diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2024-07-04 08:06:08 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2024-07-04 08:06:08 +0100 |
| commit | 2a8d2f71d1d9963368e0ef3d641d75979a689d12 (patch) | |
| tree | 83e283f960ab2ebbc1a042b8ed6c37b78d47b37b /sec-keys | |
| parent | 8435c842b9e8fbb2bcc80397ab3aa655000459e2 (diff) | |
gentoo auto-resync : 04:07:2024 - 08:06:07
Diffstat (limited to 'sec-keys')
15 files changed, 171 insertions, 486 deletions
diff --git a/sec-keys/Manifest.gz b/sec-keys/Manifest.gz Binary files differindex 05ddc7e91acb..54b2a5de9684 100644 --- a/sec-keys/Manifest.gz +++ b/sec-keys/Manifest.gz diff --git a/sec-keys/openpgp-keys-gentoo-auth/Manifest b/sec-keys/openpgp-keys-gentoo-auth/Manifest index c661bd25c710..23f241fd35c6 100644 --- a/sec-keys/openpgp-keys-gentoo-auth/Manifest +++ b/sec-keys/openpgp-keys-gentoo-auth/Manifest @@ -1,3 +1,5 @@ DIST gentoo-auth.asc.20230329.gz 3371 BLAKE2B 2d4940e50c8b415f48a0fe479b95dbe1f2ab83af8eceda582ecd9386fada54126cce2fa7e509611fe8d51b14dc1638b3aa19f87fbe2b7bb8dffc91657ead2a48 SHA512 b516104e6affbcdced8aba100a0eadb82b1fc3a6cc8ed907486e30c44e78f77dabd6dc1e02383537d13a380247f315b7c53711e3b5994242a84afeca4af755fd +DIST gentoo-auth.asc.20240703.gz 3348 BLAKE2B 0594bffecc718e0314a04f6a85c2d77d9a70d910eeea7dd1c87ba3381f0e4c0670975e2489efd289287326de0fee9284916dd60547e1cf2acf838b5da70fb0e4 SHA512 a491cac10e9a7a182b0e886ab94926f340eb1bd124142737097c7f0af8e713a4586a595638d6b08c3ccf6c873cbe9aae2dbe635b51d2b2c7adfaefdcbbc56fa1 EBUILD openpgp-keys-gentoo-auth-20230329.ebuild 786 BLAKE2B 10ffdd9503faffaaf806befb7fa73600cf9dbb2636d8164c7c098f88b627bc78e24f4b7b22d29780ea4f65bb64765d55d4097ddd311db3cf7142560085b74e34 SHA512 1f21a9f6eb74ecab1479726c8e2c6870ac28d3d799b730cdaaab2ec28b6cd6e2a761b94644d6edb9ae177cbbef296c492303337587432bf1839455656a9b92e8 +EBUILD openpgp-keys-gentoo-auth-20240703.ebuild 788 BLAKE2B a05e6b79d8555b94b9664b86b0982dae0ccf441a06e0f18a32db9111bb9091f065e7b4718a0f11685d1ad3ebdd45863c1ef5f95e714c732435c21b15ec2f3340 SHA512 3245acc47caf0a52fa40bcc4244659d5360cb74f1308f4a957849aa305b36a5f53e9cedf27b6e864306e22a75c20cbe6a7bd97cdbd59b75131fdd39c30eb30e6 MISC metadata.xml 272 BLAKE2B 583272860b0b9615e8d57fed7ced1a93035bf0c25285d230412ac7af2e48a8156c2e9d9c0581da80f913a2748eb76579b64648fd1e22ce0bc89da66aafa30809 SHA512 19c90c888b76564e32674364a753ba2d6a0b9ce6f3a97f45bb876c32f83c8206e6ec318e0960747b2003a4c3a426994f25c6b83da8b294d575f45e80c6105d89 diff --git a/sec-keys/openpgp-keys-gentoo-auth/openpgp-keys-gentoo-auth-20240703.ebuild b/sec-keys/openpgp-keys-gentoo-auth/openpgp-keys-gentoo-auth-20240703.ebuild new file mode 100644 index 000000000000..180cd833a860 --- /dev/null +++ b/sec-keys/openpgp-keys-gentoo-auth/openpgp-keys-gentoo-auth-20240703.ebuild @@ -0,0 +1,28 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DESCRIPTION="Gentoo Authority Keys (GLEP 79)" +HOMEPAGE="https://www.gentoo.org/downloads/signatures/" +SRC_URI=" + https://dev.gentoo.org/~mgorny/dist/openpgp-keys/gentoo-auth.asc.${PV}.gz +" +S=${WORKDIR} + +LICENSE="public-domain" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" + +# Keys included: +# ABD00913019D6354BA1D9A132839FE0D796198B1 +# 18F703D702B1B9591373148C55D3238EC050396E +# 2C13823B8237310FA213034930D132FF0FF50EEB + +src_install() { + insinto /usr/share/openpgp-keys + newins "gentoo-auth.asc.${PV}" gentoo-auth.asc + newins - gentoo-auth-ownertrust.txt <<-EOF + ABD00913019D6354BA1D9A132839FE0D796198B1:6: + EOF +} diff --git a/sec-keys/openpgp-keys-gentoo-developers/Manifest b/sec-keys/openpgp-keys-gentoo-developers/Manifest index a6b90d46bc02..8b15b403f0ea 100644 --- a/sec-keys/openpgp-keys-gentoo-developers/Manifest +++ b/sec-keys/openpgp-keys-gentoo-developers/Manifest @@ -1,9 +1,5 @@ AUX keyring-mangler.py 3061 BLAKE2B a5acb20346c8eb4b036773562625ac39469d378a343c8bfcbb23391a61876f57aae7015f2d78e468a606330275686f2187d7a8a81a7d940a1e8329c2ea916a62 SHA512 60f7174319f77484eb389486e6f74c23a27d8211128d261497b3d095e3f7a8744c5402c29ae84a6e4833b77406e301dfd5c7b4cf8d5ffb062e298f177a1ff052 -DIST openpgp-keys-gentoo-developers-20231120-active-devs.gpg 3117324 BLAKE2B 30a10227a2970b828bb7eafe710356cea9e8983e9c808ca3bc9858e8ae9e9d8efec5a982f03101f273f82cf8ec55afcf0005b29e578ea039376bf093f2f9ab0a SHA512 70333f7647672e586eed3ae62d479d0b8bbb67e0eec2e7068cb8e2cbb60e2c5540ce8d06c08c3f80ce338824e203fddc04422eb002512eb8d5f1513a4a7b5c37 -DIST openpgp-keys-gentoo-developers-20240226-active-devs.gpg 3293697 BLAKE2B d47d351c638808e49a8d5966f532eb3cbc8c261c4667eab38731c2d072ba99bdc5d8523a6d21cb90184c760b2a13374bf3d4b470f0c0511fcd9d0e53cc462a3d SHA512 8f4c9bfc689ed7cccad039b2b06ee63285ef639a019fffd7d204017ff109ff590a1c591088c6f5bf19078e41f066a86712f3d2cd6a0735df64f5fc5086e47232 DIST openpgp-keys-gentoo-developers-20240422-active-devs.gpg 3204733 BLAKE2B b761e0f3f281545748eb8719b3ddd8eb55444090749218a579a94fddfafc735e3d36461662699fb1081fa70913d4449e51460f83d6ad10206c64ccdd313578e6 SHA512 b83232b2ed135bec63b5437aa49812b620de2de4d77874bc19b6d3caf2d7c0d295d58583b1cdc706ddc4e6d415c3391e6c6d1dc68b48556c865f36670575affe -EBUILD openpgp-keys-gentoo-developers-20231120.ebuild 7523 BLAKE2B 