIFY_SIG_OPENPGP_KEY_PATH. The eclass # provides verify-sig USE flag to toggle the verification. # +# If you need to use signify, you may want to copy distfiles into WORKDIR to +# work around "Too many levels of symbolic links" error. +# @EXAMPLE: # Example use: +# # @CODE # inherit verify-sig # @@ -43,11 +47,30 @@ if [[ ! ${_VERIFY_SIG_ECLASS} ]]; then IUSE="verify-sig" -BDEPEND=" - verify-sig? ( - app-crypt/gnupg - >=app-portage/gemato-16 - )" +# @ECLASS-VARIABLE: VERIFY_SIG_METHOD +# @PRE_INHERIT +# @DESCRIPTION: +# Signature verification method to use. The allowed value are: +# +# - openpgp -- verify PGP signatures using app-crypt/gnupg (the default) +# - signify -- verify signatures with Ed25519 public key using app-crypt/signify +: ${VERIFY_SIG_METHOD:=openpgp} + +case ${VERIFY_SIG_METHOD} in + openpgp) + BDEPEND=" + verify-sig? ( + app-crypt/gnupg + >=app-portage/gemato-16 + )" + ;; + signify) + BDEPEND="verify-sig? ( app-crypt/signify )" + ;; + *) + die "${ECLASS}: unknown method '${VERIFY_SIG_METHOD}'" + ;; +esac # @ECLASS-VARIABLE: VERIFY_SIG_OPENPGP_KEY_PATH # @DEFAULT_UNSET @@ -55,6 +78,9 @@ BDEPEND=" # Path to key bundle used to perform the verification. This is required # when using default src_unpack. Alternatively, the key path can be # passed directly to the verification functions. +# +# NB: this variable is also used for non-OpenPGP signatures. The name +# contains "OPENPGP" for historical reasons. # @ECLASS-VARIABLE: VERIFY_SIG_OPENPGP_KEYSERVER # @DEFAULT_UNSET @@ -62,6 +88,8 @@ BDEPEND=" # Keyserver used to refresh keys. If not specified, the keyserver # preference from the key will be respected. If no preference # is specified by the key, the GnuPG default will be used. +# +# Supported for OpenPGP only. # @ECLASS-VARIABLE: VERIFY_SIG_OPENPGP_KEY_REFRESH # @USER_VARIABLE @@ -69,6 +97,8 @@ BDEPEND=" # Attempt to refresh keys via WKD/keyserver. Set it to "yes" # in make.conf to enable. Note that this requires working Internet # connection. +# +# Supported for OpenPGP only. : ${VERIFY_SIG_OPENPGP_KEY_REFRESH:=no} # @FUNCTION: verify-sig_verify_detached @@ -88,9 +118,14 @@ verify-sig_verify_detached() { local extra_args=() [[ ${VERIFY_SIG_OPENPGP_KEY_REFRESH} == yes ]] || extra_args+=( -R ) - [[ -n ${VERIFY_SIG_OPENPGP_KEYSERVER+1} ]] && extra_args+=( - --keyserver "${VERIFY_SIG_OPENPGP_KEYSERVER}" - ) + if [[ -n ${VERIFY_SIG_OPENPGP_KEYSERVER+1} ]]; then + [[ ${VERIFY_SIG_METHOD} == openpgp ]] || + die "${FUNCNAME}: VERIFY_SIG_OPENPGP_KEYSERVER is not supported" + + extra_args+=( + --keyserver "${VERIFY_SIG_OPENPGP_KEYSERVER}" + ) + fi # GPG upstream knows better than to follow the spec, so we can't # override this directory. However, there is a clean fallback @@ -100,9 +135,17 @@ verify-sig_verify_detached() { local filename=${file##*/} [[ ${file} == - ]] && filename='(stdin)' einfo "Verifying ${filename} ..." - gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \ - gpg --verify "${sig}" "${file}" || - die "PGP signature verification failed" + case ${VERIFY_SIG_METHOD} in + openpgp) + gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \ + gpg --verify "${sig}" "${file}" || + die "PGP signature verification failed" + ;; + signify) + signify -V -p "${key}" -m "${file}" -x "${sig}" || + die "Signify signature verification failed" + ;; + esac } # @FUNCTION: verify-sig_verify_message @@ -124,9 +167,14 @@ verify-sig_verify_message() { local extra_args=() [[ ${VERIFY_SIG_OPENPGP_KEY_REFRESH} == yes ]] || extra_args+=( -R ) - [[ -n ${VERIFY_SIG_OPENPGP_KEYSERVER+1} ]] && extra_args+=( - --keyserver "${VERIFY_SIG_OPENPGP_KEYSERVER}" - ) + if [[ -n ${VERIFY_SIG_OPENPGP_KEYSERVER+1} ]]; then + [[ ${VERIFY_SIG_METHOD} == openpgp ]] || + die "${FUNCNAME}: VERIFY_SIG_OPENPGP_KEYSERVER is not supported" + + extra_args+=( + --keyserver "${VERIFY_SIG_OPENPGP_KEYSERVER}" + ) + fi # GPG upstream knows better than to follow the spec, so we can't # override this directory. However, there is a clean fallback @@ -136,30 +184,32 @@ verify-sig_verify_message() { local filename=${file##*/} [[ ${file} == - ]] && filename='(stdin)' einfo "Verifying ${filename} ..." - gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \ - gpg --verify --output="${output_file}" "${file}" || - die "PGP signature verification failed" + case ${VERIFY_SIG_METHOD} in + openpgp) + gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \ + gpg --verify --output="${output_file}" "${file}" || + die "PGP signature verification failed" + ;; + signify) + signify -V -e -p "${key}" -m "${output_file}" -x "${file}" || + die "Signify signature verification failed" + ;; + esac } -# @FUNCTION: verify-sig_verify_signed_checksums +# @FUNCTION: _gpg_verify_signed_checksums +# @INTERNAL # @USAGE: [] # @DESCRIPTION: -# Verify the checksums for all files listed in the space-separated list -# (akin to ${A}) using a PGP-signed . -# specified the checksum algorithm (e.g. sha256). can either -# be passed directly, or it defaults to VERIFY_SIG_OPENPGP_KEY_PATH. -# -# The function dies if PGP verification fails, the checksum file -# contains unsigned data, one of the files do not match checksums -# or are missing from the checksum file. -verify-sig_verify_signed_checksums() { +# GnuPG-specific function to verify a signed checksums list. +_gpg_verify_signed_checksums() { local checksum_file=${1} local algo=${2} local files=() read -r -d '' -a files <<<"${3}" local key=${4:-${VERIFY_SIG_OPENPGP_KEY_PATH}} - local chksum_prog chksum_len + case ${algo} in sha256) chksum_prog=sha256sum @@ -170,9 +220,6 @@ verify-sig_verify_signed_checksums() { ;; esac - [[ -n ${key} ]] || - die "${FUNCNAME}: no key passed and VERIFY_SIG_OPENPGP_KEY_PATH unset" - local checksum filename junk ret=0 count=0 while read -r checksum filename junk; do [[ ${#checksum} -eq ${chksum_len} ]] || continue @@ -194,6 +241,40 @@ verify-sig_verify_signed_checksums() { die "${FUNCNAME}: checksums for some of the specified files were missing" } +# @FUNCTION: verify-sig_verify_signed_checksums +# @USAGE: [] +# @DESCRIPTION: +# Verify the checksums for all files listed in the space-separated list +# (akin to ${A}) using a signed . specifies +# the checksum algorithm (e.g. sha256). can either be passed +# directly, or it defaults to VERIFY_SIG_OPENPGP_KEY_PATH. +# +# The function dies if signature verification fails, the checksum file +# contains unsigned data, one of the files do not match checksums or +# are missing from the checksum file. +verify-sig_verify_signed_checksums() { + local checksum_file=${1} + local algo=${2} + local files=() + read -r -d '' -a files <<<"${3}" + local key=${4:-${VERIFY_SIG_OPENPGP_KEY_PATH}} + + [[ -n ${key} ]] || + die "${FUNCNAME}: no key passed and VERIFY_SIG_OPENPGP_KEY_PATH unset" + + case ${VERIFY_SIG_METHOD} in + openpgp) + _gpg_verify_signed_checksums \ + "${checksum_file}" "${algo}" "${files[@]}" "${key}" + ;; + signify) + signify -C -p "${key}" \ + -x "${checksum_file}" "${files[@]}" || + die "Signify signature verification failed" + ;; + esac +} + # @FUNCTION: verify-sig_src_unpack # @DESCRIPTION: # Default src_unpack override that verifies signatures for all -- cgit v1.2.3