[gentoo-portage-dev] [PATCH] sync-rsync-openpgp-key-path -> generic sync-openpgp-key-path - gentoo-portage-dev

From:	"Michał Górny" <mgorny@g.o>
To:	gentoo-portage-dev@l.g.o
Cc:	"Michał Górny" <mgorny@g.o>
Subject:	[gentoo-portage-dev] [PATCH] sync-rsync-openpgp-key-path -> generic sync-openpgp-key-path
Date:	Tue, 30 Jan 2018 16:59:25
Message-Id:	`20180130165916.8102-1-mgorny@gentoo.org`

1

Rename the 'sync-rsync-openpgp-key-path' to a more generic

2

'sync-openpgp-key-path'. OpenPGP is the basis of at least three

3

different verification schemes (git, rsync, snapshots) and at least

4

two of them use the same keys.

5

---

6

 cnf/repos.conf                             | 2 +-

7

 man/portage.5                              | 9 +++++----

8

 pym/portage/repository/config.py           | 4 ++++

9

 pym/portage/sync/modules/rsync/__init__.py | 1 -

10

 pym/portage/sync/modules/rsync/rsync.py    | 8 ++------

11

 5 files changed, 12 insertions(+), 12 deletions(-)

12

13

diff --git a/cnf/repos.conf b/cnf/repos.conf

14

index 0d2b1f4be..4a40ff4fc 100644

15

--- a/cnf/repos.conf

16

+++ b/cnf/repos.conf

17

@@ -7,7 +7,7 @@ sync-type = rsync

18

 sync-uri = rsync://rsync.gentoo.org/gentoo-portage

19

 auto-sync = yes

20

 sync-rsync-verify-metamanifest = yes

21

-sync-rsync-openpgp-key-path = /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg

22

+sync-openpgp-key-path = /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg

23

24

 # for daily squashfs snapshots

25

 #sync-type = squashdelta

26

diff --git a/man/portage.5 b/man/portage.5

27

index 84999bd2f..1f6259715 100644

28

--- a/man/portage.5

29

+++ b/man/portage.5

30

@@ -1071,10 +1071,11 @@ Extra options to give to rsync on repository synchronization. It takes

31

 precedence over a declaration in [DEFAULT] section, that takes

32

 precedence over PORTAGE_RSYNC_EXTRA_OPTS.

33

.TP

34

-.B sync\-rsync\-openpgp\-key\-path

35

-Path to the OpenPGP key(ring) used to verify MetaManifest. Used only

36

-if \fBsync\-rsync\-verify\-metamanifest\fR is enabled. If unset,

37

-the user's keyring is used.

38

+.B sync\-openpgp\-key\-path

39

+Path to the OpenPGP key(ring) used to verify received repository. Used

40

+only for protocols supporting cryptographic verification, provided

41

+that the respective verification option is enabled. If unset, the user's

42

+keyring is used.

43

.TP

44

 .B sync-rsync-vcs-ignore = true|false

45

 Ignore vcs directories that may be present in the repository. It is the

46

diff --git a/pym/portage/repository/config.py b/pym/portage/repository/config.py

47

index be31ed3b1..d3a622f7c 100644

48

--- a/pym/portage/repository/config.py

49

+++ b/pym/portage/repository/config.py

50

@@ -86,6 +86,7 @@ class RepoConfig(object):

51

 		'sync_type', 'sync_umask', 'sync_uri', 'sync_user', 'thin_manifest',

52

 		'update_changelog', '_eapis_banned', '_eapis_deprecated',

53

 		'_masters_orig', 'module_specific_options', 'manifest_required_hashes',

54

+		'openpgp_key_path',

55

)

56

57

 	def __init__(self, name, repo_opts, local_config=True):

58

@@ -182,6 +183,9 @@ class RepoConfig(object):

59

 		self.strict_misc_digests = repo_opts.get(

60

 			'strict-misc-digests', 'true').lower() == 'true'

61

62

+		self.openpgp_key_path = repo_opts.get(

63

+			'sync-openpgp-key-path', None)

