Always verify the Manifest signature if verification is enabled. Skipping the deep tree verification for unchanged case is reasonable but we need to make sure the Manifest signature stays valid to catch the case of the signing key being revoked. --- pym/portage/sync/modules/rsync/rsync.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/pym/portage/sync/modules/rsync/rsync.py b/pym/portage/sync/modules/rsync/rsync.py index f6e59e211..b1faf1ec9 100644 --- a/pym/portage/sync/modules/rsync/rsync.py +++ b/pym/portage/sync/modules/rsync/rsync.py @@ -292,7 +292,7 @@ class RsyncSync(NewBase): self._process_exitcode(exitcode, dosyncuri, out, maxretries) # if synced successfully, verify now - if exitcode == 0 and not local_state_unchanged and self.verify_metamanifest: + if exitcode == 0 and self.verify_metamanifest: if gemato is None: writemsg_level("!!! Unable to verify: gemato not found\n", level=logging.ERROR, noiselevel=-1) @@ -315,6 +315,8 @@ class RsyncSync(NewBase): openpgp_env.refresh_keys() out.eend(0) + # we always verify the Manifest signature, in case + # we had to deal with key revocation case m = gemato.recursiveloader.ManifestRecursiveLoader( os.path.join(self.repo.location, 'Manifest'), verify_openpgp=True, @@ -336,9 +338,12 @@ class RsyncSync(NewBase): out.einfo('- timestamp: %s UTC' % ( m.openpgp_signature.timestamp)) - out.ebegin('Verifying %s' % (self.repo.location,)) - m.assert_directory_verifies() - out.eend(0) + # if nothing has changed, skip the actual Manifest + # verification + if not local_state_unchanged: + out.ebegin('Verifying %s' % (self.repo.location,)) + m.assert_directory_verifies() + out.eend(0) except Exception as e: writemsg_level("!!! Manifest verification failed:\n%s\n" % (e,), -- 2.16.1