diff options
Diffstat (limited to 'eclass')
| -rw-r--r-- | eclass/Manifest.gz | bin | 38503 -> 38670 bytes | |||
| -rw-r--r-- | eclass/cuda.eclass | 6 | ||||
| -rw-r--r-- | eclass/distutils-r1.eclass | 48 | ||||
| -rw-r--r-- | eclass/java-utils-2.eclass | 4 | ||||
| -rw-r--r-- | eclass/kernel-2.eclass | 2 | ||||
| -rw-r--r-- | eclass/perl-module.eclass | 2 | ||||
| -rw-r--r-- | eclass/python-utils-r1.eclass | 4 | ||||
| -rwxr-xr-x | eclass/tests/verify-sig.sh | 94 | ||||
| -rw-r--r-- | eclass/verify-sig.eclass | 63 |
9 files changed, 152 insertions, 71 deletions
diff --git a/eclass/Manifest.gz b/eclass/Manifest.gz Binary files differindex 92783ec64d1b..274573fd94ba 100644 --- a/eclass/Manifest.gz +++ b/eclass/Manifest.gz diff --git a/eclass/cuda.eclass b/eclass/cuda.eclass index 5f3f0c3af37d..4b5f1a3294ef 100644 --- a/eclass/cuda.eclass +++ b/eclass/cuda.eclass @@ -81,7 +81,7 @@ cuda_gccdir() { # Try the current gcc version first ver=$(gcc-version) if [[ -n "${ver}" ]] && [[ ${vers} =~ ${ver} ]]; then - dirs=( ${EPREFIX}/usr/*pc-linux-gnu/gcc-bin/${ver%.*}*/ ) + dirs=( "${EPREFIX}"/usr/*pc-linux-gnu/gcc-bin/${ver%.*}*/ ) gcc_bindir="${dirs[${#dirs[@]}-1]}" fi @@ -90,14 +90,14 @@ cuda_gccdir() { ver=$(ver_cut 1-2 "${ver##*sys-devel/gcc-}") if [[ -n "${ver}" ]] && [[ ${vers} =~ ${ver} ]]; then - dirs=( ${EPREFIX}/usr/*pc-linux-gnu/gcc-bin/${ver%.*}*/ ) + dirs=( "${EPREFIX}"/usr/*pc-linux-gnu/gcc-bin/${ver%.*}*/ ) gcc_bindir="${dirs[${#dirs[@]}-1]}" fi fi for ver in ${vers}; do if has_version "=sys-devel/gcc-${ver}*"; then - dirs=( ${EPREFIX}/usr/*pc-linux-gnu/gcc-bin/${ver%.*}*/ ) + dirs=( "${EPREFIX}"/usr/*pc-linux-gnu/gcc-bin/${ver%.*}*/ ) gcc_bindir="${dirs[${#dirs[@]}-1]}" fi done diff --git a/eclass/distutils-r1.eclass b/eclass/distutils-r1.eclass index 91de144e1110..56afcdc5bcb8 100644 --- a/eclass/distutils-r1.eclass +++ b/eclass/distutils-r1.eclass @@ -1461,12 +1461,6 @@ distutils_pep517_install() { [[ -n ${wheel} ]] || die "No wheel name returned" distutils_wheel_install "${root}" "${WHEEL_BUILD_DIR}/${wheel}" - - # clean the build tree; otherwise we may end up with PyPy3 - # extensions duplicated into CPython dists - if [[ ${DISTUTILS_USE_PEP517:-setuptools} == setuptools ]]; then - rm -rf build || die - fi } # @FUNCTION: distutils-r1_python_compile @@ -1478,9 +1472,6 @@ distutils_pep517_install() { # # If DISTUTILS_USE_PEP517 is set to any other value, builds a wheel # using the PEP517 backend and installs it into ${BUILD_DIR}/install. -# May additionally call build_ext prior to that when using setuptools -# and the eclass detects a potential benefit from parallel extension -# builds. # # In legacy mode, runs 'esetup.py build'. Any parameters passed to this # function will be appended to setup.py invocation, i.e. passed @@ -1495,40 +1486,21 @@ distutils-r1_python_compile() { # call setup.py build when using setuptools (either via PEP517 # or in legacy mode) - if [[ ${DISTUTILS_USE_PEP517} ]]; then - if [[ -d build ]]; then - eqawarn "A 'build' directory exists already. Artifacts from this directory may" - eqawarn "be picked up by setuptools when building for another interpreter." - eqawarn "Please remove this directory prior to building." - fi - else - _distutils-r1_copy_egg_info - fi - # distutils is parallel-capable since py3.5 local jobs=$(makeopts_jobs "${MAKEOPTS} ${*}") if [[ ${DISTUTILS_USE_PEP517} ]]; then - # issue build_ext only if it looks like we have at least - # two