1 |
commit: ad7882a1cba4cedf6288abeff0fd2b8052b5302a |
2 |
Author: Sheng Yu <syu.os <AT> protonmail <DOT> com> |
3 |
AuthorDate: Wed Feb 2 11:54:18 2022 +0000 |
4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Feb 9 10:40:35 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=ad7882a1 |
7 |
|
8 |
Ignore all XPAK when "binpkg-request-signature" enabled. |
9 |
|
10 |
XPAK format does not support signature and should be avoided when |
11 |
mandatory signature is expected. |
12 |
|
13 |
Signed-off-by: Sheng Yu <syu.os <AT> protonmail.com> |
14 |
Closes: https://github.com/gentoo/portage/pull/785 |
15 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
16 |
|
17 |
lib/portage/dbapi/bintree.py | 83 +++++++++++++++++++++++- |
18 |
lib/portage/exception.py | 8 +-- |
19 |
lib/portage/tests/resolver/ResolverPlayground.py | 7 +- |
20 |
3 files changed, 90 insertions(+), 8 deletions(-) |
21 |
|
22 |
diff --git a/lib/portage/dbapi/bintree.py b/lib/portage/dbapi/bintree.py |
23 |
index 8bfe5e97d..b441fff9a 100644 |
24 |
--- a/lib/portage/dbapi/bintree.py |
25 |
+++ b/lib/portage/dbapi/bintree.py |
26 |
@@ -42,8 +42,10 @@ from portage.exception import ( |
27 |
ParseError, |
28 |
PortageException, |
29 |
PortagePackageException, |
30 |
+ SignatureException, |
31 |
) |
32 |
from portage.localization import _ |
33 |
+from portage.output import colorize |
34 |
from portage.package.ebuild.profile_iuse import iter_iuse_vars |
35 |
from portage.util.file_copy import copyfile |
36 |
from portage.util.futures import asyncio |
37 |
@@ -887,6 +889,14 @@ class binarytree: |
38 |
# the Packages file will not be needlessly re-written due to |
39 |
# missing digests. |
40 |
minimum_keys = self._pkgindex_keys.difference(self._pkgindex_hashes) |
41 |
+ |
42 |
+ if "binpkg-request-signature" in self.settings.features: |
43 |
+ gpkg_only = True |
44 |
+ else: |
45 |
+ gpkg_only = False |
46 |
+ |
47 |
+ gpkg_only_warned = False |
48 |
+ |
49 |
if True: |
50 |
pkg_paths = {} |
51 |
self._pkg_paths = pkg_paths |
52 |
@@ -911,6 +921,17 @@ class binarytree: |
53 |
if not path: |
54 |
binpkg_format = d["BINPKG_FORMAT"] |
55 |
if binpkg_format == "xpak": |
56 |
+ if gpkg_only: |
57 |
+ if not gpkg_only_warned: |
58 |
+ writemsg( |
59 |
+ colorize( |
60 |
+ "WARN", |
61 |
+ "Local XPAK packages are ignored due to 'binpkg-request-signature'.\n", |
62 |
+ ), |
63 |
+ noiselevel=-1, |
64 |
+ ) |
65 |
+ gpkg_only_warned = True |
66 |
+ continue |
67 |
path = cpv + ".tbz2" |
68 |
elif binpkg_format == "gpkg": |
69 |
path = cpv + ".gpkg.tar" |
70 |
@@ -944,6 +965,19 @@ class binarytree: |
71 |
SUPPORTED_XPAK_EXTENSIONS + SUPPORTED_GPKG_EXTENSIONS |
72 |
): |
73 |
continue |
74 |
+ |
75 |
+ if myfile.endswith(SUPPORTED_XPAK_EXTENSIONS) and gpkg_only: |
76 |
+ if not gpkg_only_warned: |
77 |
+ writemsg( |
78 |
+ colorize( |
79 |
+ "WARN", |
80 |
+ "Local XPAK packages are ignored due to 'binpkg-request-signature'.\n", |
81 |
+ ), |
82 |
+ noiselevel=-1, |
83 |
+ ) |
84 |
+ gpkg_only_warned = True |
85 |
+ continue |
86 |
+ |
87 |
mypath = os.path.join(mydir, myfile) |
88 |
full_path = os.path.join(self.pkgdir, mypath) |
89 |
s = os.lstat(full_path) |
90 |
@@ -1004,6 +1038,22 @@ class binarytree: |
91 |
binpkg_format = None |
92 |
if match: |
93 |
binpkg_format = match.get("BINPKG_FORMAT", None) |
94 |
+ |
95 |
+ if gpkg_only: |
96 |
+ if binpkg_format != "gpkg": |
97 |
+ if not gpkg_only_warned: |
98 |
+ writemsg( |
99 |
+ colorize( |
100 |
+ "WARN", |
101 |
+ "Local XPAK packages are ignored due to 'binpkg-request-signature'.\n", |
102 |
+ ), |
103 |
+ noiselevel=-1, |
104 |
+ ) |
105 |
+ gpkg_only_warned = True |
106 |
+ continue |
107 |
+ else: |
108 |
+ binpkg_format = "gpkg" |
109 |
+ |
110 |
try: |
111 |
pkg_metadata = self._read_metadata( |
112 |
full_path, |
113 |
@@ -1011,7 +1061,7 @@ class binarytree: |
114 |
keys=chain(self.dbapi._aux_cache_keys, ("PF", "CATEGORY")), |
115 |
binpkg_format=binpkg_format, |
116 |
) |
117 |
- except PortagePackageException as e: |
118 |
+ except (PortagePackageException, SignatureException) as e: |
119 |
writemsg( |
120 |