2b3f5c5c1694b782ac318bdfd0dc7941ce47ed8f60fc2d715b88bf1404cd59639797e65e45891fad1aba9b456c3d356d7cadc1b79a9919cce0a8b1587364f7e5 SHA512 a013e480059fb7b0de2da5581f8d6c01b9eecb0593751fda7b57b4d4e98db2ab6b21a2aaefce7aec0c0981e6dc22fd9fc202bea6dedaf170816bd05c1031311e -EBUILD openpgp-keys-gentoo-developers-20240226.ebuild 7523 BLAKE2B fc3aea669deecb63c8cf32445f3cecf2e5a03b58a97af4095e3419f147af43d8b69bbef3b706ee51a6ad6098717979c5effa72d1b2b60585496b15af668f2025 SHA512 6ed6217d6d866706d6206b0480d4c58ce51a12c9a2f28e4665972cf004ba672b86ae7620a12d8de76e59895d63289d69a80d77ada89d3e1edb866e705676c2ad EBUILD openpgp-keys-gentoo-developers-20240422.ebuild 7523 BLAKE2B fc3aea669deecb63c8cf32445f3cecf2e5a03b58a97af4095e3419f147af43d8b69bbef3b706ee51a6ad6098717979c5effa72d1b2b60585496b15af668f2025 SHA512 6ed6217d6d866706d6206b0480d4c58ce51a12c9a2f28e4665972cf004ba672b86ae7620a12d8de76e59895d63289d69a80d77ada89d3e1edb866e705676c2ad EBUILD openpgp-keys-gentoo-developers-99999999.ebuild 7531 BLAKE2B 6047cb6478855d2603cb60e76524742994e06b71c0dbe29d69bff1866ae66a712422d95e8a8495c35b66f3c40fdaf74ea53d34338650b9428e5caa45d7fe5a0c SHA512 e271c6b583c1f2a1c61bc034e24696ae93dbce52f1a541901df12eb64496bf07fced1c99f4d83eb7d20131f666507ba24a460608076f75fbddb58126cd6a6840 MISC metadata.xml 264 BLAKE2B 630ac0044f623dc63de725aae23da036b649a2d65331c06fbe9eb66d18ad1a4d3fd804cdffc4703500662b01272063af346680d2550f2fb6a262d6acee8c6789 SHA512 3cf1981080b4a7634537d20a3e837fa802c52ae5ee750531cc4aa3f8478cda78579375602bc058abbd75f9393f9681b79603c3ddd9af809a1e72f7336a708056 diff --git a/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20231120.ebuild b/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20231120.ebuild deleted file mode 100644 index a8a3226d3007..000000000000 --- a/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20231120.ebuild +++ /dev/null @@ -1,233 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_COMPAT=( python3_{10..12} ) -inherit edo python-any-r1 - -DESCRIPTION="Gentoo Authority Keys (GLEP 79)" -HOMEPAGE="https://www.gentoo.org/downloads/signatures/" -if [[ ${PV} == 9999* ]] ; then - PROPERTIES="live" - - BDEPEND="net-misc/curl" -else - SRC_URI="https://qa-reports.gentoo.org/output/keys/active-devs-${PV}.gpg -> ${P}-active-devs.gpg" - KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv sparc x86" -fi - -S="${WORKDIR}" - -LICENSE="public-domain" -SLOT="0" -IUSE="test" -RESTRICT="!test? ( test )" - -BDEPEND+=" - $(python_gen_any_dep 'dev-python/python-gnupg[${PYTHON_USEDEP}]') - sec-keys/openpgp-keys-gentoo-auth - test? ( - app-crypt/gnupg - sys-apps/grep[pcre] - ) -" - -python_check_deps() { - python_has_version "dev-python/python-gnupg[${PYTHON_USEDEP}]" -} - -src_unpack() { - if [[ ${PV} == 9999* ]] ; then - curl https://qa-reports.gentoo.org/output/active-devs.gpg -o ${P}-active-devs.gpg || die - else - default - fi -} - -src_compile() { - export GNUPGHOME="${T}"/.gnupg - - get_gpg_keyring_dir() { - if [[ ${PV} == 9999* ]] ; then - echo "${WORKDIR}" - else - echo "${DISTDIR}" - fi - } - - local mygpgargs=( - --no-autostart - --no-default-keyring - --homedir "${GNUPGHOME}" - ) - - # From verify-sig.eclass: - # "GPG upstream knows better than to follow the spec, so we can't - # override this directory. However, there is a clean fallback - # to GNUPGHOME." - addpredict /run/user - - mkdir "${GNUPGHOME}" || die - chmod 700 "${GNUPGHOME}" || die - - # Convert the binary keyring into an armored one so we can process it - edo gpg "${mygpgargs[@]}" --import "$(get_gpg_keyring_dir)"/${P}-active-devs.gpg - edo gpg "${mygpgargs[@]}" --export --armor > "${WORKDIR}"/gentoo-developers.asc - - # Now strip out the keys which are expired and/or missing a signature - # from our L2 developer authority key - edo "${EPYTHON}" "${FILESDIR}"/keyring-mangler.py \ - "${BROOT}"/usr/share/openpgp-keys/gentoo-auth.asc \ - "${WORKDIR}"/gentoo-developers.asc \ - "${WORKDIR}"/gentoo-developers-sanitised.asc -} - -src_test() { - export GNUPGHOME="${T}"/tests/.gnupg - - local mygpgargs=( - # We don't have --no-autostart here because we need - # to let it spawn an agent for the key generation. - --no-default-keyring - --homedir "${GNUPGHOME}" - ) - - # From verify-sig.eclass: - # "GPG upstream knows better than to follow the spec, so we can't - # override this directory. However, there is a clean fallback - # to GNUPGHOME." - addpredict /run/user - - # Check each of the keys to verify they're trusted by - # the L2 developer key. - mkdir -p "${GNUPGHOME}" || die - chmod 700 "${GNUPGHOME}" || die - cd "${T}"/tests || die - - # First, grab the L1 key, and mark it as ultimately trusted. - edo gpg "${mygpgargs[@]}" --import "${BROOT}"/usr/share/openpgp-keys/gentoo-auth.asc - edo gpg "${mygpgargs[@]}" --import-ownertrust "${BROOT}"/usr/share/openpgp-keys/gentoo-auth-ownertrust.txt - - # Generate a temporary key which isn't signed by anything to check - # whether we're detecting unexpected keys. - # - # The test is whether this appears in the sanitised keyring we - # produce in src_compile (it should not be in there). - # - # https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html - edo gpg "${mygpgargs[@]}" --batch --gen-key <<-EOF - %echo Generating temporary key for testing... - - %no-protection - %transient-key - %pubring ${P}-ebuild-test-key.asc - - Key-Type: 1 - Key-Length: 2048 - Subkey-Type: 1 - Subkey-Length: 2048 - Name-Real: Larry The Cow - Name-Email: larry@example.com - Expire-Date: 0 - Handle: ${P}-ebuild-test-key - - %commit - %echo Temporary key generated! - EOF - - # Import the new injected key that shouldn't be signed by anything into a temporary testing keyring - edo gpg "${mygpgargs[@]}" --import "${T}"/tests/${P}-ebuild-test-key.asc - - # Sign a tiny file with the to-be-injected key for testing rejection below - echo "Hello world!" > "${T}"/tests/signme || die - edo gpg "${mygpgargs[@]}" -u "Larry The Cow <larry@example.com>" --sign "${T}"/tests/signme || die - - edo gpg "${mygpgargs[@]}" --export --armor > "${T}"/tests/tainted-keyring.asc - - # keyring-mangler.py should now produce a keyring *without* it - edo "${EPYTHON}" "${FILESDIR}"/keyring-mangler.py \ - "${BROOT}"/usr/share/openpgp-keys/gentoo-auth.asc \ - "${T}"/tests/tainted-keyring.asc \ - "${T}"/tests/gentoo-developers-sanitised.asc | tee "${T}"/tests/keyring-mangler.log - assert "Key mangling in tests failed?" - - # Check the log to verify the injected key got detected - grep -q "Dropping key.*Larry The Cow" "${T}"/tests/keyring-mangler.log || die "Did not remove injected key from test keyring!" - - # gnupg doesn't have an easy way for us to actually just.. ask - # if a key is known via WoT. So, sign a file using the key - # we just made, and then try to gpg --verify it, and check exit code. - # - # Let's now double check by seeing if a file signed by the injected key - # is rejected. - if gpg "${mygpgargs[@]}" --keyring "${T}"/tests/gentoo-developers-sanitised.asc --verify "${T}"/tests/signme.gpg ; then - die "'gpg --verify' using injected test key succeeded! This shouldn't happen!" - fi - - # Bonus lame sanity check - edo gpg "${mygpgargs[@]}" --check-trustdb 2>&1 | tee "${T}"/tests/trustdb.log - assert "trustdb call failed!" - - check_trust_levels() { - local mode=${1} - - while IFS= read -r line; do - # gpg: depth: 0 valid: 1 signed: 2 trust: 0-, 0q, 0n, 0m, 0f, 1u - # gpg: depth: 1 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 2f, 0u - if [[ ${line} == *depth* ]] ; then - depth=$(echo ${line} | grep -Po "depth: [0-9]") - trust=$(echo ${line} | grep -Po "trust:.*") - - trust_uncalculated=$(echo ${trust} | grep -Po "[0-9]-") - [[ ${trust_uncalculated} == 0 ]] || ${mode} - - trust_insufficient=$(echo ${trust} | grep -Po "[0-9]q") - [[ ${trust_insufficient} == 0 ]] || ${mode} - - trust_never=$(echo ${trust} | grep -Po "[0-9]n") - [[ ${trust_never} == 0 ]] || ${mode} - - trust_marginal=$(echo ${trust} | grep -Po "[0-9]m") - [[ ${trust_marginal} == 0 ]] || ${mode} - - trust_full=$(echo ${trust} | grep -Po "[0-9]f") - [[ ${trust_full} != 0 ]] || ${mode} - - trust_ultimate=$(echo ${trust} | grep -Po "[0-9]u") - [[ ${trust_ultimate} == 1 ]] || ${mode} - - echo "${trust_uncalculated}, ${trust_insufficient}" - fi - done < "${T}"/tests/trustdb.log - } - - # First, check with the bad key still in the test keyring. - # This is supposed to fail, so we want it to return 1 - check_trust_levels "return 1" && die "Trustdb passed when it should have failed!" - - # Now check without the bad key in the test keyring. - # This one should pass. - # - # Drop the bad key first (https://superuser.com/questions/174583/how-to-delete-gpg-secret-keys-by-force-without-fingerprint) - keys=$(gpg "${mygpgargs[@]}" --fingerprint --with-colons --batch "Larry The Cow <larry@example.com>" \ - | grep "^fpr" \ - | sed -n 's/^fpr:::::::::\([[:alnum:]]\+\):/\1/p') - - local key - for key in ${keys[@]} ; do - nonfatal edo gpg "${mygpgargs[@]}" --batch --yes --delete-secret-keys ${key} - done - - edo gpg "${mygpgargs[@]}" --batch --yes --delete-keys "Larry The Cow <larry@example.com>" - check_trust_levels "return 0" || die "Trustdb failed when it should have passed!" - - gpgconf --kill gpg-agent || die -} - -src_install() { - insinto /usr/share/openpgp-keys - newins gentoo-developers-sanitised.asc gentoo-developers.asc - - # TODO: install an ownertrust file like sec-keys/openpgp-keys-gentoo-auth? -} diff --git a/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20240226.ebuild b/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20240226.ebuild deleted file mode 100644 index ab693b185062..000000000000 --- a/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20240226.ebuild +++ /dev/null @@ -1,233 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_COMPAT=( python3_{10..12} ) -inherit edo python-any-r1 - -DESCRIPTION="Gentoo Authority Keys (GLEP 79)" -HOMEPAGE="https://www.gentoo.org/downloads/signatures/" -if [[ ${PV} == 9999* ]] ; then - PROPERTIES="live" - - BDEPEND="net-misc/curl" -else - SRC_URI="https://qa-reports.gentoo.org/output/keys/active-devs-${PV}.gpg -> ${P}-active-devs.gpg" - KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv sparc x86" -fi - -S="${WORKDIR}" - -LICENSE="public-domain" -SLOT="0" -IUSE="test" -RESTRICT="!test? ( test )" - -BDEPEND+=" - $(python_gen_any_dep 'dev-python/python-gnupg[${PYTHON_USEDEP}]') - sec-keys/openpgp-keys-gentoo-auth - test? ( - app-crypt/gnupg - sys-apps/grep[pcre] - ) -" - -python_check_deps() { - python_has_version "dev-python/python-gnupg[${PYTHON_USEDEP}]" -} - -src_unpack() { - if [[ ${PV} == 9999* ]] ; then - curl https://qa-reports.gentoo.org/output/active-devs.gpg -o ${P}-active-devs.gpg || die - else - default - fi -} - -src_compile() { - export GNUPGHOME="${T}"/.gnupg - - get_gpg_keyring_dir() { - if [[ ${PV} == 9999* ]] ; then - echo "${WORKDIR}" - else - echo "${DISTDIR}" - fi - } - - local mygpgargs=( - --no-autostart - --no-default-keyring - --homedir "${GNUPGHOME}" - ) - - # From verify-sig.eclass: - # "GPG upstream knows better than to follow the spec, so we can't - # override this directory. However, there is a clean fallback - # to GNUPGHOME." - addpredict /run/user - - mkdir "${GNUPGHOME}" || die - chmod 700 "${GNUPGHOME}" || die - - # Convert the binary keyring into an armored one so we can process it - edo gpg "${mygpgargs[@]}" --import "$(get_gpg_keyring_dir)"/${P}-active-devs.gpg - edo gpg "${mygpgargs[@]}" --export --armor > "${WORKDIR}"/gentoo-developers.asc - - # Now strip out the keys which are expired and/or missing a signature - # from our L2 developer authority key - edo "${EPYTHON}" "${FILESDIR}"/keyring-mangler.py \ - "${BROOT}"/usr/share/openpgp-keys/gentoo-auth.asc \ - "${WORKDIR}"/gentoo-developers.asc \ - "${WORKDIR}"/gentoo-developers-sanitised.asc -} - -src_test() { - export GNUPGHOME="${T}"/tests/.gnupg - - local mygpgargs=( - # We don't have --no-autostart here because we need - # to let it spawn an agent for the key generation. - --no-default-keyring - --homedir "${GNUPGHOME}" - ) - - # From verify-sig.eclass: - # "GPG upstream knows better than to follow the spec, so we can't - # override this directory. However, there is a clean fallback - # to GNUPGHOME." - addpredict /run/user - - # Check each of the keys to verify they're trusted by - # the L2 developer key. - mkdir -p "${GNUPGHOME}" || die - chmod 700 "${GNUPGHOME}" || die - cd "${T}"/tests || die - - # First, grab the L1 key, and mark it as ultimately trusted. - edo gpg "${mygpgargs[@]}" --import "${BROOT}"/usr/share/openpgp-keys/gentoo-auth.asc - edo gpg "${mygpgargs[@]}" --import-ownertrust "${BROOT}"/usr/share/openpgp-keys/gentoo-auth-ownertrust.txt - - # Generate a temporary key which isn't signed by anything to check - # whether we're detecting unexpected keys. - # - # The test is whether this appears in the sanitised keyring we - # produce in src_compile (it should not be in there). - # - # https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html - edo gpg "${mygpgargs[@]}" --batch --gen-key <<-EOF - %echo Generating temporary key for testing... - - %no-protection - %transient-key - %pubring ${P}-ebuild-test-key.asc - - Key-Type: 1 - Key-Length: 2048 - Subkey-Type: 1 - Subkey-Length: 2048 - Name-Real: Larry The Cow - Name-Email: larry@example.com - Expire-Date: 0 - Handle: ${P}-ebuild-test-key - - %commit - %echo Temporary key generated! - EOF - - # Import the new injected key that shouldn't be signed by anything into a temporary testing keyring - edo gpg "${mygpgargs[@]}" --import "${T}"/tests/${P}-ebuild-test-key.asc - - # Sign a tiny file with the to-be-injected key for testing rejection below - echo "Hello world!" > "${T}"/tests/signme || die - edo gpg "${mygpgargs[@]}" -u "Larry The Cow <larry@example.com>" --sign "${T}"/tests/signme || die - - edo gpg "${mygpgargs[@]}" --export --armor > "${T}"/tests/tainted-keyring.asc - - # keyring-mangler.py should now produce a keyring *without* it - edo "${EPYTHON}" "${FILESDIR}"/keyring-mangler.py \ - "${BROOT}"/usr/share/openpgp-keys/gentoo-auth.asc \ - "${T}"/tests/tainted-keyring.asc \ - "${T}"/tests/gentoo-developers-sanitised.asc | tee "${T}"/tests/keyring-mangler.log - assert "Key mangling in tests failed?" - - # Check the log to verify the injected key got detected - grep -q "Dropping key.*Larry The Cow" "${T}"/tests/keyring-mangler.log || die "Did not remove injected key from test keyring!" - - # gnupg doesn't have an easy way for us to actually just.. ask - # if a key is known via WoT. So, sign a file using the key - # we just made, and then try to gpg --verify it, and check exit code. - # - # Let's now double check by seeing if a file signed by the injected key - # is rejected. - if gpg "${mygpgargs[@]}" --keyring "${T}"/tests/gentoo-developers-sanitised.asc --verify "${T}"/tests/signme.gpg ; then - die "'gpg --verify' using injected test key succeeded! This shouldn't happen!" - fi - - # Bonus lame sanity check - edo gpg "${mygpgargs[@]}" --check-trustdb 2>&1 | tee "${T}"/tests/trustdb.log - assert "trustdb call failed!" - - check_trust_levels() { - local mode=${1} - - while IFS= read -r line; do - # gpg: depth: 0 valid: 1 signed: 2 trust: 0-, 0q, 0n, 0m, 0f, 1u - # gpg: depth: 1 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 2f, 0u - if [[ ${line} == *depth* ]] ; then - depth=$(echo ${line} | grep -Po "depth: [0-9]") - trust=$(echo ${line} | grep -Po "trust:.