[gentoo-portage-dev] [PATCH] GitSync: abort checkout for signature problem (bug 660372) - gentoo-portage-dev

From:	Zac Medico <zmedico@g.o>
To:	gentoo-portage-dev@l.g.o
Cc:	Zac Medico <zmedico@g.o>
Subject:	[gentoo-portage-dev] [PATCH] GitSync: abort checkout for signature problem (bug 660372)
Date:	Thu, 05 Jul 2018 10:40:21
Message-Id:	`20180705103705.29777-1-zmedico@gentoo.org`

1

Fetch the upstream remote and use git merge to update the checkout

2

only after successful verification of the upstream head.

3

4

Suggested-by: Richard Freeman <rich0@g.o>

5

Bug: https://bugs.gentoo.org/660372

6

---

7

 pym/portage/sync/modules/git/git.py | 34 +++++++++++++++++++++++++++++-----

8

 1 file changed, 29 insertions(+), 5 deletions(-)

9

10

diff --git a/pym/portage/sync/modules/git/git.py b/pym/portage/sync/modules/git/git.py

11

index 160137a6d1..946846e1e1 100644

12

--- a/pym/portage/sync/modules/git/git.py

13

+++ b/pym/portage/sync/modules/git/git.py

14

@@ -109,6 +109,7 @@ class GitSync(NewBase):

15

 		if not self.has_bin:

16

 			return (1, False)

17

 		git_cmd_opts = ""

18

+		quiet = self.settings.get("PORTAGE_QUIET") == "1"

19

 		if self.repo.module_specific_options.get('sync-git-env'):

20

 			shlexed_env = shlex_split(self.repo.module_specific_options['sync-git-env'])

21

 			env = dict((k, v) for k, _, v in (assignment.partition('=') for assignment in shlexed_env) if k)

22

@@ -123,7 +124,21 @@ class GitSync(NewBase):

23

 			git_cmd_opts += " --quiet"

24

 		if self.repo.module_specific_options.get('sync-git-pull-extra-opts'):

25

 			git_cmd_opts += " %s" % self.repo.module_specific_options['sync-git-pull-extra-opts']

26

-		git_cmd = "%s pull%s" % (self.bin_command, git_cmd_opts)

27

+

28

+		try:

29

+			remote_branch = portage._unicode_decode(

30

+				subprocess.check_output([self.bin_command, 'rev-parse',

31

+				'--abbrev-ref', '--symbolic-full-name', '@{upstream}'],

32

+				cwd=portage._unicode_encode(self.repo.location))).rstrip('\n')

33

+		except subprocess.CalledProcessError as e:

34

+			msg = "!!! git rev-parse error in %s" % self.repo.location

35

+			self.logger(self.xterm_titles, msg)

36

+			writemsg_level(msg + "\n", level=logging.ERROR, noiselevel=-1)

37

+			return (e.returncode, False)

38

+

39

+		git_cmd = "%s fetch %s%s" % (self.bin_command,

40

+			remote_branch.partition('/')[0], git_cmd_opts)

41

+

42

 		writemsg_level(git_cmd + "\n")

43

44

 		rev_cmd = [self.bin_command, "rev-list", "--max-count=1", "HEAD"]

45

@@ -133,20 +148,29 @@ class GitSync(NewBase):

46

 		exitcode = portage.process.spawn_bash("cd %s ; exec %s" % (

47

 				portage._shell_quote(self.repo.location), git_cmd),

48

 			**self.spawn_kwargs)

49

+

50

+		if exitcode == os.EX_OK:

51

+			if not self.verify_head(revision='refs/remotes/%s^..' % remote_branch):

52

+				return (1, False)

53

+

54

+			merge_cmd = [self.bin_command, 'merge', 'refs/remotes/%s' % remote_branch]

55

+			if quiet:

56

+				merge_cmd.append('--quiet')

57

+			exitcode = subprocess.call(merge_cmd,

58

+				cwd=portage._unicode_encode(self.repo.location))

59

+

60

 		if exitcode != os.EX_OK:

61

 			msg = "!!! git pull error in %s" % self.repo.location

62

 			self.logger(self.xterm_titles, msg)

63

 			writemsg_level(msg + "\n", level=logging.ERROR, noiselevel=-1)

64

 			return (exitcode, False)

65

-		if not self.verify_head():

66

-			return (1, False)

67

68

 		current_rev = subprocess.check_output(rev_cmd,

69

 			cwd=portage._unicode_encode(self.repo.location))

70

71

 		return (os.EX_OK, current_rev != previous_rev)

72

73

-	def verify_head(self):

74

+	def verify_head(self, revision='-1'):

75

 		if (self.repo.module_specific_options.get(

76

 				'sync-git-verify-commit-signature', 'false') != 'true'):

77

 			return True

78

@@ -180,7 +204,7 @@ class GitSync(NewBase):

79

 				env = os.environ.copy()

