Re: [gentoo-portage-dev] [PATCH] sync-rsync-openpgp-key-path -> generic sync-openpgp-key-path - gentoo-portage-dev

From:	"Michał Górny" <mgorny@g.o>
To:	gentoo-portage-dev@l.g.o
Subject:	Re: [gentoo-portage-dev] [PATCH] sync-rsync-openpgp-key-path -> generic sync-openpgp-key-path
Date:	Tue, 30 Jan 2018 18:56:47
Message-Id:	`1517338601.20159.2.camel@gentoo.org`
In Reply to:	Re: [gentoo-portage-dev] [PATCH] sync-rsync-openpgp-key-path -> generic sync-openpgp-key-path by Zac Medico

1

W dniu wto, 30.01.2018 o godzinie 09∶32 -0800, użytkownik Zac Medico

2

napisał:

3

> On 01/30/2018 08:59 AM, Michał Górny wrote:

4

> > Rename the 'sync-rsync-openpgp-key-path' to a more generic

5

> > 'sync-openpgp-key-path'. OpenPGP is the basis of at least three

6

> > different verification schemes (git, rsync, snapshots) and at least

7

> > two of them use the same keys.

8

> > ---

9

> >  cnf/repos.conf                             | 2 +-

10

> >  man/portage.5                              | 9 +++++----

11

> >  pym/portage/repository/config.py           | 4 ++++

12

> >  pym/portage/sync/modules/rsync/__init__.py | 1 -

13

> >  pym/portage/sync/modules/rsync/rsync.py    | 8 ++------

14

> >  5 files changed, 12 insertions(+), 12 deletions(-)

15

> >

16

> > diff --git a/cnf/repos.conf b/cnf/repos.conf

17

> > index 0d2b1f4be..4a40ff4fc 100644

18

> > --- a/cnf/repos.conf

19

> > +++ b/cnf/repos.conf

20

> > @@ -7,7 +7,7 @@ sync-type = rsync

21

> >  sync-uri = rsync://rsync.gentoo.org/gentoo-portage

22

> >  auto-sync = yes

23

> >  sync-rsync-verify-metamanifest = yes

24

> > -sync-rsync-openpgp-key-path = /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg

25

> > +sync-openpgp-key-path = /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg

26

> >

27

> >  # for daily squashfs snapshots

28

> >  #sync-type = squashdelta

29

> > diff --git a/man/portage.5 b/man/portage.5

30

> > index 84999bd2f..1f6259715 100644

31

> > --- a/man/portage.5

32

> > +++ b/man/portage.5

33

> > @@ -1071,10 +1071,11 @@ Extra options to give to rsync on repository synchronization. It takes

34

> >  precedence over a declaration in [DEFAULT] section, that takes

35

> >  precedence over PORTAGE_RSYNC_EXTRA_OPTS.

36

> >  .TP

37

> > -.B sync\-rsync\-openpgp\-key\-path

38

> > -Path to the OpenPGP key(ring) used to verify MetaManifest. Used only

39

> > -if \fBsync\-rsync\-verify\-metamanifest\fR is enabled. If unset,

40

> > -the user's keyring is used.

41

> > +.B sync\-openpgp\-key\-path

42

> > +Path to the OpenPGP key(ring) used to verify received repository. Used

43

> > +only for protocols supporting cryptographic verification, provided

44

> > +that the respective verification option is enabled. If unset, the user's

45

> > +keyring is used.

46

> >  .TP

47

> >  .B sync-rsync-vcs-ignore = true|false

48

> >  Ignore vcs directories that may be present in the repository. It is the

49

> > diff --git a/pym/portage/repository/config.py b/pym/portage/repository/config.py

50

> > index be31ed3b1..d3a622f7c 100644

51

> > --- a/pym/portage/repository/config.py

52

> > +++ b/pym/portage/repository/config.py

53

> > @@ -86,6 +86,7 @@ class RepoConfig(object):

54

> >  		'sync_type', 'sync_umask', 'sync_uri', 'sync_user', 'thin_manifest',

55

> >  		'update_changelog', '_eapis_banned', '_eapis_deprecated',

56

> >  		'_masters_orig', 'module_specific_options', 'manifest_required_hashes',

57

> > +		'openpgp_key_path',

58

> >  		)

59

> >

60

> >  	def __init__(self, name, repo_opts, local_config=True):

61

> > @@ -182,6 +183,9 @@ class RepoConfig(object):

62

> >  		self.strict_misc_digests = repo_opts.get(

63

> >  			'strict-misc-digests', 'true').lower() == 'true'

64

> >

65

> > +		self.openpgp_key_path = repo_opts.get(

66

> > +			'sync-openpgp-key-path', None)

67

> > +

68

> >  		self.module_specific_options = {}

69

> >

70

> >  		# Not implemented.