source files to build; setuptools is expensive - # to start and parallel builds can only benefit us if we're - # compiling at least two files - # - # see extension.py for list of suffixes - # .pyx is added for Cython - # - # esetup.py does not respect SYSROOT, so skip it there - if [[ -z ${SYSROOT} && ${DISTUTILS_EXT} && 1 -ne ${jobs} - && 2 -eq $( - find '(' -name '*.c' -o -name '*.cc' -o -name '*.cpp' \ - -o -name '*.cxx' -o -name '*.c++' -o -name '*.m' \ - -o -name '*.mm' -o -name '*.pyx' ')' -printf '\n' | - head -n 2 | wc -l - ) - ]]; then - esetup.py build_ext -j "${jobs}" "${@}" - fi + mkdir -p "${BUILD_DIR}" || die + local -x DIST_EXTRA_CONFIG="${BUILD_DIR}/extra-setup.cfg" + cat > "${DIST_EXTRA_CONFIG}" <<-EOF || die + [build] + build_base = ${BUILD_DIR}/build + + [build_ext] + parallel = ${jobs} + EOF else + _distutils-r1_copy_egg_info esetup.py build -j "${jobs}" "${@}" fi ;; diff --git a/eclass/java-utils-2.eclass b/eclass/java-utils-2.eclass index 463d364caee9..ee5d68c8a78c 100644 --- a/eclass/java-utils-2.eclass +++ b/eclass/java-utils-2.eclass @@ -577,7 +577,7 @@ java-pkg_regso() { java-pkg_append_ JAVA_PKG_LIBRARY "/${target_dir#${D}}" # Check the path of the lib relative to ${D} elif [[ -e "${D}${lib}" ]]; then - target_dir="$(java-pkg_expand_dir_ ${D}${lib})" + target_dir="$(java-pkg_expand_dir_ "${D}${lib}")" java-pkg_append_ JAVA_PKG_LIBRARY "${target_dir}" else die "${lib} does not exist" @@ -924,7 +924,7 @@ java-pkg_recordjavadoc() debug-print-function ${FUNCNAME} $* # the find statement is important # as some packages include multiple trees of javadoc - JAVADOC_PATH="$(find ${D}/usr/share/doc/ -name allclasses-frame.html -printf '%h:')" + JAVADOC_PATH="$(find "${D}"/usr/share/doc/ -name allclasses-frame.html -printf '%h:')" # remove $D - TODO: check this is ok with all cases of the above JAVADOC_PATH="${JAVADOC_PATH//${D}}" if [[ -n "${JAVADOC_PATH}" ]] ; then diff --git a/eclass/kernel-2.eclass b/eclass/kernel-2.eclass index 7b77b64de90f..8bab2b482cf7 100644 --- a/eclass/kernel-2.eclass +++ b/eclass/kernel-2.eclass @@ -877,7 +877,7 @@ install_sources() { dodir /usr/src einfo ">>> Copying sources ..." - file="$(find ${WORKDIR} -iname "docs" -type d)" + file="$(find "${WORKDIR}" -iname "docs" -type d)" if [[ -n ${file} ]]; then for file in $(find ${file} -type f); do echo "${file//*docs\/}" >> "${S}"/patches.txt diff --git a/eclass/perl-module.eclass b/eclass/perl-module.eclass index 35f85a813fc7..e2b66e3b6f7d 100644 --- a/eclass/perl-module.eclass +++ b/eclass/perl-module.eclass @@ -254,7 +254,7 @@ perl-module_src_configure() { elif [[ -f Makefile.PL ]] ; then einfo "Using ExtUtils::MakeMaker" set -- \ - PREFIX=${EPREFIX}/usr \ + PREFIX="${EPREFIX}"/usr \ INSTALLDIRS=vendor \ INSTALLMAN3DIR='none' \ DESTDIR="${D}" \ diff --git a/eclass/python-utils-r1.eclass b/eclass/python-utils-r1.eclass index bd30c1203180..50aeabae1c17 100644 --- a/eclass/python-utils-r1.eclass +++ b/eclass/python-utils-r1.eclass @@ -1242,10 +1242,6 @@ _python_check_EPYTHON() { _python_check_occluded_packages() { debug-print-function ${FUNCNAME} "${@}" - # DO NOT ENABLE THIS unless you're going to check for false - # positives before filing bugs. - [[ ! ${PYTHON_EXPERIMENTAL_QA} ]] && return - [[ -z ${BUILD_DIR} || ! -d ${BUILD_DIR}/install ]] && return local sitedir="${BUILD_DIR}/install$(python_get_sitedir)" diff --git a/eclass/tests/verify-sig.sh b/eclass/tests/verify-sig.sh new file mode 100755 index 000000000000..a87e2c7703d7 --- /dev/null +++ b/eclass/tests/verify-sig.sh @@ -0,0 +1,94 @@ +#!