From f97099f09e3dd9da6b06efe99cb47450338cd4c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Rolim?= Date: Mon, 1 Feb 2021 23:15:43 -0300 Subject: [PATCH 1/4] base-chroot: add outils for signify. --- srcpkgs/base-chroot/template | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/srcpkgs/base-chroot/template b/srcpkgs/base-chroot/template index 78f6d0cc2a1..7b2963132a9 100644 --- a/srcpkgs/base-chroot/template +++ b/srcpkgs/base-chroot/template @@ -1,7 +1,7 @@ # Template file for 'base-chroot' pkgname=base-chroot -version=0.66 -revision=3 +version=0.67 +revision=1 bootstrap=yes build_style=meta short_desc="Minimal set of packages required for chroot with xbps-src" @@ -19,4 +19,4 @@ depends+=" patch sed findutils diffutils make gzip coreutils file bsdtar ccache xbps mpfr ncurses libreadline8 chroot-bash chroot-grep chroot-gawk chroot-distcc - chroot-util-linux chroot-git" + chroot-util-linux chroot-git outils" From 3be3f29772c66bb50c905157854ae654b7363c3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Rolim?= Date: Mon, 1 Feb 2021 23:16:02 -0300 Subject: [PATCH 2/4] mblaze: add signify keys and signature. --- common/signify-keys/mblaze.pub | 2 ++ srcpkgs/mblaze/template | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 common/signify-keys/mblaze.pub diff --git a/common/signify-keys/mblaze.pub b/common/signify-keys/mblaze.pub new file mode 100644 index 00000000000..74fed42cceb --- /dev/null +++ b/common/signify-keys/mblaze.pub @@ -0,0 +1,2 @@ +untrusted comment: mblaze release key public key +RWT/F+mCqnmHzj/+dB32aXOuZ+4Afcr3r6TOVHXGkRNCBExd3kS0tCnL diff --git a/srcpkgs/mblaze/template b/srcpkgs/mblaze/template index 88624be8f71..74de8e9933b 100644 --- a/srcpkgs/mblaze/template +++ b/srcpkgs/mblaze/template @@ -9,6 +9,8 @@ maintainer="Leah Neukirchen " license="Public Domain, MIT" homepage="https://github.com/leahneukirchen/mblaze" distfiles="https://leahneukirchen.org/releases/${pkgname}-${version}.tar.gz" +signify_sig="https://leahneukirchen.org/releases/${pkgname}-${version}.tar.gz.sig" +signify_key="mblaze.pub" checksum=edd8cb86f667543e703dee58263b81c7e47744339d23ebbb6a43e75059ba93b1 post_install() { From abb4e7097681334e005b4c04dacf5c218fdd2511 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Rolim?= Date: Mon, 1 Feb 2021 23:16:21 -0300 Subject: [PATCH 3/4] hooks/do-fetch: check signify signature in 00-distfiles. --- common/hooks/do-fetch/00-distfiles.sh | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/common/hooks/do-fetch/00-distfiles.sh b/common/hooks/do-fetch/00-distfiles.sh index e2bf54378fe..c2a651a1f6f 100644 --- a/common/hooks/do-fetch/00-distfiles.sh +++ b/common/hooks/do-fetch/00-distfiles.sh @@ -115,6 +115,7 @@ verify_cksum() { cksum=$(get_cksum $curfile $dfcount) # If the checksum starts with an commercial at (@) it is the contents checksum + # Only constant tarballs can be signed, so only check for signify below if [ "${cksum:0:1}" = "@" ]; then cksum=${cksum:1} msg_normal "$pkgver: verifying contents checksum for distfile '$curfile'... " @@ -131,7 +132,7 @@ verify_cksum() { filesum=$(${XBPS_DIGEST_CMD} "$distfile") if [ "$cksum" != "$filesum" ]; then echo - msg_red "SHA256 mismatch for '$curfile:'\n$filesum\n" + msg_red "SHA256 mismatch for '$curfile':\n$filesum\n" errors=$((errors + 1)) else if [ ! -f "$XBPS_SRCDISTDIR/by_sha256/${cksum}_${curfile}" ]; then @@ -140,6 +141,25 @@ verify_cksum() { fi msg_normal_append "OK.\n" fi + + if [ -n "$signify_sig" ]; then + if [ -z "$signify_key" ]; then + msg_error "$pkgver: signify_sig is set but signify_key isn't\n" + fi + sigfile="${signify_sig##*/}" + msg_normal "$pkgver: fetching signify signature '$sigfile'...\n" + $fetch_cmd -o "$sigfile" "$signify_sig" + msg_normal "$pkgver: verifying signify signature for distfile '$curfile'... " + if signify -V \ + -p "$XBPS_COMMONDIR/signify-keys/$signify_key" \ + -x "$sigfile" \ + -m "$distfile" >/dev/null; then + msg_normal_append "OK.\n" + else + msg_red "signify signature mismatch for '$curfile'\n" + errors=$((errors + 1)) + fi + fi fi } From be5022bdb19c707d65108ec6adbcdac824113da4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Rolim?= Date: Mon, 1 Feb 2021 23:47:57 -0300 Subject: [PATCH 4/4] mblaze: dummy commit so outils is available in the masterdir. --- srcpkgs/mblaze/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/mblaze/template b/srcpkgs/mblaze/template index 74de8e9933b..a2a1279097b 100644 --- a/srcpkgs/mblaze/template +++ b/srcpkgs/mblaze/template @@ -3,6 +3,7 @@ pkgname=mblaze version=1.1 revision=1 build_style=gnu-makefile +hostmakedepends="outils" checkdepends="perl" short_desc="Maildir-focused command line mail client" maintainer="Leah Neukirchen "