<pre style='margin:0'>
Chris Jones (cjones051073) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/7efb80210a7c86ecee1fd908af48e62e072214f4">https://github.com/macports/macports-ports/commit/7efb80210a7c86ecee1fd908af48e62e072214f4</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new 7efb802 gpg_verify-1.0.tcl: Submission of portgroup gpg_verify 1.0
</span>7efb802 is described below
<span style='display:block; white-space:pre;color:#808000;'>commit 7efb80210a7c86ecee1fd908af48e62e072214f4
</span>Author: Steven Thomas Smith <s.t.smith@ieee.org>
AuthorDate: Sun Aug 25 07:35:20 2019 -0400
<span style='display:block; white-space:pre;color:#404040;'> gpg_verify-1.0.tcl: Submission of portgroup gpg_verify 1.0
</span>---
_resources/port1.0/group/gpg_verify-1.0.tcl | 66 +++++++++++++++++++++++++++++
lang/ghc/Portfile | 37 ++++------------
lang/julia/Portfile | 23 ++++------
lang/stack/Portfile | 51 ++++++----------------
4 files changed, 96 insertions(+), 81 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/_resources/port1.0/group/gpg_verify-1.0.tcl b/_resources/port1.0/group/gpg_verify-1.0.tcl
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..b6502ca
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/_resources/port1.0/group/gpg_verify-1.0.tcl
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,66 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# This portgroup is for ports that verify package-provided gpg signatures
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# A single signature verification by the Portfile author is sufficient,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# along with the standard checksum phase. The default Portfile behavior
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# is not to check gpg signatures, and assume that the Portfile author
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# has already done this. The flag `gpg_verify.use_gpg_verification`
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# is used within conditionals to run the procedure `gpg_verify.verify_gpg_signature`.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Usage:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# PortGroup gpg_verify 1.0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# gpg_verify.use_gpg_verification yes
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# gpg_verify.verify_gpg_signature pubkey_file signature_file test_file
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Note that many PGP key servers are intermittently accessible; therefore, it is
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# good practice to include the keyid file in ${filespath}. Also, the checksum
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# phase requires at least one hash check of downloaded files, including PGP
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# signatures for which hash checks are unnecessary. It is therefore recommended
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# to use `size` for signature file checksums, which is often constant for the same
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# keyid.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Example (from the julia Portfile):
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# if {[option gpg_verify.use_gpg_verification]} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# distfiles-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ${name}-${version}-full${extract.suffix}.asc
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# checksums-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# ${name}-${version}-full${extract.suffix}.asc \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# size 866
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+options gpg_verify.use_gpg_verification
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+default gpg_verify.use_gpg_verification {no}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+options gpg_verify.gpg
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+default gpg_verify.gpg {${prefix}/bin/gpg}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+proc gpg_verify.add_dependencies {} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[option gpg_verify.use_gpg_verification]} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ depends_fetch-append port:gnupg2
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+port::register_callback gpg_verify.add_dependencies
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+options gpg_verify.gpg_homedir
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+default gpg_verify.gpg_homedir {${workpath}/.gnupg}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pre-checksum {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -o macports -m 0755 -d "[option gpg_verify.gpg_homedir]"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+proc gpg_verify.verify_gpg_signature {pubkey_file signature_file test_file} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # pre-load public key to avoid keyserver downtime issues
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # https://pgp.mit.edu/pks/lookup?op=get&search=0x${gpg_keyid}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # note: tcl exec will return error if error messages not directed to /dev/null
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system "/bin/sh -c '[option gpg_verify.gpg] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ --homedir [option gpg_verify.gpg_homedir] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ --import ${pubkey_file} 2>/dev/null || /usr/bin/true'"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set gpg_verification [exec /bin/sh -c \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "if [option gpg_verify.gpg] --homedir [option gpg_verify.gpg_homedir] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ --verify ${signature_file} ${test_file} 2>/dev/null; \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ then echo 'VERIFIED'; else echo 'UNVERIFIED'; fi"]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[string trim ${gpg_verification}] != "VERIFIED"} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_error "GPG signature verification failed on ${test_file} with pubkey file ${pubkey_file}."
