Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Michał Górny" <mgorny@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/portage:master commit in: lib/portage/sync/
Date: Fri, 05 Jul 2019 05:39:50
Message-Id: 1562305160.b1ab50f40c32959c0341dcdb37e6d4a99a25c712.mgorny@gentoo
1 commit: b1ab50f40c32959c0341dcdb37e6d4a99a25c712
2 Author: Michał Górny <mgorny <AT> gentoo <DOT> org>
3 AuthorDate: Fri Jul 5 05:09:06 2019 +0000
4 Commit: Michał Górny <mgorny <AT> gentoo <DOT> org>
5 CommitDate: Fri Jul 5 05:39:20 2019 +0000
6 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=b1ab50f4
7
8 sync: Split key refresh into explicit WKD/keyserver phases
9
10 Split key refresh into two parts: first try to refresh the key via WKD,
11 then via keyservers, rather than using the combined function that is
12 less explicit. This ensures that users are correctly informed whether
13 keyservers are actually used, and therefore whether they may be subject
14 to SKS poisoning attacks. Furthermore, it skips WKD from retry loop.
15
16 Reviewed-by: Zac Medico <zmedico <AT> gentoo.org>
17 Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>
18
19 lib/portage/sync/syncbase.py | 10 ++++++++--
20 1 file changed, 8 insertions(+), 2 deletions(-)
21
22 diff --git a/lib/portage/sync/syncbase.py b/lib/portage/sync/syncbase.py
23 index d15bb6d14..46644d68e 100644
24 --- a/lib/portage/sync/syncbase.py
25 +++ b/lib/portage/sync/syncbase.py
26 @@ -252,11 +252,17 @@ class SyncBase(object):
27 @type openpgp_env: gemato.openpgp.OpenPGPEnvironment
28 """
29 out = portage.output.EOutput(quiet=('--quiet' in self.options['emerge_config'].opts))
30 + out.ebegin('Refreshing keys via WKD')
31 + if openpgp_env.refresh_keys_wkd():
32 + out.eend(0)
33 + return
34 + out.eend(1)
35 +
36 out.ebegin('Refreshing keys from keyserver{}'.format(
37 ('' if self.repo.sync_openpgp_keyserver is None else ' ' + self.repo.sync_openpgp_keyserver)))
38 retry_decorator = self._key_refresh_retry_decorator()
39 if retry_decorator is None:
40 - openpgp_env.refresh_keys(keyserver=self.repo.sync_openpgp_keyserver)
41 + openpgp_env.refresh_keys_keyserver(keyserver=self.repo.sync_openpgp_keyserver)
42 else:
43 def noisy_refresh_keys():
44 """
45 @@ -264,7 +270,7 @@ class SyncBase(object):
46 errors, display errors as soon as they occur.
47 """
48 try:
49 - openpgp_env.refresh_keys(keyserver=self.repo.sync_openpgp_keyserver)
50 + openpgp_env.refresh_keys_keyserver(keyserver=self.repo.sync_openpgp_keyserver)
51 except Exception as e:
52 writemsg_level("%s\n" % (e,),
53 level=logging.ERROR, noiselevel=-1)
Report Message
Find on MARC Find on Google Groups