f"!!! Invalid binary package: '{full_path}', {e}\n", |
121 |
noiselevel=-1, |
122 |
@@ -1202,6 +1252,12 @@ class binarytree: |
123 |
|
124 |
self._remote_has_index = False |
125 |
self._remotepkgs = {} |
126 |
+ |
127 |
+ if "binpkg-request-signature" in self.settings.features: |
128 |
+ gpkg_only = True |
129 |
+ else: |
130 |
+ gpkg_only = False |
131 |
+ |
132 |
# Order by descending priority. |
133 |
for repo in reversed(list(self._binrepos_conf.values())): |
134 |
base_url = repo.sync_uri |
135 |
@@ -1211,6 +1267,8 @@ class binarytree: |
136 |
user = None |
137 |
passwd = None |
138 |
user_passwd = "" |
139 |
+ gpkg_only_warned = False |
140 |
+ |
141 |
if "@" in host: |
142 |
user, host = host.split("@", 1) |
143 |
user_passwd = user + "@" |
144 |
@@ -1480,6 +1538,20 @@ class binarytree: |
145 |
if self.dbapi.cpv_exists(cpv): |
146 |
continue |
147 |
|
148 |
+ if gpkg_only: |
149 |
+ binpkg_format = d.get("BINPKG_FORMAT", "xpak") |
150 |
+ if binpkg_format != "gpkg": |
151 |
+ if not gpkg_only_warned: |
152 |
+ writemsg( |
153 |
+ colorize( |
154 |
+ "WARN", |
155 |
+ f"Remote XPAK packages in '{remote_base_uri}' are ignored due to 'binpkg-request-signature'.\n", |
156 |
+ ), |
157 |
+ noiselevel=-1, |
158 |
+ ) |
159 |
+ gpkg_only_warned = True |
160 |
+ continue |
161 |
+ |
162 |
d["CPV"] = cpv |
163 |
d["BASE_URI"] = remote_base_uri |
164 |
d["PKGINDEX_URI"] = url |
165 |
@@ -1542,7 +1614,14 @@ class binarytree: |
166 |
) |
167 |
return |
168 |
|
169 |
- metadata = self._read_metadata(full_path, s) |
170 |
+ try: |
171 |
+ metadata = self._read_metadata(full_path, s) |
172 |
+ except (PortagePackageException, SignatureException) as e: |
173 |
+ writemsg( |
174 |
+ f"!!! Invalid binary package: '{full_path}', {e}\n", |
175 |
+ noiselevel=-1, |
176 |
+ ) |
177 |
+ return |
178 |
binpkg_format = metadata["BINPKG_FORMAT"] |
179 |
|
180 |
invalid_depend = False |
181 |
|
182 |
diff --git a/lib/portage/exception.py b/lib/portage/exception.py |
183 |
index 3df4ce8fd..ff40e463b 100644 |
184 |
--- a/lib/portage/exception.py |
185 |
+++ b/lib/portage/exception.py |
186 |
@@ -224,10 +224,6 @@ class UnsupportedAPIException(PortagePackageException): |
187 |
return _unicode_decode(msg, encoding=_encodings["content"], errors="replace") |
188 |
|
189 |
|
190 |
-class GPGException(PortageException): |
191 |
- """GPG operation failed""" |
192 |
- |
193 |
- |
194 |
class SignatureException(PortageException): |
195 |
"""Signature was not present in the checked file""" |
196 |
|
197 |
@@ -236,6 +232,10 @@ class DigestException(SignatureException): |
198 |
"""A problem exists in the digest""" |
199 |
|
200 |
|
201 |
+class GPGException(SignatureException): |
202 |
+ """GPG operation failed""" |
203 |
+ |
204 |
+ |
205 |
class MissingSignature(SignatureException): |
206 |
"""Signature was not present in the checked file""" |
207 |
|
208 |
|
209 |
diff --git a/lib/portage/tests/resolver/ResolverPlayground.py b/lib/portage/tests/resolver/ResolverPlayground.py |
210 |
index fa8b0cc76..6805ca601 100644 |
211 |
--- a/lib/portage/tests/resolver/ResolverPlayground.py |
212 |
+++ b/lib/portage/tests/resolver/ResolverPlayground.py |
213 |
@@ -587,8 +587,7 @@ class ResolverPlayground: |
214 |
"CLEAN_DELAY": "0", |
215 |
"DISTDIR": self.distdir, |
216 |
"EMERGE_WARNING_DELAY": "0", |
217 |
- "FEATURES": "${FEATURES} binpkg-signing binpkg-request-signature " |
218 |
- "gpg-keepalive", |
219 |
+ "FEATURES": "${FEATURES} binpkg-signing gpg-keepalive", |
220 |
"PKGDIR": self.pkgdir, |
221 |
"PORTAGE_INST_GID": str(portage.data.portage_gid), |
222 |
"PORTAGE_INST_UID": str(portage.data.portage_uid), |
223 |
@@ -611,6 +610,10 @@ class ResolverPlayground: |
224 |
|
225 |
if "make.conf" in user_config: |
226 |
make_conf_lines.extend(user_config["make.conf"]) |
227 |
+ if "BINPKG_FORMAT=gpkg" in user_config["make.conf"]: |
228 |
+ make_conf_lines.append( |
229 |
+ 'FEATURES="${FEATURES} binpkg-request-signature"' |
230 |
+ ) |
231 |
|
232 |
if not portage.process.sandbox_capable or os.environ.get("SANDBOX_ON") == "1": |
233 |
# avoid problems from nested sandbox instances |