diff --git a/dev-util/deblob/Manifest b/dev-util/deblob/Manifest index 305520c269..ece48925b8 100644 --- a/dev-util/deblob/Manifest +++ b/dev-util/deblob/Manifest @@ -1,2 +1,4 @@ DIST deblob-0.6.tar.gz 47780 BLAKE2B 7c19c9dfb466ef705789768b9424b3ff5861c03f10715c63ea1215cf94a3bf8284304a771953f1311e74fc7aa60e2ab5990d5ab35622b9d578baad98bab3d5e2 SHA512 04381745af4d0bc4958a0a40de448ab45fdfe345dbaac08c93e1729bf90c1cc08f803a9831c346bf0d94258ea570e212ea924363aa50db2de1654f68aa27778a +DIST deblob-0.6.tar.gz.sign 305 BLAKE2B 22f7ea757facb17afbe37b0bdce58c1cb43778a1ba08fe5547052233ef348a4416657ab4a2f08f71d9c4a94cb36de38fe721d0fc9ba2e7bd0ed992f91887c8b7 SHA512 2f96b6aeca51083bb8dd275c9bcfc4341d73a4ca90fe7d39282a591fa3c62849db5c44b9d9e7caa798107b579bf0e50c8873f75d79e906c8b94eacd0688ba16a DIST deblob-0.7.tar.gz 47879 BLAKE2B fa392bebcb07f36dfa894156ff494b23e514fd0c6d2d589fbfa110292a35e9ea8c2c89178e17a0797f01e66e98f16a8c71cea1b8746f8a70eca0cfabae83ae51 SHA512 b0857981a72bd52987a94ce7a6e59c17bc0ca882494bd4e6514f06ffd397bb14fba25562817f41b600b32c4708284d2768946696fbdd8d8a7d421c321fdfa0f7 +DIST deblob-0.7.tar.gz.sign 305 BLAKE2B 184e4868f276b11c7d64e8d3b1de839d47033595aaa58b67d4a8e6dcdb593980f40c6e12b499635aee1e6f2e6cf9efb439445ff4a443b5ba71a5e5776b3f8473 SHA512 c2f3645ae2cc3bd102a98ef2500a80fd9d0ddf2f3117494bcdc8b4162a8a7e561e8b1a5d34641c35376de36a99967fece80c0678f9f21d14c57ede1617403655 diff --git a/dev-util/deblob/deblob-0.6.ebuild b/dev-util/deblob/deblob-0.6.ebuild index 0a382cb7ed..50e013ca81 100644 --- a/dev-util/deblob/deblob-0.6.ebuild +++ b/dev-util/deblob/deblob-0.6.ebuild @@ -7,7 +7,13 @@ if [[ "$PV" == 9999 ]]; then inherit git-r3 EGIT_REPO_URI="https://git.sr.ht/~lanodan/deblob" else - SRC_URI="https://hacktivis.me/releases/${P}.tar.gz" + VERIFY_SIG_METHOD=signify + inherit verify-sig + + SRC_URI=" + https://hacktivis.me/releases/${P}.tar.gz + verify-sig? ( https://hacktivis.me/releases/${P}.tar.gz.sign ) + " KEYWORDS="~amd64 ~arm64 ~riscv" fi @@ -24,6 +30,24 @@ DEPEND=" # built by hare QA_FLAGS_IGNORED="usr/bin/deblob" +if [[ "${PV}" != "9999" ]] +then + BDEPEND="${BDEPEND} verify-sig? ( sec-keys/signify-keys-lanodan:2023 )" + + VERIFY_SIG_OPENPGP_KEY_PATH="/usr/share/signify-keys/signify-keys-lanodan-2023.pub" + + src_unpack() { + if use verify-sig; then + # Too many levels of symbolic links + cd "${DISTDIR}" || die + cp ${A} "${WORKDIR}" || die + cd "${WORKDIR}" || die + verify-sig_verify_detached "${P}.tar.gz" "${P}.tar.gz.sign" + fi + default + } +fi + src_install() { PREFIX="/usr" default } diff --git a/dev-util/deblob/deblob-0.7.ebuild b/dev-util/deblob/deblob-0.7.ebuild index 4cd6cf63d6..6957771244 100644 --- a/dev-util/deblob/deblob-0.7.ebuild +++ b/dev-util/deblob/deblob-0.7.ebuild @@ -7,7 +7,13 @@ if [[ "$PV" == 9999 ]]; then inherit git-r3 EGIT_REPO_URI="https://git.sr.ht/~lanodan/deblob" else - SRC_URI="https://hacktivis.me/releases/${P}.tar.gz" + VERIFY_SIG_METHOD=signify + inherit verify-sig + + SRC_URI=" + https://hacktivis.me/releases/${P}.tar.gz + verify-sig? ( https://hacktivis.me/releases/${P}.tar.gz.sign ) + " KEYWORDS="~amd64 ~arm64 ~riscv" fi @@ -23,6 +29,24 @@ DEPEND=" # built by hare QA_FLAGS_IGNORED="usr/bin/deblob" +if [[ "${PV}" != "9999" ]] +then + BDEPEND="${BDEPEND} verify-sig? ( sec-keys/signify-keys-lanodan:2024 )" + + VERIFY_SIG_OPENPGP_KEY_PATH="/usr/share/signify-keys/signify-keys-lanodan-2024.pub" + + src_unpack() { + if use verify-sig; then + # Too many levels of symbolic links + cd "${DISTDIR}" || die + cp ${A} "${WORKDIR}" || die + cd "${WORKDIR}" || die + verify-sig_verify_detached "${P}.tar.gz" "${P}.tar.gz.sign" + fi + default + } +fi + src_install() { PREFIX="/usr" default } diff --git a/dev-util/deblob/deblob-9999.ebuild b/dev-util/deblob/deblob-9999.ebuild index 58c33db344..3400f1d6a3 100644 --- a/dev-util/deblob/deblob-9999.ebuild +++ b/dev-util/deblob/deblob-9999.ebuild @@ -7,7 +7,13 @@ if [[ "$PV" == 9999 ]]; then inherit git-r3 EGIT_REPO_URI="https://git.sr.ht/~lanodan/deblob" else - SRC_URI="https://hacktivis.me/releases/${P}.tar.gz" + VERIFY_SIG_METHOD=signify + inherit verify-sig + + SRC_URI=" + https://hacktivis.me/releases/${P}.tar.gz + verify-sig? ( https://hacktivis.me/releases/${P}.tar.gz.sign ) + " KEYWORDS="~amd64 ~arm64 ~riscv" fi @@ -21,6 +27,24 @@ DEPEND="dev-lang/hare:=" # built by hare QA_FLAGS_IGNORED="usr/bin/deblob" +if [[ "${PV}" != "9999" ]] +then + BDEPEND="${BDEPEND} verify-sig? ( sec-keys/signify-keys-lanodan:2023 )" + + VERIFY_SIG_OPENPGP_KEY_PATH="/usr/share/signify-keys/signify-keys-lanodan-2023.pub" + + src_unpack() { + if use verify-sig; then + # Too many levels of symbolic links + cd "${DISTDIR}" || die + cp ${A} "${WORKDIR}" || die + cd "${WORKDIR}" || die + verify-sig_verify_detached "${P}.tar.gz" "${P}.tar.gz.sign" + fi + default + } +fi + src_install() { PREFIX="/usr" default }