1 |
W dniu wto, 30.01.2018 o godzinie 09∶32 -0800, użytkownik Zac Medico |
2 |
napisał: |
3 |
> On 01/30/2018 08:59 AM, Michał Górny wrote: |
4 |
> > Rename the 'sync-rsync-openpgp-key-path' to a more generic |
5 |
> > 'sync-openpgp-key-path'. OpenPGP is the basis of at least three |
6 |
> > different verification schemes (git, rsync, snapshots) and at least |
7 |
> > two of them use the same keys. |
8 |
> > --- |
9 |
> > cnf/repos.conf | 2 +- |
10 |
> > man/portage.5 | 9 +++++---- |
11 |
> > pym/portage/repository/config.py | 4 ++++ |
12 |
> > pym/portage/sync/modules/rsync/__init__.py | 1 - |
13 |
> > pym/portage/sync/modules/rsync/rsync.py | 8 ++------ |
14 |
> > 5 files changed, 12 insertions(+), 12 deletions(-) |
15 |
> > |
16 |
> > diff --git a/cnf/repos.conf b/cnf/repos.conf |
17 |
> > index 0d2b1f4be..4a40ff4fc 100644 |
18 |
> > --- a/cnf/repos.conf |
19 |
> > +++ b/cnf/repos.conf |
20 |
> > @@ -7,7 +7,7 @@ sync-type = rsync |
21 |
> > sync-uri = rsync://rsync.gentoo.org/gentoo-portage |
22 |
> > auto-sync = yes |
23 |
> > sync-rsync-verify-metamanifest = yes |
24 |
> > -sync-rsync-openpgp-key-path = /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg |
25 |
> > +sync-openpgp-key-path = /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg |
26 |
> > |
27 |
> > # for daily squashfs snapshots |
28 |
> > #sync-type = squashdelta |
29 |
> > diff --git a/man/portage.5 b/man/portage.5 |
30 |
> > index 84999bd2f..1f6259715 100644 |
31 |
> > --- a/man/portage.5 |
32 |
> > +++ b/man/portage.5 |
33 |
> > @@ -1071,10 +1071,11 @@ Extra options to give to rsync on repository synchronization. It takes |
34 |
> > precedence over a declaration in [DEFAULT] section, that takes |
35 |
> > precedence over PORTAGE_RSYNC_EXTRA_OPTS. |
36 |
> > .TP |
37 |
> > -.B sync\-rsync\-openpgp\-key\-path |
38 |
> > -Path to the OpenPGP key(ring) used to verify MetaManifest. Used only |
39 |
> > -if \fBsync\-rsync\-verify\-metamanifest\fR is enabled. If unset, |
40 |
> > -the user's keyring is used. |
41 |
> > +.B sync\-openpgp\-key\-path |
42 |
> > +Path to the OpenPGP key(ring) used to verify received repository. Used |
43 |
> > +only for protocols supporting cryptographic verification, provided |
44 |
> > +that the respective verification option is enabled. If unset, the user's |
45 |
> > +keyring is used. |
46 |
> > .TP |
47 |
> > .B sync-rsync-vcs-ignore = true|false |
48 |
> > Ignore vcs directories that may be present in the repository. It is the |
49 |
> > diff --git a/pym/portage/repository/config.py b/pym/portage/repository/config.py |
50 |
> > index be31ed3b1..d3a622f7c 100644 |
51 |
> > --- a/pym/portage/repository/config.py |
52 |
> > +++ b/pym/portage/repository/config.py |
53 |
> > @@ -86,6 +86,7 @@ class RepoConfig(object): |
54 |
> > 'sync_type', 'sync_umask', 'sync_uri', 'sync_user', 'thin_manifest', |
55 |
> > 'update_changelog', '_eapis_banned', '_eapis_deprecated', |
56 |
> > '_masters_orig', 'module_specific_options', 'manifest_required_hashes', |
