1 |
commit: 3cd8cf93abb6410cc877381531bb662a704dffa7 |
2 |
Author: Zac Medico <zmedico <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Jul 5 10:10:36 2018 +0000 |
4 |
Commit: Zac Medico <zmedico <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Jul 8 21:16:31 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=3cd8cf93 |
7 |
|
8 |
GitSync: abort checkout for signature problem (bug 660372) |
9 |
|
10 |
Fetch the upstream remote and use git merge to update the checkout |
11 |
only after successful verification of the upstream head. |
12 |
|
13 |
Suggested-by: Richard Freeman <rich0 <AT> gentoo.org> |
14 |
Reviewed-by: Arfrever Frehtes Taifersar Arahesis <Arfrever <AT> Apache.Org> |
15 |
Bug: https://bugs.gentoo.org/660372 |
16 |
|
17 |
pym/portage/sync/modules/git/git.py | 39 ++++++++++++++++++++++++++++++++----- |
18 |
1 file changed, 34 insertions(+), 5 deletions(-) |
19 |
|
20 |
diff --git a/pym/portage/sync/modules/git/git.py b/pym/portage/sync/modules/git/git.py |
21 |
index 160137a6d..85a44289a 100644 |
22 |
--- a/pym/portage/sync/modules/git/git.py |
23 |
+++ b/pym/portage/sync/modules/git/git.py |
24 |
@@ -109,6 +109,7 @@ class GitSync(NewBase): |
25 |
if not self.has_bin: |
26 |
return (1, False) |
27 |
git_cmd_opts = "" |
28 |
+ quiet = self.settings.get("PORTAGE_QUIET") == "1" |
29 |
if self.repo.module_specific_options.get('sync-git-env'): |
30 |
shlexed_env = shlex_split(self.repo.module_specific_options['sync-git-env']) |
31 |
env = dict((k, v) for k, _, v in (assignment.partition('=') for assignment in shlexed_env) if k) |
32 |
@@ -123,7 +124,21 @@ class GitSync(NewBase): |
33 |
git_cmd_opts += " --quiet" |
34 |
if self.repo.module_specific_options.get('sync-git-pull-extra-opts'): |
35 |
git_cmd_opts += " %s" % self.repo.module_specific_options['sync-git-pull-extra-opts'] |
36 |
- git_cmd = "%s pull%s" % (self.bin_command, git_cmd_opts) |
37 |
+ |
38 |
+ try: |
39 |
+ remote_branch = portage._unicode_decode( |
40 |
+ subprocess.check_output([self.bin_command, 'rev-parse', |
41 |
+ '--abbrev-ref', '--symbolic-full-name', '@{upstream}'], |
42 |
+ cwd=portage._unicode_encode(self.repo.location))).rstrip('\n') |
43 |
+ except subprocess.CalledProcessError as e: |
44 |
+ msg = "!!! git rev-parse error in %s" % self.repo.location |
45 |
+ self.logger(self.xterm_titles, msg) |
46 |
+ writemsg_level(msg + "\n", level=logging.ERROR, noiselevel=-1) |
47 |
+ return (e.returncode, False) |
48 |
+ |
49 |
+ git_cmd = "%s fetch %s%s" % (self.bin_command, |
50 |
+ remote_branch.partition('/')[0], git_cmd_opts) |
51 |
+ |
52 |
writemsg_level(git_cmd + "\n") |
53 |
|
54 |
rev_cmd = [self.bin_command, "rev-list", "--max-count=1", "HEAD"] |
55 |
@@ -133,20 +148,34 @@ class GitSync(NewBase): |
56 |
exitcode = portage.process.spawn_bash("cd %s ; exec %s" % ( |
57 |
portage._shell_quote(self.repo.location), git_cmd), |
58 |
**self.spawn_kwargs) |
59 |
+ |
60 |
if exitcode != os.EX_OK: |
61 |
- msg = "!!! git pull error in %s" % self.repo.location |
62 |
+ msg = "!!! git fetch error in %s" % self.repo.location |
63 |
self.logger(self.xterm_titles, msg) |
64 |
writemsg_level(msg + "\n", level=logging.ERROR, noiselevel=-1) |
65 |
return (exitcode, False) |
66 |
- if not self.verify_head(): |
67 |
+ |
68 |
+ if not self.verify_head(revision='refs/remotes/%s^..' % remote_branch): |
69 |
return (1, False) |
70 |
|
71 |
+ merge_cmd = [self.bin_command, 'merge', 'refs/remotes/%s' % remote_branch] |
72 |
+ if quiet: |
73 |
+ merge_cmd.append('--quiet') |
74 |
+ exitcode = subprocess.call(merge_cmd, |
75 |
+ cwd=portage._unicode_encode(self.repo.location)) |
76 |
+ |
77 |
+ if exitcode != os.EX_OK: |
78 |
+ msg = "!!! git merge error in %s" % self.repo.location |
79 |
+ self.logger(self.xterm_titles, msg) |
80 |
+ writemsg_level(msg + "\n", level=logging.ERROR, noiselevel=-1) |
81 |
+ return (exitcode, False) |
82 |
+ |
83 |
current_rev = subprocess.check_output(rev_cmd, |
84 |
cwd=portage._unicode_encode(self.repo.location)) |
85 |
|
86 |
return (os.EX_OK, current_rev != previous_rev) |
87 |
|
88 |
- def verify_head(self): |
89 |
+ def verify_head(self, revision='-1'): |
90 |
if (self.repo.module_specific_options.get( |
91 |
'sync-git-verify-commit-signature', 'false') != 'true'): |
92 |
return True |
93 |
@@ -180,7 +209,7 @@ class GitSync(NewBase): |
94 |
env = os.environ.copy() |
95 |
env['GNUPGHOME'] = openpgp_env.home |
96 |
|
97 |
- rev_cmd = [self.bin_command, "log", "--pretty=format:%G?", "-1"] |
98 |
+ rev_cmd = [self.bin_command, "log", "--pretty=format:%G?", revision] |
99 |
try: |
100 |
status = (portage._unicode_decode( |
101 |
subprocess.check_output(rev_cmd, |