64

+

65

 		self.module_specific_options = {}

66

67

 		# Not implemented.

68

diff --git a/pym/portage/sync/modules/rsync/__init__.py b/pym/portage/sync/modules/rsync/__init__.py

69

index 14af2120c..27a2548c0 100644

70

--- a/pym/portage/sync/modules/rsync/__init__.py

71

+++ b/pym/portage/sync/modules/rsync/__init__.py

72

@@ -27,7 +27,6 @@ module_spec = {

73

 			'validate_config': CheckSyncConfig,

74

 			'module_specific_options': (

75

 				'sync-rsync-extra-opts',

76

-				'sync-rsync-openpgp-key-path',

77

 				'sync-rsync-vcs-ignore',

78

 				'sync-rsync-verify-jobs',

79

 				'sync-rsync-verify-metamanifest',

80

diff --git a/pym/portage/sync/modules/rsync/rsync.py b/pym/portage/sync/modules/rsync/rsync.py

81

index 552ac6f6b..d9d7d56f2 100644

82

--- a/pym/portage/sync/modules/rsync/rsync.py

83

+++ b/pym/portage/sync/modules/rsync/rsync.py

84

@@ -87,10 +87,6 @@ class RsyncSync(NewBase):

85

 		self.verify_metamanifest = (

86

 				self.repo.module_specific_options.get(

87

 					'sync-rsync-verify-metamanifest', False))

88

-		# Default to gentoo-keys keyring.

89

-		self.openpgp_key_path = (

90

-				self.repo.module_specific_options.get(

91

-					'sync-rsync-openpgp-key-path', None))

92

 		# Support overriding job count.

93

 		self.verify_jobs = self.repo.module_specific_options.get(

94

 				'sync-rsync-verify-jobs', None)

95

@@ -276,8 +272,8 @@ class RsyncSync(NewBase):

96

 		# if synced successfully, verify now

97

 		if exitcode == 0 and self.verify_metamanifest:

98

 			command = ['gemato', 'verify', '-s', self.repo.location]

99

-			if self.openpgp_key_path is not None:

100

-				command += ['-K', self.openpgp_key_path]

101

+			if self.repo.openpgp_key_path is not None:

102

+				command += ['-K', self.repo.openpgp_key_path]

103

 			if self.verify_jobs is not None:

104

 				command += ['-j', self.verify_jobs]

105

 			exitcode = portage.process.spawn(command, **self.spawn_kwargs)

