From a0b000950194013ab735914a4b0e9f85d2d7a28b Mon Sep 17 00:00:00 2001 From: Sandino Araico Sanchez Date: Fri, 11 Oct 2024 20:23:25 -0600 Subject: [PATCH] dev-libs/openssl: requires older openpgp-keys-openssl-20230801 --- dev-libs/openssl/Manifest | 1 + dev-libs/openssl/openssl-1.1.1w-r1.ebuild | 268 ++++++++++++++++++ sec-keys/openpgp-keys-openssl/Manifest | 40 +++ sec-keys/openpgp-keys-openssl/metadata.xml | 8 + .../openpgp-keys-openssl-20220316-r1.ebuild | 25 ++ .../openpgp-keys-openssl-20221101.ebuild | 64 +++++ .../openpgp-keys-openssl-20230207.ebuild | 65 +++++ .../openpgp-keys-openssl-20230801.ebuild | 68 +++++ .../openpgp-keys-openssl-20240424.ebuild | 72 +++++ .../openpgp-keys-openssl-20240920.ebuild | 65 +++++ 10 files changed, 676 insertions(+) create mode 100644 dev-libs/openssl/openssl-1.1.1w-r1.ebuild create mode 100644 sec-keys/openpgp-keys-openssl/Manifest create mode 100644 sec-keys/openpgp-keys-openssl/metadata.xml create mode 100644 sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20220316-r1.ebuild create mode 100644 sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20221101.ebuild create mode 100644 sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20230207.ebuild create mode 100644 sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20230801.ebuild create mode 100644 sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20240424.ebuild create mode 100644 sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20240920.ebuild diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest index 79843d7..f3ddbea 100644 --- a/dev-libs/openssl/Manifest +++ b/dev-libs/openssl/Manifest @@ -8,5 +8,6 @@ DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e DIST openssl-1.1.1w.tar.gz 9893384 BLAKE2B 2fdba6ca0188928ab2f74e606136afca66cfa0467170fa6298ef160b64ac6fdcad1e81e5dd14013ce0e9921d0f7417edec531cd0beaf1196fec704c2c6d48395 SHA512 b4c625fe56a4e690b57b6a011a225ad0cb3af54bd8fb67af77b5eceac55cc7191291d96a660c5b568a08a2fbf62b4612818e7cca1bb95b2b6b4fc649b0552b6d DIST openssl-1.1.1w.tar.gz.asc 833 BLAKE2B d990be69ed913509d52b78e7473668429d4485adb29ef03e4612dd0cadbac4f04c7289d8e5baf6f397bcedeaac9f802f18fc719964d882ae0514ed1ca16ae277 SHA512 0f3d7aa48b1cabf8dd43e8108aeed10a4dffb4f5a244d4da9c86ea358b0c8b90c46da561d21e01c567c2f5035d824ed82ec104aad1776b7f33a1be85990e98ef EBUILD openssl-1.0.2u-r1.ebuild 10129 BLAKE2B fe03657452c1218e9ed6fff4b939ae5a1b648b20495690c8cc5f8668b6985c860176733080b4f0265d4bae6bc060bf432995a404be24733735ede3f5440f793a SHA512 e843699fac5b1bdf348fb13cd7de96af09af709e6b9dd5d0ca20d867a38ad870504ac58e7bf21efc01f8303520938031f36f0f5e5d1e76458c6e954ee464f364 +EBUILD openssl-1.1.1w-r1.ebuild 8232 BLAKE2B 2ae0e5e9b162fe27e592c2e89e6a965e331d89f0e0dadaf41df53f1d8e61cc851a1a3098b6b48ba1ef9615e0128c4e011c589ea5b7bf563992eb523e9fc72ae1 SHA512 7c43d5ad4dfc8f428c589f4570aedd950e964fde29b8d6313cb8c063070c11d0947f6ce183e360e2cf5ce9ea07f92d26cf001711bc2e1c242a91e80e69fe0ce5 EBUILD openssl-1.1.1w.ebuild 8233 BLAKE2B 4657e3e413f25f4503dbc5484e3d06e63c25c64f9132e3ce64629601f729380b6e1918d34f19e9269ac8ed066b2014d2163d54808e67476d033b2af1603cf609 SHA512 122f5d3e3577d9da17d0a49b38925d3fbbaab4117c116f37d0430463d5dcaa3803089cacbc5fddbc5466506eb6a59f1b5fef130dec200c5951f67d9d6c5b160b MISC metadata.xml 1566 BLAKE2B ae4515c90356b8a2d3e2df8e0cea43c587f73bd2e08f696c065c2254639009b6806806df8a84c63d00781b0cbf906a0d11e94b715749ab1292e77afa9cd5bcc2 SHA512 4a5e6b894476e74f1f93f00c326139eadf1afd498f4508fb723322539f29e53aec6dd198da878db714d2da61ab266089c2dd2f91b9fc66a34375ceb6f68ca394 diff --git a/dev-libs/openssl/openssl-1.1.1w-r1.ebuild b/dev-libs/openssl/openssl-1.1.1w-r1.ebuild new file mode 100644 index 0000000..2380617 --- /dev/null +++ b/dev-libs/openssl/openssl-1.1.1w-r1.ebuild @@ -0,0 +1,268 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc +inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig + +MY_P=${P/_/-} +DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)" +HOMEPAGE="https://www.openssl.org/" +SRC_URI="mirror://openssl/source/${MY_P}.tar.gz + verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" +S="${WORKDIR}/${MY_P}" + +LICENSE="openssl" +SLOT="0/1.1" # .so version of libssl/libcrypto +if [[ ${PV} != *_pre* ]] ; then + KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +fi +IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers" +RESTRICT="!test? ( test )" + +RDEPEND=" + tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" +DEPEND="${RDEPEND}" +BDEPEND=" + >=dev-lang/perl-5 + sctp? ( >=net-misc/lksctp-tools-1.0.12 ) + test? ( + sys-apps/diffutils + app-alternatives/bc + kernel_linux? ( sys-process/procps ) + ) + verify-sig? ( =sec-keys/openpgp-keys-openssl-20230801 )" +PDEPEND="app-misc/ca-certificates" + +# force upgrade to prevent broken login, bug #696950 +RDEPEND+=" !