On Sat, Mar 31, 2018 at 05:22:46PM -0600, Aaron Bieber wrote:
> Hi,
>
> Here is a mostly functional set of make targets that verify gnupg
> signatures with ease.
>
> To use it, you can simple add the following to your /etc/mk.conf:
>
> .if exists(/usr/local/share/signing/signing.mk)
> .include "/usr/local/share/signing/signing.mk"
> .endif
The mk fragment is 100% bogus.
There are lots of things to fix.
First, all your targets are phony, none of them is declared as such.
Second, there is obviously two set of checkers depending on the
signature type, but the way you're doing things muddles them up...
never such a good thing where security is concerned.
Third, you've got phony targets depending on targets, which is a no-no.
Finally, you're only dealing with one DISTFILE, thus ensuring you can't
check signatures for ports with multiple distfiles.
And you don't do what DISTFILES actually do, namely have support for
MASTER_SITES* and all sorts of similar thingies.
This needs some major rethinking before it can hit the tree... you might
have to figure out how bsd.port.mk actually does fetch.
Namely, look around the part that defines _FULL_FETCH_LIST and friends.
(don't worry if you end up using internal variables, we'll figure it out
if the design is clean enough)
You definitely want to depend on the actual files you're fetching.
You may have to rename files to get some consistent naming.
Don't use gratuitous subshells () where nested tests will do.
No comments:
Post a Comment