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ exit 1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/lang/ghc/Portfile b/lang/ghc/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index 3688aa8..2b722b0 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/lang/ghc/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/lang/ghc/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -2,6 +2,8 @@
</span>
PortSystem 1.0
<span style='display:block; white-space:pre;background:#e0ffe0;'>+PortGroup gpg_verify 1.0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> name ghc
version 8.6.5
categories lang haskell
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -71,52 +73,29 @@ if {[variant_isset "bootstrap"]} {
</span>
supported_archs x86_64
<span style='display:block; white-space:pre;background:#ffe0e0;'>-set verify_gpg_signature_flag \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- false
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+gpg_verify.use_gpg_verification \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ yes
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>-if {${verify_gpg_signature_flag} == "true"} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if {[option gpg_verify.use_gpg_verification]} {
</span> distfiles-append \
${distname}-x86_64-apple-darwin${extract.suffix}.sig \
${distname}-testsuite${extract.suffix}.sig
checksums-append \
${distname}-x86_64-apple-darwin${extract.suffix}.sig \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- rmd160 08ab969c5f1aeb45b925666933293c35afaa12fa \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- sha256 19e5eb9fa7a39dcb3741fcf6f95d18fbb76ba5b4bbf3a891559b2a0bfb2716d5 \
</span> size 586 \
${distname}-testsuite${extract.suffix}.sig \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- rmd160 eb3614a266e8250e93564f87f46d83f6c462118b \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- sha256 e1543cbe700f9cb0c3ec5495b930b32da9a2fedd65c77b8e38ba033ad7acbb90 \
</span> size 586
<span style='display:block; white-space:pre;background:#ffe0e0;'>-}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-if {${verify_gpg_signature_flag} == "true"} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- depends_fetch-append \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- port:gnupg2
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- proc verify_gpg_signature {gpg_homedir keyid_file signature_file test_file} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # pre-load public key to avoid keyserver downtime issues
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # https://pgp.mit.edu/pks/lookup?op=get&search=0x${gpg_keyid}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # note: tcl exec will return error if error messages not directed to /dev/null
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- system "/bin/sh -c 'gpg --homedir ${gpg_homedir} --import ${keyid_file} 2>/dev/null || /usr/bin/true'"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- set gpg_verification [exec /bin/sh -c "if gpg --homedir ${gpg_homedir} --verify ${signature_file} ${test_file} 2>/dev/null; then echo 'VERIFIED'; else echo 'UNVERIFIED'; fi"]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if {[string trim ${gpg_verification}] != "VERIFIED"} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ui_error "GPG signature verification failed on ${test_file} with keyid file ${keyid_file}."
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- exit 1
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>- pre-extract {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-checksum {
</span> # check GPG signature: https://www.haskell.org/ghc/download_ghc_8_6_5.html
set gpg_keyid 97db64ad
<span style='display:block; white-space:pre;background:#ffe0e0;'>- verify_gpg_signature \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${workpath}/.gnupg \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ gpg_verify.verify_gpg_signature \
</span> ${filespath}/keyid-${gpg_keyid}.txt \
${distpath}/${distname}-x86_64-apple-darwin${extract.suffix}.sig \
${distpath}/${distname}-x86_64-apple-darwin${extract.suffix}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- verify_gpg_signature \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${workpath}/.gnupg \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ gpg_verify.verify_gpg_signature \
</span> ${filespath}/keyid-${gpg_keyid}.txt \
${distpath}/${distname}-testsuite${extract.suffix}.sig \
${distpath}/${distname}-testsuite${extract.suffix}
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/lang/julia/Portfile b/lang/julia/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index 37a31a8..94421ce 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/lang/julia/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/lang/julia/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -2,6 +2,7 @@
</span>
PortSystem 1.0
PortGroup github 1.0
<span style='display:block; white-space:pre;background:#e0ffe0;'>+PortGroup gpg_verify 1.0
</span> PortGroup compilers 1.0
compilers.choose fc f77 f90
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -29,29 +30,21 @@ checksums ${name}-${version}-full${extract.suffix} \
</span> sha256 2419b268fc5c3666dd9aeb554815fe7cf9e0e7265bc9b94a43957c31a68d9184 \
size 123450012
<span style='display:block; white-space:pre;background:#ffe0e0;'>-set verify_gpg_signature false
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+gpg_verify.use_gpg_verification \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ yes
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>-if {${verify_gpg_signature} == "true"} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if {[option gpg_verify.use_gpg_verification]} {
</span> distfiles-append \
${name}-${version}-full${extract.suffix}.asc
checksums-append \
${name}-${version}-full${extract.suffix}.asc \
size 866
<span style='display:block; white-space:pre;background:#ffe0e0;'>-}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-if {${verify_gpg_signature} == "true"} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- depends_fetch-append \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- port:gnupg2
</span>
post-checksum {
<span style='display:block; white-space:pre;background:#ffe0e0;'>- # check GPG signature: https://julialang.org/juliareleases.asc
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # pre-load public key to avoid keyserver downtime issues
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # note: tcl exec will return error if error messages not directed to /dev/null
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- system -W ${workpath} "/bin/sh -c '${prefix}/bin/gpg --homedir ${workpath}/.gnupg --import ${filespath}/juliareleases.asc 2>/dev/null || /usr/bin/true'"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- set gpg_verification [exec /bin/sh -c "if ${prefix}/bin/gpg --homedir ${workpath}/.gnupg --verify ${distpath}/${name}-${version}-full${extract.suffix}.asc ${distpath}/${name}-${version}-full${extract.suffix} 2>/dev/null; then echo 'VERIFIED'; else echo 'UNVERIFIED'; fi"]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if {[string trim ${gpg_verification}] != "VERIFIED"} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ui_error "GPG signature verification failed with key juliareleases.asc."
