mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2026-02-09 09:41:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

eclass/pypi: Sync with Gentoo

Browse Source 
It's from Gentoo commit 96efef0cdfe624d449fa0010623c417fd9698a93.

Signed-off-by: Flatcar Buildbot <buildbot@flatcar-linux.org>
This commit is contained in:
Flatcar Buildbot 2026-02-02 07:28:44 +00:00
parent 3ac06e618b
commit e11a72a6f5
1 changed files with 24 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
sdk_container/src/third_party/portage-stable/eclass/pypi.eclass vendored
View File

@ -1,4 +1,4 @@
# Copyright 2023-2025 Gentoo Authors
# Copyright 2023-2026 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# @ECLASS: pypi.eclass
@ -76,10 +76,13 @@ _PYPI_ECLASS=1
# @DEFAULT_UNSET
# @PRE_INHERIT
# @DESCRIPTION:
# The repository to verify provenance against. If set to a non-empty
# The publisher to verify provenance against. If set to a non-empty
# value, the eclass will add a "verify-provenance" flag that can be used
# to download the provenance for the distribution, and verify it
# against the provenance and the specified repository.
# to download and verify the provenance for the distribution.
#
# This can be:
# - the repository URL when the provenance was signed by a repository
# - gcp:<email address> when it was signed by a Google Cloud account
# @FUNCTION: _pypi_normalize_name
# @INTERNAL
@ -310,23 +313,33 @@ pypi_provenance_url() {
# to the artifact to verify, while <provenance> is the provenance file.
#
# The function defaults to using PYPI_VERIFY_REPO as the expected
# repository URL. This can be overridden by specfying <repo>.
# provider info. This can be overridden by specfying <provider>.
#
# The function dies on verification failure.
pypi_verify_provenance() {
if [[ ${#} -lt 2 || ${#} -gt 3 ]]; then
die "Usage: ${FUNCNAME} <dist> <provenance> [<repo>]"
die "Usage: ${FUNCNAME} <dist> <provenance> [<provider>]"
fi
local dist=${1}
local provenance=${2}
local repo=${3-"${PYPI_VERIFY_REPO}"}
local provider=${3-"${PYPI_VERIFY_REPO}"}
local args=(
--offline
--provenance-file "${provenance}"
"${dist}"
)
case ${provider} in
gcp:*)
args+=( --gcp-service-account "${provider#gcp:}" )
;;
*)
args+=( --repository "${provider}" )
esac
einfo "Verifying ${dist##*/} ..."
pypi-attestations verify pypi --offline \
--repository "${repo}" \
--provenance-file "${provenance}" \
"${dist}" ||
pypi-attestations verify pypi "${args[@]}" ||
die "Provenance verification failed for ${dist##*/}"
}