[gentoo-commits] proj/portage:master commit in: cnf/, man/, pym/portage/sync/modules/rsync/ - gentoo-commits

From:	"Michał Górny" <mgorny@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/portage:master commit in: cnf/, man/, pym/portage/sync/modules/rsync/
Date:	Mon, 05 Feb 2018 18:44:53
Message-Id:	`1517856201.8d99acdb3f4fba258dfcdf3b659e400a8066d296.mgorny@gentoo`

1

commit:     8d99acdb3f4fba258dfcdf3b659e400a8066d296

2

Author:     Michał Górny <mgorny <AT> gentoo <DOT> org>

3

AuthorDate: Thu Feb  1 12:06:26 2018 +0000

4

Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>

5

CommitDate: Mon Feb  5 18:43:21 2018 +0000

6

URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=8d99acdb

7

8

rsync: Issue an explicit warning if Manifest timestamp is >24hr old

9

10

Issue an explicit warning if the Manifest timestamp for Gentoo

11

repository is 24 hours behind the system clock. This is meant to detect

12

attacks based on preventing the user from upgrading.

13

14

Reviewed-by: Zac Medico <zmedico <AT> gentoo.org>

15

16

 cnf/repos.conf                             |  1 +

17

 man/portage.5                              |  4 ++++

18

 pym/portage/sync/modules/rsync/__init__.py |  1 +

19

 pym/portage/sync/modules/rsync/rsync.py    | 21 +++++++++++++++++++++

20

 4 files changed, 27 insertions(+)

21

22

diff --git a/cnf/repos.conf b/cnf/repos.conf

23

index 4a40ff4fc..984ecd220 100644

24

--- a/cnf/repos.conf

25

+++ b/cnf/repos.conf

26

@@ -7,6 +7,7 @@ sync-type = rsync

27

 sync-uri = rsync://rsync.gentoo.org/gentoo-portage

28

 auto-sync = yes

29

 sync-rsync-verify-metamanifest = yes

30

+sync-rsync-verify-max-age = 24

31

 sync-openpgp-key-path = /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg

32

33

 # for daily squashfs snapshots

34

35

diff --git a/man/portage.5 b/man/portage.5

36

index d4f755f51..54ce7eec9 100644

37

--- a/man/portage.5

38

+++ b/man/portage.5

39

@@ -1086,6 +1086,10 @@ directories if appropriate.

40

 Number of parallel jobs to use when verifying nested Manifests. Defaults

41

 to the apparent number of processors.

42

.TP

43

+.B sync\-rsync\-verify\-max\-age

44

+Warn if repository is older than the specified number of days. Disabled

45

+when 0. Defaults to disabled.

46

+.TP

47

 .B sync\-rsync\-verify\-metamanifest = yes|no

48

 Require the repository to contain a signed MetaManifest and verify

49

 it using \fBapp\-portage/gemato\fR. Defaults to no.

50

51

diff --git a/pym/portage/sync/modules/rsync/__init__.py b/pym/portage/sync/modules/rsync/__init__.py

52

index 27a2548c0..cb80f6d66 100644

53

--- a/pym/portage/sync/modules/rsync/__init__.py

54

+++ b/pym/portage/sync/modules/rsync/__init__.py

55

@@ -29,6 +29,7 @@ module_spec = {

56

 				'sync-rsync-extra-opts',

57

 				'sync-rsync-vcs-ignore',

58

 				'sync-rsync-verify-jobs',

59

+				'sync-rsync-verify-max-age',

60

 				'sync-rsync-verify-metamanifest',

61

),

62

}

63

64

diff --git a/pym/portage/sync/modules/rsync/rsync.py b/pym/portage/sync/modules/rsync/rsync.py

65

index dc4674548..ac841545d 100644

66

--- a/pym/portage/sync/modules/rsync/rsync.py

67

+++ b/pym/portage/sync/modules/rsync/rsync.py

68

@@ -6,6 +6,7 @@ import logging

69

 import time

70

 import signal

71

 import socket

72

+import datetime

73

 import io

74

 import re

75

 import random

76

@@ -109,6 +110,20 @@ class RsyncSync(NewBase):

77

 				writemsg_level("!!! sync-rsync-verify-jobs not a positive integer: %s\n" % (self.verify_jobs,),

78

 					level=logging.WARNING, noiselevel=-1)

79

 				self.verify_jobs = None

80

+		# Support overriding max age.

81

+		self.max_age = self.repo.module_specific_options.get(

82

+				'sync-rsync-verify-max-age', '')

83

+		if self.max_age:

84

+			try:

85

+				self.max_age = int(self.max_age)

86

+				if self.max_age < 0:

87

+					raise ValueError(self.max_age)

88

+			except ValueError:

89

+				writemsg_level("!!! sync-rsync-max-age must be a non-negative integer: %s\n" % (self.max_age,),

90

+					level=logging.WARNING, noiselevel=-1)

91

+				self.max_age = 0

92

+		else:

93

+			self.max_age = 0

94

95

 		openpgp_env = None

96

 		if self.verify_metamanifest and gemato is not None:

97

@@ -339,6 +354,12 @@ class RsyncSync(NewBase):

98

 						ts = m.find_timestamp()

99

 						if ts is None:

100

 							raise RuntimeError('Timestamp not found in Manifest')

101

+						if (self.max_age != 0 and

102

+								(datetime.datetime.utcnow() - ts.ts).days > self.max_age):

103

+							out.ewarn('Manifest is over %d days old, this is suspicious!' % (self.max_age,))

104

+							out.ewarn('You may want to try using another mirror and/or reporting this one:')