*") - - trust_uncalculated=$(echo ${trust} | grep -Po "[0-9]-") - [[ ${trust_uncalculated} == 0 ]] || ${mode} - - trust_insufficient=$(echo ${trust} | grep -Po "[0-9]q") - [[ ${trust_insufficient} == 0 ]] || ${mode} - - trust_never=$(echo ${trust} | grep -Po "[0-9]n") - [[ ${trust_never} == 0 ]] || ${mode} - - trust_marginal=$(echo ${trust} | grep -Po "[0-9]m") - [[ ${trust_marginal} == 0 ]] || ${mode} - - trust_full=$(echo ${trust} | grep -Po "[0-9]f") - [[ ${trust_full} != 0 ]] || ${mode} - - trust_ultimate=$(echo ${trust} | grep -Po "[0-9]u") - [[ ${trust_ultimate} == 1 ]] || ${mode} - - echo "${trust_uncalculated}, ${trust_insufficient}" - fi - done < "${T}"/tests/trustdb.log - } - - # First, check with the bad key still in the test keyring. - # This is supposed to fail, so we want it to return 1 - check_trust_levels "return 1" && die "Trustdb passed when it should have failed!" - - # Now check without the bad key in the test keyring. - # This one should pass. - # - # Drop the bad key first (https://superuser.com/questions/174583/how-to-delete-gpg-secret-keys-by-force-without-fingerprint) - keys=$(gpg "${mygpgargs[@]}" --fingerprint --with-colons --batch "Larry The Cow <larry@example.com>" \ - | grep "^fpr" \ - | sed -n 's/^fpr:::::::::\([[:alnum:]]\+\):/\1/p') - - local key - for key in ${keys[@]} ; do - nonfatal edo gpg "${mygpgargs[@]}" --batch --yes --delete-secret-keys ${key} - done - - edo gpg "${mygpgargs[@]}" --batch --yes --delete-keys "Larry The Cow <larry@example.com>" - check_trust_levels "return 0" || die "Trustdb failed when it should have passed!" - - gpgconf --kill gpg-agent || die -} - -src_install() { - insinto /usr/share/openpgp-keys - newins gentoo-developers-sanitised.asc gentoo-developers.asc - - # TODO: install an ownertrust file like sec-keys/openpgp-keys-gentoo-auth? -} diff --git a/sec-keys/openpgp-keys-gentoo-release/Manifest b/sec-keys/openpgp-keys-gentoo-release/Manifest index 54a8e3c99321..4dc1e87afe61 100644 --- a/sec-keys/openpgp-keys-gentoo-release/Manifest +++ b/sec-keys/openpgp-keys-gentoo-release/Manifest @@ -1,4 +1,6 @@ DIST gentoo-release-test-sigs-20190224.tar.gz 3235 BLAKE2B 924c69a62d5321716f536144f0607bd3ec4a65d76be492adc729864fd9bef82df0086541ae13034a83152ea0c8dc3cbd168be6cff111a3484128a22cbc8ef1d4 SHA512 f8cc2e84bedbdf14ace6abe4aacf8f0c9810c77ff6ae0fac301829d9d4d5cf0c128a76516c773ac993879215bcdb0aab097e1e7e747d8e1a7c4cfc815bd4d3e6 DIST gentoo-release.asc.20230329.gz 16462 BLAKE2B 3ee5a2b9442731ff4498b448c5defe07b6fb299196f31445ba934360fff295150c0bcac037be01a1e5db97f00de1ccbfdb3a7abbf4ad0ff069d95ab42e28e680 SHA512 6e0720b0894dd80b19b769731aaa1862266371ad45c7d9e0fc9df173454b7d8b0f345dd16a47e3034d8ab34c50c3818a305f863af83edaaf7421f25bb03f4ad4 +DIST gentoo-release.asc.20240703.gz 18710 BLAKE2B 2436319e0fc05432ea08e7828a337551de0b37783c4376e3249ed132c29d394376fb2e5f36281299cb251473ecb2b2240f75e2b7bdefa02ff35cc1ca4250c515 SHA512 1e17dfb0c626044a50ffc410fc515ea64d9ed53c53c70c046a6ebaf59a8991885c1f7dadb3366334fa840b91882f825a0878988a43a43adec0f10b1a22b4f7ee EBUILD openpgp-keys-gentoo-release-20230329.ebuild 1427 BLAKE2B 6568600740ab8156f9d3deb794734b5a240cdd2b12fde07b1959b9204ffd49c8c30266acc81943e9733c1d0b43121b924323f03956cc3eac2e6070a38df3b1a2 SHA512 fa67c23dbaa6a6889ad127210ca4ca9683642fb1f348dc0f47b8d477d303f9e25ae1e25abe9c5e5bc281ccb9c80ce28743c9569bd45d36c557c411fb7a684639 +EBUILD openpgp-keys-gentoo-release-20240703.ebuild 1436 BLAKE2B cd515bc16cd4467d5e5d4d457ac4c0f6029ac90efdfd4d0bacc9d4935653ff5d427c3d1c5d7500665beea69362ad35d5a39bbf88d73ac4fc5441bed66b3ae5a4 SHA512 8ab3f6f12c60c4da3f1d41676cc6274295e0a07ced0dd6f52d8462837ecba9c67c2c5a23d88149ef79a32b12a87535b1cbb2f2f77b988f3fbdf099dfc833fe54 MISC metadata.xml 272 BLAKE2B 583272860b0b9615e8d57fed7ced1a93035bf0c25285d230412ac7af2e48a8156c2e9d9c0581da80f913a2748eb76579b64648fd1e22ce0bc89da66aafa30809 SHA512 19c90c888b76564e32674364a753ba2d6a0b9ce6f3a97f45bb876c32f83c8206e6ec318e0960747b2003a4c3a426994f25c6b83da8b294d575f45e80c6105d89 diff --git a/sec-keys/openpgp-keys-gentoo-release/openpgp-keys-gentoo-release-20240703.ebuild b/sec-keys/openpgp-keys-gentoo-release/openpgp-keys-gentoo-release-20240703.ebuild new file mode 100644 index 000000000000..f12dad573b64 --- /dev/null +++ b/sec-keys/openpgp-keys-gentoo-release/openpgp-keys-gentoo-release-20240703.ebuild @@ -0,0 +1,53 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DESCRIPTION="OpenPGP keys used for Gentoo releases (snapshots, stages)" +HOMEPAGE="https://www.gentoo.org/downloads/signatures/" +SRC_URI=" + https://dev.gentoo.org/~mgorny/dist/openpgp-keys/gentoo-release.asc.${PV}.gz + test? ( + https://dev.gentoo.org/~mgorny/dist/openpgp-keys/gentoo-release-test-sigs-20190224.tar.gz + ) +" +S=${WORKDIR} + +LICENSE="public-domain" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +IUSE="test" +RESTRICT="!test? ( test )" + +BDEPEND=" + test? ( app-crypt/gnupg ) +" + +# Keys included: +# DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D +# D99EAC7379A850BCE47DA5F29E6438C817072058 +# 13EBBDBEDE7A12775DFDB1BABB572E0E2D182910 +# EF9538C9E8E64311A52CDEDFA13D0EF1914E7A72 + +src_test() { + local old_umask=$(umask) + umask 077 + + local -x GNUPGHOME=${T}/.gnupg + mkdir "${GNUPGHOME}" || die + einfo "Importing keys ..." + gpg --import "gentoo-release.asc.${PV}" || die "Key import failed" + + local f + for f in gentoo-release-test-sigs*/*.asc; do + einfo "Testing ${f##*/} ..." + gpg -q --trust-model always --verify "${f}" || die "Verification failed on ${f}" + done + + umask "${old_umask}" +} + +src_install() { + insinto /usr/share/openpgp-keys + newins "gentoo-release.asc.