On Tue, 2020-10-06 at 13:26 +0200, Ulrich Mueller wrote: > > > > > > On Tue, 06 Oct 2020, Michał Górny wrote: > > Signed-off-by: Michał Górny <mgo...@gentoo.org> > > --- > > app-crypt/openpgp-keys-miniupnp/Manifest | 2 ++ > > app-crypt/openpgp-keys-miniupnp/metadata.xml | 9 ++++++++ > > .../openpgp-keys-miniupnp-20201006.ebuild | 23 +++++++++++++++++++ > > 3 files changed, 34 insertions(+) > > create mode 100644 app-crypt/openpgp-keys-miniupnp/Manifest > > create mode 100644 app-crypt/openpgp-keys-miniupnp/metadata.xml > > create mode 100644 > > app-crypt/openpgp-keys-miniupnp/openpgp-keys-miniupnp-20201006.ebuild > > diff --git a/app-crypt/openpgp-keys-miniupnp/Manifest > > b/app-crypt/openpgp-keys-miniupnp/Manifest > > new file mode 100644 > > index 000000000000..c8f82da42fa6 > > --- /dev/null > > +++ b/app-crypt/openpgp-keys-miniupnp/Manifest > > @@ -0,0 +1,2 @@ > > +DIST A31ACAAF.asc 3139 BLAKE2B > > 4574c3f37965fafa4e2d703276a585d1f17b0da862042620681bac591062b3b70c52cbe5481da543d3c3193a640c06e9d86c3cef1568ae3a3f62901a6ad200ab > > SHA512 > > ecad52850fdcc7c21bab81917b3cea85c48b751534427d3db5750c43cbce73916ec4879e4f5535d4b87b7eca927ad249e384c5597702a0052afa89c23c5719b9 > > +DIST A5C0863C.asc 3098 BLAKE2B > > fdbc8629fd462b9cc72c568b0af5607951055abc03a1e344e4c1b411fb87bfa285c2e29d2781f9e9b02ec0bc63eacf55e5dc19198056a417ba3358dba445cc0c > > SHA512 > > adebff655374dbc8a045f9ab148f9fc343b043e80cb7e4e14c66aa56bfb2f0f5521e294c7600ca708893efc84679f788116d82ef5818370f1425f03dea0a77b9 > > diff --git a/app-crypt/openpgp-keys-miniupnp/metadata.xml > > b/app-crypt/openpgp-keys-miniupnp/metadata.xml > > new file mode 100644 > > index 000000000000..5a5a3aaf4299 > > --- /dev/null > > +++ b/app-crypt/openpgp-keys-miniupnp/metadata.xml > > @@ -0,0 +1,9 @@ > > +<?xml version="1.0" encoding="UTF-8"?> > > +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";> > > +<pkgmetadata> > > + <maintainer type="person"> > > + <email>mgo...@gentoo.org</email> > > + <name>Michał Górny</name> > > + </maintainer> > > + <stabilize-allarches/> > > +</pkgmetadata> > > diff --git > > a/app-crypt/openpgp-keys-miniupnp/openpgp-keys-miniupnp-20201006.ebuild > > b/app-crypt/openpgp-keys-miniupnp/openpgp-keys-miniupnp-20201006.ebuild > > new file mode 100644 > > index 000000000000..4b07eeca6024 > > --- /dev/null > > +++ b/app-crypt/openpgp-keys-miniupnp/openpgp-keys-miniupnp-20201006.ebuild > > @@ -0,0 +1,23 @@ > > +# Copyright 1999-2020 Gentoo Authors > > +# Distributed under the terms of the GNU General Public License v2 > > + > > +EAPI=7 > > + > > +DESCRIPTION="OpenPGP keys used to sign miniupnp* packages" > > +HOMEPAGE="http://miniupnp.free.fr/files/"; > > +SRC_URI=" > > + http://miniupnp.free.fr/A31ACAAF.asc > > + http://miniupnp.free.fr/A5C0863C.asc > > +" > > + > > +LICENSE="public-domain" > > +SLOT="0" > > +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv > > s390 sparc x86" > > + > > +S=${WORKDIR} > > + > > +src_install() { > > + local files=( ${A} ) > > + insinto /usr/share/openpgp-keys > > + newins - miniupnp.asc < <(cat "${files[@]/#/${DISTDIR}/}") > > +} > > -- > > 2.28.0 > > This relies again on Manifest digests for the integrity of the key > distfiles themselves. What do we gain by this indirection, as compared > to validating the distfiles of the target package by their Manifest? >
We gain the ability of verifying it *before* generating Manifest. -- Best regards, Michał Górny
signature.asc
Description: This is a digitally signed message part