/bin/bash +# Copyright 2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +source tests-common.sh || exit + +inherit verify-sig + +TMP=$(mktemp -d) +trap 'rm -rf "${TMP}"' EXIT +cd "${TMP}" || die +> empty || die +> fail || die +echo "The quick brown fox jumps over the lazy dog." > text || die + +testit() { + local expect=${1} + shift + + tbegin "${*@Q}" + ( "${@}" ) + [[ ${?} -eq ${expect} ]] + tend "${?}" +} + +test_verify_unsigned_checksums() { + local format=${1} + + testit 0 verify-sig_verify_unsigned_checksums checksums.txt "${format}" empty + testit 0 verify-sig_verify_unsigned_checksums checksums.txt "${format}" "empty text" + testit 1 verify-sig_verify_unsigned_checksums checksums.txt "${format}" other + testit 1 verify-sig_verify_unsigned_checksums checksums.txt "${format}" "empty other" + testit 1 verify-sig_verify_unsigned_checksums checksums.txt "${format}" fail + testit 1 verify-sig_verify_unsigned_checksums checksums.txt "${format}" "empty fail" +} + +einfo "Testing coreutils format." +eindent + +cat > checksums.txt <<-EOF || die + # some junk to test junk protection + b47cc0f104b62d4c7c30bcd68fd8e67613e287dc4ad8c310ef10cbadea9c4380 empty junk line + b47cc0f104b62d4c7c30bcd68gd8e67613e287dc4ad8c310ef10cbadea9c4380 empty + + # sha1sums + da39a3ee5e6b4b0d3255bfef95601890afd80709 empty + 9c04cd6372077e9b11f70ca111c9807dc7137e4b text + 9c04cd6372077e9b11f70ca111c9807dc7137e4b fail + + # sha256sums + e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 empty + b47cc0f104b62d4c7c30bcd68fd8e67613e287dc4ad8c310ef10cbadea9c4380 text + b47cc0f104b62d4c7c30bcd68fd8e67613e287dc4ad8c310ef10cbadea9c4380 fail + + # sha512sums + cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e empty + 020da0f4d8a4c8bfbc98274027740061d7df52ee07091ed6595a083e0f45327bbe59424312d86f218b74ed2e25507abaf5c7a5fcf4cafcf9538b705808fd55ec text + 020da0f4d8a4c8bfbc98274027740061d7df52ee07091ed6595a083e0f45327bbe59424312d86f218b74ed2e25507abaf5c7a5fcf4cafcf9538b705808fd55ec fail + + # duplicate checksum + e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 empty +EOF + +test_verify_unsigned_checksums sha256 +eoutdent + +einfo "Testing openssl-dgst format." +eindent + +> "annoying ( filename )= yes ).txt" || die + +cat > checksums.txt <<-EOF || die + junk text that ought to be ignored + + SHA1(empty)=da39a3ee5e6b4b0d3255bfef95601890afd80709 + SHA1(text)= 9c04cd6372077e9b11f70ca111c9807dc7137e4b + SHA1(fail)=9c04cd6372077e9b11f70ca111c9807dc7137e4b + + SHA256(empty)=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + SHA256(text)= b47cc0f104b62d4c7c30bcd68fd8e67613e287dc4ad8c310ef10cbadea9c4380 + SHA256(fail)=b47cc0f104b62d4c7c30bcd68fd8e67613e287dc4ad8c310ef10cbadea9c4380 + + SHA256(annoying ( filename )= yes )= e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + + SHA512(empty)=cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e + SHA512(text)= 020da0f4d8a4c8bfbc98274027740061d7df52ee07091ed6595a083e0f45327bbe59424312d86f218b74ed2e25507abaf5c7a5fcf4cafcf9538b705808fd55ec + SHA512(fail)=020da0f4d8a4c8bfbc98274027740061d7df52ee07091ed6595a083e0f45327bbe59424312d86f218b74ed2e25507abaf5c7a5fcf4cafcf9538b705808fd55ec +EOF + +test_verify_unsigned_checksums openssl-dgst +eoutdent + +texit diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass index d99dc3461858..49557b633c87 100644 --- a/eclass/verify-sig.eclass +++ b/eclass/verify-sig.eclass @@ -55,8 +55,8 @@ IUSE="verify-sig" # @DESCRIPTION: # Signature verification method to use. The allowed value are: # -# - openpgp -- verify PGP signatures using app-crypt/gnupg (the default) -# - signify -- verify signatures with Ed25519 public key using app-crypt/signify +# - openpgp -- verify PGP signatures using app-crypt/gnupg (the default) +# - signify -- verify signatures with Ed25519 public key using app-crypt/signify : "${VERIFY_SIG_METHOD:=openpgp}" case ${VERIFY_SIG_METHOD} in @@ -214,12 +214,15 @@ verify-sig_verify_message() { } # @FUNCTION: verify-sig_verify_unsigned_checksums -# @USAGE: <checksum-file> <algo> <files> +# @USAGE: <checksum-file> <format> <files> # @DESCRIPTION: # Verify the checksums for all files listed in the space-separated list -# <files> (akin to ${A}) using a <checksum-file>. <algo> specifies -# the checksum algorithm (e.g. sha256). <checksum-file> can be "-" -# for stdin. +# <files> (akin to ${A}) using a <checksum-file>. <format> specifies +# the checksum file format. <checksum-file> can be "-" for stdin. +# +# The following formats are supported: +# - sha256 -- sha256sum (<hash> <filename>) +# - openssl-dgst -- openssl dgst (<algo>(<filename>)=<hash>) # # The function dies if one of the files does not match checksums or # is missing from the checksum file. @@ -231,36 +234,52 @@ verify-sig_verify_message() { # verify-sig_verify_signed_checksums instead. verify-sig_verify_unsigned_checksums() { local checksum_file=${1} - local algo=${2} + local format=${2} local files=() read -r -d '' -a files <<<"${3}" - local chksum_prog chksum_len + local chksum_prog chksum_len algo=${format} - case ${algo} in + case ${format} in sha256) - chksum_prog=sha256sum chksum_len=64 ;; + openssl-dgst) + ;; *) - die "${FUNCNAME}: unknown checksum algo ${algo}" + die "${FUNCNAME}: unknown checksum format ${format}" ;; esac [[ ${checksum_file} == - ]] && checksum_file=/dev/stdin - local checksum filename junk ret=0 count=0 - while read -r checksum filename junk; do - if [[ ${checksum} == "-----BEGIN" ]]; then + local line checksum filename junk ret=0 count=0 + local -A verified + while read -r line; do + if [[ ${line} == "-----BEGIN"* ]]; then die "${FUNCNAME}: PGP armor found, use verify-sig_verify_signed_checksums instead" fi - [[ ${#checksum} -eq ${chksum_len} ]] || continue - [[ -z ${checksum//[0-9a-f]} ]] || continue - has "${filename}" "${files[@]}" || continue - [[ -z ${junk} ]] || continue + case ${format} in + sha256) + read -r checksum filename junk <<<"${line}" + [[ ${#checksum} -ne ${chksum_len} ]] && continue + [[ -n ${checksum//[0-9a-f]} ]] && continue + [[ -n ${junk} ]] && continue + ;; + openssl-dgst) + [[ ${line} != *"("*")="* ]] && continue + checksum=${line##*)=} + algo=${line%%(*} + filename=${line#*(} + filename=${filename%)=*} + ;; + esac + + if ! has "${filename}" "${files[@]}"; then + continue + fi - "${chksum_prog}" -c --strict - <<<"${checksum} ${filename}" - if [[ ${?} -eq 0 ]]; then - (( count++ )) + if "${algo,,}sum" -c --strict - <<<"${checksum} ${filename}"; then + verified["${filename}"]=1 else ret=1 fi @@ -268,7 +287,7 @@ verify-sig_verify_unsigned_checksums() { [[ ${ret} -eq 0 ]] || die "${FUNCNAME}: at least one file did not verify successfully" - [[ ${count} -eq ${#files[@]} ]] || + [[ ${#verified[@]} -eq ${#files[@]} ]] || die "${FUNCNAME}: checksums for some of the specified files were missing" } |