${PV}" gentoo-release.asc +} diff --git a/sec-keys/openpgp-keys-jpakkane/Manifest b/sec-keys/openpgp-keys-jpakkane/Manifest index 9b6384cc9aa4..6ef941ed22f2 100644 --- a/sec-keys/openpgp-keys-jpakkane/Manifest +++ b/sec-keys/openpgp-keys-jpakkane/Manifest @@ -1,3 +1,3 @@ DIST jpakkane-20231105.gpg 3918 BLAKE2B a4e9db8a302d4271c8692e74e78027321b8603376fa44c2813806a91200523eed507ef8c24b0fdcbfe239093f7b3795c6a47a439dd2745b6aaae71a726a4bc04 SHA512 55a75551780d14617baf9a39a56c267cf6d83f11468400d19eefec5328c8246158b638defc1d5fab5583f4e7a79215935c18bf7846913a879e991356cd49cf2b EBUILD openpgp-keys-jpakkane-20231105.ebuild 584 BLAKE2B 4032618939756bab686d12dca7de16b63a6cd4237311254247e7b2d37e0e237ab1f247ed8942b8cb382db25626bb25d7082e2ae1b29d22c07df4af5b6171bb6a SHA512 5adb19779a29db3c7afa0a9095a8266cfce1a82993af91b73b85b6c812aafed14e26258786b06dd653ed1a99e3130e0f8b10c956214786ca80340b7342c87a88 -MISC metadata.xml 397 BLAKE2B fe5f6ec010a2c933ab8f094f4d0b5eed5874a6f862502ddca50d44bfb25d493f87c21cceb18f39f592e1a93660735da8f41ba93008619f6e702342c661d6505c SHA512 6415963d0c1545e4e4b6464e231cf7f7c7fe20d2088ea8c55e05c168777f4a8fa9405a7fdd8f552d4b0f87fce7dff3a1232f8247f4a530cc94bc61d70b98b5c1 +MISC metadata.xml 249 BLAKE2B e0a7bf8ad5d4ff96d6ae8d2a2984b3a4f9d2b4b4e8e8e597d2ef4dbc91a79e8dc7cd2b6193b88183d06a2652490de25694261f54b6acb061205cb22a7fe7d201 SHA512 1f2bf54b95c45f68bc898c90b6751344bf32d7f1f88395b8449b2226428e27e9610a4e3e2fdab6dc342f32e370cb77aafbf94cdc1f91ae458f7339826d1cb98a diff --git a/sec-keys/openpgp-keys-jpakkane/metadata.xml b/sec-keys/openpgp-keys-jpakkane/metadata.xml index 667a16a60d08..b8e59eca0e4a 100644 --- a/sec-keys/openpgp-keys-jpakkane/metadata.xml +++ b/sec-keys/openpgp-keys-jpakkane/metadata.xml @@ -1,12 +1,8 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> - <maintainer type="person" proxied="yes"> - <email>eschwartz93@gmail.com</email> + <maintainer type="person"> + <email>eschwartz@gentoo.org</email> <name>Eli Schwartz</name> </maintainer> - <maintainer type="project" proxied="proxy"> - <email>proxy-maint@gentoo.org</email> - <name>Proxy Maintainers</name> - </maintainer> </pkgmetadata> diff --git a/sec-keys/openpgp-keys-qbittorrent/Manifest b/sec-keys/openpgp-keys-qbittorrent/Manifest index a8098c4f0d2b..afcb7bee4d17 100644 --- a/sec-keys/openpgp-keys-qbittorrent/Manifest +++ b/sec-keys/openpgp-keys-qbittorrent/Manifest @@ -1,3 +1,3 @@ DIST qBittorrent-20161227.asc 5716 BLAKE2B a1502b631c50a603e6b2c5ad73c801bf3963320d0330dbaabb5f4e15646ead61c81b40fc38561d41269849c23bbc4081ac9769b11d790ff06b1d93f4b48e7e18 SHA512 1e30158bb15462787d0f5dea04c9cbb51fffa4e3de14cc9faad4e01a5e5e77896a32ba5ee244e68eb389bf6cc4dfbef7137560a63118a77007c04ddb6139ffe6 EBUILD openpgp-keys-qbittorrent-20161227.ebuild 517 BLAKE2B 44ba680290650abc0a48ca12d1bb009e691f6ca73e6a082cd53450a40eb388ea7cdeb044748917159005f309f6c2efae77fd2ff541a91b17071aeb366af01753 SHA512 76d06af0fabae0e3de699ec219ebf791bcc7850cead3fa4936325301c9f1fbef4c9b062d5a43031fdc08b1f514b7d7c6cbd0fc9b7ec83ec6093a3dbc967524b2 -MISC metadata.xml 397 BLAKE2B fe5f6ec010a2c933ab8f094f4d0b5eed5874a6f862502ddca50d44bfb25d493f87c21cceb18f39f592e1a93660735da8f41ba93008619f6e702342c661d6505c SHA512 6415963d0c1545e4e4b6464e231cf7f7c7fe20d2088ea8c55e05c168777f4a8fa9405a7fdd8f552d4b0f87fce7dff3a1232f8247f4a530cc94bc61d70b98b5c1 +MISC metadata.xml 249 BLAKE2B e0a7bf8ad5d4ff96d6ae8d2a2984b3a4f9d2b4b4e8e8e597d2ef4dbc91a79e8dc7cd2b6193b88183d06a2652490de25694261f54b6acb061205cb22a7fe7d201 SHA512 1f2bf54b95c45f68bc898c90b6751344bf32d7f1f88395b8449b2226428e27e9610a4e3e2fdab6dc342f32e370cb77aafbf94cdc1f91ae458f7339826d1cb98a diff --git a/sec-keys/openpgp-keys-qbittorrent/metadata.xml b/sec-keys/openpgp-keys-qbittorrent/metadata.xml index 667a16a60d08..b8e59eca0e4a 100644 --- a/sec-keys/openpgp-keys-qbittorrent/metadata.xml +++ b/sec-keys/openpgp-keys-qbittorrent/metadata.xml @@ -1,12 +1,8 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> - <maintainer type="person" proxied="yes"> - <email>eschwartz93@gmail.com</email> + <maintainer type="person"> + <email>eschwartz@gentoo.org</email> <name>Eli Schwartz</name> </maintainer> - <maintainer type="project" proxied="proxy"> - <email>proxy-maint@gentoo.org</email> - <name>Proxy Maintainers</name> - </maintainer> </pkgmetadata> diff --git a/sec-keys/openpgp-keys-yubico/Manifest b/sec-keys/openpgp-keys-yubico/Manifest index 8e816207f714..d8c1059895df 100644 --- a/sec-keys/openpgp-keys-yubico/Manifest +++ b/sec-keys/openpgp-keys-yubico/Manifest @@ -11,5 +11,19 @@ DIST yubico-20230825-9AA9BDB11BB1B99A21285A330664A76954265E8C.asc 58800 BLAKE2B DIST yubico-20230825-9E885C0302F9BB9167529C2D5CBA11E6ADC7BCD1.asc 20244 BLAKE2B e8e48028ee7e93d9f7cde04cfec1e44cadec9b84e47bc702442a5d2f4388f57228a44bab8ecb24cfcfd12977e3ddac46bb31f24a7fe4c944806c2f5ccab029cd SHA512 d5cee7d2f85724c297cb7556f258e6f2cc1302ab6aa43c2f1f3a7ab8063f1977303e7579f811bc3ae76bbc8bee54f713ba862cbaa16fe2c9453beb93b9cebd30 DIST yubico-20230825-AF511D2CBC0F973E5D308054325C8E4AE2E6437D.asc 12253 BLAKE2B 