From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1524131-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id BDA7015810D
	for <garchives@archives.gentoo.org>; Thu,  1 Jun 2023 05:54:05 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id D780AE0878;
	Thu,  1 Jun 2023 05:54:04 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id B0A3AE0878
	for <gentoo-commits@lists.gentoo.org>; Thu,  1 Jun 2023 05:54:04 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 8BED5341252
	for <gentoo-commits@lists.gentoo.org>; Thu,  1 Jun 2023 05:54:03 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 28755A80
	for <gentoo-commits@lists.gentoo.org>; Thu,  1 Jun 2023 05:54:02 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1685598814.92a6e5fff44afe50674097e9635471c39c67b30d.sam@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: sec-keys/openpgp-keys-gentoo-developers/
X-VCS-Repository: repo/gentoo
X-VCS-Files: sec-keys/openpgp-keys-gentoo-developers/Manifest sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230508.ebuild sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230515.ebuild
X-VCS-Directories: sec-keys/openpgp-keys-gentoo-developers/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: 92a6e5fff44afe50674097e9635471c39c67b30d
X-VCS-Branch: master
Date: Thu,  1 Jun 2023 05:54:02 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 9d744d6a-2864-4088-b53b-a422f4ced754
X-Archives-Hash: f78522c615102e8231f5d3d3aa6ae702

commit:     92a6e5fff44afe50674097e9635471c39c67b30d
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun  1 05:53:34 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jun  1 05:53:34 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=92a6e5ff

sec-keys/openpgp-keys-gentoo-developers: drop 20230508, 20230515

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sec-keys/openpgp-keys-gentoo-developers/Manifest   |   2 -
 .../openpgp-keys-gentoo-developers-20230508.ebuild | 233 ---------------------
 .../openpgp-keys-gentoo-developers-20230515.ebuild | 233 ---------------------
 3 files changed, 468 deletions(-)

diff --git a/sec-keys/openpgp-keys-gentoo-developers/Manifest b/sec-keys/openpgp-keys-gentoo-developers/Manifest
index 52f94b213260..b08e17dfeabb 100644
--- a/sec-keys/openpgp-keys-gentoo-developers/Manifest
+++ b/sec-keys/openpgp-keys-gentoo-developers/Manifest
@@ -1,5 +1,3 @@
 DIST openpgp-keys-gentoo-developers-20230403-active-devs.gpg 3033398 BLAKE2B 233549fa600d855df1f4130224c63b10d0df3312886bef1c0486553db3025554a4fff7af104a3f0869390d53837a8d0182d830432e855273da28c753ea579d7e SHA512 33264b9ef002656f5c58dc2b2ff568d01b624c68e2e42db0d388b9a99b45c2d605df0d5db7b5029c0946f524fa7168252ba87908336e6f9ad0717c20d43cd112
-DIST openpgp-keys-gentoo-developers-20230508-active-devs.gpg 3084780 BLAKE2B e7bdf7d2dd4031c63b8acc326c4f11b1f31639d97fa18eb37ec40805789e6c574d5443b0028f204375d0854e661ed2893ca960e9663b41c67b91d87d4e50466d SHA512 bcd0bc704e36dbfdb37cce3739336af7767c64eb9e443607c743c608274676b779e158bdb34ab22d6da6921c3c7b43ecd729c856600c530757fb7da020bf9d67
-DIST openpgp-keys-gentoo-developers-20230515-active-devs.gpg 3093773 BLAKE2B 481e754067cf3ecdce5792490bda2ea9a8afa412c3b6442955f588b2a1c084032ec9d191b39a1931a25e72b291f21dc6e6011b27badd39688420d58743aafa20 SHA512 4c5f7b90e228c639b720932841d404b87cb730929c6955d1441771d1213111375c390aae675176f2a3a99b8dc1d24cdf4f4986f0dfd6025f36d4d84c8eb44c02
