[gentoo-commits] repo/gentoo:master commit in: sys-boot/grub/

Tue, 28 Oct 2025 20:34:30 -0700 

commit:     86f11aa9507871b68c8f4250526a5726bbbc9dc2
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 29 03:09:46 2025 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Oct 29 03:34:07 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=86f11aa9

sys-boot/grub: update verify-sig logic

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 sys-boot/grub/Manifest             |  1 +
 sys-boot/grub/grub-2.14_rc1.ebuild | 24 +++++++++++++++++-------
 sys-boot/grub/grub-9999.ebuild     | 24 +++++++++++++++++-------
 3 files changed, 35 insertions(+), 14 deletions(-)

diff --git a/sys-boot/grub/Manifest b/sys-boot/grub/Manifest
index 79ca87d08060..aa989811b941 100644
--- a/sys-boot/grub/Manifest
+++ b/sys-boot/grub/Manifest
@@ -7,3 +7,4 @@ DIST grub-2.14~rc1.tar.xz 7652220 BLAKE2B 
dededd47b4c29f1d8c6e92de78d8d90dd9fa66
 DIST grub-2.14~rc1.tar.xz.sig 566 BLAKE2B 
eac34a1a513a818809162a4f827191902e933e95cf3775930a8bccb18b0eb052a8bc4175fd1ba89a8dda802951b3b758f18443c65be3f8268201fa07d93ed6ce
 SHA512 
a67766234f8d075d50381c9b94513a41d9c4a5214e5f000f182069d3318695d13c10072030f74cdfc3dc72f98f4d90fc9133b005e0af11314c754072c12299ef
 DIST unifont-15.0.06.pcf.gz 1358322 BLAKE2B 
81811e3de390ca35d1a2dc1f1dee73464e97f44907ba522c218ba9c5e39ca3c9d767552780a257a97c156eb623c17786d9c0d2b67786d61df5ca33a1e10db7ca
 SHA512 
0a28a406629c604f5cbf51f501528239a7ed50d19f93ea505bc5bdc72639e4b926b03f4b8782a5733041f7cdb4aebb9948ac7cfd5a8ad9a0fe309944e595517b
 DIST unifont-17.0.02.pcf.gz 1357145 BLAKE2B 
6043055b10273930454b95bea847f4cd9cbceb7fa5f4b903a92d1e05093ed8d36b0be6cdcc96089d910b3af9b826d8bc0491070d7af568801e829fb69238d787
 SHA512 
8c325b8f1b872ced2a8ceffa89ce81858c4c768562711610529ae0be488dc335e333f8674cad78fe9550de222247816c435b0079bc959e6e1caebf4c7ecd2faf
+DIST unifont-17.0.02.pcf.gz.sig 566 BLAKE2B 
b20c3b498862b5f652bea95ca240a279674de583b2f03dc0b9ee0bac46da2513d54ca8fdcacc222adf5360da6fe919060bf41d977335d7c11a1bf9407c84c99d
 SHA512 
f31792427adf73c0cf16f890faa579fda5315cbc0c9ac17b4d19555255f49dbf89f6333012ce99fec9819252fd7b81e07a65a2cd0d3aa54a54ded8d7c50ac186

diff --git a/sys-boot/grub/grub-2.14_rc1.ebuild 
b/sys-boot/grub/grub-2.14_rc1.ebuild
index 3b5198dcd2cb..24e02a12ff3b 100644
--- a/sys-boot/grub/grub-2.14_rc1.ebuild
+++ b/sys-boot/grub/grub-2.14_rc1.ebuild
@@ -23,22 +23,19 @@ fi
 
 PYTHON_COMPAT=( python3_{10..13} )
 WANT_LIBTOOL=none
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/dkiper.gpg
 
 if [[ -n ${GRUB_AUTORECONF} ]]; then
        inherit autotools
 fi
 
 inherit bash-completion-r1 eapi9-ver flag-o-matic multibuild optfeature
-inherit python-any-r1 secureboot toolchain-funcs
+inherit python-any-r1 secureboot toolchain-funcs verify-sig
 
 DESCRIPTION="GNU GRUB boot loader"
 HOMEPAGE="https://www.gnu.org/software/grub/";
 