03d0083cd8fd00ee0fcc85ca0cbddb3963220a73dde717321dcca5e21c9a4e77371a37618ed74ec4ca9dd7b38a779f8772e0a3d560c2048d8bb0dc6e1d585512 SHA512 fcdf7238c2be765ccb430e39cda9022d1441dfce8ecda3fff5b2667579da0d8761a2229e2849284c45f6acf0410f9333ce81d842d157b3cc74f7fdfd55d1b02f DIST yubico-20230825-B70D62AA6A31AD6B9E4F9F4BDC8888925D25CA7A.asc 41265 BLAKE2B 3b27fd1f8504ccba5b7237a7567ed8980fe6c2df99abc1fce2baebeed4afca268728e0ac4d7a612f6e8569e1d079c900bd3f01b15c3c4222ced802852846f9c8 SHA512 c8892a67a77541263ed5bb69fa69738fede314fe95896527085fa99c10bc86938b8524bf2a83c90b2b01acee6c69cfc1f604a1c3f9706eab5b75ffa7d1a35e80 +DIST yubico-20240628-0A3B0262BCA1705307D5FF06BCA00FD4B2168C0A.asc 24405 BLAKE2B d0d09d778dba7b4cbae6d6246db725f06eb13a2984b6c017b13335aea53f701cbfabea166ed3ae3fcfdaab6861dfa627ef2e112470ddea380c4b384c739b3e73 SHA512 b601cd86c530c206bb1b3957426486a83cbc77e3c5b159686152ddf95566c9229cc6371378b217cd411dc9bb00d950225d4c7976e00964d505f5fe1d61cb6840 +DIST yubico-20240628-1D7308B0055F5AEF36944A8F27A9C24D9588EA0F.asc 42592 BLAKE2B 3b69ed8a85486648fa7b767a87277c7b8a546d9d8f4fd8c65e0501900e4e9f676bc28b4ff7f99a0f78352bc2eaa82b297c40940dca4a8cdd97b7d4c0e83c9af8 SHA512 2b98fbde89733b576c9597d07c988674609fd1bd015a8aabe7051cc8324fb3bfa05f1ba40ae520a3fdecc4404d621d1ec8e921349e4be80a06d97ebafc17e652 +DIST yubico-20240628-1DC4BA2872525B3F2FE8207F5D9C760A3FB51707.asc 7134 BLAKE2B f27926c15079377a35e0b294e74d2d12913572ff018d249f9d8096fc943a3f3525e1d5ed8e454e9d35000d06760f69f34209f9e11189781f326feaae11c5c1c4 SHA512 1e598955a6ce204136925957f282ce1bcaa63d7caf22452a2e837ae2146ba5b74e8c1b36cd399c3343dbd8f6e63b3f0517965d5ad338a388b3d42e8e59d74cab +DIST yubico-20240628-20EE325B86A81BCBD3E56798F04367096FBA95E8.asc 17270 BLAKE2B bf66bb7289decdcb68d320bda5fc4fdc87a267d42d049cee0780ce23c4c308dc13447dbbf027eed30ed61fb2c24f78815a90b42a509da0393e93a953766056b0 SHA512 6cb35456d0d0aa60dce4c0fe3c574e461a17b3b6386c2b2d0d3a58dfdcede37bf3f84a36b8c87fc1b8d32b655fc778e801d5857d8b85f308b10f69d3cf8a0f6f +DIST yubico-20240628-355C8C0186CC96CBA49F9CD8DAA17C2953914D9D.asc 28959 BLAKE2B f1a1043ecc4fc299487486098b9f8d41f4a2e160526c6f71bbc49284c1846eda4c50035833c95d7729bcde86de005ecabef0ba88fa9d2a59c86978cef05771c4 SHA512 8aaac5dda433b8057ebc1e898f144e04dbc9373619e236988f29df94a4d66bf72a721148685beade1d17dcd5f4922eb57cf729be20ebcba5729c9c3c4444e059 +DIST yubico-20240628-57A9DEED4C6D962A923BB691816F3ED99921835E.asc 70458 BLAKE2B 82b2d384fb924ed56af60f434e2da85663756ca8708a01e0ce6f4314191da3be227f78e3af28ed62cb15753c722acb1b2b76d31615b7f462b34f60e7a0bbb6c9 SHA512 493660a82142cce435994a8b9f24a53a37fe98c2f2ced08c358c7e92267e652d333cc2ae57f6e1ab2356c5e3f8218e155f03f1877b34c5c676f33b6b27f462ce +DIST yubico-20240628-78D997D53E9C0A2A205392ED14A19784723C9988.asc 3817 BLAKE2B f45e54530c072033b308fb9d6b41cadd25a1eb8de0fc653a67ca6d0142af69f33e8080f3840471f732d199655cdd1548c95c662ce69993b2db9c595d84845cbc SHA512 2a667e35d9933b17abbfef8fe015557b5164e7af752b6639dcf0353c23adb09656bfef9f63bfdbc1bb6845e7233c7192ac380e621c591b02f054e16d829b0a24 +DIST yubico-20240628-7FBB6186957496D58C751AC20E777DD85755AA4A.asc 28557 BLAKE2B d450afcf23e068c9720c04ca292e5a49bfb4664a9fbe856f36bf5f7977877f0e7ab9fe0996e7353d99c7228eed3ff42941f6d1b0571fa19e5a1919190a794b0d SHA512 0f3d501a3def675defe73fdc1a7ad5d99c4baeb96acf63dae8ccd4f4b1316d8c68b1c309c733dc16f85c17a1f308d0a1c4f6c61f36a0642a1f2946eaa5de9588 +DIST yubico-20240628-8D0B4EBA9345254BCEC0E843514F078FF4AB24C3.asc 22919 BLAKE2B 067364f6be1e130910354927ac636962252b3181da9ee00a1cd1e25d36bba9ec371d548aeb1771182f4da98885144c379ba0f1a2759983d16e079853bf56e437 SHA512 90196a80a5e7fcc8148b050e956f6cbc7d147e5fe25df8f7d66dd007d86f99e4a7f3f3f9e1d489a58be19e6041293dbc9553f0720bb9dc7f828dcb389c4aea53 +DIST yubico-20240628-9AA9BDB11BB1B99A21285A330664A76954265E8C.asc 58800 BLAKE2B 3c870e856a6628a1855cd183db8aaea072190e9e4069dc4cc6db0e1b37c3f4663ed7567be1999cdfe13aa379db5ac7a4d34198a853ac0c48517c876241046183 SHA512 4b99bf0a03d70b3e393ed1bfdf23335fe350e5dbf7d29f19f55c08bfbbda4b91e6b756b3e34f16f282eda21bc981d6079c835905fc41532e6ea88fd3c987a899 +DIST yubico-20240628-9E885C0302F9BB9167529C2D5CBA11E6ADC7BCD1.asc 20244 BLAKE2B e8e48028ee7e93d9f7cde04cfec1e44cadec9b84e47bc702442a5d2f4388f57228a44bab8ecb24cfcfd12977e3ddac46bb31f24a7fe4c944806c2f5ccab029cd SHA512 d5cee7d2f85724c297cb7556f258e6f2cc1302ab6aa43c2f1f3a7ab8063f1977303e7579f811bc3ae76bbc8bee54f713ba862cbaa16fe2c9453beb93b9cebd30 +DIST yubico-20240628-AF511D2CBC0F973E5D308054325C8E4AE2E6437D.asc 15357 BLAKE2B e193d3d8272a0bf94282bb020c444bfe854c5bc7f769501773bf8c6f9bac6b3e922b514e7abd997d3147c89f0a628831fa47aa644b7071e3a4ecd4e2fe2d3d12 SHA512 76a9dcf1de29708d670155653d6a43359ca2bcc1162d4ef54a4dd08eb4474d6cb1a43c2e2b9ff2aa6fe816cd4ffb3cf5e58bfc17285de315d449b8de60970f1c +DIST yubico-20240628-B70D62AA6A31AD6B9E4F9F4BDC8888925D25CA7A.asc 41265 BLAKE2B 3b27fd1f8504ccba5b7237a7567ed8980fe6c2df99abc1fce2baebeed4afca268728e0ac4d7a612f6e8569e1d079c900bd3f01b15c3c4222ced802852846f9c8 SHA512 c8892a67a77541263ed5bb69fa69738fede314fe95896527085fa99c10bc86938b8524bf2a83c90b2b01acee6c69cfc1f604a1c3f9706eab5b75ffa7d1a35e80 EBUILD openpgp-keys-yubico-20230825.ebuild 3313 BLAKE2B f7564f0cd63edab589e153312188c486d3c896056ad6f9f79f0c1d35d83a35348604173754a5181cdb8689670a2ef8a7d49b2a5f0f35594dc183efff178b34e1 