/dev/null) + if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then + die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" + fi + fi +} + +src_unpack() { + # Can delete this once test fix patch is dropped + if use verify-sig ; then + # Needed for downloaded patch (which is unsigned, which is fine) + verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc} + fi + + default +} + +src_prepare() { + # Make sure we only ever touch Makefile.org and avoid patching a file + # that gets blown away anyways by the Configure script in src_configure + rm -f Makefile + + if ! use vanilla ; then + PATCHES+=( + # Add patches which are Gentoo-specific customisations here + ) + fi + + default + + if use test && use sctp && has network-sandbox ${FEATURES}; then + einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." + rm test/recipes/80-test_ssl_new.t || die + fi + + # Test fails depending on kernel configuration, bug #699134 + rm test/recipes/30-test_afalg.t || die + + # Remove test target when FEATURES=test isn't set + if ! use test ; then + sed \ + -e '/^$config{dirs}/s@ "test",@@' \ + -i Configure || die + fi + + if use prefix && [[ ${CHOST} == *-solaris* ]] ; then + # use GNU ld full option, not to confuse it on Solaris + sed -i \ + -e 's/-Wl,-M,/-Wl,--version-script=/' \ + -e 's/-Wl,-h,/-Wl,--soname=/' \ + Configurations/10-main.conf || die + fi + + # The config script does stupid stuff to prompt the user. Kill it. + sed -i '/stty -icanon min 0 time 50; read waste/d' config || die +} + +src_configure() { + # Keep this in sync with app-misc/c_rehash + SSL_CNF_DIR="/etc/ssl" + + # Quiet out unknown driver argument warnings since openssl + # doesn't have well-split CFLAGS and we're making it even worse + # and 'make depend' uses -Werror for added fun (bug #417795 again) + tc-is-clang && append-flags -Qunused-arguments + + # We really, really need to build OpenSSL w/ strict aliasing disabled. + # It's filled with violations and it *will* result in miscompiled + # code. This has been in the ebuild for > 10 years but even in 2022, + # it's still relevant: + # - https://github.com/llvm/llvm-project/issues/55255 + # - https://github.com/openssl/openssl/issues/12247 + # - https://github.com/openssl/openssl/issues/18225 + # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 + # Don't remove the no strict aliasing bits below! + filter-flags -fstrict-aliasing + append-flags -fno-strict-aliasing + # The OpenSSL developers don't test with LTO right now, it leads to various + # warnings/errors (which may or may not be false positives), it's considered + # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. + filter-lto + + append-cppflags -DOPENSSL_NO_BUF_FREELISTS + + append-flags $(test-flags-CC -Wa,--noexecstack) + + # bug #197996 + unset APPS + # bug #312551 + unset SCRIPTS + # bug #311473 + unset CROSS_COMPILE + + tc-export AR CC CXX RANLIB RC + + multilib-minimal_src_configure +} + +multilib_src_configure() { + use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } + + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") + + # See if our toolchain supports __uint128_t. If so, it's 64bit + # friendly and can use the nicely optimized code paths, bug #460790. + #local ec_nistp_64_gcc_128 + # + # Disable it for now though (bug #469976) + # Do NOT re-enable without substantial discussion first! + # + #echo "__uint128_t i;" > "${T}"/128.c + #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then + # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" + #fi + + local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") + einfo "Use configuration ${sslout:-(openssl knows best)}" + local config=( perl "${S}/Configure" ) + [[ -z ${sslout} ]] && config=( sh "${S}/config" -v ) + + # "disable-deprecated" option breaks too many consumers. + # Don't set it without thorough revdeps testing. + # Make sure user flags don't get added *yet* to avoid duplicated + # flags. + local myeconfargs=( + ${sslout} + + $(use cpu_flags_x86_sse2 || echo "no-sse2") + enable-camellia + enable-ec + enable-ec2m + enable-sm2 + enable-srp + $(use elibc_musl && echo "no-async") + ${ec_nistp_64_gcc_128} + enable-idea + enable-mdc2 + enable-rc5 + $(use_ssl sslv3 ssl3) + $(use_ssl sslv3 ssl3-method) + $(use_ssl asm) + $(use_ssl rfc3779) + $(use_ssl sctp) + $(use test || echo "no-tests") + $(use_ssl tls-compression zlib) + $(use_ssl tls-heartbeat heartbeats) + $(use_ssl weak-ssl-ciphers) + + --prefix="${EPREFIX}"/usr + --openssldir="${EPREFIX}"${SSL_CNF_DIR} + --libdir=$(get_libdir) + + shared + threads + ) + + edo "${config[@]}" "${myeconfargs[@]}" +} + +multilib_src_compile() { + emake all +} + +multilib_src_test() { + emake -j1 test +} + +multilib_src_install() { + # Only -j1 is supported for the install targets: + # https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305 + emake DESTDIR="${D}" -j1 install_sw + + if multilib_is_native_abi; then + emake DESTDIR="${D}" -j1 install_ssldirs + emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl -j1 install_docs + fi + + # This is crappy in that the static archives are still built even + # when USE=static-libs. But this is due to a failing in the openssl + # build system: the static archives are built as PIC all the time. + # Only way around this would be to manually configure+compile openssl + # twice; once with shared lib support enabled and once without. + if ! use static-libs; then + rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die + fi +} + +multilib_src_install_all() { + # openssl installs perl version of c_rehash by default, but + # we provide a shell version via app-misc/c_rehash + rm "${ED}"/usr/bin/c_rehash || die + + dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el + + # Create the certs directory + keepdir ${SSL_CNF_DIR}/certs + + # bug #254521 + dodir /etc/sandbox.d + echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl + + diropts -m0700 + keepdir ${SSL_CNF_DIR}/private +} + +pkg_postinst() { + ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" + openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" + eend $? +} diff --git a/sec-keys/openpgp-keys-openssl/Manifest b/sec-keys/openpgp-keys-openssl/Manifest new file mode 100644 index 0000000..ddfcae9 --- /dev/null +++ b/sec-keys/openpgp-keys-openssl/Manifest @@ -0,0 +1,40 @@ +DIST openssl-20220316-7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C.asc 45632 BLAKE2B 31595337315ac852dc837f690743149e5e66956b938165c56d8bd624c6e5797f6f1f927ee44bc6139b243945b837af494642176e33c1697348319ce923576c42 SHA512 c00b300370dbce3a75fefe1cbfae1938276478c836f39c115c51b72a5dd8b8e01d0f3a62b48da54caa238e532cfe83e1f8a0be2466b2926cf2f362c0e4a60bda +DIST openssl-20220316-8657ABB260F056B1E5190839D9C4D26D0E604491.asc 29252 BLAKE2B f256f7c9f3d84293f461f3dd9f5156dfaf134a376ff7fa06d9988e7923e0a1a0e2cb6344cb978c590870963fabea3d7dea7eeb740b785049700275a9c975f213 SHA512 c62f3463f12b213db21945d8c8846a9823fa91b45f954c5248bc3c35b5c9ab31424cedb73e56065001d3f9ab6409e1926fa3ffaab3484bb8dfe126607d450e9c +DIST openssl-keys-20221101-5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33.asc 3050 BLAKE2B 5c785d9ed3019865fac34a0b7647ddadda30ceaed57a711c32483a1309b2160209a50b89bc9a01a1696b691999e27808ef2a44e94242478e388d963b8a2c13b4 SHA512 583a32254ea46b89e348ad14f22a784920b6ca3c75b9bd681298be94e5d367a6beedf4b320212ddd5509881e1bc88a643680c9ff2829d7a529d3f27956e2e086 +DIST openssl-keys-20221101-8657ABB260F056B1E5190839D9C4D26D0E604491.asc 1531 BLAKE2B 7333259523feb8e79c00c8f0652544471abfc087ebbe149eed2413f8e55637fdb3138d39885a88aafecd7b8edda207542198dc2deba8a882253fd91cd5ab0ace SHA512 e3f9b5a77124fbecef6c37a1d4fe8292ccc3210eabf60d6349f704d22014dd4d3343e40dc26c65659297e2a713ddbec52662924ae93468a6e0e9709f724944a7 +DIST openssl-keys-20221101-95A9908DDFA16830BE9FB9003D30A3A9FF1360DC.asc 2854 BLAKE2B 22bfca60053ccac3c06fe1a5099f81272119d12ac3f188ff7d6634111bd6f881abf0007452ad5dbe2b80aa1383695889e1fcfa981a2b4d5baa507c160d7782ab SHA512 54d98dd0392edd7b522081565ab5194e36b1ad2b56d1138a3830ebcd7ca02de4e5bcaa1b6ba19a626a44156b56f55abd7a104a3374cec0b94897dd7ec08601ff +DIST openssl-keys-20221101-A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C.asc 5194 BLAKE2B e8bb04c8590ec2171f024c49439bbae04690f14db4dfac20ddc43d963659d2b3788dcd34105f8c987b0413cd5803222cdbaf5ca3b7ec8808eb43c3a8bf23da8f SHA512 fe14c26a3075019d9c876f23550d3c897b5773f4ce92d68cb578d2a266557bf00ced11a91d048d2e2448f0c453651f61faa42eb1608d9d0faed8ddd03ead7ec4 +DIST openssl-keys-20221101-B7C1C14360F353A36862E4D5231C84CDDCC69C45.asc 2249 BLAKE2B a9913d00635a73636dae7ea30bf16ade55a8f56d6fa3a804ebaf736705cfb3628b4838289c9b9847d1809da94dd4c9c23d01fe0521701dd164ff5036cfa78ec3 SHA512 c7927ff7643ac4aa12f516103d76af4c56e25f3d3a3d4064ec5d11f30d9447899b18c22cfb7217488b2e5b912220269e78668655343db52f486d29788e4759fc +DIST openssl-keys-20221101-C1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD.asc 1534 BLAKE2B b572d5893a44f120b5ddec55d96d53cb5bd490e563253906f597fb8253c198f0fa318a955b4f30db3b93565ea87e0e423db661de17253fc2255843513a86b6b6 SHA512 359acc73f14e9c6ba68729b234f0bc94d67bc16eec7a18bb641bdfc8d51e19c2afa96292e99c97308ebce4bb5e4aa040beabba051f08b42fca242dff2e99b7f7 +DIST openssl-keys-20221101-E5E52560DD91C556DDBDA5D02064C53641C25E5D.asc 6131 BLAKE2B 