From f28bce49252b3dfcd88ef197ddd557684a964ffe Mon Sep 17 00:00:00 2001 From: Federico Justus Denkena Date: Thu, 5 Dec 2024 03:46:10 +0100 Subject: [PATCH] qubes.eclass: copy from fepitre overlay Signed-off-by: Federico Justus Denkena --- eclass/qubes.eclass | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 eclass/qubes.eclass diff --git a/eclass/qubes.eclass b/eclass/qubes.eclass new file mode 100644 index 0000000..51e76ed --- /dev/null +++ b/eclass/qubes.eclass @@ -0,0 +1,23 @@ +# Maintainer: Frédéric Pierret + +# Workaround for verifying git tags +# Feature request: https://bugs.gentoo.org/733430 +qubes_verify_sources_git() { + # To override the default Qubes repository path, set QUBES_OVERLAY_DIR in your make.conf + LOCAL_QUBES_OVERLAY_DIR="${QUBES_OVERLAY_DIR:-/var/db/repos/qubes}" + # Import Qubes developers keys + gpg --import "${LOCAL_QUBES_OVERLAY_DIR}/keys/qubes-developers-keys.asc" 2>/dev/null + # Trust Qubes Master Signing Key + echo '427F11FD0FAA4B080123F01CDDFA1A3E36879494:6:' | gpg --import-ownertrust + + VALID_TAG_FOUND=0 + for tag in $(git tag --points-at="$1"); do + if git verify-tag --raw "$tag" 2>&1 | grep -q '^\[GNUPG:\] TRUST_\(FULLY\|ULTIMATE\)'; then + VALID_TAG_FOUND=1 + fi + done + + if [ "$VALID_TAG_FOUND" -eq 0 ]; then + die 'Signature verification failed!' + fi +}