SHA512 b04dad91859a7c023f3fb0124ec6484f9fdabf3d57051b70311e7bc618a1bc9d05fa57b875ca12b717ac0cfba285fd6e9f3405cfef84923004fa41a0a3bad691 -MISC metadata.xml 192 BLAKE2B fef49cb9e1dda8063c379e650d4897670410d2c0641f469b8a200d5e7ec8d3f505e692277d03b583790cb1340ece9c2e8f7e7c9ff5080d42a2e0ef3fc7138a44 SHA512 bece454b8da734c7a28ce25f8080b3fca56332e57cde854c50f0b884ba3836f1af7782a1ee9f63e6aeff4830e2bca71c5c466471fc82eee75339565aab6495d5 +EBUILD openpgp-keys-yubico-20240628.ebuild 3313 BLAKE2B b69a30b0b5df13da6e1b07cc3814e0d8efffaee2e5689d48aa28bbac02ebd5ba23bfe6a88e12a0f483425115856e27f3dd3eb0e4744aa980cd81774b0eb5055b SHA512 36d9075dc39243cc82ee5c465a3dd672c42185caa9e92d9e97af417ee916578059408135ea371e6a1b4437783f054f51a7dcd59e28fa777579646e70ed5a1fe5 +MISC metadata.xml 435 BLAKE2B 5d509357798922e3436d5d281c293c55be636293e4be81fde64262306f5a8e64dc0d857e8e0e07fb9af6c2a0331699d279e4f35efaf782d0e652437452365115 SHA512 26c658d908c28f0b97290d8ee88ca57f324a4b5bd04565bbd00ae20c0475793348fd3ad822de04a3f1cf278c720c2752a00194fee44146b21b5a426163123f46 diff --git a/sec-keys/openpgp-keys-yubico/metadata.xml b/sec-keys/openpgp-keys-yubico/metadata.xml index c3bda71eefca..63089be7ad8a 100644 --- a/sec-keys/openpgp-keys-yubico/metadata.xml +++ b/sec-keys/openpgp-keys-yubico/metadata.xml @@ -1,6 +1,13 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> - <!-- maintainer-needed --> + <maintainer type="person" proxied="yes"> + <email>mario.haustein@hrz.tu-chemnitz.de</email> + <name>Mario Haustein</name> + </maintainer> + <maintainer type="project" proxied="proxy"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> <stabilize-allarches/> </pkgmetadata> diff --git a/sec-keys/openpgp-keys-yubico/openpgp-keys-yubico-20240628.ebuild b/sec-keys/openpgp-keys-yubico/openpgp-keys-yubico-20240628.ebuild new file mode 100644 index 000000000000..8ca3f7045ee3 --- /dev/null +++ b/sec-keys/openpgp-keys-yubico/openpgp-keys-yubico-20240628.ebuild @@ -0,0 +1,57 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DESCRIPTION="OpenPGP keys used by Yubico's developers" +HOMEPAGE="https://developers.yubico.com/Software_Projects/Software_Signing.html" +# Current keys. Keys which should also be there but as of 2023-08-25 trigger import failures +# due to having no user IDs associated with them on the keyserver: +# - Jean Paul Galea <jeanpaul@yubico.com> B604 2E2B D1FD BC2B CA85 88B2 FF8D 3B45 B7B8 75A9 +# - Trevor Bentley <trevor@yubico.com> 2685 83B6 4786 F50F 8074 56DA 8CED 3A80 D41C 0DCB +SRC_URI=" + https://keys.openpgp.org/vks/v1/by-fingerprint/0A3B0262BCA1705307D5FF06BCA00FD4B2168C0A + -> yubico-${PV}-0A3B0262BCA1705307D5FF06BCA00FD4B2168C0A.asc + https://keys.openpgp.org/vks/v1/by-fingerprint/20EE325B86A81BCBD3E56798F04367096FBA95E8 + -> yubico-${PV}-20EE325B86A81BCBD3E56798F04367096FBA95E8.asc + https://keys.openpgp.org/vks/v1/by-fingerprint/B70D62AA6A31AD6B9E4F9F4BDC8888925D25CA7A + -> yubico-${PV}-B70D62AA6A31AD6B9E4F9F4BDC8888925D25CA7A.asc + https://keys.openpgp.org/vks/v1/by-fingerprint/57A9DEED4C6D962A923BB691816F3ED99921835E + -> yubico-${PV}-57A9DEED4C6D962A923BB691816F3ED99921835E.asc + https://keys.openpgp.org/vks/v1/by-fingerprint/1D7308B0055F5AEF36944A8F27A9C24D9588EA0F + -> yubico-${PV}-1D7308B0055F5AEF36944A8F27A9C24D9588EA0F.asc + https://keys.openpgp.org/vks/v1/by-fingerprint/355C8C0186CC96CBA49F9CD8DAA17C2953914D9D + -> yubico-${PV}-355C8C0186CC96CBA49F9CD8DAA17C2953914D9D.asc + https://keys.openpgp.org/vks/v1/by-fingerprint/9E885C0302F9BB9167529C2D5CBA11E6ADC7BCD1 + -> yubico-${PV}-9E885C0302F9BB9167529C2D5CBA11E6ADC7BCD1.asc + https://keys.openpgp.org/vks/v1/by-fingerprint/7FBB6186957496D58C751AC20E777DD85755AA4A + -> yubico-${PV}-7FBB6186957496D58C751AC20E777DD85755AA4A.asc + https://keys.openpgp.org/vks/v1/by-fingerprint/78D997D53E9C0A2A205392ED14A19784723C9988 + -> yubico-${PV}-78D997D53E9C0A2A205392ED14A19784723C9988.asc + https://keys.openpgp.org/vks/v1/by-fingerprint/AF511D2CBC0F973E5D308054325C8E4AE2E6437D + -> yubico-${PV}-AF511D2CBC0F973E5D308054325C8E4AE2E6437D.asc +" +# Old keys. Keys which should also be there but as of 2023-08-25 trigger import failures +# due to having no user IDs associated with them on the keyserver: +# - Tommaso De Orchi <tom@yubico.com> FF8A F719 AE58 2818 1B89 4D83 1CE3 9268 A097 3948 +# - Henrik StrĂ¥th <henrik@yubico.com> DCB9 04FA B343 CFA7 1907 6EF7 9EA9 0242 958E 0658 +# - Pedro Martelletto <pedro@yubico.com> EE90 AE0D 1977 4C83 8662 8FAA B428 949E F791 4718 +SRC_URI+=" + https://keys.openpgp.org/vks/v1/by-fingerprint/8D0B4EBA9345254BCEC0E843514F078FF4AB24C3 + -> yubico-${PV}-8D0B4EBA9345254BCEC0E843514F078FF4AB24C3.asc + https://keys.openpgp.org/vks/v1/by-fingerprint/1DC4BA2872525B3F2FE8207F5D9C760A3FB51707 + -> yubico-${PV}-1DC4BA2872525B3F2FE8207F5D9C760A3FB51707.asc + https://keys.openpgp.org/vks/v1/by-fingerprint/9AA9BDB11BB1B99A21285A330664A76954265E8C + -> yubico-${PV}-9AA9BDB11BB1B99A21285A330664A76954265E8C.asc +" +S=${WORKDIR} + +LICENSE="public-domain" +SLOT="0" +KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86" + +src_install() { + local files=( ${A} ) + insinto /usr/share/openpgp-keys + newins - yubico.com.asc < <(cat "${files[@]/#/${DISTDIR}/}" || die) +} |