W dniu wto, 30.01.2018 o godzinie 09∶32 -0800, użytkownik Zac Medico
napisał:
> On 01/30/2018 08:59 AM, Michał Górny wrote:
> > Rename the 'sync-rsync-openpgp-key-path' to a more generic
> > 'sync-openpgp-key-path'. OpenPGP is the basis of at least three
> > different verification schemes (git, rsync, snapshots) and at least
> > two of them use the same keys.
> > ---
> > cnf/repos.conf | 2 +-
> > man/portage.5 | 9 +++++----
> > pym/portage/repository/config.py | 4 ++++
> > pym/portage/sync/modules/rsync/__init__.py | 1 -
> > pym/portage/sync/modules/rsync/rsync.py | 8 ++------
> > 5 files changed, 12 insertions(+), 12 deletions(-)
> >
> > diff --git a/cnf/repos.conf b/cnf/repos.conf
> > index 0d2b1f4be..4a40ff4fc 100644
> > --- a/cnf/repos.conf
> > +++ b/cnf/repos.conf
> > @@ -7,7 +7,7 @@ sync-type = rsync
> > sync-uri = rsync://rsync.gentoo.org/gentoo-portage
> > auto-sync = yes
> > sync-rsync-verify-metamanifest = yes
> > -sync-rsync-openpgp-key-path =
> > /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg
> > +sync-openpgp-key-path =
> > /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg
> >
> > # for daily squashfs snapshots
> > #sync-type = squashdelta
> > diff --git a/man/portage.5 b/man/portage.5
> > index 84999bd2f..1f6259715 100644
> > --- a/man/portage.5
> > +++ b/man/portage.5
> > @@ -1071,10 +1071,11 @@ Extra options to give to rsync on repository
> > synchronization. It takes
> > precedence over a declaration in [DEFAULT] section, that takes
> > precedence over PORTAGE_RSYNC_EXTRA_OPTS.
> > .TP
> > -.B sync\-rsync\-openpgp\-key\-path
> > -Path to the OpenPGP key(ring) used to verify MetaManifest. Used only
> > -if \fBsync\-rsync\-verify\-metamanifest\fR is enabled. If unset,
> > -the user's keyring is used.
> > +.B sync\-openpgp\-key\-path
> > +Path to the OpenPGP key(ring) used to verify received repository. Used
> > +only for protocols supporting cryptographic verification, provided
> > +that the respective verification option is enabled. If unset, the user's
> > +keyring is used.
> > .TP
> > .B sync-rsync-vcs-ignore = true|false
> > Ignore vcs directories that may be present in the repository. It is the
> > diff --git a/pym/portage/repository/config.py
> > b/pym/portage/repository/config.py
> > index be31ed3b1..d3a622f7c 100644
> > --- a/pym/portage/repository/config.py
> > +++ b/pym/portage/repository/config.py
> > @@ -86,6 +86,7 @@ class RepoConfig(object):
> > 'sync_type', 'sync_umask', 'sync_uri', 'sync_user',
> > 'thin_manifest',
> > 'update_changelog', '_eapis_banned', '_eapis_deprecated',
> > '_masters_orig', 'module_specific_options',
> > 'manifest_required_hashes',
> > + 'openpgp_key_path',
> > )
> >
> > def __init__(self, name, repo_opts, local_config=True):
> > @@ -182,6 +183,9 @@ class RepoConfig(object):
> > self.strict_misc_digests = repo_opts.get(
> > 'strict-misc-digests', 'true').lower() == 'true'
> >
> > + self.openpgp_key_path = repo_opts.get(
> > + 'sync-openpgp-key-path', None)
> > +
> > self.module_specific_options = {}
> >
> > # Not implemented.
> > diff --git a/pym/portage/sync/modules/rsync/__init__.py
> > b/pym/portage/sync/modules/rsync/__init__.py
> > index 14af2120c..27a2548c0 100644
> > --- a/pym/portage/sync/modules/rsync/__init__.py
> > +++ b/pym/portage/sync/modules/rsync/__init__.py
> > @@ -27,7 +27,6 @@ module_spec = {
> > 'validate_config': CheckSyncConfig,
> > 'module_specific_options': (
> > 'sync-rsync-extra-opts',
> > - 'sync-rsync-openpgp-key-path',
> > 'sync-rsync-vcs-ignore',
> > 'sync-rsync-verify-jobs',
> > 'sync-rsync-verify-metamanifest',
> > diff --git a/pym/portage/sync/modules/rsync/rsync.py
> > b/pym/portage/sync/modules/rsync/rsync.py
> > index 552ac6f6b..d9d7d56f2 100644
> > --- a/pym/portage/sync/modules/rsync/rsync.py
> > +++ b/pym/portage/sync/modules/rsync/rsync.py
> > @@ -87,10 +87,6 @@ class RsyncSync(NewBase):
> > self.verify_metamanifest = (
> > self.repo.module_specific_options.get(
> > 'sync-rsync-verify-metamanifest',
> > False))
> > - # Default to gentoo-keys keyring.
> > - self.openpgp_key_path = (
> > - self.repo.module_specific_options.get(
> > - 'sync-rsync-openpgp-key-path', None))
> > # Support overriding job count.
> > self.verify_jobs = self.repo.module_specific_options.get(
> > 'sync-rsync-verify-jobs', None)
> > @@ -276,8 +272,8 @@ class RsyncSync(NewBase):
> > # if synced successfully, verify now
> > if exitcode == 0 and self.verify_metamanifest:
> > command = ['gemato', 'verify', '-s', self.repo.location]
> > - if self.openpgp_key_path is not None:
> > - command += ['-K', self.openpgp_key_path]
> > + if self.repo.openpgp_key_path is not None:
> > + command += ['-K', self.repo.openpgp_key_path]
> > if self.verify_jobs is not None:
> > command += ['-j', self.verify_jobs]
> > exitcode = portage.process.spawn(command,
> > **self.spawn_kwargs)
> >
>
> Unless we update this patch to retain backward compatibility with
> sync-rsync-openpgp-key-path in portage-2.3.21, we'll need a to have a
> portage-2.3.22 release soon.
Yes. We need it anyway because the boolean parsing in sync-rsync-verify-
metamanifest is broken ;-F.
--
Best regards,
Michał Górny