36e076cb5ab722c5efe378fc70a9109c30db12bf59af3634af0b7df1cc6beaec8d1fdf5099ffbfb66ce59d51581009ed59278336238755122ba5126cf1b191e5 SHA512 ee72fff17111f437b372b0bbfaa851075125da524a8d0f861232fe9bec2da0c0933c4d0ab3fa9ad1aa9015f9ae302773d0f5eb25bea270f0a5884f0d5b9b6fc1 +DIST openssl-keys-20230207-5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33.asc 3050 BLAKE2B 5c785d9ed3019865fac34a0b7647ddadda30ceaed57a711c32483a1309b2160209a50b89bc9a01a1696b691999e27808ef2a44e94242478e388d963b8a2c13b4 SHA512 583a32254ea46b89e348ad14f22a784920b6ca3c75b9bd681298be94e5d367a6beedf4b320212ddd5509881e1bc88a643680c9ff2829d7a529d3f27956e2e086 +DIST openssl-keys-20230207-7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C.asc 5302 BLAKE2B 30ec164d0022c432747063e8aac63d51ba44d3f1096925376aed00d8b843835d891b01e2b4b46abd0e4567b4108ea96266a2a8949508e4767632bc01cf3901c2 SHA512 724a2ba71404c7bcb7aa6ec5ab6fe91b50c3294dc1b0791a369554505c812a142879a05663d098447f20a7383e039dcf4e0699740c4ab0ba4393c891e237bcc0 +DIST openssl-keys-20230207-8657ABB260F056B1E5190839D9C4D26D0E604491.asc 1531 BLAKE2B 7333259523feb8e79c00c8f0652544471abfc087ebbe149eed2413f8e55637fdb3138d39885a88aafecd7b8edda207542198dc2deba8a882253fd91cd5ab0ace SHA512 e3f9b5a77124fbecef6c37a1d4fe8292ccc3210eabf60d6349f704d22014dd4d3343e40dc26c65659297e2a713ddbec52662924ae93468a6e0e9709f724944a7 +DIST openssl-keys-20230207-95A9908DDFA16830BE9FB9003D30A3A9FF1360DC.asc 3505 BLAKE2B 10e4a6970366dd6c2b2633da3045cf3da0857b1ea1f84b40bf0b85b0424583030593d3eb85bab06fe9b1dcbaa7c4c5c7023cb8a5d82d9340b0741601b6a79deb SHA512 154f173c316cff4c325746de3c6c992f1a493315958bcfb6b9c273edb9921d78f8c5febb69d6e8a743d89427aacc181e90ccc8098deb97295c2c6b258867be96 +DIST openssl-keys-20230207-A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C.asc 5194 BLAKE2B e8bb04c8590ec2171f024c49439bbae04690f14db4dfac20ddc43d963659d2b3788dcd34105f8c987b0413cd5803222cdbaf5ca3b7ec8808eb43c3a8bf23da8f SHA512 fe14c26a3075019d9c876f23550d3c897b5773f4ce92d68cb578d2a266557bf00ced11a91d048d2e2448f0c453651f61faa42eb1608d9d0faed8ddd03ead7ec4 +DIST openssl-keys-20230207-B7C1C14360F353A36862E4D5231C84CDDCC69C45.asc 2249 BLAKE2B a9913d00635a73636dae7ea30bf16ade55a8f56d6fa3a804ebaf736705cfb3628b4838289c9b9847d1809da94dd4c9c23d01fe0521701dd164ff5036cfa78ec3 SHA512 c7927ff7643ac4aa12f516103d76af4c56e25f3d3a3d4064ec5d11f30d9447899b18c22cfb7217488b2e5b912220269e78668655343db52f486d29788e4759fc +DIST openssl-keys-20230207-E5E52560DD91C556DDBDA5D02064C53641C25E5D.asc 6131 BLAKE2B 36e076cb5ab722c5efe378fc70a9109c30db12bf59af3634af0b7df1cc6beaec8d1fdf5099ffbfb66ce59d51581009ed59278336238755122ba5126cf1b191e5 SHA512 ee72fff17111f437b372b0bbfaa851075125da524a8d0f861232fe9bec2da0c0933c4d0ab3fa9ad1aa9015f9ae302773d0f5eb25bea270f0a5884f0d5b9b6fc1 +DIST openssl-keys-20230801-5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33.asc 3050 BLAKE2B 5c785d9ed3019865fac34a0b7647ddadda30ceaed57a711c32483a1309b2160209a50b89bc9a01a1696b691999e27808ef2a44e94242478e388d963b8a2c13b4 SHA512 583a32254ea46b89e348ad14f22a784920b6ca3c75b9bd681298be94e5d367a6beedf4b320212ddd5509881e1bc88a643680c9ff2829d7a529d3f27956e2e086 +DIST openssl-keys-20230801-7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C.asc 5302 BLAKE2B 30ec164d0022c432747063e8aac63d51ba44d3f1096925376aed00d8b843835d891b01e2b4b46abd0e4567b4108ea96266a2a8949508e4767632bc01cf3901c2 SHA512 724a2ba71404c7bcb7aa6ec5ab6fe91b50c3294dc1b0791a369554505c812a142879a05663d098447f20a7383e039dcf4e0699740c4ab0ba4393c891e237bcc0 +DIST openssl-keys-20230801-8657ABB260F056B1E5190839D9C4D26D0E604491.asc 1531 BLAKE2B 7333259523feb8e79c00c8f0652544471abfc087ebbe149eed2413f8e55637fdb3138d39885a88aafecd7b8edda207542198dc2deba8a882253fd91cd5ab0ace SHA512 e3f9b5a77124fbecef6c37a1d4fe8292ccc3210eabf60d6349f704d22014dd4d3343e40dc26c65659297e2a713ddbec52662924ae93468a6e0e9709f724944a7 +DIST openssl-keys-20230801-95A9908DDFA16830BE9FB9003D30A3A9FF1360DC.asc 3505 BLAKE2B 10e4a6970366dd6c2b2633da3045cf3da0857b1ea1f84b40bf0b85b0424583030593d3eb85bab06fe9b1dcbaa7c4c5c7023cb8a5d82d9340b0741601b6a79deb SHA512 154f173c316cff4c325746de3c6c992f1a493315958bcfb6b9c273edb9921d78f8c5febb69d6e8a743d89427aacc181e90ccc8098deb97295c2c6b258867be96 +DIST openssl-keys-20230801-A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C.asc 5194 BLAKE2B e8bb04c8590ec2171f024c49439bbae04690f14db4dfac20ddc43d963659d2b3788dcd34105f8c987b0413cd5803222cdbaf5ca3b7ec8808eb43c3a8bf23da8f SHA512 fe14c26a3075019d9c876f23550d3c897b5773f4ce92d68cb578d2a266557bf00ced11a91d048d2e2448f0c453651f61faa42eb1608d9d0faed8ddd03ead7ec4 +DIST openssl-keys-20230801-B7C1C14360F353A36862E4D5231C84CDDCC69C45.asc 2249 BLAKE2B