Use openpgp-verify-detached when app-portage/gemato-20.0 is installed.
This lets us test the new code paths on ~arch with minimal risk
of breakage on stable.

Signed-off-by: Michał Górny <[email protected]>
---
eclass/verify-sig.eclass | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)

This is roughly the same patch that I've sent before, except that now
it features a has_version condition to restrict the changes to ~arch
gemato version.

diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass
index 91433bf53453..f67a3b10a0bf 100644
--- a/eclass/verify-sig.eclass
+++ b/eclass/verify-sig.eclass
@@ -144,9 +144,16 @@ verify-sig_verify_detached() {
# gpg can't handle very long TMPDIR
# https://bugs.gentoo.org/854492
local -x TMPDIR=/tmp
- gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \
- gpg --verify "${sig}" "${file}" ||
- die "PGP signature verification failed"
+ if has_version -b ">=app-portage/gemato-20"; then
+ gemato openpgp-verify-detached -K "${key}" \
+ "${extra_args[@]}" \
+ "${sig}" "${file}" ||
+ die "PGP signature verification failed" + else
+ gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \
+ gpg

On Wed, 8 Mar 2023 17:33:24 +0100
Michał Górny <[email protected]> wrote:

Use openpgp-verify-detached when app-portage/gemato-20.0 is installed.
This lets us test the new code paths on ~arch with minimal risk
of breakage on stable.

Signed-off-by: Michał Górny <[email protected]>
---
eclass/verify-sig.eclass | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)

This is roughly the same patch that I've sent before, except that now
it features a has_version condition to restrict the changes to ~arch
gemato version.

diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass
index 91433bf53453..f67a3b10a0bf 100644
--- a/eclass/verify-sig.eclass
+++ b/eclass/verify-sig.eclass
@@ -144,9 +144,16 @@ verify-sig_verify_detached() {
# gpg can't handle very long TMPDIR
# https://bugs.gentoo.org/854492
local -x TMPDIR=/tmp
- gemato gpg-wrap -K "${key}"
"${extra_args[@]}" -- \
- gpg --verify "${sig}" "${file}" ||
- die "PGP signature verification
failed"
+ if has_version -b ">=app-portage/gemato-20";

Do we want to log when taking this path temporarily?


-----BEGIN PGP SIGNATURE-----

iNUEARYKAH0WIQQlpruI3Zt2TGtVQcJzhAn1IN+RkAUCZAkSFF8UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MjVB NkJCODhERDlCNzY0QzZCNTU0MUMyNzM4NDA5RjUyMERGOTE5MAAKCRBzhAn1IN+R kItzAP4hBqeDP0I9ksQlxBfHZzFG6ms0ZvDcjz9lmuoV/GRyHgEAsyWq5t42AhFU ATJcJHZNEII0K1DIbUmJlwh820AVPwY=
=ZX0g
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 2023-03-08 at 22:54 +0000, Sam James wrote:

On Wed, 8 Mar 2023 17:33:24 +0100
Michał Górny <[email protected]> wrote:

Use openpgp-verify-detached when app-portage/gemato-20.0 is installed.
This lets us test the new code paths on ~arch with minimal risk
of breakage on stable.

Signed-off-by: Michał Górny <[email protected]>
---
eclass/verify-sig.eclass | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)

This is roughly the same patch that I've sent before, except that now
it features a has_version condition to restrict the changes to ~arch
gemato version.

diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass
index 91433bf53453..f67a3b10a0bf 100644
--- a/eclass/verify-sig.eclass
+++ b/eclass/verify-sig.eclass
@@ -144,9 +144,16 @@ verify-sig_verify_detached() {
# gpg can't handle very long TMPDIR
# https://bugs.gentoo.org/854492
local -x TMPDIR=/tmp
- gemato gpg-wrap -K "${key}"
"${extra_args[@]}" -- \
- gpg --verify "${sig}" "${file}" ||
- die "PGP signature verification
failed"
+ if has_version -b ">=app-portage/gemato-20";

Do we want to log when taking this path temporarily?

I don't think it's necessary, the output is clearly distinguishable.

--
Best regards,
Michał Górny

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)