 DIST openpgp-keys-gentoo-developers-20230522-active-devs.gpg 3094133 BLAKE2B f6c9ea88ab0bb97e4a43731705d346e75b21b0ccd0c7fbf6c0e4c1cd8408cd7e27c14e3e6bf2c1a60853d27bc8ec6881d2d5832e15bb6bd265a15f95e61d1b46 SHA512 72febc57dbeb9a4ea8431f2d36870181e91b019b414fbba1660689fea574f10881e39ca36ab9b6a648b3297cfef10123b191c5c7d643c07087a267b0f993f580
 DIST openpgp-keys-gentoo-developers-20230529-active-devs.gpg 3094133 BLAKE2B f6c9ea88ab0bb97e4a43731705d346e75b21b0ccd0c7fbf6c0e4c1cd8408cd7e27c14e3e6bf2c1a60853d27bc8ec6881d2d5832e15bb6bd265a15f95e61d1b46 SHA512 72febc57dbeb9a4ea8431f2d36870181e91b019b414fbba1660689fea574f10881e39ca36ab9b6a648b3297cfef10123b191c5c7d643c07087a267b0f993f580

diff --git a/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230508.ebuild b/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230508.ebuild
deleted file mode 100644
index efd0694ab707..000000000000
--- a/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230508.ebuild
+++ /dev/null
@@ -1,233 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{9..11} )
-inherit edo python-any-r1
-
-DESCRIPTION="Gentoo Authority Keys (GLEP 79)"
-HOMEPAGE="https://www.gentoo.org/downloads/signatures/"
-if [[ ${PV} == 9999* ]] ; then
-	PROPERTIES="live"
-
-	BDEPEND="net-misc/curl"
-else
-	SRC_URI="https://qa-reports.gentoo.org/output/keys/active-devs-${PV}.gpg -> ${P}-active-devs.gpg"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
-fi
-
-S="${WORKDIR}"
-
-LICENSE="public-domain"
-SLOT="0"
-IUSE="test"
-RESTRICT="!test? ( test )"
-
-BDEPEND+="
-	$(python_gen_any_dep 'dev-python/python-gnupg[${PYTHON_USEDEP}]')
-	sec-keys/openpgp-keys-gentoo-auth
-	test? (
-		app-crypt/gnupg
-		sys-apps/grep[pcre]
-	)
-"
-
-python_check_deps() {
-	python_has_version "dev-python/python-gnupg[${PYTHON_USEDEP}]"
-}
-
-src_unpack() {
-	if [[ ${PV} == 9999* ]] ; then
-		curl https://qa-reports.gentoo.org/output/active-devs.gpg -o ${P}-active-devs.gpg || die
-	else
-		default
-	fi
-}
-
-src_compile() {
-	export GNUPGHOME="${T}"/.gnupg
-
-	get_gpg_keyring_dir() {
-		if [[ ${PV} == 9999* ]] ; then
-			echo "${WORKDIR}"
-		else
-			echo "${DISTDIR}"
-		fi
-	}
-
-	local mygpgargs=(
-		--no-autostart
-		--no-default-keyring
-		--homedir "${GNUPGHOME}"
-	)
-
-	# From verify-sig.eclass:
-	# "GPG upstream knows better than to follow the spec, so we can't
-	# override this directory.  However, there is a clean fallback
-	# to GNUPGHOME."
-	addpredict /run/user
-
-	mkdir "${GNUPGHOME}" || die
-	chmod 700 "${GNUPGHOME}" || die
-
-	# Convert the binary keyring into an armored one so we can process it
-	edo gpg "${mygpgargs[@]}" --import "$(get_gpg_keyring_dir)"/${P}-active-devs.gpg
-	edo gpg "${mygpgargs[@]}" --export --armor > "${WORKDIR}"/gentoo-developers.asc
-
-	# Now strip out the keys which are expired and/or missing a signature
-	# from our L2 developer authority key
-	edo "${EPYTHON}" "${FILESDIR}"/keyring-mangler.py \
-			"${BROOT}"/usr/share/openpgp-keys/gentoo-auth.asc \
-			"${WORKDIR}"/gentoo-developers.asc \
-			"${WORKDIR}"/gentoo-developers-sanitised.asc
-}
-
-src_test() {
-	export GNUPGHOME="${T}"/tests/.gnupg
-
-	local mygpgargs=(
-		# We don't have --no-autostart here because we need
-		# to let it spawn an agent for the key generation.
