[gentoo-portage-dev] [PATCH v2] repos.conf: default sync-webrsync-verify-signature
Enable sync-webrsync-verify-signature by default. Use a new PORTAGE_TEMP_GPG_DIR variable to distinguish indirect emerge-webrsync calls that use gemato for secure key refresh, and disable direct emerge-webrsync calls. Deprecate FEATURES=webrsync-gpg and use it to trigger a backward-compatibility mode where direct emerge-webrsync calls are allowed (but trigger a warning message). Since direct emerge-webrsync calls do not use gemato for secure key refresh, this behavior will not be supported in a future release. Bug: https://bugs.gentoo.org/689506 --- [PATCH v2] * Fix typo in man page date reported by Ulrich Mueller. * Automatically enable sync-webrsync-verify-signature only if gemato is available and sync-openpgp-key-path exists (dependencies conditional on USE=rsync-verify). bin/emerge-webrsync | 19 --- lib/portage/package/ebuild/config.py | 4 lib/portage/sync/modules/webrsync/webrsync.py | 8 +++- man/make.conf.5 | 6 -- man/portage.5 | 4 ++-- misc/emerge-delta-webrsync| 19 --- 6 files changed, 49 insertions(+), 11 deletions(-) diff --git a/bin/emerge-webrsync b/bin/emerge-webrsync index f622dde3e..25daaf8eb 100755 --- a/bin/emerge-webrsync +++ b/bin/emerge-webrsync @@ -50,7 +50,7 @@ eval "$("${portageq}" envvar -v DISTDIR EPREFIX FEATURES \ FETCHCOMMAND GENTOO_MIRRORS \ PORTAGE_BIN_PATH PORTAGE_CONFIGROOT PORTAGE_GPG_DIR \ PORTAGE_NICENESS PORTAGE_REPOSITORIES PORTAGE_RSYNC_EXTRA_OPTS \ - PORTAGE_RSYNC_OPTS PORTAGE_TMPDIR \ + PORTAGE_RSYNC_OPTS PORTAGE_TEMP_GPG_DIR PORTAGE_TMPDIR \ USERLAND http_proxy ftp_proxy)" export http_proxy ftp_proxy @@ -74,9 +74,21 @@ do_verbose=0 do_debug=0 keep=false -if has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature | \ +has webrsync-gpg ${FEATURES} && webrsync_gpg=1 || webrsync_gpg=0 + +if [[ ${webrsync_gpg} -eq 1 ]]; then + wecho "FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page." +fi + +if [[ -n ${PORTAGE_TEMP_GPG_DIR} ]] || + has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature | LC_ALL=C tr '[:upper:]' '[:lower:]') true yes; then - if [[ ! -d ${PORTAGE_GPG_DIR} ]]; then + # If FEATURES=webrsync-gpg is enabled then allow direct emerge-webrsync + # calls for backward compatibility (this triggers a deprecation warning + # above). Since direct emerge-webrsync calls do not use gemato for secure + # key refresh, this behavior will not be supported in a future release. + if [[ ! ( -d ${PORTAGE_GPG_DIR} && ${webrsync_gpg} -eq 1 ) && + -z ${PORTAGE_TEMP_GPG_DIR} ]]; then eecho "Do not call ${argv0##*/} directly, instead call emerge --sync or emaint sync." exit 1 fi @@ -86,6 +98,7 @@ elif has webrsync-gpg ${FEATURES}; then else WEBSYNC_VERIFY_SIGNATURE=0 fi +[[ -n ${PORTAGE_TEMP_GPG_DIR} ]] && PORTAGE_GPG_DIR=${PORTAGE_TEMP_GPG_DIR} if [ ${WEBSYNC_VERIFY_SIGNATURE} != 0 -a -z "${PORTAGE_GPG_DIR}" ]; then eecho "please set PORTAGE_GPG_DIR in make.conf" exit 1 diff --git a/lib/portage/package/ebuild/config.py b/lib/portage/package/ebuild/config.py index 780013bca..83a15b370 100644 --- a/lib/portage/package/ebuild/config.py +++ b/lib/portage/package/ebuild/config.py @@ -1205,6 +1205,10 @@ class config(object): writemsg(_("!!! FEATURES=fakeroot is enabled, but the " "fakeroot binary is not installed.\n"), noiselevel=-1) + if "webrsync-gpg" in self.features: + writemsg(_("!!! FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page.\n"), + noiselevel=-1) + if os.getuid() == 0 and not hasattr(os, "setgroups"): warning_shown = False diff --git a/lib/portage/sync/modules/webrsync/webrsync.py b/lib/portage/sync/modules/webrsync/webrsync.py index 609ba0be2..4232ca972 100644 --- a/lib/portage/sync/modules/webrsync/webrsync.py +++ b/lib/portage/sync/modules/webrsync/webrsync.py @@ -59,9 +59,14 @@ class WebRsync(SyncBase): verbose = '--verbose' in self.options['emerge_config'].opts quiet = '--quiet' in self.options['emerge_config'].opts + auto_verify_sig = (self.repo.module_specific_options.get( + 'sync-webrsync-verify-signature', 'true').lower() not in ('false', 'no') and + gemato is not None and + self.repo.sync_openpgp_key_path and + os.path.isfile(self.repo.sync_openpgp_key_path)) openpgp_env = None try: - if self.repo.module_specific_options.get( + if auto_verify_sig or
Re: [gentoo-portage-dev] [PATCH] repos.conf: default sync-webrsync-verify-signature