105

+							out.ewarn('  %s' % (dosyncuri,))

106

+							out.ewarn('')

107

108

 						out.einfo('Manifest timestamp: %s UTC' % (ts.ts,))

109

 						out.einfo('Valid OpenPGP signature found:')

1	commit: 8d99acdb3f4fba258dfcdf3b659e400a8066d296
2	Author: Michał Górny <mgorny <AT> gentoo <DOT> org>
3	AuthorDate: Thu Feb 1 12:06:26 2018 +0000
4	Commit: Michał Górny <mgorny <AT> gentoo <DOT> org>
5	CommitDate: Mon Feb 5 18:43:21 2018 +0000
6	URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=8d99acdb
7
8	rsync: Issue an explicit warning if Manifest timestamp is >24hr old
9
10	Issue an explicit warning if the Manifest timestamp for Gentoo
11	repository is 24 hours behind the system clock. This is meant to detect
12	attacks based on preventing the user from upgrading.
13
14	Reviewed-by: Zac Medico <zmedico <AT> gentoo.org>
15
16	cnf/repos.conf \| 1 +
17	man/portage.5 \| 4 ++++
18	pym/portage/sync/modules/rsync/__init__.py \| 1 +
19	pym/portage/sync/modules/rsync/rsync.py \| 21 +++++++++++++++++++++
20	4 files changed, 27 insertions(+)
21
22	diff --git a/cnf/repos.conf b/cnf/repos.conf
23	index 4a40ff4fc..984ecd220 100644
24	--- a/cnf/repos.conf
25	+++ b/cnf/repos.conf
26	@@ -7,6 +7,7 @@ sync-type = rsync
27	sync-uri = rsync://rsync.gentoo.org/gentoo-portage
28	auto-sync = yes
29	sync-rsync-verify-metamanifest = yes
30	+sync-rsync-verify-max-age = 24
31	sync-openpgp-key-path = /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg
32
33	# for daily squashfs snapshots
34
35	diff --git a/man/portage.5 b/man/portage.5
36	index d4f755f51..54ce7eec9 100644
37	--- a/man/portage.5
38	+++ b/man/portage.5
39	@@ -1086,6 +1086,10 @@ directories if appropriate.
40	Number of parallel jobs to use when verifying nested Manifests. Defaults
41	to the apparent number of processors.
42	.TP
43	+.B sync\-rsync\-verify\-max\-age
44	+Warn if repository is older than the specified number of days. Disabled
45	+when 0. Defaults to disabled.
46	+.TP
47	.B sync\-rsync\-verify\-metamanifest = yes\|no
48	Require the repository to contain a signed MetaManifest and verify
49	it using \fBapp\-portage/gemato\fR. Defaults to no.
50
51	diff --git a/pym/portage/sync/modules/rsync/__init__.py b/pym/portage/sync/modules/rsync/__init__.py
52	index 27a2548c0..cb80f6d66 100644
53	--- a/pym/portage/sync/modules/rsync/__init__.py
54	+++ b/pym/portage/sync/modules/rsync/__init__.py
55	@@ -29,6 +29,7 @@ module_spec = {
56	'sync-rsync-extra-opts',
57	'sync-rsync-vcs-ignore',
58	'sync-rsync-verify-jobs',
59	+ 'sync-rsync-verify-max-age',
60	'sync-rsync-verify-metamanifest',
61	),
62	}
63
64	diff --git a/pym/portage/sync/modules/rsync/rsync.py b/pym/portage/sync/modules/rsync/rsync.py
65	index dc4674548..ac841545d 100644
66	--- a/pym/portage/sync/modules/rsync/rsync.py
67	+++ b/pym/portage/sync/modules/rsync/rsync.py
68	@@ -6,6 +6,7 @@ import logging
69	import time
70	import signal
71	import socket
72	+import datetime
73	import io
74	import re
75	import random
76	@@ -109,6 +110,20 @@ class RsyncSync(NewBase):
77	writemsg_level("!!! sync-rsync-verify-jobs not a positive integer: %s\n" % (self.verify_jobs,),
78	level=logging.WARNING, noiselevel=-1)
79	self.verify_jobs = None
80	+ # Support overriding max age.
81	+ self.max_age = self.repo.module_specific_options.get(
82	+ 'sync-rsync-verify-max-age', '')
83	+ if self.max_age:
84	+ try:
85	+ self.max_age = int(self.max_age)
86	+ if self.max_age < 0:
87	+ raise ValueError(self.max_age)
88	+ except ValueError:
89	+ writemsg_level("!!! sync-rsync-max-age must be a non-negative integer: %s\n" % (self.max_age,),
90	+ level=logging.WARNING, noiselevel=-1)
91	+ self.max_age = 0
92	+ else:
93	+ self.max_age = 0
94
95	openpgp_env = None
96	if self.verify_metamanifest and gemato is not None:
97	@@ -339,6 +354,12 @@ class RsyncSync(NewBase):
98	ts = m.find_timestamp()
99	if ts is None:
100	raise RuntimeError('Timestamp not found in Manifest')
101	+ if (self.max_age != 0 and
102	+ (datetime.datetime.utcnow() - ts.ts).days > self.max_age):
103	+ out.ewarn('Manifest is over %d days old, this is suspicious!' % (self.max_age,))
104	+ out.ewarn('You may want to try using another mirror and/or reporting this one:')
105	+ out.ewarn(' %s' % (dosyncuri,))
106	+ out.ewarn('')
107
108	out.einfo('Manifest timestamp: %s UTC' % (ts.ts,))
109	out.einfo('Valid OpenPGP signature found:')

Gentoo Archives: gentoo-commits