-		--no-default-keyring
-		--homedir "${GNUPGHOME}"
-	)
-
-	# From verify-sig.eclass:
-	# "GPG upstream knows better than to follow the spec, so we can't
-	# override this directory.  However, there is a clean fallback
-	# to GNUPGHOME."
-	addpredict /run/user
-
-	# Check each of the keys to verify they're trusted by
-	# the L2 developer key.
-	mkdir -p "${GNUPGHOME}" || die
-	chmod 700 "${GNUPGHOME}" || die
-	cd "${T}"/tests || die
-
-	# First, grab the L1 key, and mark it as ultimately trusted.
-	edo gpg "${mygpgargs[@]}" --import "${BROOT}"/usr/share/openpgp-keys/gentoo-auth.asc
-	edo gpg "${mygpgargs[@]}" --import-ownertrust "${BROOT}"/usr/share/openpgp-keys/gentoo-auth-ownertrust.txt
-
-	# Generate a temporary key which isn't signed by anything to check
-	# whether we're detecting unexpected keys.
-	#
-	# The test is whether this appears in the sanitised keyring we
-	# produce in src_compile (it should not be in there).
-	#
-	# https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html
-	edo gpg "${mygpgargs[@]}" --batch --gen-key <<-EOF
-		%echo Generating temporary key for testing...
-
-		%no-protection
-		%transient-key
-		%pubring ${P}-ebuild-test-key.asc
-
-		Key-Type: 1
-		Key-Length: 2048
-		Subkey-Type: 1
-		Subkey-Length: 2048
-		Name-Real: Larry The Cow
-		Name-Email: larry@example.com
-		Expire-Date: 0
-		Handle: ${P}-ebuild-test-key
-
-		%commit
-		%echo Temporary key generated!
-	EOF
-
-	# Import the new injected key that shouldn't be signed by anything into a temporary testing keyring
-	edo gpg "${mygpgargs[@]}" --import "${T}"/tests/${P}-ebuild-test-key.asc
-
-	# Sign a tiny file with the to-be-injected key for testing rejection below
-	echo "Hello world!" > "${T}"/tests/signme || die
-	edo gpg "${mygpgargs[@]}" -u "Larry The Cow <larry@example.com>" --sign "${T}"/tests/signme || die
-
-	edo gpg "${mygpgargs[@]}" --export --armor > "${T}"/tests/tainted-keyring.asc
-
-	# keyring-mangler.py should now produce a keyring *without* it
-	edo "${EPYTHON}" "${FILESDIR}"/keyring-mangler.py \
-			"${BROOT}"/usr/share/openpgp-keys/gentoo-auth.asc \
-			"${T}"/tests/tainted-keyring.asc \
-			"${T}"/tests/gentoo-developers-sanitised.asc | tee "${T}"/tests/keyring-mangler.log
-	assert "Key mangling in tests failed?"
-
-	# Check the log to verify the injected key got detected
-	grep -q "Dropping key.*Larry The Cow" "${T}"/tests/keyring-mangler.log || die "Did not remove injected key from test keyring!"
-
-	# gnupg doesn't have an easy way for us to actually just.. ask
-	# if a key is known via WoT. So, sign a file using the key
-	# we just made, and then try to gpg --verify it, and check exit code.
-	#
-	# Let's now double check by seeing if a file signed by the injected key
-	# is rejected.
-	if gpg "${mygpgargs[@]}" --keyring "${T}"/tests/gentoo-developers-sanitised.asc --verify "${T}"/tests/signme.gpg ; then
-		die "'gpg --verify' using injected test key succeeded! This shouldn't happen!"
-	fi
-
-	# Bonus lame sanity check
-	edo gpg "${mygpgargs[@]}" --check-trustdb 2>&1 | tee "${T}"/tests/trustdb.log
-	assert "trustdb call failed!"
