diff options
| author |   Sam James <sam@gentoo.org> | 2024-09-20 09:49:02 +0100 |
|---|---|---|
| committer | Sam James <sam@gentoo.org> | 2024-09-20 10:43:06 +0100 |
| commit | f93db2b73aa60f6fe6fa47014c0f0cddbb5c7d90 (patch) | |
| tree | fde3c215ad422074f2aca8a0c50b70474493ef1a /sec-keys | |
| parent | net-im/zoom: drop 6.1.10.1400 (diff) | |
| download | gentoo-f93db2b73aa60f6fe6fa47014c0f0cddbb5c7d90.tar.gz gentoo-f93db2b73aa60f6fe6fa47014c0f0cddbb5c7d90.tar.bz2 gentoo-f93db2b73aa60f6fe6fa47014c0f0cddbb5c7d90.zip | |
sec-keys/openpgp-keys-openssl: add 20240920
With the big rework upstream mentioned in 03960013634a39f41a1e0fdc7daabf29a6f4e5b5,
they seem to have changed their signing setup again.
Per https://openssl-library.org/source/, we now have:
"""
PGP keys for the signatures of old releases are available from the OTC page
and can also be signed with a key with the fingerprint:
EFC0 A467 D613 CB83 C7ED 6D30 D894 E2CE 8B3D 79F5.
The current releases are signed by the OpenSSL key with fingerprint
BA54 73A2 B058 7B07 FB27 CF2D 2160 94DF D0CB 81EF.
"""
We keep the older keys in this package's keyring for now to allow
older versions of openssl to be verified rather than having
awkward deps.
Bug: https://bugs.gentoo.org/939110
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'sec-keys')
| -rw-r--r-- | sec-keys/openpgp-keys-openssl/Manifest | 1 | ||||
| -rw-r--r-- | sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20240920.ebuild | 65 |
2 files changed, 66 insertions, 0 deletions
diff --git a/sec-keys/openpgp-keys-openssl/Manifest b/sec-keys/openpgp-keys-openssl/Manifest index f2bcbb49c70a..03682613fa24 100644 --- a/sec-keys/openpgp-keys-openssl/Manifest +++ b/sec-keys/openpgp-keys-openssl/Manifest @@ -30,3 +30,4 @@ DIST openssl-keys-20240424-A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C.asc 5194 BLA DIST openssl-keys-20240424-B7C1C14360F353A36862E4D5231C84CDDCC69C45.asc 2249 BLAKE2B a9913d00635a73636dae7ea30bf16ade55a8f56d6fa3a804ebaf736705cfb3628b4838289c9b9847d1809da94dd4c9c23d01fe0521701dd164ff5036cfa78ec3 SHA512 c7927ff7643ac4aa12f516103d76af4c56e25f3d3a3d4064ec5d11f30d9447899b18c22cfb7217488b2e5b912220269e78668655343db52f486d29788e4759fc DIST openssl-keys-20240424-E5E52560DD91C556DDBDA5D02064C53641C25E5D.asc 6131 BLAKE2B 36e076cb5ab722c5efe378fc70a9109c30db12bf59af3634af0b7df1cc6beaec8d1fdf5099ffbfb66ce59d51581009ed59278336238755122ba5126cf1b191e5 SHA512 ee72fff17111f437b372b0bbfaa851075125da524a8d0f861232fe9bec2da0c0933c4d0ab3fa9ad1aa9015f9ae302773d0f5eb25bea270f0a5884f0d5b9b6fc1 DIST openssl-keys-20240424-EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5.asc 4216 BLAKE2B c32204394c4e1240fd53197100429abf51600e71fc0e979c43a7c1f99212d4200d1df7408f08c514aed014162fb1e4bbedbf4b7cd69a80a0ca3b814da98843b3 SHA512 ad0e2a6ea817ed6ae18988bc0216bafe35fb817807c6d507efcfb957b0df238f0b326d63c5c494c9a26ce64408f81f2e021b009bc7729dc213e691b72ac31c41 +DIST openssl-keys-20240920-BA5473A2B0587B07FB27CF2D216094DFD0CB81EF.asc 1747 BLAKE2B e79fd1c91a737e0835e27a49b17dffbb16f96c41a1ad5d4b5e7ffe0d1ea24648f0d17a8cc4eab19a89ea37cc1053611515bcae2d33dd3b1b6f186b61337c90bc SHA512 00012ef3d08dfc56f1f57094cf3202bb71d7518252557049ac78b6933237d05fb0f66d754205583d0569465c55b05310bdcf00182cfa843c6b0b14e5354ca1e0 diff --git a/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20240920.ebuild b/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20240920.ebuild new file mode 100644 index 000000000000..6ff1445c4b76 --- /dev/null +++ b/sec-keys/openpgp-keys-openssl/openpgp-keys-openssl-20240920.ebuild @@ -0,0 +1,65 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DESCRIPTION="OpenPGP keys used by OpenSSL" +HOMEPAGE="https://www.openssl.org/" + +OSSL_FINGERPRINTS=( + # OpenSSL <openssl@openssl.org> + # See https://openssl-library.org/source/ + BA5473A2B0587B07FB27CF2D216094DFD0CB81EF +) + +# We keep older keys here for now to allow verifying older & newer +# releases with the same keyring package. We'll drop them eventually. +# +# https://github.com/openssl/openssl/issues/19566 +# https://github.com/openssl/openssl/issues/19567 +OSSL_OLD_FINGERPRINTS=( + # Matt Caswell <matt@openssl.org> + 5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33 + + # Paul Dale <pauli@openssl.org> + 8657ABB260F056B1E5190839D9C4D26D0E604491 + + # Tim Hudson <tjh@openssl.org> + B7C1C14360F353A36862E4D5231C84CDDCC69C45 + + # Hugo Landau <hlandau@openssl.org> + 95A9908DDFA16830BE9FB9003D30A3A9FF1360DC + + # Tomas Mraz <tomas@openssl.org> + A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C + + # Richard Levitte <levitte@openssl.org> + 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C + + # Kurt Roeckx <kurt@openssl.org> + E5E52560DD91C556DDBDA5D02064C53641C25E5D + + # OpenSSL OMC (see https://github.com/openssl/openssl/commit/f925bfebbb287321133b9251e72bee869a0f58b4) + EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5 +) + +ossl_key= +for ossl_key in "${OSSL_FINGERPRINTS[@]}" ; do + SRC_URI+=" https://keys.openpgp.org/vks/v1/by-fingerprint/${ossl_key} -> openssl-keys-${PV}-${ossl_key}.asc" +done +for ossl_key in "${OSSL_OLD_FINGERPRINTS[@]}" ; do + SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/openssl-keys-20240424-${ossl_key}.asc" +done +unset ossl_key + +S="${WORKDIR}" + +LICENSE="public-domain" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" + +src_install() { + local files=( ${A} ) + insinto /usr/share/openpgp-keys + newins - openssl.org.asc < <(cat "${files[@]/#/${DISTDIR}/}" || die) +} |