 MY_P=${P}
 if [[ ${PV} != 9999 ]]; then
-       inherit verify-sig
-
        if [[ ${PV} == *_alpha* || ${PV} == *_beta* || ${PV} == *_rc* ]]; then
                # The quote style is to work with <=bash-4.2 and >=bash-4.3 
#503860
                MY_P=${P/_/'~'}
@@ -56,7 +53,12 @@ if [[ ${PV} != 9999 ]]; then
                "
                S=${WORKDIR}/${P%_*}
        fi
-       BDEPEND="verify-sig? ( sec-keys/openpgp-keys-danielkiper )"
+       BDEPEND="
+               verify-sig? (
+                       sec-keys/openpgp-keys-grub
+                       sec-keys/openpgp-keys-unifont
+               )
+       "
        KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
 else
        inherit git-r3
@@ -73,7 +75,10 @@ DEJAVU_VER=2.37
 DEJAVU=dejavu-fonts-ttf-${DEJAVU_VER}
 UNIFONT=unifont-17.0.02
 SRC_URI+="
-       fonts? ( mirror://gnu/unifont/${UNIFONT}/${UNIFONT}.pcf.gz )
+       fonts? (
+               mirror://gnu/unifont/${UNIFONT}/${UNIFONT}.pcf.gz
+               verify-sig? ( 
mirror://gnu/unifont/${UNIFONT}/${UNIFONT}.pcf.gz.sig )
+       )
        themes? ( 
https://downloads.sourceforge.net/project/dejavu/dejavu/${DEJAVU_VER}/${DEJAVU}.tar.bz2
 )
 "
 
@@ -162,7 +167,12 @@ src_unpack() {
                git-r3_checkout "${GNULIB_URI}" gnulib
                popd >/dev/null || die
        elif use verify-sig; then
-               verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.xz{,.sig}
+               verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.xz{,.sig} \
+                       "${BROOT}"/usr/share/openpgp-keys/grub.asc
+       fi
+       if use fonts && use verify-sig; then
+               verify-sig_verify_detached 
"${DISTDIR}"/${UNIFONT}.pcf.gz{,.sig} \
+                       "${BROOT}"/usr/share/openpgp-keys/unifont.asc
        fi
        default
 }

diff --git a/sys-boot/grub/grub-9999.ebuild b/sys-boot/grub/grub-9999.ebuild
index 7e0ad0548cc1..2722f8febcb4 100644
--- a/sys-boot/grub/grub-9999.ebuild
+++ b/sys-boot/grub/grub-9999.ebuild
@@ -23,22 +23,19 @@ fi
 
 PYTHON_COMPAT=( python3_{10..13} )
 WANT_LIBTOOL=none
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/dkiper.gpg
 
 if [[ -n ${GRUB_AUTORECONF} ]]; then
        inherit autotools
 fi
 
 inherit bash-completion-r1 eapi9-ver flag-o-matic multibuild optfeature
-inherit python-any-r1 secureboot toolchain-funcs
+inherit python-any-r1 secureboot toolchain-funcs verify-sig
 
 DESCRIPTION="GNU GRUB boot loader"
 HOMEPAGE="https://www.gnu.org/software/grub/";
 
 MY_P=${P}
 if [[ ${PV} != 9999 ]]; then
-       inherit verify-sig
-
        if [[ ${PV} == *_alpha* || ${PV} == *_beta* || ${PV} == *_rc* ]]; then
                # The quote style is to work with <=bash-4.2 and >=bash-4.3 
#503860
                MY_P=${P/_/'~'}
@@ -54,7 +51,12 @@ if [[ ${PV} != 9999 ]]; then
                "
                S=${WORKDIR}/${P%_*}
        fi
-       BDEPEND="verify-sig? ( sec-keys/openpgp-keys-danielkiper )"
+       BDEPEND="
+               verify-sig? (
+                       sec-keys/openpgp-keys-grub
+                       sec-keys/openpgp-keys-unifont
+               )
+       "
        KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
 else
        inherit git-r3
@@ -71,7 +73,10 @@ DEJAVU_VER=2.37
 DEJAVU=dejavu-fonts-ttf-${DEJAVU_VER}
 UNIFONT=unifont-17.0.02
 SRC_URI+="
-       fonts? ( mirror://gnu/unifont/${UNIFONT}/${UNIFONT}.pcf.gz )
+       fonts? (
+               mirror://gnu/unifont/${UNIFONT}/${UNIFONT}.pcf.gz
+               verify-sig? ( 
mirror://gnu/unifont/${UNIFONT}/${UNIFONT}.pcf.gz.sig )
+       )
        themes? ( 
https://downloads.sourceforge.net/project/dejavu/dejavu/${DEJAVU_VER}/${DEJAVU}.tar.bz2
 )
 "
 
@@ -160,7 +165,12 @@ src_unpack() {
                git-r3_checkout "${GNULIB_URI}" gnulib
                popd >/dev/null || die
        elif use verify-sig; then
-               verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.xz{,.sig}
+               verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.xz{,.sig} \
+                       "${BROOT}"/usr/share/openpgp-keys/grub.asc
+       fi
+       if use fonts && use verify-sig; then
+               verify-sig_verify_detached 
"${DISTDIR}"/${UNIFONT}.pcf.gz{,.sig} \
+                       "${BROOT}"/usr/share/openpgp-keys/unifont.asc
        fi
        default
 }

Reply via email to