57 |
> > + 'openpgp_key_path', |
58 |
> > ) |
59 |
> > |
60 |
> > def __init__(self, name, repo_opts, local_config=True): |
61 |
> > @@ -182,6 +183,9 @@ class RepoConfig(object): |
62 |
> > self.strict_misc_digests = repo_opts.get( |
63 |
> > 'strict-misc-digests', 'true').lower() == 'true' |
64 |
> > |
65 |
> > + self.openpgp_key_path = repo_opts.get( |
66 |
> > + 'sync-openpgp-key-path', None) |
67 |
> > + |
68 |
> > self.module_specific_options = {} |
69 |
> > |
70 |
> > # Not implemented. |
71 |
> > diff --git a/pym/portage/sync/modules/rsync/__init__.py b/pym/portage/sync/modules/rsync/__init__.py |
72 |
> > index 14af2120c..27a2548c0 100644 |
73 |
> > --- a/pym/portage/sync/modules/rsync/__init__.py |
74 |
> > +++ b/pym/portage/sync/modules/rsync/__init__.py |
75 |
> > @@ -27,7 +27,6 @@ module_spec = { |
76 |
> > 'validate_config': CheckSyncConfig, |
77 |
> > 'module_specific_options': ( |
78 |
> > 'sync-rsync-extra-opts', |
79 |
> > - 'sync-rsync-openpgp-key-path', |
80 |
> > 'sync-rsync-vcs-ignore', |
81 |
> > 'sync-rsync-verify-jobs', |
82 |
> > 'sync-rsync-verify-metamanifest', |
83 |
> > diff --git a/pym/portage/sync/modules/rsync/rsync.py b/pym/portage/sync/modules/rsync/rsync.py |
84 |
> > index 552ac6f6b..d9d7d56f2 100644 |
85 |
> > --- a/pym/portage/sync/modules/rsync/rsync.py |
86 |
> > +++ b/pym/portage/sync/modules/rsync/rsync.py |
87 |
> > @@ -87,10 +87,6 @@ class RsyncSync(NewBase): |
88 |
> > self.verify_metamanifest = ( |
89 |
> > self.repo.module_specific_options.get( |
90 |
> > 'sync-rsync-verify-metamanifest', False)) |
91 |
> > - # Default to gentoo-keys keyring. |
92 |
> > - self.openpgp_key_path = ( |
93 |
> > - self.repo.module_specific_options.get( |
94 |
> > - 'sync-rsync-openpgp-key-path', None)) |
95 |
> > # Support overriding job count. |
96 |
> > self.verify_jobs = self.repo.module_specific_options.get( |
97 |
> > 'sync-rsync-verify-jobs', None) |
98 |
> > @@ -276,8 +272,8 @@ class RsyncSync(NewBase): |
99 |
> > # if synced successfully, verify now |
100 |
> > if exitcode == 0 and self.verify_metamanifest: |
101 |
> > command = ['gemato', 'verify', '-s', self.repo.location] |
102 |
> > - if self.openpgp_key_path is not None: |
103 |
> > - command += ['-K', self.openpgp_key_path] |
104 |
> > + if self.repo.openpgp_key_path is not None: |
105 |
> > + command += ['-K', self.repo.openpgp_key_path] |
106 |
> > if self.verify_jobs is not None: |
107 |
> > command += ['-j', self.verify_jobs] |
108 |
> > exitcode = portage.process.spawn(command, **self.spawn_kwargs) |
109 |
> > |
110 |
> |
111 |
> Unless we update this patch to retain backward compatibility with |
112 |
> sync-rsync-openpgp-key-path in portage-2.3.21, we'll need a to have a |
113 |
> portage-2.3.22 release soon. |
114 |
|
115 |
Yes. We need it anyway because the boolean parsing in sync-rsync-verify- |
116 |
metamanifest is broken ;-F. |
117 |
|
118 |
-- |
119 |
Best regards, |
120 |
Michał Górny |