> On Tue, 09 Jul 2019, Zac Medico wrote: > --- a/man/make.conf.5 > +++ b/man/make.conf.5 > @@ -1,4 +1,4 @@ > -.TH "MAKE.CONF" "5" "Jun 2019" "Portage VERSION" "Portage" > +.TH "MAKE.CONF" "5" "Ju. 2019" "Portage VERSION" "Portage" Typo. signature.asc Description: PGP signature
[gentoo-portage-dev] [PATCH] repos.conf: default sync-webrsync-verify-signature
Enable sync-webrsync-verify-signature by default. Use a new PORTAGE_TEMP_GPG_DIR variable to distinguish indirect emerge-webrsync calls that use gemato for secure key refresh, and disable direct emerge-webrsync calls. Deprecate FEATURES=webrsync-gpg and use it to trigger a backward-compatibility mode where direct emerge-webrsync calls are allowed (but trigger a warning message). Since direct emerge-webrsync calls do not use gemato for secure key refresh, this behavior will not be supported in a future release. Bug: https://bugs.gentoo.org/689506 --- bin/emerge-webrsync | 19 --- lib/portage/package/ebuild/config.py | 4 lib/portage/sync/modules/webrsync/webrsync.py | 3 ++- man/make.conf.5 | 6 -- man/portage.5 | 2 +- misc/emerge-delta-webrsync| 19 --- 6 files changed, 43 insertions(+), 10 deletions(-) diff --git a/bin/emerge-webrsync b/bin/emerge-webrsync index f622dde3e..25daaf8eb 100755 --- a/bin/emerge-webrsync +++ b/bin/emerge-webrsync @@ -50,7 +50,7 @@ eval "$("${portageq}" envvar -v DISTDIR EPREFIX FEATURES \ FETCHCOMMAND GENTOO_MIRRORS \ PORTAGE_BIN_PATH PORTAGE_CONFIGROOT PORTAGE_GPG_DIR \ PORTAGE_NICENESS PORTAGE_REPOSITORIES PORTAGE_RSYNC_EXTRA_OPTS \ - PORTAGE_RSYNC_OPTS PORTAGE_TMPDIR \ + PORTAGE_RSYNC_OPTS PORTAGE_TEMP_GPG_DIR PORTAGE_TMPDIR \ USERLAND http_proxy ftp_proxy)" export http_proxy ftp_proxy @@ -74,9 +74,21 @@ do_verbose=0 do_debug=0 keep=false -if has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature | \ +has webrsync-gpg ${FEATURES} && webrsync_gpg=1 || webrsync_gpg=0 + +if [[ ${webrsync_gpg} -eq 1 ]]; then + wecho "FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page." +fi + +if [[ -n ${PORTAGE_TEMP_GPG_DIR} ]] || + has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature | LC_ALL=C tr '[:upper:]' '[:lower:]') true yes; then - if [[ ! -d ${PORTAGE_GPG_DIR} ]]; then + # If FEATURES=webrsync-gpg is enabled then allow direct emerge-webrsync + # calls for backward compatibility (this triggers a deprecation warning + # above). Since direct emerge-webrsync calls do not use gemato for secure + # key refresh, this behavior will not be supported in a future release. + if [[ ! ( -d ${PORTAGE_GPG_DIR} && ${webrsync_gpg} -eq 1 ) && + -z ${PORTAGE_TEMP_GPG_DIR} ]]; then eecho "Do not call ${argv0##*/} directly, instead call emerge --sync or emaint sync." exit 1 fi @@ -86,6 +98,7 @@ elif has webrsync-gpg ${FEATURES}; then else WEBSYNC_VERIFY_SIGNATURE=0 fi +[[ -n ${PORTAGE_TEMP_GPG_DIR} ]] && PORTAGE_GPG_DIR=${PORTAGE_TEMP_GPG_DIR} if [ ${WEBSYNC_VERIFY_SIGNATURE} != 0 -a -z "${PORTAGE_GPG_DIR}" ]; then eecho "please set PORTAGE_GPG_DIR in make.conf" exit 1 diff --git a/lib/portage/package/ebuild/config.py b/lib/portage/package/ebuild/config.py index 780013bca..83a15b370 100644 --- a/lib/portage/package/ebuild/config.py +++ b/lib/portage/package/ebuild/config.py @@ -1205,6 +1205,10 @@ class config(object): writemsg(_("!!! FEATURES=fakeroot is enabled, but the " "fakeroot binary is not installed.\n"), noiselevel=-1) + if "webrsync-gpg" in self.features: + writemsg(_("!!! FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page.\n"), + noiselevel=-1) + if os.getuid() == 0 and not hasattr(os, "setgroups"): warning_shown = False diff --git a/lib/portage/sync/modules/webrsync/webrsync.py b/lib/portage/sync/modules/webrsync/webrsync.py index 609ba0be2..6228cb93c 100644 --- a/lib/portage/sync/modules/webrsync/webrsync.py +++ b/lib/portage/sync/modules/webrsync/webrsync.py @@ -62,7 +62,7 @@ class WebRsync(SyncBase): openpgp_env = None try: if self.repo.module_specific_options.get( - 'sync-webrsync-verify-signature', 'false').lower() in ('true', 'yes'): + 'sync-webrsync-verify-signature', 'true').lower() in ('true', 'yes'): if not self.repo.sync_openpgp_key_path: writemsg_level("!!! sync-openpgp-key-path is not set\n", @@ -88,6 +88,7 @@ class WebRsync(SyncBase): openpgp_env.import_key(f) self._refresh_keys(openpgp_env) self.spawn_kwargs["env"]["PORTAGE_GPG_DIR"] = openpgp_env.home + self.spawn_kwargs["env"]["PORTAGE_TEMP_GPG_DIR"] = openpgp_env.home except