a9913d00635a73636dae7ea30bf16ade55a8f56d6fa3a804ebaf736705cfb3628b4838289c9b9847d1809da94dd4c9c23d01fe0521701dd164ff5036cfa78ec3 SHA512 c7927ff7643ac4aa12f516103d76af4c56e25f3d3a3d4064ec5d11f30d9447899b18c22cfb7217488b2e5b912220269e78668655343db52f486d29788e4759fc +DIST openssl-keys-20230801-E5E52560DD91C556DDBDA5D02064C53641C25E5D.asc 6131 BLAKE2B 36e076cb5ab722c5efe378fc70a9109c30db12bf59af3634af0b7df1cc6beaec8d1fdf5099ffbfb66ce59d51581009ed59278336238755122ba5126cf1b191e5 SHA512 ee72fff17111f437b372b0bbfaa851075125da524a8d0f861232fe9bec2da0c0933c4d0ab3fa9ad1aa9015f9ae302773d0f5eb25bea270f0a5884f0d5b9b6fc1 +DIST openssl-keys-20230801-EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5.asc 5414 BLAKE2B e079aa52ac42857eb63a3c62e752b44db93cc445e8370dafe19440056b65b50c8479ff689ea9b0dd13974d9f94230b368556084b17e077b0ed82d234e5142b92 SHA512 7858bfb779e53caa50b2ded103976b51f694ac3a99872a887c1b895394e5099c692d56cb5d7ca3a8ea168f2df6a9ca29749ecdbe9a20c8863b79346a1c63d27b +DIST openssl-keys-20240424-5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33.asc 3050 BLAKE2B 5c785d9ed3019865fac34a0b7647ddadda30ceaed57a711c32483a1309b2160209a50b89bc9a01a1696b691999e27808ef2a44e94242478e388d963b8a2c13b4 SHA512 583a32254ea46b89e348ad14f22a784920b6ca3c75b9bd681298be94e5d367a6beedf4b320212ddd5509881e1bc88a643680c9ff2829d7a529d3f27956e2e086 +DIST openssl-keys-20240424-7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C.asc 5302 BLAKE2B 30ec164d0022c432747063e8aac63d51ba44d3f1096925376aed00d8b843835d891b01e2b4b46abd0e4567b4108ea96266a2a8949508e4767632bc01cf3901c2 SHA512 724a2ba71404c7bcb7aa6ec5ab6fe91b50c3294dc1b0791a369554505c812a142879a05663d098447f20a7383e039dcf4e0699740c4ab0ba4393c891e237bcc0 +DIST openssl-keys-20240424-8657ABB260F056B1E5190839D9C4D26D0E604491.asc 1531 BLAKE2B 7333259523feb8e79c00c8f0652544471abfc087ebbe149eed2413f8e55637fdb3138d39885a88aafecd7b8edda207542198dc2deba8a882253fd91cd5ab0ace SHA512 e3f9b5a77124fbecef6c37a1d4fe8292ccc3210eabf60d6349f704d22014dd4d3343e40dc26c65659297e2a713ddbec52662924ae93468a6e0e9709f724944a7 +DIST openssl-keys-20240424-95A9908DDFA16830BE9FB9003D30A3A9FF1360DC.asc 3505 BLAKE2B 10e4a6970366dd6c2b2633da3045cf3da0857b1ea1f84b40bf0b85b0424583030593d3eb85bab06fe9b1dcbaa7c4c5c7023cb8a5d82d9340b0741601b6a79deb SHA512 154f173c316cff4c325746de3c6c992f1a493315958bcfb6b9c273edb9921d78f8c5febb69d6e8a743d89427aacc181e90ccc8098deb97295c2c6b258867be96 +DIST openssl-keys-20240424-A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C.asc 5194 BLAKE2B e8bb04c8590ec2171f024c49439bbae04690f14db4dfac20ddc43d963659d2b3788dcd34105f8c987b0413cd5803222cdbaf5ca3b7ec8808eb43c3a8bf23da8f SHA512 fe14c26a3075019d9c876f23550d3c897b5773f4ce92d68cb578d2a266557bf00ced11a91d048d2e2448f0c453651f61faa42eb1608d9d0faed8ddd03ead7ec4 +DIST openssl-keys-20240424-B7C1C14360F353A36862E4D5231C84CDDCC69C45.asc 2249 BLAKE2B a9913d00635a73636dae7ea30bf16ade55a8f56d6fa3a804ebaf736705cfb3628b4838289c9b9847d1809da94dd4c9c23d01fe0521701dd164ff5036cfa78ec3 SHA512 c7927ff7643ac4aa12f516103d76af4c56e25f3d3a3d4064ec5d11f30d9447899b18c22cfb7217488b2e5b912220269e78668655343db52f486d29788e4759fc +DIST openssl-keys-20240424-E5E52560DD91C556DDBDA5D02064C53641C25E5D.asc 6131 BLAKE2B 36e076cb5ab722c5efe378fc70a9109c30db12bf59af3634af0b7df1cc6beaec8d1fdf5099ffbfb66ce59d51581009ed59278336238755122ba5126cf1b191e5 SHA512 ee72fff17111f437b372b0bbfaa851075125da524a8d0f861232fe9bec2da0c0933c4d0ab3fa9ad1aa9015f9ae302773d0f5eb25bea270f0a5884f0d5b9b6fc1 +DIST openssl-keys-20240424-EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5.asc 4216 BLAKE2B c32204394c4e1240fd53197100429abf51600e71fc0e979c43a7c1f99212d4200d1df7408f08c514aed014162fb1e4bbedbf4b7cd69a80a0ca3b814da98843b3 SHA512 ad0e2a6ea817ed6ae18988bc0216bafe35fb817807c6d507efcfb957b0df238f0b326d63c5c494c9a26ce64408f81f2e021b009bc7729dc213e691b72ac31c41 +DIST openssl-keys-20240920-BA5473A2B0587B07FB27CF2D216094DFD0CB81EF.asc 1747 BLAKE2B e79fd1c91a737e0835e27a49b17dffbb16f96c41a1ad5d4b5e7ffe0d1ea24648f0d17a8cc4eab19a89ea37cc1053611515bcae2d33dd3b1b6f186b61337c90bc SHA512 00012ef3d08dfc56f1f57094cf3202bb71d7518252557049ac78b6933237d05fb0f66d754205583d0569465c55b05310bdcf00182cfa843c6b0b14e5354ca1e0 +EBUILD openpgp-keys-openssl-20220316-r1.ebuild 940 BLAKE2B 9d74b3cf424c8d3bfbc6307fdacf6705735f9b993dc3c815700768a46ab32dd15a7ce1f3ea97ff2f1b93e6c1326fa3f6ac3c90a89cd9ac27662fdfee0df4efa3 SHA512 d4e9702a6a2b5fca0773adb09ff172cdd1684e2a94ee23899dbd765f38bab389d5904b326ea709d021432b06dbf886c7d863514a215adc2065a58d3d3054c04e +EBUILD openpgp-keys-openssl-20221101.ebuild 1918 BLAKE2B f3111b3f6c626ae4d06973d878cf319c411e7b0883ea2e2a178af17f4650f677f822548da7ebe96ad2706182f97c1072a35def04e9db21e8f3f2a717072f961d SHA512 