-
-	check_trust_levels() {
-		local mode=${1}
-
-		while IFS= read -r line; do
-			# gpg: depth: 0  valid:   1  signed:   2  trust: 0-, 0q, 0n, 0m, 0f, 1u
-			# gpg: depth: 1  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 2f, 0u
-			if [[ ${line} == *depth* ]] ; then
-				depth=$(echo ${line} | grep -Po "depth: [0-9]")
-				trust=$(echo ${line} | grep -Po "trust:.*")
-
-				trust_uncalculated=$(echo ${trust} | grep -Po "[0-9]-")
-				[[ ${trust_uncalculated} == 0 ]] || ${mode}
-
-				trust_insufficient=$(echo ${trust} | grep -Po "[0-9]q")
-				[[ ${trust_insufficient} == 0 ]] || ${mode}
-
-				trust_never=$(echo ${trust} | grep -Po "[0-9]n")
-				[[ ${trust_never} == 0 ]] || ${mode}
-
-				trust_marginal=$(echo ${trust} | grep -Po "[0-9]m")
-				[[ ${trust_marginal} == 0 ]] || ${mode}
-
-				trust_full=$(echo ${trust} | grep -Po "[0-9]f")
-				[[ ${trust_full} != 0 ]] || ${mode}
-
-				trust_ultimate=$(echo ${trust} | grep -Po "[0-9]u")
-				[[ ${trust_ultimate} == 1 ]] || ${mode}
-
-				echo "${trust_uncalculated}, ${trust_insufficient}"
-			fi
-		done < "${T}"/tests/trustdb.log
-	}
-
-	# First, check with the bad key still in the test keyring.
-	# This is supposed to fail, so we want it to return 1
-	check_trust_levels "return 1" && die "Trustdb passed when it should have failed!"
-
-	# Now check without the bad key in the test keyring.
-	# This one should pass.
-	#
-	# Drop the bad key first (https://superuser.com/questions/174583/how-to-delete-gpg-secret-keys-by-force-without-fingerprint)
-	keys=$(gpg "${mygpgargs[@]}" --fingerprint --with-colons --batch "Larry The Cow <larry@example.com>" \
-		| grep "^fpr" \
-		| sed -n 's/^fpr:::::::::\([[:alnum:]]\+\):/\1/p')
-
-	local key
-	for key in ${keys[@]} ; do
-		nonfatal edo gpg "${mygpgargs[@]}" --batch --yes --delete-secret-keys ${key}
-	done
-
-	edo gpg "${mygpgargs[@]}" --batch --yes --delete-keys "Larry The Cow <larry@example.com>"
-	check_trust_levels "return 0" || die "Trustdb failed when it should have passed!"
-
-	gpgconf --kill gpg-agent || die
-}
-
-src_install() {
-	insinto /usr/share/openpgp-keys
-	newins gentoo-developers-sanitised.asc gentoo-developers.asc
-
-	# TODO: install an ownertrust file like sec-keys/openpgp-keys-gentoo-auth?
-}

diff --git a/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230515.ebuild b/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230515.ebuild
deleted file mode 100644
index efd0694ab707..000000000000
--- a/sec-keys/openpgp-keys-gentoo-developers/openpgp-keys-gentoo-developers-20230515.ebuild
+++ /dev/null
@@ -1,233 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{9..11} )
-inherit edo python-any-r1
-
-DESCRIPTION="Gentoo Authority Keys (GLEP 79)"
-HOMEPAGE="https://www.gentoo.org/downloads/signatures/"
-if [[ ${PV} == 9999* ]] ; then
-	PROPERTIES="live"
-
-	BDEPEND="net-misc/curl"
-else
-	SRC_URI="https://qa-reports.gentoo.org/output/keys/active-devs-${PV}.gpg -> ${P}-active-devs.gpg"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
-fi
-
-S="${WORKDIR}"
-
-LICENSE="public-domain"
-SLOT="0"
-IUSE="test"
-RESTRICT="!test? ( test )"
-
-BDEPEND+="
-	$(python_gen_any_dep 'dev-python/python-gnupg[${PYTHON_USEDEP}]')
-	sec-keys/openpgp-keys-gentoo-auth
-	test? (
-		app-crypt/gnupg
-		sys-apps/grep[pcre]
-	)
-"
-
-python_check_deps() {
-	python_has_version "dev-python/python-gnupg[${PYTHON_USEDEP}]"
-}
-
-src_unpack() {
-	if [[ ${PV} == 9999* ]] ; then
-		curl https://qa-reports.gentoo.org/output/active-devs.gpg -o ${P}-active-devs.gpg || die
-	else
-		default
-	fi
-}
-
-src_compile() {
-	export GNUPGHOME="${T}"/.gnupg
-
-	get_gpg_keyring_dir() {
-		if [[ ${PV} == 9999* ]] ; then
-			echo "${WORKDIR}"
-		else
-			echo "${DISTDIR}"
-		fi
-	}
-
-	local mygpgargs=(
-		--no-autostart
-		--no-default-keyring
-		--homedir "${GNUPGHOME}"
-	)
-
-	# From verify-sig.eclass:
-	# "GPG upstream knows better than to follow the spec, so we can't
-	# override this directory.  However, there is a clean fallback
-	# to GNUPGHOME."
