Include a repo.postsync.d hook to verify the rsync checkout using gemato. Given that not all people will want to have it enabled unconditionally, no setup.py rules are included -- instead, the file would be installed conditionally by the ebuild.
[v2: included link to the wiki page] --- MANIFEST.in | 2 +- misc/repo.postsync.d/00gemato | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 misc/repo.postsync.d/00gemato diff --git a/MANIFEST.in b/MANIFEST.in index 4f6cac162..edc6704e7 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -14,4 +14,4 @@ include cnf/make.conf.example.* include .portage_not_installed # extra scripts -include misc/* +graft misc diff --git a/misc/repo.postsync.d/00gemato b/misc/repo.postsync.d/00gemato new file mode 100644 index 000000000..f2af50925 --- /dev/null +++ b/misc/repo.postsync.d/00gemato @@ -0,0 +1,18 @@ +#!/bin/bash +# repo.postsync.d hook to verify ::gentoo checkout using gemato + +name=${1} +url=${2} +path=${3} + +# keyring installed by gentoo-keys +openpgp_key=/var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg + +# apply only to ::gentoo, when synced over rsync. +if [[ ${name} == gentoo && ${url} == rsync://* ]]; then + if ! gemato verify -K "${openpgp_key}" -s "${path}"; then + eerror "For troubleshooting the verification failures, please see:" + eerror " https://wiki.gentoo.org/wiki/Project:Portage/Repository_Verification" + return 1 + fi +fi -- 2.16.0.rc2