From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 066C51581F3 for ; Thu, 28 Nov 2024 15:37:09 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 72388E091D; Thu, 28 Nov 2024 15:36:48 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 0F1FFE08FA for ; Thu, 28 Nov 2024 15:36:48 +0000 (UTC) Message-ID: <5abc6086-b2f8-4aa2-8298-a1a633586344@gentoo.org> Date: Thu, 28 Nov 2024 10:36:45 -0500 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [gentoo-dev] [PATCH 1/2] sec-keys.eclass: new eclass To: gentoo-dev@lists.gentoo.org References: <20241127203042.1503004-1-eschwartz@gentoo.org> Content-Language: en-US From: Eli Schwartz Autocrypt: addr=eschwartz@gentoo.org; keydata= xjMEZmeRNBYJKwYBBAHaRw8BAQdAYNZ7pUDWhx1i2f3p6L2ZLu4FcY18UoeGC04Gq/khqwfN I0VsaSBTY2h3YXJ0eiA8ZXNjaHdhcnR6QGdlbnRvby5vcmc+wpYEExYKAD4WIQTvUdMIsc4j CIi+DYTqQj6ToWND8QUCZoRL+gIbAwUJBKKGAAULCQgHAwUVCgkICwUWAgMBAAIeBQIXgAAK CRDqQj6ToWND8aB5AP9r4kB691nNtNwKkdRiOdl7/k6WYzokvHvDamXxRJ0I+gEAjZqR5V8y mfR3fy2Z+r2Joeqdt3CIv5IwPs64spBvigLOOARmZ5E0EgorBgEEAZdVAQUBAQdATT46Z06b 1X9xjXFCYFxmq/Tj3tSEKZInDWTpoHQp4l8DAQgHwn4EGBYKACYWIQTvUdMIsc4jCIi+DYTq Qj6ToWND8QUCZmeRNAIbDAUJBKKGAAAKCRDqQj6ToWND8a2RAP40KPfbfoiZAJW5boFmFJ3G TUBDJRh9CWHyaPqq2PN+0wD/R07oLzfnJUN209mzi9TuTuHjeZybysyqXSw4MAxkMAY= In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------dTRpyLJ04gIVCg0V6D7YeIyB" X-Archives-Salt: 0ad72045-36bf-4b48-bc48-ecf9e1cff787 X-Archives-Hash: 9cd9ecccb466e12f02a251698824aa0a This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------dTRpyLJ04gIVCg0V6D7YeIyB Content-Type: multipart/mixed; boundary="------------lLAdaQRCsdKwYxnNNU9Lgn0W"; protected-headers="v1" From: Eli Schwartz To: gentoo-dev@lists.gentoo.org Message-ID: <5abc6086-b2f8-4aa2-8298-a1a633586344@gentoo.org> Subject: Re: [gentoo-dev] [PATCH 1/2] sec-keys.eclass: new eclass References: <20241127203042.1503004-1-eschwartz@gentoo.org> In-Reply-To: --------------lLAdaQRCsdKwYxnNNU9Lgn0W Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/28/24 5:35 AM, Ulrich M=C3=BCller wrote: >>>>>> On Wed, 27 Nov 2024, Eli Schwartz wrote: >=20 >> --- /dev/null >> +++ b/eclass/sec-keys.eclass >> @@ -0,0 +1,150 @@ >> +# Copyright 2024 Gentoo Authors >> +# Distributed under the terms of the GNU General Public License v2 >> + >> +# @ECLASS: sec-keys.eclass >> +# @MAINTAINER: >> +# Eli Schwartz >> +# @AUTHOR: >> +# Eli Schwartz >> +# @SUPPORTED_EAPIS: 8 >> +# @BLURB: Provides a uniform way of handling ebuilds which package PG= P key material >> +# @DESCRIPTION: >> +# This eclass provides a streamlined approach to finding suitable sou= rce material >> +# for OpenPGP keys used by the verify-sig eclass. Its primary purpose= is to permit >> +# developers to easily and securely package new sec-keys/* packages. = The eclass >> +# removes the risk of developers accidentally packaging malformed key= material, or >> +# neglecting to notice when PGP identities have changed. >> +# >> +# To use the eclass, define SEC_KEYS_VALIDPGPKEYS to contain the fing= erprint of >> +# the key and the short name of the key's owner. >=20 > Please wrap these comment lines to a line length of 70-ish characters > for readability. >=20 > Also, there should be two spaces after every full stop (except when it'= s > followed by a newline), so groff can recognise the sentence end in the > generated man page. I usually do 80-ish for readability! Okay, I can do 70 too. :) Thanks for the tip about the spaces, I don't usually write groff by hand. Surprising that groff cannot handle this automatically, though. >> +_sec_keys_set_globals() { >> + if [[ ${SEC_KEYS_VALIDPGPKEYS[*]} ]]; then >=20 > Why is the if needed? If the array is empty, the following for loop > won't execute. Not sure, perhaps an artifact of a previous revision that had different handling. Let's remove it. >> + printf '%s\n' "${imported_keys[@]}" | sort > imported_keys.list || d= ie >> + printf '%s\n' "${SEC_KEYS_VALIDPGPKEYS[@]%%:*}" | sort > allowed_key= s.list || die >=20 > Maybe create these files in ${T} instead? I'm not sure this is an important distinction. It's the main thing the package works on. I could put GNUPGHOME in ${T} as well, if you like? :) But keeping it in ${WORKDIR} makes it more straightforward for people to look at manually when a failed build happens. And that's important when dealing with the primary logic of a package (there's no source code to compile here). --=20 Eli Schwartz --------------lLAdaQRCsdKwYxnNNU9Lgn0W-- --------------dTRpyLJ04gIVCg0V6D7YeIyB Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQTnFNnmK0TPZHnXm3qEp9ErcA0vVwUCZ0iODQUDAAAAAAAKCRCEp9ErcA0vVyLp AP41euZbZXGdM8rZ227eSxpp2VCGpl3NkNWo5YBRMbg88gEA+SdUDaXSPANwomDwNYPPHo/+CTtp EAsv+W7MqnNu1gE= =dfLS -----END PGP SIGNATURE----- --------------dTRpyLJ04gIVCg0V6D7YeIyB--