88429a0293be0768dd3d3b9b7ef56ebb13ca1766deaa987e04e983985a30a1ab936a1ebc95333bae98a1c5c51023db8bd801cf1c44fd89b04699ac6ade8c9824 +EBUILD openpgp-keys-openssl-20230207.ebuild 1939 BLAKE2B 5987df283f2e7c3048d80ae8818571cde9da2691b173eb31ffa495f0ec1fad563de041fb386f491af50067600e3f5b1d485eedc104476f331b62fad6fe067dec SHA512 6af336af6f4bc56c66e363016b62a094b465a1024a8d9275f46e9725309c60dd0f68708965fbc0c399cb3d699ab74bd6ced9c7412e7aa072f578393c1d8f9e3b +EBUILD openpgp-keys-openssl-20230801.ebuild 2086 BLAKE2B 1dc0a33d457d5271bbe0cf4c5e2cb4dbda964ac836b95b8245e964ea8648591e1cde39c80d9afa3500f70be102048ccd3fff2c68999cc17f66b1f179109d4da6 SHA512 315eff6d97f3e9543f7232bd0245c06399bd0553438078f6071c3fb07f252a0b4ef2a52e5e876cf420da89353984c9769682deeb0f03e79691005dd7112c894a +EBUILD openpgp-keys-openssl-20240424.ebuild 2303 BLAKE2B fa7ef9818ea86d7c8da64a7226219682447a4585d034e3519c6699ddf971156ce340c1730f2aff630405f92c2fc9bd4249003726e87c75bec00625d00b7671a7 SHA512 bb0e91072a68c0942da1008f2d09e98b6354c54e60e280a99fc8ba7bbd006bd3fd60bbda9f30c531304b7dff0074520fb6770cab9857fb7ebdef104d0c168b21 +EBUILD openpgp-keys-openssl-20240920.ebuild 1928 BLAKE2B 2bf57c9ee105c3a189783ee1d13475b0bad617b3f2a912ab3f1b8c03c451ce6580b96502bf738bce16cd90d34f48360807234d4406f6e55f1bcb1ac1fb8dcd4f SHA512 5b9882170c1167dcedf1e5df04a29711435fafa545da8cd10c4dfb44641c8f1c439b0491d36d6ba491bb58166b87adb4cfe3133c748650a24d2857918e2fb192 +MISC metadata.xml 248 BLAKE2B 4d2533691da4a661545bc76aae55b72077dd0f54a21c67450fad5565393db92779160e268c4ac7e1557cef6ac13e9476b32c6ff6e516c3afd404ab40a28164b3 SHA512 5c660412e95fdb471f41390d1d2fe96c549f2a00c932b2ce5832a56d3ce49df6b08991bfdcabcb296434d0d6599bdb3fb1ec4dbf7373fe2effaa6655ab411184 diff --git a/sec-keys/openpgp-keys-openssl/metadata.xml b/sec-keys/openpgp-keys-openssl/metadata.xml new file mode 100644 index 0000000..8cb7f9b --- /dev/null +++ b/sec-keys/openpgp-keys-openssl/metadata.xml @@ -0,0 +1,8 @@ + + + + + base-system@gentoo.org + + + diff --git a/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20220316-r1.ebuild b/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20220316-r1.ebuild new file mode 100644 index 0000000..1f8df33 --- /dev/null +++ b/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20220316-r1.ebuild @@ -0,0 +1,25 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +DESCRIPTION="OpenPGP keys used by OpenSSL" +HOMEPAGE="https://www.openssl.org/" +# See https://www.openssl.org/source/ and https://www.openssl.org/community/omc.html +# Mirrored from https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x8657ABB260F056B1E5190839D9C4D26D0E604491 etc (unstable results) +SRC_URI=" + https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/openssl-${PV}-8657ABB260F056B1E5190839D9C4D26D0E604491.asc + https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/openssl-${PV}-7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C.asc +" + +LICENSE="public-domain" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" + +S=${WORKDIR} + +src_install() { + local files=( ${A} ) + insinto /usr/share/openpgp-keys + newins - openssl.org.asc < <(cat "${files[@]/#/${DISTDIR}/}" || die) +} diff --git a/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20221101.ebuild b/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20221101.ebuild new file mode 100644 index 0000000..4829b51 --- /dev/null +++ b/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20221101.ebuild @@ -0,0 +1,64 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DESCRIPTION="OpenPGP keys used by OpenSSL" +HOMEPAGE="https://www.openssl.org/" + +# See the following: +# - https://www.openssl.org/source/ +# - https://www.openssl.org/community/otc.html +# - https://www.openssl.org/community/omc.html +# Mirrored from https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x8657ABB260F056B1E5190839D9C4D26D0E604491 etc (unstable results) +# ``` +# gpg --no-default-keyring --homedir=/tmp/tmp-gpg --keyserver keyserver.ubuntu.com --recv-keys "${OSSL_FINGERPRINTS[@]}" || exit 1 +# +# for key in "${OSSL_FINGERPRINTS[@]}" ; do +# gpg --no-default-keyring --homedir=/tmp/tmp-gpg --export "${key}" > openssl-keys-20221101-${key}.asc +# done +# ``` +# +# https://github.com/openssl/openssl/issues/19566 +# https://github.com/openssl/openssl/issues/19567 + +OSSL_FINGERPRINTS=( + # Matt Caswell + 5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33 + + # Paul Dale + 8657ABB260F056B1E5190839D9C4D26D0E604491 + + # Tim Hudson + B7C1C14360F353A36862E4D5231C84CDDCC69C45 + + # Hugo Landau + 95A9908DDFA16830BE9FB9003D30A3A9FF1360DC + + # Tomas Mraz + A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C + + # Richard Levitte + C1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD + + # Kurt Roeckx + E5E52560DD91C556DDBDA5D02064C53641C25E5D +) + +ossl_key= +for ossl_key in "${OSSL_FINGERPRINTS[@]}" ; do + SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/openssl-keys-${PV}-${ossl_key}.asc" +done +unset ossl_key + +S="${WORKDIR}" + +LICENSE="public-domain" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" + +src_install() { + local files=( ${A} ) + insinto /usr/share/openpgp-keys + newins - openssl.org.asc < <(cat "${files[@]/#/${DISTDIR}/}" || die) +} diff --git a/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20230207.ebuild b/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20230207.ebuild new file mode 100644 index 0000000..d8ddc66 --- /dev/null +++ b/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20230207.ebuild @@ -0,0 +1,65 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DESCRIPTION="OpenPGP keys used by OpenSSL" +HOMEPAGE="https://www.openssl.org/" + +# See the following: +# - https://www.openssl.org/source/ +# - https://www.openssl.org/community/otc.html +# - https://www.openssl.org/community/omc.html +# Mirrored from https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x8657ABB260F056B1E5190839D9C4D26D0E604491 etc (unstable results) +# ``` +# mkdir /tmp/tmp-gpg +# gpg --no-default-keyring --homedir=/tmp/tmp-gpg --keyserver keyserver.ubuntu.com --recv-keys "${OSSL_FINGERPRINTS[@]}" || exit 1 +# +# for key in "${OSSL_FINGERPRINTS[@]}" ; do +# gpg --no-default-keyring --homedir=/tmp/tmp-gpg --export "${key}" > openssl-keys-20221101-${key}.asc +# done +# ``` +# +# https://github.com/openssl/openssl/issues/19566 +# https://github.com/openssl/openssl/issues/19567 + +OSSL_FINGERPRINTS=( + # Matt Caswell + 5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33 + + # Paul Dale + 8657ABB260F056B1E5190839D9C4D26D0E604491 + + # Tim Hudson + B7C1C14360F353A36862E4D5231C84CDDCC69C45 + + # Hugo Landau + 95A9908DDFA16830BE9FB9003D30A3A9FF1360DC + + # Tomas Mraz + A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C + + # Richard Levitte + 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C + + # Kurt Roeckx + E5E52560DD91C556DDBDA5D02064C53641C25E5D +) + +ossl_key= +for ossl_key in "${OSSL_FINGERPRINTS[@]}" ; do + SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/openssl-keys-${PV}-${ossl_key}.asc" +done +unset ossl_key + +S="${WORKDIR}" + +LICENSE="public-domain" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" + +src_install() { + local files=( ${A} ) + insinto /usr/share/openpgp-keys + newins - openssl.org.asc < <(cat "${files[@]/#/${DISTDIR}/}" || die) +} diff --git a/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20230801.ebuild b/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20230801.ebuild new file mode 100644 index 0000000..557aff9 --- /dev/null +++ b/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20230801.ebuild @@ -0,0 +1,68 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DESCRIPTION="OpenPGP keys used by OpenSSL" +HOMEPAGE="https://www.openssl.org/" + +# See the following: +# - https://www.openssl.org/source/ +# - https://www.openssl.org/community/otc.html +# - https://www.openssl.org/community/omc.html +# Mirrored from https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x8657ABB260F056B1E5190839D9C4D26D0E604491 etc (unstable results) +# ``` +# mkdir /tmp/tmp-gpg +# gpg --no-default-keyring --homedir=/tmp/tmp-gpg --keyserver keyserver.ubuntu.com --recv-keys "${OSSL_FINGERPRINTS[@]}" || exit 1 +# +# for key in "${OSSL_FINGERPRINTS[@]}" ; do +# gpg --no-default-keyring --homedir=/tmp/tmp-gpg --export "${key}" > openssl-keys-20221101-${key}.asc +# done +# ``` +# +# https://github.com/openssl/openssl/issues/19566 +# https://github.com/openssl/openssl/issues/19567 + +OSSL_FINGERPRINTS=( + # Matt Caswell + 5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33 + + # Paul Dale + 8657ABB260F056B1E5190839D9C4D26D0E604491 + + # Tim Hudson + B7C1C14360F353A36862E4D5231C84CDDCC69C45 + + # Hugo Landau + 95A9908DDFA16830BE9FB9003D30A3A9FF1360DC + + # Tomas Mraz + A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C + + # Richard Levitte + 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C + + # Kurt Roeckx + E5E52560DD91C556DDBDA5D02064C53641C25E5D + + # OpenSSL OMC (see https://github.com/openssl/openssl/commit/f925bfebbb287321133b9251e72bee869a0f58b4) + EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5 +) + +ossl_key= +for ossl_key in "${OSSL_FINGERPRINTS[@]}" ; do + SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/openssl-keys-${PV}-${ossl_key}.asc" +done +unset ossl_key + +S="${WORKDIR}" + +LICENSE="public-domain" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" + +src_install() { + local