commit: ad7882a1cba4cedf6288abeff0fd2b8052b5302a Author: Sheng Yu <syu.os <AT> protonmail <DOT> com> AuthorDate: Wed Feb 2 11:54:18 2022 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Wed Feb 9 10:40:35 2022 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=ad7882a1
Ignore all XPAK when "binpkg-request-signature" enabled. XPAK format does not support signature and should be avoided when mandatory signature is expected. Signed-off-by: Sheng Yu <syu.os <AT> protonmail.com> Closes: https://github.com/gentoo/portage/pull/785 Signed-off-by: Sam James <sam <AT> gentoo.org> lib/portage/dbapi/bintree.py | 83 +++++++++++++++++++++++- lib/portage/exception.py | 8 +-- lib/portage/tests/resolver/ResolverPlayground.py | 7 +- 3 files changed, 90 insertions(+), 8 deletions(-) diff --git a/lib/portage/dbapi/bintree.py b/lib/portage/dbapi/bintree.py index 8bfe5e97d..b441fff9a 100644 --- a/lib/portage/dbapi/bintree.py +++ b/lib/portage/dbapi/bintree.py @@ -42,8 +42,10 @@ from portage.exception import ( ParseError, PortageException, PortagePackageException, + SignatureException, ) from portage.localization import _ +from portage.output import colorize from portage.package.ebuild.profile_iuse import iter_iuse_vars from portage.util.file_copy import copyfile from portage.util.futures import asyncio @@ -887,6 +889,14 @@ class binarytree: # the Packages file will not be needlessly re-written due to # missing digests. minimum_keys = self._pkgindex_keys.difference(self._pkgindex_hashes) + + if "binpkg-request-signature" in self.settings.features: + gpkg_only = True + else: + gpkg_only = False + + gpkg_only_warned = False + if True: pkg_paths = {} self._pkg_paths = pkg_paths @@ -911,6 +921,17 @@ class binarytree: if not path: binpkg_format = d["BINPKG_FORMAT"] if binpkg_format == "xpak": + if gpkg_only: + if not gpkg_only_warned: + writemsg( + colorize( + "WARN", + "Local XPAK packages are ignored due to 'binpkg-request-signature'.\n", + ), + noiselevel=-1, + ) + gpkg_only_warned = True + continue path = cpv + ".tbz2" elif binpkg_format == "gpkg": path = cpv + ".gpkg.tar" @@ -944,6 +965,19 @@ class binarytree: SUPPORTED_XPAK_EXTENSIONS + SUPPORTED_GPKG_EXTENSIONS ): continue + + if myfile.endswith(SUPPORTED_XPAK_EXTENSIONS) and gpkg_only: + if not gpkg_only_warned: + writemsg( + colorize( + "WARN", + "Local XPAK packages are ignored due to 'binpkg-request-signature'.\n", + ), + noiselevel=-1, + ) + gpkg_only_warned = True + continue + mypath = os.path.join(mydir, myfile) full_path = os.path.join(self.pkgdir, mypath) s = os.lstat(full_path) @@ -1004,6 +1038,22 @@ class binarytree: binpkg_format = None if match: binpkg_format = match.get("BINPKG_FORMAT", None) + + if gpkg_only: + if binpkg_format != "gpkg": + if not gpkg_only_warned: + writemsg( + colorize( + "WARN", + "Local XPAK packages are ignored due to 'binpkg-request-signature'.\n", + ), + noiselevel=-1, + ) + gpkg_only_warned = True + continue + else: + binpkg_format = "gpkg" + try: pkg_metadata = self._read_metadata( full_path, @@ -1011,7 +1061,7 @@ class binarytree: keys=chain(self.dbapi._aux_cache_keys, ("PF", "CATEGORY")), binpkg_format=binpkg_format, ) - except PortagePackageException as e: + except (PortagePackageException, SignatureException) as e: writemsg( f"!!! Invalid binary package: '{full_path}', {e}\n", noiselevel=-1, @@ -1202,6 +1252,12 @@ class binarytree: self._remote_has_index = False self._remotepkgs = {} + + if "binpkg-request-signature" in self.settings.features: + gpkg_only = True + else: + gpkg_only = False + # Order by descending priority. for repo in reversed(list(self._binrepos_conf.values())): base_url = repo.sync_uri @@ -1211,6 +1267,8 @@ class binarytree: user = None passwd = None user_passwd = "" + gpkg_only_warned = False + if "@" in host: user, host = host.split("@", 1) user_passwd = user + "@" @@ -1480,6 +1538,20 @@ class binarytree: if self.dbapi.cpv_exists(cpv): continue + if gpkg_only: + binpkg_format = d.get("BINPKG_FORMAT", "xpak") + if binpkg_format != "gpkg": + if not gpkg_only_warned: + writemsg( + colorize( + "WARN", + f"Remote XPAK packages in '{remote_base_uri}' are ignored due to 'binpkg-request-signature'.\n", + ), + noiselevel=-1, + ) + gpkg_only_warned = True + continue + d["CPV"] = cpv d["BASE_URI"] = remote_base_uri d["PKGINDEX_URI"] = url @@ -1542,7 +1614,14 @@ class binarytree: ) return - metadata = self._read_metadata(full_path, s) + try: + metadata = self._read_metadata(full_path, s) + except (PortagePackageException, SignatureException) as e: + writemsg( + f"!!! Invalid binary package: '{full_path}', {e}\n", + noiselevel=-1, + ) + return binpkg_format = metadata["BINPKG_FORMAT"] invalid_depend = False diff --git a/lib/portage/exception.py b/lib/portage/exception.py index 3df4ce8fd..ff40e463b 100644 --- a/lib/portage/exception.py +++ b/lib/portage/exception.py @@ -224,10 +224,6 @@ class UnsupportedAPIException(PortagePackageException): return _unicode_decode(msg, encoding=_encodings["content"], errors="replace") -class GPGException(PortageException): - """GPG operation failed""" - - class SignatureException(PortageException): """Signature was not present in the checked file""" @@ -236,6 +232,10 @@ class DigestException(SignatureException): """A problem exists in the digest""" +class GPGException(SignatureException): + """GPG operation failed""" + + class MissingSignature(SignatureException): """Signature was not present in the checked file""" diff --git a/lib/portage/tests/resolver/ResolverPlayground.py b/lib/portage/tests/resolver/ResolverPlayground.py index fa8b0cc76..6805ca601 100644 --- a/lib/portage/tests/resolver/ResolverPlayground.py +++ b/lib/portage/tests/resolver/ResolverPlayground.py @@ -587,8 +587,7 @@ class ResolverPlayground: "CLEAN_DELAY": "0", "DISTDIR": self.distdir, "EMERGE_WARNING_DELAY": "0", - "FEATURES": "${FEATURES} binpkg-signing binpkg-request-signature " - "gpg-keepalive", + "FEATURES": "${FEATURES} binpkg-signing gpg-keepalive", "PKGDIR": self.pkgdir, "PORTAGE_INST_GID": str(portage.data.portage_gid), "PORTAGE_INST_UID": str(portage.data.portage_uid), @@ -611,6 +610,10 @@ class ResolverPlayground: if "make.conf" in user_config: make_conf_lines.extend(user_config["make.conf"]) + if "BINPKG_FORMAT=gpkg" in user_config["make.conf"]: + make_conf_lines.append( + 'FEATURES="${FEATURES} binpkg-request-signature"' + ) if not portage.process.sandbox_capable or os.environ.get("SANDBOX_ON") == "1": # avoid problems from nested sandbox instances