71

> > diff --git a/pym/portage/sync/modules/rsync/__init__.py b/pym/portage/sync/modules/rsync/__init__.py

72

> > index 14af2120c..27a2548c0 100644

73

> > --- a/pym/portage/sync/modules/rsync/__init__.py

74

> > +++ b/pym/portage/sync/modules/rsync/__init__.py

75

> > @@ -27,7 +27,6 @@ module_spec = {

76

> >  			'validate_config': CheckSyncConfig,

77

> >  			'module_specific_options': (

78

> >  				'sync-rsync-extra-opts',

79

> > -				'sync-rsync-openpgp-key-path',

80

> >  				'sync-rsync-vcs-ignore',

81

> >  				'sync-rsync-verify-jobs',

82

> >  				'sync-rsync-verify-metamanifest',

83

> > diff --git a/pym/portage/sync/modules/rsync/rsync.py b/pym/portage/sync/modules/rsync/rsync.py

84

> > index 552ac6f6b..d9d7d56f2 100644

85

> > --- a/pym/portage/sync/modules/rsync/rsync.py

86

> > +++ b/pym/portage/sync/modules/rsync/rsync.py

87

> > @@ -87,10 +87,6 @@ class RsyncSync(NewBase):

88

> >  		self.verify_metamanifest = (

89

> >  				self.repo.module_specific_options.get(

90

> >  					'sync-rsync-verify-metamanifest', False))

91

> > -		# Default to gentoo-keys keyring.

92

> > -		self.openpgp_key_path = (

93

> > -				self.repo.module_specific_options.get(

94

> > -					'sync-rsync-openpgp-key-path', None))

95

> >  		# Support overriding job count.

96

> >  		self.verify_jobs = self.repo.module_specific_options.get(

97

> >  				'sync-rsync-verify-jobs', None)

98

> > @@ -276,8 +272,8 @@ class RsyncSync(NewBase):

99

> >  		# if synced successfully, verify now

100

> >  		if exitcode == 0 and self.verify_metamanifest:

101

> >  			command = ['gemato', 'verify', '-s', self.repo.location]

102

> > -			if self.openpgp_key_path is not None:

103

> > -				command += ['-K', self.openpgp_key_path]

104

> > +			if self.repo.openpgp_key_path is not None:

105

> > +				command += ['-K', self.repo.openpgp_key_path]

106

> >  			if self.verify_jobs is not None:

107

> >  				command += ['-j', self.verify_jobs]

108

> >  			exitcode = portage.process.spawn(command, **self.spawn_kwargs)

109

> >

110

>

111

> Unless we update this patch to retain backward compatibility with

112

> sync-rsync-openpgp-key-path in portage-2.3.21, we'll need a to have a

113

> portage-2.3.22 release soon.

114

115

Yes. We need it anyway because the boolean parsing in sync-rsync-verify-

116

metamanifest is broken ;-F.

