From: "Michał Górny" <mgorny@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Cc: "Michał Górny" <mgorny@gentoo.org>
Subject: [gentoo-dev] [PATCH 5/5] dev-lang/python: Use sigstore in 3.13.0 (example)
Date: Sat, 12 Oct 2024 20:52:06 +0200 [thread overview]
Message-ID: <20241012185704.771370-6-mgorny@gentoo.org> (raw)
In-Reply-To: <20241012185704.771370-1-mgorny@gentoo.org>
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
dev-lang/python/Manifest | 2 +-
dev-lang/python/python-3.13.0.ebuild | 8 +++++---
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/dev-lang/python/Manifest b/dev-lang/python/Manifest
index daddb0dad1f4..7663f0072d2a 100644
--- a/dev-lang/python/Manifest
+++ b/dev-lang/python/Manifest
@@ -9,7 +9,7 @@ DIST Python-3.12.6.tar.xz.asc 963 BLAKE2B d5f9e4c5053610a1a53769278e69d8a25e2fb0
DIST Python-3.12.7.tar.xz 20444032 BLAKE2B eed8744261cab3b401963ec5187a8b814adb9a18f8d0a6a3d59c027a83cf8408524af9b20204b0a0861d173cc33c45ae37bb1542a1ace3344dc59c649087ff1f SHA512 4a363d3f852ad8f4fd1484aa4cec35494a3811be48ef67fadb2bdf2e2489ed07dc78fad6ab475257db503ddd64d39f9800f23a1c94b6bbd15b7f632cff0c90ae
DIST Python-3.12.7.tar.xz.asc 963 BLAKE2B 8c7db3d1971d93a10c611a2e6dd3679d0b331b48df87b5fe410b089061e48753d98af67084d4f051a31ae803fce3aa3c7af7cba9c692640f50068bd1e46f40e6 SHA512 4d0a7a0da2c81888e93d8ff89ca2ed4bb85a7b0bd00f0d54a14e2c201affac2677ef3984d2b5aea253e624f6465548d9032eefdd9033c1eb3864d82cfd8d3df0
DIST Python-3.13.0.tar.xz 22532980 BLAKE2B 4a4e397199402de8c9fe8e4d63443ed972cbe8a4f541743908d699c7987127d159d600fd14145b6a946e8671426279d230c9155fdc5863c1e49a945eedcbf21b SHA512 44a143c9b96b55b01885ec020c3364265bda55289615cd7d5071915b0d0178a6f35e7551a89090001fcb7f3172d38177a56bf8b8532b15c9dbc50295c9210152
-DIST Python-3.13.0.tar.xz.asc 963 BLAKE2B d05f02692a9fea42b73dbfe5dc42bd6533555e5ecb848510d2b94bb7f0e55d4a0f89bcd20b073ed2c7f7a68be35b12cb6dbff6bc16fc9a4592ded2c339ada7fd SHA512 1b8bb0fe4eb93e31ec1770e90b94d44b5864c0391aad5dcba3a30d8e505d9b17107385414353c0060007f8a536254f49b8e919f36ddf6421a6e4330f817f1a3e
+DIST Python-3.13.0.tar.xz.sigstore 5067 BLAKE2B a774f8d3947bd114ea9cd8d028ba06d30a11385a5295d2f0535f507789e08697e290a920df23064add58496f3a8765aeb1ce3bad4e5548613e78e2b283852ff8 SHA512 6c9d99299ed3f1d221deca6e0a7abc9a89a7c87d2c74225c1175691b1c21ccc5d55da17d69dc9893f94d91deaf1870c1a2a4be0905fc2dbed16d34a4110e3ec2
DIST Python-3.8.20.tar.xz 18962788 BLAKE2B 715c75e0c0a3d3b77af7f07478311bb0554b80aac72915be703aa2d0dd6459a972e5669808e64da14a0b91bb183e00655055c1726f302dc3ccd8721e3b4ae3e6 SHA512 3c9341ee1fd33cb687958dcf2b7c0c7700489726c4d530c3e9d9537d46a6ab534541a4b312232d8505bea395a07e4518c42d75fb7571103e6b266f8f44115c61
DIST Python-3.8.20.tar.xz.asc 833 BLAKE2B 5c86c15a1090b42e42bb7512565b1a7ad9d2137d59e9fd1ab0f83fdfc37dfcf184389418d6703db809e9c8c04a169af292665a2b58bf5dc61b7724ecbb4132d9 SHA512 a751ae0407a593d97acac4d5f8a0456580c753efa12a7d960125c219b4897fdb26fc1ffd43d8ea33ad1449162dd3b2904c16b6c51c57561ba73de3ffa62e0eed
DIST Python-3.9.20.tar.xz 19648968 BLAKE2B 80a337ff406130599b8320068d11bc275d23473cedd7c85fcb9e40134f0f2d533be6e712139e788a6423cdc74cea938f306aa37c2a5099e3051f3e390159279c SHA512 c828f33edf1704e3149499d6d34e89264cb5cdb2b09ff05561641b359716d7996f0fe928629e09f006b1fd7850fdaf937275919c7fdd83f5efc32707c64d814b
diff --git a/dev-lang/python/python-3.13.0.ebuild b/dev-lang/python/python-3.13.0.ebuild
index 9216c5683e4c..c2b8106373ab 100644
--- a/dev-lang/python/python-3.13.0.ebuild
+++ b/dev-lang/python/python-3.13.0.ebuild
@@ -25,7 +25,7 @@ SRC_URI="
https://www.python.org/ftp/python/${PV%%_*}/${MY_P}.tar.xz
https://dev.gentoo.org/~mgorny/dist/python/${PATCHSET}.tar.xz
verify-sig? (
- https://www.python.org/ftp/python/${PV%%_*}/${MY_P}.tar.xz.asc
+ https://www.python.org/ftp/python/${PV%%_*}/${MY_P}.tar.xz.sigstore
)
"
S="${WORKDIR}/${MY_P}"
@@ -105,7 +105,9 @@ if [[ ${PV} != *_alpha* ]]; then
"
fi
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/python.org.asc
+VERIFY_SIG_METHOD=sigstore
+VERIFY_SIG_CERT_IDENTITY=thomas@python.org
+VERIFY_SIG_CERT_OIDC_ISSUER=https://accounts.google.com
# large file tests involve a 2.5G file being copied (duplicated)
CHECKREQS_DISK_BUILD=5500M
@@ -150,7 +152,7 @@ pkg_setup() {
src_unpack() {
if use verify-sig; then
- verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.xz{,.asc}
+ verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.xz{,.sigstore}
fi
default
}
--
2.47.0
prev parent reply other threads:[~2024-10-12 18:58 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-12 18:52 [gentoo-dev] [PATCH 0/5] verify-sig.eclass: sigstore support Michał Górny
2024-10-12 18:52 ` [gentoo-dev] [PATCH 1/5] sec-keys/sigstore-trusted-root: New package, v0_p20241010 Michał Górny
2024-10-12 18:52 ` [gentoo-dev] [PATCH 2/5] verify-sig.eclass: Refactor code to use extra_args for all types Michał Górny
2024-10-12 18:52 ` [gentoo-dev] [PATCH 3/5] verify-sig.eclass: Error out on invalid method+function combos Michał Górny
2024-10-12 18:52 ` [gentoo-dev] [PATCH 4/5] verify-sig.eclass: Add support for verifying sigstore signatures Michał Górny
2024-10-12 18:52 ` Michał Górny [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241012185704.771370-6-mgorny@gentoo.org \
--to=mgorny@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox