Get Gentoo!
Development Guide
  1. Master index
  2. Eclass reference

SEC-KEYS.ECLASS

Section: eclass-manpages (5)
Updated: Sep 2025
Index Return to Main Contents

NAME

sec-keys.eclass - Provides a uniform way of handling ebuilds which package PGP key material

DESCRIPTION

This eclass provides a streamlined approach to finding suitable source material for OpenPGP keys used by the verify-sig eclass. Its primary purpose is to permit developers to easily and securely package new sec-keys/* packages. The eclass removes the risk of developers accidentally packaging malformed key material, or neglecting to notice when PGP identities have changed.

To use the eclass, define SEC_KEYS_VALIDPGPKEYS to contain the fingerprint of the key and the short name of the key's owner.

SUPPORTED EAPIS

8

EXAMPLE

Example use: 

SEC_KEYS_VALIDPGPKEYS=(
        '3DB7F3CA6C1D90B99FE25B38D4B476A4D175C54F:bjones:ubuntu'
        '4EC8A4DB7D2E01C00AF36C49E5C587B5E286C65A:jsmith:github,openpgp'
        # key only available on personal website, use manual SRC_URI
        '5FD9B5EC8E3F12D11BA47D50F6D698C6F397D76B:awhite:manual'
)

inherit sec-keys

SRC_URI+="https://awhite.com/awhite.gpg -> awhite-${PV}.gpg"

FUNCTIONS

sec-keys_src_compile
Default src_compile override that:

- imports all public keys into a keyring

- validates that they are listed in SEC_KEYS_VALIDPGPKEYS

- minifies and exports them back into a unified keyfile

sec-keys_src_install
Default src_install override that installs an ascii-armored keyfile installed to the standard /usr/share/openpgp-keys.

ECLASS VARIABLES

SEC_KEYS_VALIDPGPKEYS (SET BEFORE INHERIT)
Mapping of fingerprints, name, and optional locations of PGP keys to include, separated by colons. The allowed values for a location are:


 - gentoo -- fetch key by fingerprint from https://keys.gentoo.org


 - github -- fetch key from github.com/${name}.pgp


 - openpgp -- fetch key by fingerprint from https://keys.openpgp.org


 - ubuntu -- fetch key by fingerprint from http://keyserver.ubuntu.com


 - manual -- do not add to SRC_URI, the ebuild will provide a custom
   download location

AUTHORS

Eli Schwartz <eschwartz@gentoo.org>

MAINTAINERS

Eli Schwartz <eschwartz@gentoo.org>

REPORTING BUGS

Please report bugs via https://bugs.gentoo.org/

FILES

sec-keys.eclass

SEE ALSO

ebuild(5)
https://gitweb.gentoo.org/repo/gentoo.git/log/eclass/sec-keys.eclass

Index

NAME
DESCRIPTION
SUPPORTED EAPIS
EXAMPLE
FUNCTIONS
ECLASS VARIABLES
AUTHORS
MAINTAINERS
REPORTING BUGS
FILES
SEE ALSO
This document was created by man2html, using the manual pages.
Time: 03:27:00 GMT, September 08, 2025