From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 0E9DC15808A for ; Mon, 28 Jul 2025 16:28:10 +0000 (UTC) Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (No client certificate requested) (Authenticated sender: relay-lists.gentoo.org@gentoo.org) by smtp.gentoo.org (Postfix) with ESMTPSA id F0285341FF4 for ; Mon, 28 Jul 2025 16:28:09 +0000 (UTC) Received: from bobolink.gentoo.org (localhost [127.0.0.1]) by bobolink.gentoo.org (Postfix) with ESMTP id 8F2CE110566; Mon, 28 Jul 2025 16:27:12 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (No client certificate requested) by bobolink.gentoo.org (Postfix) with ESMTPS id CF3101102A2 for ; Mon, 28 Jul 2025 16:27:11 +0000 (UTC) Received: from [IPV6:2603:6011:3f0:cf90::12ac] (unknown [IPv6:2603:6011:3f0:cf90::12ac]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: eschwartz) by smtp.gentoo.org (Postfix) with ESMTPSA id 8272A335DEB for ; Mon, 28 Jul 2025 16:27:11 +0000 (UTC) Message-ID: <830041d8-20fc-4ebf-9062-1ab607d28dd0@gentoo.org> Date: Mon, 28 Jul 2025 12:27:08 -0400 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [gentoo-dev] [PATCH v3 1/3] sec-keys.eclass: new eclass To: gentoo-dev@lists.gentoo.org References: <20241127203042.1503004-1-eschwartz@gentoo.org> <20250725041530.745342-1-eschwartz@gentoo.org> <20250725041530.745342-2-eschwartz@gentoo.org> <8734agjpru.fsf@gentoo.org> Content-Language: en-US From: Eli Schwartz Autocrypt: addr=eschwartz@gentoo.org; keydata= xjMEZmeRNBYJKwYBBAHaRw8BAQdAYNZ7pUDWhx1i2f3p6L2ZLu4FcY18UoeGC04Gq/khqwfN I0VsaSBTY2h3YXJ0eiA8ZXNjaHdhcnR6QGdlbnRvby5vcmc+wpYEExYKAD4WIQTvUdMIsc4j CIi+DYTqQj6ToWND8QUCZoRL+gIbAwUJBKKGAAULCQgHAwUVCgkICwUWAgMBAAIeBQIXgAAK CRDqQj6ToWND8aB5AP9r4kB691nNtNwKkdRiOdl7/k6WYzokvHvDamXxRJ0I+gEAjZqR5V8y mfR3fy2Z+r2Joeqdt3CIv5IwPs64spBvigLOOARmZ5E0EgorBgEEAZdVAQUBAQdATT46Z06b 1X9xjXFCYFxmq/Tj3tSEKZInDWTpoHQp4l8DAQgHwn4EGBYKACYWIQTvUdMIsc4jCIi+DYTq Qj6ToWND8QUCZmeRNAIbDAUJBKKGAAAKCRDqQj6ToWND8a2RAP40KPfbfoiZAJW5boFmFJ3G TUBDJRh9CWHyaPqq2PN+0wD/R07oLzfnJUN209mzi9TuTuHjeZybysyqXSw4MAxkMAY= In-Reply-To: <8734agjpru.fsf@gentoo.org> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------e1bq7fL8jdIIV7O8Li2pDnZD" X-Archives-Salt: 664cb587-9fbe-4884-89e0-2fce442011b0 X-Archives-Hash: 279dece0c83ae51e85f487fd570baef7 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------e1bq7fL8jdIIV7O8Li2pDnZD Content-Type: multipart/mixed; boundary="------------jbXQiug0k8UpotA8HT2MGIbR"; protected-headers="v1" From: Eli Schwartz To: gentoo-dev@lists.gentoo.org Message-ID: <830041d8-20fc-4ebf-9062-1ab607d28dd0@gentoo.org> Subject: Re: [gentoo-dev] [PATCH v3 1/3] sec-keys.eclass: new eclass References: <20241127203042.1503004-1-eschwartz@gentoo.org> <20250725041530.745342-1-eschwartz@gentoo.org> <20250725041530.745342-2-eschwartz@gentoo.org> <8734agjpru.fsf@gentoo.org> In-Reply-To: <8734agjpru.fsf@gentoo.org> --------------jbXQiug0k8UpotA8HT2MGIbR Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 7/28/25 11:31 AM, Sam James wrote: >> + for key in "${SEC_KEYS_VALIDPGPKEYS[@]}"; do >> + if [[ ${key##*:} =3D *github* ]]; then >> + name=3D${key#*:}; name=3D${name%%:*} >> + wget -qO- https://github.com/${name}.gpg | gpg --import || die >=20 > I (still) think this should have a pipestatus, if nothing else to be a > good example and avoid possible lint issues down the road. Okay, I remember this private conversation now -- at the time, I refused on the grounds it would entail using the name "assert". :P Will add. >> + fi >> + done >> + >> + for fingerprint in "${SEC_KEYS_VALIDPGPKEYS[@]%%:*}"; do >> + pgpdump "${fingerprint}.asc" > "${fingerprint}.pgpdump" || die >> + "${gpg_command[@]}" --export "${fingerprint}" | pgpdump >>> "${fingerprint}.pgpdump.new" || die >=20 > ... and here. (And for context, this is safe because pgpdump has a reliable exit code even if given a half-formed key missing the closing boundary. Still, I agree that for consistency and as a good example it's fine to do.) --=20 Eli Schwartz --------------jbXQiug0k8UpotA8HT2MGIbR-- --------------e1bq7fL8jdIIV7O8Li2pDnZD Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQTnFNnmK0TPZHnXm3qEp9ErcA0vVwUCaIek3QUDAAAAAAAKCRCEp9ErcA0vV6zF AQDDcoamfJpIOZJdnwHDtc/eQYdOa9oTPa/+aXzgkSHLNAEAosXaBdCOfYGcM2NqR2sp2TZa3MnX 1MDN9hwemOxtHA4= =OGq3 -----END PGP SIGNATURE----- --------------e1bq7fL8jdIIV7O8Li2pDnZD--