#!/bin/sh # -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- prog=$( basename $0 .bash ) ROLE=base . /usr/local/bin/usr_local_tput.bash PYVER=3 PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' ) [ -d /etc/portage ] || exit 0 usage () { echo "USAGE: $prog [command args] -" $* ; exit 1 ; } error () { retval=$1 ; shift; ERROR "$prog" $* ; exit $retval ; } warn () { : ; } info () { : ; } debug () { : ; } # must be run as root [ "$( id -u )" -ne "0" ] && error 1 "must be run as root" [ -f /etc/portage/package.use/2021-00_verify-sig.txt ] || \ touch /etc/portage/package.use/2021-00_verify-sig.txt || exit 2 equery h -F '$cp:$slot' verify-sig | \ sed -e 's/:0.*//' | while read b ; do \ grep -q "^$b " /etc/portage/package.use/2021-00_verify-sig.txt && continue eix -r "^$b$" | grep -q Installed && \ echo '#' $b verify-sig>>/etc/portage/package.use/2021-00_verify-sig.txt || \ echo '##' $b verify-sig>>/etc/portage/package.use/2021-00_verify-sig.txt done [ -f /usr/lib/python$PYTHON_MINOR/site-packages/portage/eclass_cache.py.diff ] || \ cat > /usr/lib/python$PYTHON_MINOR/site-packages/portage/eclass_cache.py.diff << EOF *** eclass_cache.py.dst 2021-06-13 21:26:05.000000000 +0000 --- eclass_cache.py 2021-06-24 10:45:12.422857990 +0000 *************** *** 166,175 **** --- 166,176 ---- return d def get_eclass_data(self, inherits): ec_dict = {} for x in inherits: + if x not in self.eclasses: continue ec_dict[x] = self.eclasses[x] return ec_dict @property EOF [ -f /usr/lib/python$PYTHON_MINOR/site-packages/portage/eclass_cache.py.dst ] || \ patch -b -z .dst /usr/lib/python$PYTHON_MINOR/site-packages/portage/eclass_cache.py \ < /usr/lib/python$PYTHON_MINOR/site-packages/portage/eclass_cache.py.diff [ -f /usr/portage/eclass/verify-sig.eclass.diff ] || \ cat > /usr/portage/eclass/verify-sig.eclass.diff << EOF *** /usr/portage/eclass/verify-sig.eclass.dst 2021-07-29 06:09:55.000000000 +0000 --- /usr/portage/eclass/verify-sig.eclass 2021-08-18 19:13:29.502980940 +0000 *************** *** 86,95 **** --- 86,99 ---- [[ -n ${key} ]] || die "${FUNCNAME}: no key passed and VERIFY_SIG_OPENPGP_KEY_PATH unset" local extra_args=() [[ ${VERIFY_SIG_OPENPGP_KEY_REFRESH} == yes ]] || extra_args+=( -R ) + # gemato -R, --no-refresh-keys + # Disable refreshing OpenPGP key (prevents network + # access, applicable when using -K only) + [ -z "$http_proxy" ] || extra_args+=( --proxy $http_proxy ) [[ -n ${VERIFY_SIG_OPENPGP_KEYSERVER+1} ]] && extra_args+=( --keyserver "${VERIFY_SIG_OPENPGP_KEYSERVER}" ) # GPG upstream knows better than to follow the spec, so we can't *************** *** 98,110 **** addpredict /run/user local filename=${file##*/} [[ ${file} == - ]] && filename='(stdin)' einfo "Verifying ${filename} ..." ! gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \ ! gpg --verify "${sig}" "${file}" || ! die "PGP signature verification failed" } # @FUNCTION: verify-sig_verify_message # @USAGE:

[] # @DESCRIPTION: --- 102,121 ---- addpredict /run/user local filename=${file##*/} [[ ${file} == - ]] && filename='(stdin)' einfo "Verifying ${filename} ..." ! einfo gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \ ! gpg --verify --disable-dirmngr \ ! "${sig}" "${file}" ! # --keyserver-options http-proxy=http://localhost:3128 ! einfo `env |sort` ! # env - is necessary andx sufficient ! env - gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \ ! gpg --verify --disable-dirmngr \ ! "${sig}" "${file}" || \ ! die "PGP signature verification failed" } # @FUNCTION: verify-sig_verify_message # @USAGE:

[] # @DESCRIPTION: *************** *** 122,131 **** --- 133,143 ---- [[ -n ${key} ]] || die "${FUNCNAME}: no key passed and VERIFY_SIG_OPENPGP_KEY_PATH unset" local extra_args=() [[ ${VERIFY_SIG_OPENPGP_KEY_REFRESH} == yes ]] || extra_args+=( -R ) + [ -z "$http_proxy" ] || extra_args+=( --proxy $http_proxy ) [[ -n ${VERIFY_SIG_OPENPGP_KEYSERVER+1} ]] && extra_args+=( --keyserver "${VERIFY_SIG_OPENPGP_KEYSERVER}" ) # GPG upstream knows better than to follow the spec, so we can't *************** *** 134,146 **** addpredict /run/user local filename=${file##*/} [[ ${file} == - ]] && filename='(stdin)' einfo "Verifying ${filename} ..." ! gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \ ! gpg --verify --output="${output_file}" "${file}" || ! die "PGP signature verification failed" } # @FUNCTION: verify-sig_verify_signed_checksums # @USAGE: [] # @DESCRIPTION: --- 146,165 ---- addpredict /run/user local filename=${file##*/} [[ ${file} == - ]] && filename='(stdin)' einfo "Verifying ${filename} ..." ! einfo gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \ ! gpg --verify --disable-dirmngr --output="${output_file}" \ ! "${file}" ! # --keyserver-options http-proxy=http://localhost:3128 ! einfo `env |sort` ! # env - is necessary and sufficient ! env - gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \ ! gpg --verify --disable-dirmngr --output="${output_file}" \ ! "${file}" || \ ! die "PGP signature verification failed" } # @FUNCTION: verify-sig_verify_signed_checksums # @USAGE: [] # @DESCRIPTION: EOF [ -f /usr/portage/eclass/verify-sig.eclass.dst ] || \ patch -b -z .dst /usr/portage/eclass/verify-sig.eclass \ < /usr/portage/eclass/verify-sig.eclass.diff || exit 3