106

--

107

2.16.1

Gentoo Archives: gentoo-portage-dev

Replies

1	Rename the 'sync-rsync-openpgp-key-path' to a more generic
2	'sync-openpgp-key-path'. OpenPGP is the basis of at least three
3	different verification schemes (git, rsync, snapshots) and at least
4	two of them use the same keys.
5	---
6	cnf/repos.conf \| 2 +-
7	man/portage.5 \| 9 +++++----
8	pym/portage/repository/config.py \| 4 ++++
9	pym/portage/sync/modules/rsync/__init__.py \| 1 -
10	pym/portage/sync/modules/rsync/rsync.py \| 8 ++------
11	5 files changed, 12 insertions(+), 12 deletions(-)
12
13	diff --git a/cnf/repos.conf b/cnf/repos.conf
14	index 0d2b1f4be..4a40ff4fc 100644
15	--- a/cnf/repos.conf
16	+++ b/cnf/repos.conf
17	@@ -7,7 +7,7 @@ sync-type = rsync
18	sync-uri = rsync://rsync.gentoo.org/gentoo-portage
19	auto-sync = yes
20	sync-rsync-verify-metamanifest = yes
21	-sync-rsync-openpgp-key-path = /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg
22	+sync-openpgp-key-path = /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg
23
24	# for daily squashfs snapshots
25	#sync-type = squashdelta
26	diff --git a/man/portage.5 b/man/portage.5
27	index 84999bd2f..1f6259715 100644
28	--- a/man/portage.5
29	+++ b/man/portage.5
30	@@ -1071,10 +1071,11 @@ Extra options to give to rsync on repository synchronization. It takes
31	precedence over a declaration in [DEFAULT] section, that takes
32	precedence over PORTAGE_RSYNC_EXTRA_OPTS.
33	.TP
34	-.B sync\-rsync\-openpgp\-key\-path
35	-Path to the OpenPGP key(ring) used to verify MetaManifest. Used only
36	-if \fBsync\-rsync\-verify\-metamanifest\fR is enabled. If unset,
37	-the user's keyring is used.
38	+.B sync\-openpgp\-key\-path
39	+Path to the OpenPGP key(ring) used to verify received repository. Used
40	+only for protocols supporting cryptographic verification, provided
41	+that the respective verification option is enabled. If unset, the user's
42	+keyring is used.
43	.TP
44	.B sync-rsync-vcs-ignore = true\|false
45	Ignore vcs directories that may be present in the repository. It is the
46	diff --git a/pym/portage/repository/config.py b/pym/portage/repository/config.py
47	index be31ed3b1..d3a622f7c 100644
48	--- a/pym/portage/repository/config.py
49	+++ b/pym/portage/repository/config.py
50	@@ -86,6 +86,7 @@ class RepoConfig(object):
51	'sync_type', 'sync_umask', 'sync_uri', 'sync_user', 'thin_manifest',
52	'update_changelog', '_eapis_banned', '_eapis_deprecated',
53	'_masters_orig', 'module_specific_options', 'manifest_required_hashes',
54	+ 'openpgp_key_path',
55	)
56
57	def __init__(self, name, repo_opts, local_config=True):
58	@@ -182,6 +183,9 @@ class RepoConfig(object):
59	self.strict_misc_digests = repo_opts.get(
60	'strict-misc-digests', 'true').lower() == 'true'
61
62	+ self.openpgp_key_path = repo_opts.get(
63	+ 'sync-openpgp-key-path', None)
64	+
65	self.module_specific_options = {}
66
67	# Not implemented.
68	diff --git a/pym/portage/sync/modules/rsync/__init__.py b/pym/portage/sync/modules/rsync/__init__.py
69	index 14af2120c..27a2548c0 100644
70	--- a/pym/portage/sync/modules/rsync/__init__.py
71	+++ b/pym/portage/sync/modules/rsync/__init__.py
72	@@ -27,7 +27,6 @@ module_spec = {
73	'validate_config': CheckSyncConfig,
74	'module_specific_options': (
75	'sync-rsync-extra-opts',
76	- 'sync-rsync-openpgp-key-path',
77	'sync-rsync-vcs-ignore',
78	'sync-rsync-verify-jobs',
79	'sync-rsync-verify-metamanifest',
80	diff --git a/pym/portage/sync/modules/rsync/rsync.py b/pym/portage/sync/modules/rsync/rsync.py
81	index 552ac6f6b..d9d7d56f2 100644
82	--- a/pym/portage/sync/modules/rsync/rsync.py
83	+++ b/pym/portage/sync/modules/rsync/rsync.py
84	@@ -87,10 +87,6 @@ class RsyncSync(NewBase):
85	self.verify_metamanifest = (
86	self.repo.module_specific_options.get(
87	'sync-rsync-verify-metamanifest', False))
88	- # Default to gentoo-keys keyring.
89	- self.openpgp_key_path = (
90	- self.repo.module_specific_options.get(
91	- 'sync-rsync-openpgp-key-path', None))
92	# Support overriding job count.
93	self.verify_jobs = self.repo.module_specific_options.get(
94	'sync-rsync-verify-jobs', None)
95	@@ -276,8 +272,8 @@ class RsyncSync(NewBase):
96	# if synced successfully, verify now
97	if exitcode == 0 and self.verify_metamanifest:
98	command = ['gemato', 'verify', '-s', self.repo.location]
99	- if self.openpgp_key_path is not None:
100	- command += ['-K', self.openpgp_key_path]
101	+ if self.repo.openpgp_key_path is not None:
102	+ command += ['-K', self.repo.openpgp_key_path]
103	if self.verify_jobs is not None:
104	command += ['-j', self.verify_jobs]
105	exitcode = portage.process.spawn(command, **self.spawn_kwargs)
106	--
107	2.16.1