files=( ${A} ) + insinto /usr/share/openpgp-keys + newins - openssl.org.asc < <(cat "${files[@]/#/${DISTDIR}/}" || die) +} diff --git a/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20240424.ebuild b/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20240424.ebuild new file mode 100644 index 0000000..f91247c --- /dev/null +++ b/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20240424.ebuild @@ -0,0 +1,72 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DESCRIPTION="OpenPGP keys used by OpenSSL" +HOMEPAGE="https://www.openssl.org/" + +# See the following: +# - https://www.openssl.org/source/ +# - https://www.openssl.org/community/otc.html +# - https://www.openssl.org/community/omc.html +# Mirrored from https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x8657ABB260F056B1E5190839D9C4D26D0E604491 etc (unstable results) +# ``` +# mkdir /tmp/tmp-gpg +# gpg --no-default-keyring --homedir=/tmp/tmp-gpg --keyserver keyserver.ubuntu.com --recv-keys "${OSSL_FINGERPRINTS[@]}" || exit 1 +# +# for key in "${OSSL_FINGERPRINTS[@]}" ; do +# gpg --no-default-keyring --homedir=/tmp/tmp-gpg --export "${key}" > openssl-keys-20221101-${key}.asc +# done +# ``` +# Compare with e.g.: +# for x in "${OSSL_FINGERPRINTS[@]}" ; do +# diff -ruN <(pgpdump /var/cache/distfiles/openssl-keys-2023*-${x}*) <(pgpdump /var/cache/distfiles/openssl-keys-2024*-${x}*) ; done +# and/or diffoscope +# +# https://github.com/openssl/openssl/issues/19566 +# https://github.com/openssl/openssl/issues/19567 + +OSSL_FINGERPRINTS=( + # Matt Caswell + 5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33 + + # Paul Dale + 8657ABB260F056B1E5190839D9C4D26D0E604491 + + # Tim Hudson + B7C1C14360F353A36862E4D5231C84CDDCC69C45 + + # Hugo Landau + 95A9908DDFA16830BE9FB9003D30A3A9FF1360DC + + # Tomas Mraz + A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C + + # Richard Levitte + 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C + + # Kurt Roeckx + E5E52560DD91C556DDBDA5D02064C53641C25E5D + + # OpenSSL OMC (see https://github.com/openssl/openssl/commit/f925bfebbb287321133b9251e72bee869a0f58b4) + EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5 +) + +ossl_key= +for ossl_key in "${OSSL_FINGERPRINTS[@]}" ; do + SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/openssl-keys-${PV}-${ossl_key}.asc" +done +unset ossl_key + +S="${WORKDIR}" + +LICENSE="public-domain" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" + +src_install() { + local files=( ${A} ) + insinto /usr/share/openpgp-keys + newins - openssl.org.asc < <(cat "${files[@]/#/${DISTDIR}/}" || die) +} diff --git a/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20240920.ebuild b/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20240920.ebuild new file mode 100644 index 0000000..6ff1445 --- /dev/null +++ b/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20240920.ebuild @@ -0,0 +1,65 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DESCRIPTION="OpenPGP keys used by OpenSSL" +HOMEPAGE="https://www.openssl.org/" + +OSSL_FINGERPRINTS=( + # OpenSSL + # See https://openssl-library.org/source/ + BA5473A2B0587B07FB27CF2D216094DFD0CB81EF +) + +# We keep older keys here for now to allow verifying older & newer +# releases with the same keyring package. We'll drop them eventually. +# +# https://github.com/openssl/openssl/issues/19566 +# https://github.com/openssl/openssl/issues/19567 +OSSL_OLD_FINGERPRINTS=( + # Matt Caswell + 5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33 + + # Paul Dale + 8657ABB260F056B1E5190839D9C4D26D0E604491 + + # Tim Hudson + B7C1C14360F353A36862E4D5231C84CDDCC69C45 + + # Hugo Landau + 95A9908DDFA16830BE9FB9003D30A3A9FF1360DC + + # Tomas Mraz + A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C + + # Richard Levitte + 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C + + # Kurt Roeckx + E5E52560DD91C556DDBDA5D02064C53641C25E5D + + # OpenSSL OMC (see https://github.com/openssl/openssl/commit/f925bfebbb287321133b9251e72bee869a0f58b4) + EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5 +) + +ossl_key= +for ossl_key in "${OSSL_FINGERPRINTS[@]}" ; do + SRC_URI+=" https://keys.openpgp.org/vks/v1/by-fingerprint/${ossl_key} -> openssl-keys-${PV}-${ossl_key}.asc" +done +for ossl_key in "${OSSL_OLD_FINGERPRINTS[@]}" ; do + SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/openssl-keys-20240424-${ossl_key}.asc" +done +unset ossl_key + +S="${WORKDIR}" + +LICENSE="public-domain" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" + +src_install() { + local files=( ${A} ) + insinto /usr/share/openpgp-keys + newins - openssl.org.asc < <(cat "${files[@]/#/${DISTDIR}/}" || die) +}