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ gpg_verify.verify_gpg_signature \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${filespath}/juliareleases.asc \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${distpath}/${name}-${version}-full${extract.suffix}.asc \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${distpath}/${name}-${version}-full${extract.suffix}
</span> }
}
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/lang/stack/Portfile b/lang/stack/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index 0f40dfc..3e47403 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/lang/stack/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/lang/stack/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -2,6 +2,7 @@
</span>
PortSystem 1.0
PortGroup github 1.0
<span style='display:block; white-space:pre;background:#e0ffe0;'>+PortGroup gpg_verify 1.0
</span>
github.setup commercialhaskell stack 2.1.3 v
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -37,14 +38,25 @@ checksums ${distfiles} \
</span>
extract.only ${distfiles}
<span style='display:block; white-space:pre;background:#ffe0e0;'>-set verify_gpg_signature false
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+gpg_verify.use_gpg_verification \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ yes
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>-if {${verify_gpg_signature} == "true"} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if {[option gpg_verify.use_gpg_verification]} {
</span> distfiles-append \
${distfiles}.asc
checksums-append \
[lindex ${distfiles} end] \
size 488
<span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-checksum {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # check GPG signature: https://docs.haskellstack.org/en/stable/SIGNING_KEY/
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set gpg_keyid 1c5c154d
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ gpg_verify.verify_gpg_signature \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${filespath}/keyid-${gpg_keyid}.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${distpath}/[lindex ${distfiles} 0].asc \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${distpath}/[lindex ${distfiles} 0]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span> }
if {[variant_isset "bootstrap"]} {
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -63,41 +75,6 @@ if {[variant_isset "bootstrap"]} {
</span>
supported_archs x86_64
<span style='display:block; white-space:pre;background:#ffe0e0;'>-if {${verify_gpg_signature} == "true"} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- depends_fetch-append \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- port:gnupg2
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- proc verify_gpg_signature \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- {gpg_homedir keyid_file signature_file test_file} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # pre-load public key to avoid keyserver downtime issues
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # https://pgp.mit.edu/pks/lookup?op=get&search=0x${gpg_keyid}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # note: tcl exec will return error if error messages not directed to /dev/null
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- system "/bin/sh -c \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- 'gpg --homedir ${gpg_homedir} --import ${keyid_file} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- 2>/dev/null || /usr/bin/true'"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- set gpg_verification [exec /bin/sh -c \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- "if gpg --homedir ${gpg_homedir} --verify \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${signature_file} ${test_file} 2>/dev/null; \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- then echo 'VERIFIED'; else echo 'UNVERIFIED'; fi"]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if {[string trim ${gpg_verification}] != "VERIFIED"} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ui_error \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- "GPG signature verification failed on ${test_file} with keyid file ${keyid_file}."
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- exit 1
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- pre-extract {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # check GPG signature: https://docs.haskellstack.org/en/stable/SIGNING_KEY/
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- set gpg_keyid 1c5c154d
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- verify_gpg_signature \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${workpath}/.gnupg \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${filespath}/keyid-${gpg_keyid}.txt \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${distpath}/[lindex ${distfiles} 0].asc \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${distpath}/[lindex ${distfiles} 0]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span> set system_gcc /usr/bin/gcc
use_configure no
</pre><pre style='margin:0'>
</pre>