-	addpredict /run/user
-
-	mkdir "${GNUPGHOME}" || die
-	chmod 700 "${GNUPGHOME}" || die
-
-	# Convert the binary keyring into an armored one so we can process it
-	edo gpg "${mygpgargs[@]}" --import "$(get_gpg_keyring_dir)"/${P}-active-devs.gpg
-	edo gpg "${mygpgargs[@]}" --export --armor > "${WORKDIR}"/gentoo-developers.asc
-
-	# Now strip out the keys which are expired and/or missing a signature
-	# from our L2 developer authority key
-	edo "${EPYTHON}" "${FILESDIR}"/keyring-mangler.py \
-			"${BROOT}"/usr/share/openpgp-keys/gentoo-auth.asc \
-			"${WORKDIR}"/gentoo-developers.asc \
-			"${WORKDIR}"/gentoo-developers-sanitised.asc
-}
-
-src_test() {
-	export GNUPGHOME="${T}"/tests/.gnupg
-
-	local mygpgargs=(
-		# We don't have --no-autostart here because we need
-		# to let it spawn an agent for the key generation.
-		--no-default-keyring
-		--homedir "${GNUPGHOME}"
-	)
-
-	# From verify-sig.eclass:
-	# "GPG upstream knows better than to follow the spec, so we can't
-	# override this directory.  However, there is a clean fallback
-	# to GNUPGHOME."
-	addpredict /run/user
-
-	# Check each of the keys to verify they're trusted by
-	# the L2 developer key.
-	mkdir -p "${GNUPGHOME}" || die
-	chmod 700 "${GNUPGHOME}" || die
-	cd "${T}"/tests || die
-
-	# First, grab the L1 key, and mark it as ultimately trusted.
-	edo gpg "${mygpgargs[@]}" --import "${BROOT}"/usr/share/openpgp-keys/gentoo-auth.asc
-	edo gpg "${mygpgargs[@]}" --import-ownertrust "${BROOT}"/usr/share/openpgp-keys/gentoo-auth-ownertrust.txt
-
-	# Generate a temporary key which isn't signed by anything to check
-	# whether we're detecting unexpected keys.
-	#
-	# The test is whether this appears in the sanitised keyring we
-	# produce in src_compile (it should not be in there).
-	#
-	# https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html
-	edo gpg "${mygpgargs[@]}" --batch --gen-key <<-EOF
-		%echo Generating temporary key for testing...
-
-		%no-protection
-		%transient-key
-		%pubring ${P}-ebuild-test-key.asc
-
-		Key-Type: 1
-		Key-Length: 2048
-		Subkey-Type: 1
-		Subkey-Length: 2048
-		Name-Real: Larry The Cow
-		Name-Email: larry@example.com
-		Expire-Date: 0
-		Handle: ${P}-ebuild-test-key
-
-		%commit
-		%echo Temporary key generated!
-	EOF
-
-	# Import the new injected key that shouldn't be signed by anything into a temporary testing keyring
-	edo gpg "${mygpgargs[@]}" --import "${T}"/tests/${P}-ebuild-test-key.asc
-
-	# Sign a tiny file with the to-be-injected key for testing rejection below
-	echo "Hello world!" > "${T}"/tests/signme || die
-	edo gpg "${mygpgargs[@]}" -u "Larry The Cow <larry@example.com>" --sign "${T}"/tests/signme || die
-
-	edo gpg "${mygpgargs[@]}" --export --armor > "${T}"/tests/tainted-keyring.asc
-
-	# keyring-mangler.py should now produce a keyring *without* it
-	edo "${EPYTHON}" "${FILESDIR}"/keyring-mangler.py \
-			"${BROOT}"/usr/share/openpgp-keys/gentoo-auth.asc \
-			"${T}"/tests/tainted-keyring.asc \
-			"${T}"/tests/gentoo-developers-sanitised.asc | tee "${T}"/tests/keyring-mangler.log
-	assert "Key mangling in tests failed?"