80

 				env['GNUPGHOME'] = openpgp_env.home

81

82

-			rev_cmd = [self.bin_command, "log", "--pretty=format:%G?", "-1"]

83

+			rev_cmd = [self.bin_command, "log", "--pretty=format:%G?", revision]

84

 			try:

85

 				status = (portage._unicode_decode(

86

 					subprocess.check_output(rev_cmd,

87

--

88

2.13.6

1	Fetch the upstream remote and use git merge to update the checkout
2	only after successful verification of the upstream head.
3
4	Suggested-by: Richard Freeman <rich0@g.o>
5	Bug: https://bugs.gentoo.org/660372
6	---
7	pym/portage/sync/modules/git/git.py \| 34 +++++++++++++++++++++++++++++-----
8	1 file changed, 29 insertions(+), 5 deletions(-)
9
10	diff --git a/pym/portage/sync/modules/git/git.py b/pym/portage/sync/modules/git/git.py
11	index 160137a6d1..946846e1e1 100644
12	--- a/pym/portage/sync/modules/git/git.py
13	+++ b/pym/portage/sync/modules/git/git.py
14	@@ -109,6 +109,7 @@ class GitSync(NewBase):
15	if not self.has_bin:
16	return (1, False)
17	git_cmd_opts = ""
18	+ quiet = self.settings.get("PORTAGE_QUIET") == "1"
19	if self.repo.module_specific_options.get('sync-git-env'):
20	shlexed_env = shlex_split(self.repo.module_specific_options['sync-git-env'])
21	env = dict((k, v) for k, _, v in (assignment.partition('=') for assignment in shlexed_env) if k)
22	@@ -123,7 +124,21 @@ class GitSync(NewBase):
23	git_cmd_opts += " --quiet"
24	if self.repo.module_specific_options.get('sync-git-pull-extra-opts'):
25	git_cmd_opts += " %s" % self.repo.module_specific_options['sync-git-pull-extra-opts']
26	- git_cmd = "%s pull%s" % (self.bin_command, git_cmd_opts)
27	+
28	+ try:
29	+ remote_branch = portage._unicode_decode(
30	+ subprocess.check_output([self.bin_command, 'rev-parse',
31	+ '--abbrev-ref', '--symbolic-full-name', '@{upstream}'],
32	+ cwd=portage._unicode_encode(self.repo.location))).rstrip('\n')
33	+ except subprocess.CalledProcessError as e:
34	+ msg = "!!! git rev-parse error in %s" % self.repo.location
35	+ self.logger(self.xterm_titles, msg)
36	+ writemsg_level(msg + "\n", level=logging.ERROR, noiselevel=-1)
37	+ return (e.returncode, False)
38	+
39	+ git_cmd = "%s fetch %s%s" % (self.bin_command,
40	+ remote_branch.partition('/')[0], git_cmd_opts)
41	+
42	writemsg_level(git_cmd + "\n")
43
44	rev_cmd = [self.bin_command, "rev-list", "--max-count=1", "HEAD"]
45	@@ -133,20 +148,29 @@ class GitSync(NewBase):
46	exitcode = portage.process.spawn_bash("cd %s ; exec %s" % (
47	portage._shell_quote(self.repo.location), git_cmd),
48	**self.spawn_kwargs)
49	+
50	+ if exitcode == os.EX_OK:
51	+ if not self.verify_head(revision='refs/remotes/%s^..' % remote_branch):
52	+ return (1, False)
53	+
54	+ merge_cmd = [self.bin_command, 'merge', 'refs/remotes/%s' % remote_branch]
55	+ if quiet:
56	+ merge_cmd.append('--quiet')
57	+ exitcode = subprocess.call(merge_cmd,
58	+ cwd=portage._unicode_encode(self.repo.location))
59	+
60	if exitcode != os.EX_OK:
61	msg = "!!! git pull error in %s" % self.repo.location
62	self.logger(self.xterm_titles, msg)
63	writemsg_level(msg + "\n", level=logging.ERROR, noiselevel=-1)
64	return (exitcode, False)
65	- if not self.verify_head():
66	- return (1, False)
67
68	current_rev = subprocess.check_output(rev_cmd,
69	cwd=portage._unicode_encode(self.repo.location))
70
71	return (os.EX_OK, current_rev != previous_rev)
72
73	- def verify_head(self):
74	+ def verify_head(self, revision='-1'):
75	if (self.repo.module_specific_options.get(
76	'sync-git-verify-commit-signature', 'false') != 'true'):
77	return True
78	@@ -180,7 +204,7 @@ class GitSync(NewBase):
79	env = os.environ.copy()
80	env['GNUPGHOME'] = openpgp_env.home
81
82	- rev_cmd = [self.bin_command, "log", "--pretty=format:%G?", "-1"]
83	+ rev_cmd = [self.bin_command, "log", "--pretty=format:%G?", revision]
84	try:
85	status = (portage._unicode_decode(
86	subprocess.check_output(rev_cmd,
87	--
88	2.13.6

Gentoo Archives: gentoo-portage-dev