diff options
| author |   Lucio Sauer <watermanpaint@posteo.net> | 2024-08-05 13:11:23 +0000 |
|---|---|---|
| committer | Lucio Sauer <watermanpaint@posteo.net> | 2024-08-13 02:42:33 +0200 |
| commit | 5265984de682a7e984e5d6c8b7b9b18aae4710ed (patch) | |
| tree | e98d3b5251e8c4541a5550c07d5d966659354615 /net-p2p | |
| parent | x11-misc/ly: remove redundant pkg_setup (diff) | |
| download | guru-5265984de682a7e984e5d6c8b7b9b18aae4710ed.tar.gz guru-5265984de682a7e984e5d6c8b7b9b18aae4710ed.tar.bz2 guru-5265984de682a7e984e5d6c8b7b9b18aae4710ed.zip | |
net-p2p/p2pool: simplify verify-sig logic
Signed-off-by: Lucio Sauer <watermanpaint@posteo.net>
Diffstat (limited to 'net-p2p')
| -rw-r--r-- | net-p2p/p2pool/Manifest | 2 | ||||
| -rw-r--r-- | net-p2p/p2pool/p2pool-4.0.ebuild | 52 |
2 files changed, 15 insertions, 39 deletions
diff --git a/net-p2p/p2pool/Manifest b/net-p2p/p2pool/Manifest index 0e40af431..eb3221a12 100644 --- a/net-p2p/p2pool/Manifest +++ b/net-p2p/p2pool/Manifest @@ -1,2 +1,2 @@ DIST p2pool-4.0_shasums.asc 2038 BLAKE2B f8f20875a9fa4771753b1eade7c609be761f007ac32a0641109d87890bdd7f2123f11a203d56ffcca5b74b16667e0d8288479688938935434b86875c6c72959c SHA512 bf4a933a81ce9bd48bf293a26d3e4e75b82c67fcfd48d79c57dd86aaac2c2cd54def43b47b05222e0b93fd61623d2c116c403531500a93d45059bca4a0dd3cb4 -DIST p2pool-4.0_source.tar.xz 127772256 BLAKE2B 77de14bd19f43483fa7da0e65f8a27d5f6cf8c2daf5d8d5e07be373c752794bd35c421fd812b65328acd22004766ff235e9ad6e7e613d08ca3c27ac95153cbc3 SHA512 ea37993d13342b303902e6aa6acb090a908ba99ae304d9415480ff39a3647c84a963ab80b317c9c78a9f11631e0ca9547a08c6e0c23b83892037b63d4beef7a2 +DIST p2pool-4.0.tar.xz 127772256 BLAKE2B 77de14bd19f43483fa7da0e65f8a27d5f6cf8c2daf5d8d5e07be373c752794bd35c421fd812b65328acd22004766ff235e9ad6e7e613d08ca3c27ac95153cbc3 SHA512 ea37993d13342b303902e6aa6acb090a908ba99ae304d9415480ff39a3647c84a963ab80b317c9c78a9f11631e0ca9547a08c6e0c23b83892037b63d4beef7a2 diff --git a/net-p2p/p2pool/p2pool-4.0.ebuild b/net-p2p/p2pool/p2pool-4.0.ebuild index 5168a4e13..b4dbe4ef2 100644 --- a/net-p2p/p2pool/p2pool-4.0.ebuild +++ b/net-p2p/p2pool/p2pool-4.0.ebuild @@ -1,7 +1,6 @@ -# Copyright 2022 Gentoo Authors +# Copyright 2022-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -#TODO: verify hell script is safe #TODO: enable/fix GRPC dependency and add it as USE flag (https://github.com/SChernykh/p2pool/issues/313) EAPI=8 @@ -11,7 +10,7 @@ inherit cmake verify-sig DESCRIPTION="Decentralized pool for Monero mining" HOMEPAGE="https://p2pool.io" SRC_URI=" - https://github.com/SChernykh/p2pool/releases/download/v${PV}/p2pool_source.tar.xz -> ${P}_source.tar.xz + https://github.com/SChernykh/p2pool/releases/download/v${PV}/p2pool_source.tar.xz -> ${P}.tar.xz verify-sig? ( https://github.com/SChernykh/p2pool/releases/download/v${PV}/sha256sums.txt.asc -> ${P}_shasums.asc ) " @@ -27,44 +26,21 @@ BDEPEND=" verify-sig? ( sec-keys/openpgp-keys-schernykh ) " -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/SChernykh.asc - src_unpack() { if use verify-sig; then - #what we want to do is `verify-sig_verify_signed_checksums ${P}_shasums.asc sha512 p2pool_source.tar.xz` - verify-sig_verify_message "${DISTDIR}/${P}_shasums.asc" "${WORKDIR}/p2pool_shasums.txt" - - #start of hell script - hellscript_stage=0 - tr -d '\r' < p2pool_shasums.txt | while IFS='' read -r LINE; do - if [ "$hellscript_stage" -eq 0 ] && [ "$LINE" = "Name: p2pool_source.tar.xz" ]; then - hellscript_stage=1 - continue - fi - if [ "$hellscript_stage" -eq 1 ]; then - hellscript_sizestring="Size: $(cat ${DISTDIR}/${P}_source.tar.xz | wc -c) bytes" - if [ "${LINE:0:"${#hellscript_sizestring}"}" = "$hellscript_sizestring" ]; then - hellscript_stage=2 - continue - else - die - fi - fi - if [ "$hellscript_stage" -eq 2 ]; then - hellscript_shaprefix="SHA256: " - if [ "${LINE:0:"${#hellscript_shaprefix}"}" = "$hellscript_shaprefix" ]; then - echo "$(echo "${LINE:"${#hellscript_shaprefix}"}" | tr '[:upper:]' '[:lower:]') ${DISTDIR}/${P}_source.tar.xz" \ - > "${WORKDIR}/src_shasum.txt" - else - die - fi - break - fi - done - verify-sig_verify_unsigned_checksums "${WORKDIR}/src_shasum.txt" sha256 "${DISTDIR}/${P}_source.tar.xz" - #end of hell script + local VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/SChernykh.asc + pushd "${DISTDIR}" > /dev/null || die + verify-sig_verify_message ${P}_shasums.asc - | \ + tr \\r \\n | \ + tr '[:upper:]' '[:lower:]' | \ + sed -n '/p2pool_source/,$p' | \ + grep -m 1 sha256: | \ + sed "s/sha256: \(.*\)/\1 ${P}.tar.xz/" | \ + verify-sig_verify_unsigned_checksums - sha256 ${P}.tar.xz + assert + popd || die fi - unpack ${P}_source.tar.xz + unpack ${P}.tar.xz mv -T "${WORKDIR}"/${PN} "${WORKDIR}"/${P} || die } |