-
-	# Check the log to verify the injected key got detected
-	grep -q "Dropping key.*Larry The Cow" "${T}"/tests/keyring-mangler.log || die "Did not remove injected key from test keyring!"
-
-	# gnupg doesn't have an easy way for us to actually just.. ask
-	# if a key is known via WoT. So, sign a file using the key
-	# we just made, and then try to gpg --verify it, and check exit code.
-	#
-	# Let's now double check by seeing if a file signed by the injected key
-	# is rejected.
-	if gpg "${mygpgargs[@]}" --keyring "${T}"/tests/gentoo-developers-sanitised.asc --verify "${T}"/tests/signme.gpg ; then
-		die "'gpg --verify' using injected test key succeeded! This shouldn't happen!"
-	fi
-
-	# Bonus lame sanity check
-	edo gpg "${mygpgargs[@]}" --check-trustdb 2>&1 | tee "${T}"/tests/trustdb.log
-	assert "trustdb call failed!"
-
-	check_trust_levels() {
-		local mode=${1}
-
-		while IFS= read -r line; do
-			# gpg: depth: 0  valid:   1  signed:   2  trust: 0-, 0q, 0n, 0m, 0f, 1u
-			# gpg: depth: 1  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 2f, 0u
-			if [[ ${line} == *depth* ]] ; then
-				depth=$(echo ${line} | grep -Po "depth: [0-9]")
-				trust=$(echo ${line} | grep -Po "trust:.*")
-
-				trust_uncalculated=$(echo ${trust} | grep -Po "[0-9]-")
-				[[ ${trust_uncalculated} == 0 ]] || ${mode}
-
-				trust_insufficient=$(echo ${trust} | grep -Po "[0-9]q")
-				[[ ${trust_insufficient} == 0 ]] || ${mode}
-
-				trust_never=$(echo ${trust} | grep -Po "[0-9]n")
-				[[ ${trust_never} == 0 ]] || ${mode}
-
-				trust_marginal=$(echo ${trust} | grep -Po "[0-9]m")
-				[[ ${trust_marginal} == 0 ]] || ${mode}
-
-				trust_full=$(echo ${trust} | grep -Po "[0-9]f")
-				[[ ${trust_full} != 0 ]] || ${mode}
-
-				trust_ultimate=$(echo ${trust} | grep -Po "[0-9]u")
-				[[ ${trust_ultimate} == 1 ]] || ${mode}
-
-				echo "${trust_uncalculated}, ${trust_insufficient}"
-			fi
-		done < "${T}"/tests/trustdb.log
-	}
-
-	# First, check with the bad key still in the test keyring.
-	# This is supposed to fail, so we want it to return 1
-	check_trust_levels "return 1" && die "Trustdb passed when it should have failed!"
-
-	# Now check without the bad key in the test keyring.
-	# This one should pass.
-	#
-	# Drop the bad key first (https://superuser.com/questions/174583/how-to-delete-gpg-secret-keys-by-force-without-fingerprint)
-	keys=$(gpg "${mygpgargs[@]}" --fingerprint --with-colons --batch "Larry The Cow <larry@example.com>" \
-		| grep "^fpr" \
-		| sed -n 's/^fpr:::::::::\([[:alnum:]]\+\):/\1/p')
-
-	local key
-	for key in ${keys[@]} ; do
-		nonfatal edo gpg "${mygpgargs[@]}" --batch --yes --delete-secret-keys ${key}
-	done
-
-	edo gpg "${mygpgargs[@]}" --batch --yes --delete-keys "Larry The Cow <larry@example.com>"
-	check_trust_levels "return 0" || die "Trustdb failed when it should have passed!"
-
-	gpgconf --kill gpg-agent || die
-}
-
-src_install() {
-	insinto /usr/share/openpgp-keys
-	newins gentoo-developers-sanitised.asc gentoo-developers.asc
-
-	# TODO: install an ownertrust file like sec-keys/openpgp-keys-gentoo-auth?
-}