117

118

--

119

Best regards,

120

Michał Górny

Gentoo Archives: gentoo-portage-dev

Replies

1	W dniu wto, 30.01.2018 o godzinie 09∶32 -0800, użytkownik Zac Medico
2	napisał:
3	> On 01/30/2018 08:59 AM, Michał Górny wrote:
4	> > Rename the 'sync-rsync-openpgp-key-path' to a more generic
5	> > 'sync-openpgp-key-path'. OpenPGP is the basis of at least three
6	> > different verification schemes (git, rsync, snapshots) and at least
7	> > two of them use the same keys.
8	> > ---
9	> > cnf/repos.conf \| 2 +-
10	> > man/portage.5 \| 9 +++++----
11	> > pym/portage/repository/config.py \| 4 ++++
12	> > pym/portage/sync/modules/rsync/__init__.py \| 1 -
13	> > pym/portage/sync/modules/rsync/rsync.py \| 8 ++------
14	> > 5 files changed, 12 insertions(+), 12 deletions(-)
15	> >
16	> > diff --git a/cnf/repos.conf b/cnf/repos.conf
17	> > index 0d2b1f4be..4a40ff4fc 100644
18	> > --- a/cnf/repos.conf
19	> > +++ b/cnf/repos.conf
20	> > @@ -7,7 +7,7 @@ sync-type = rsync
21	> > sync-uri = rsync://rsync.gentoo.org/gentoo-portage
22	> > auto-sync = yes
23	> > sync-rsync-verify-metamanifest = yes
24	> > -sync-rsync-openpgp-key-path = /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg
25	> > +sync-openpgp-key-path = /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg
26	> >
27	> > # for daily squashfs snapshots
28	> > #sync-type = squashdelta
29	> > diff --git a/man/portage.5 b/man/portage.5
30	> > index 84999bd2f..1f6259715 100644
31	> > --- a/man/portage.5
32	> > +++ b/man/portage.5
33	> > @@ -1071,10 +1071,11 @@ Extra options to give to rsync on repository synchronization. It takes
34	> > precedence over a declaration in [DEFAULT] section, that takes
35	> > precedence over PORTAGE_RSYNC_EXTRA_OPTS.
36	> > .TP
37	> > -.B sync\-rsync\-openpgp\-key\-path
38	> > -Path to the OpenPGP key(ring) used to verify MetaManifest. Used only
39	> > -if \fBsync\-rsync\-verify\-metamanifest\fR is enabled. If unset,
40	> > -the user's keyring is used.
41	> > +.B sync\-openpgp\-key\-path
42	> > +Path to the OpenPGP key(ring) used to verify received repository. Used
43	> > +only for protocols supporting cryptographic verification, provided
44	> > +that the respective verification option is enabled. If unset, the user's
45	> > +keyring is used.
46	> > .TP
47	> > .B sync-rsync-vcs-ignore = true\|false
48	> > Ignore vcs directories that may be present in the repository. It is the
49	> > diff --git a/pym/portage/repository/config.py b/pym/portage/repository/config.py
50	> > index be31ed3b1..d3a622f7c 100644
51	> > --- a/pym/portage/repository/config.py
52	> > +++ b/pym/portage/repository/config.py
53	> > @@ -86,6 +86,7 @@ class RepoConfig(object):
54	> > 'sync_type', 'sync_umask', 'sync_uri', 'sync_user', 'thin_manifest',
55	> > 'update_changelog', '_eapis_banned', '_eapis_deprecated',
56	> > '_masters_orig', 'module_specific_options', 'manifest_required_hashes',
57	> > + 'openpgp_key_path',
58	> > )
59	> >
60	> > def __init__(self, name, repo_opts, local_config=True):
61	> > @@ -182,6 +183,9 @@ class RepoConfig(object):
62	> > self.strict_misc_digests = repo_opts.get(
63	> > 'strict-misc-digests', 'true').lower() == 'true'
64	> >
65	> > + self.openpgp_key_path = repo_opts.get(
66	> > + 'sync-openpgp-key-path', None)
67	> > +
68	> > self.module_specific_options = {}
69	> >
70	> > # Not implemented.
71	> > diff --git a/pym/portage/sync/modules/rsync/__init__.py b/pym/portage/sync/modules/rsync/__init__.py
72	> > index 14af2120c..27a2548c0 100644
73	> > --- a/pym/portage/sync/modules/rsync/__init__.py
74	> > +++ b/pym/portage/sync/modules/rsync/__init__.py
75	> > @@ -27,7 +27,6 @@ module_spec = {
76	> > 'validate_config': CheckSyncConfig,
77	> > 'module_specific_options': (
78	> > 'sync-rsync-extra-opts',
79	> > - 'sync-rsync-openpgp-key-path',
80	> > 'sync-rsync-vcs-ignore',
81	> > 'sync-rsync-verify-jobs',
82	> > 'sync-rsync-verify-metamanifest',
83	> > diff --git a/pym/portage/sync/modules/rsync/rsync.py b/pym/portage/sync/modules/rsync/rsync.py
84	> > index 552ac6f6b..d9d7d56f2 100644
85	> > --- a/pym/portage/sync/modules/rsync/rsync.py
86	> > +++ b/pym/portage/sync/modules/rsync/rsync.py
87	> > @@ -87,10 +87,6 @@ class RsyncSync(NewBase):
88	> > self.verify_metamanifest = (
89	> > self.repo.module_specific_options.get(
90	> > 'sync-rsync-verify-metamanifest', False))
91	> > - # Default to gentoo-keys keyring.
92	> > - self.openpgp_key_path = (
93	> > - self.repo.module_specific_options.get(
94	> > - 'sync-rsync-openpgp-key-path', None))
95	> > # Support overriding job count.
96	> > self.verify_jobs = self.repo.module_specific_options.get(
97	> > 'sync-rsync-verify-jobs', None)
98	> > @@ -276,8 +272,8 @@ class RsyncSync(NewBase):
99	> > # if synced successfully, verify now
100	> > if exitcode == 0 and self.verify_metamanifest:
101	> > command = ['gemato', 'verify', '-s', self.repo.location]
102	> > - if self.openpgp_key_path is not None:
103	> > - command += ['-K', self.openpgp_key_path]
104	> > + if self.repo.openpgp_key_path is not None:
105	> > + command += ['-K', self.repo.openpgp_key_path]
106	> > if self.verify_jobs is not None:
107	> > command += ['-j', self.verify_jobs]
108	> > exitcode = portage.process.spawn(command, **self.spawn_kwargs)
109	> >
110	>
111	> Unless we update this patch to retain backward compatibility with
112	> sync-rsync-openpgp-key-path in portage-2.3.21, we'll need a to have a
113	> portage-2.3.22 release soon.
114
115	Yes. We need it anyway because the boolean parsing in sync-rsync-verify-
116	metamanifest is broken ;-F.
117
118	--
119	Best regards,
120	Michał Górny