| 1 |
Enable sync-webrsync-verify-signature by default. Use a new |
| 2 |
PORTAGE_TEMP_GPG_DIR variable to distinguish indirect emerge-webrsync |
| 3 |
calls that use gemato for secure key refresh, and disable direct |
| 4 |
emerge-webrsync calls. |
| 5 |
|
| 6 |
Deprecate FEATURES=webrsync-gpg and use it to trigger a |
| 7 |
backward-compatibility mode where direct emerge-webrsync calls are |
| 8 |
allowed (but trigger a warning message). Since direct emerge-webrsync |
| 9 |
calls do not use gemato for secure key refresh, this behavior will |
| 10 |
not be supported in a future release. |
| 11 |
|
| 12 |
Bug: https://bugs.gentoo.org/689506 |
| 13 |
--- |
| 14 |
[PATCH v2] |
| 15 |
* Fix typo in man page date reported by Ulrich Mueller. |
| 16 |
* Automatically enable sync-webrsync-verify-signature only |
| 17 |
if gemato is available and sync-openpgp-key-path exists |
| 18 |
(dependencies conditional on USE=rsync-verify). |
| 19 |
|
| 20 |
bin/emerge-webrsync | 19 ++++++++++++++++--- |
| 21 |
lib/portage/package/ebuild/config.py | 4 ++++ |
| 22 |
lib/portage/sync/modules/webrsync/webrsync.py | 8 +++++++- |
| 23 |
man/make.conf.5 | 6 ++++-- |
| 24 |
man/portage.5 | 4 ++-- |
| 25 |
misc/emerge-delta-webrsync | 19 ++++++++++++++++--- |
| 26 |
6 files changed, 49 insertions(+), 11 deletions(-) |
| 27 |
|
| 28 |
diff --git a/bin/emerge-webrsync b/bin/emerge-webrsync |
| 29 |
index f622dde3e..25daaf8eb 100755 |
| 30 |
--- a/bin/emerge-webrsync |
| 31 |
+++ b/bin/emerge-webrsync |
| 32 |
@@ -50,7 +50,7 @@ eval "$("${portageq}" envvar -v DISTDIR EPREFIX FEATURES \ |
| 33 |
FETCHCOMMAND GENTOO_MIRRORS \ |
| 34 |
PORTAGE_BIN_PATH PORTAGE_CONFIGROOT PORTAGE_GPG_DIR \ |
| 35 |
PORTAGE_NICENESS PORTAGE_REPOSITORIES PORTAGE_RSYNC_EXTRA_OPTS \ |
| 36 |
- PORTAGE_RSYNC_OPTS PORTAGE_TMPDIR \ |
| 37 |
+ PORTAGE_RSYNC_OPTS PORTAGE_TEMP_GPG_DIR PORTAGE_TMPDIR \ |
| 38 |
USERLAND http_proxy ftp_proxy)" |
| 39 |
export http_proxy ftp_proxy |
| 40 |
|
| 41 |
@@ -74,9 +74,21 @@ do_verbose=0 |
| 42 |
do_debug=0 |
| 43 |
keep=false |
| 44 |
|
| 45 |
-if has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature | \ |
| 46 |
+has webrsync-gpg ${FEATURES} && webrsync_gpg=1 || webrsync_gpg=0 |
| 47 |
+ |
| 48 |
+if [[ ${webrsync_gpg} -eq 1 ]]; then |
| 49 |
+ wecho "FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page." |
| 50 |
+fi |
| 51 |
+ |
| 52 |
+if [[ -n ${PORTAGE_TEMP_GPG_DIR} ]] || |
| 53 |
+ has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature | |
| 54 |
LC_ALL=C tr '[:upper:]' '[:lower:]') true yes; then |
| 55 |
- if [[ ! -d ${PORTAGE_GPG_DIR} ]]; then |
| 56 |
+ # If FEATURES=webrsync-gpg is enabled then allow direct emerge-webrsync |
| 57 |
+ # calls for backward compatibility (this triggers a deprecation warning |
| 58 |
+ # above). Since direct emerge-webrsync calls do not use gemato for secure |
| 59 |
+ # key refresh, this behavior will not be supported in a future release. |
| 60 |
+ if [[ ! ( -d ${PORTAGE_GPG_DIR} && ${webrsync_gpg} -eq 1 ) && |
| 61 |
+ -z ${PORTAGE_TEMP_GPG_DIR} ]]; then |
| 62 |
eecho "Do not call ${argv0##*/} directly, instead call emerge --sync or emaint sync." |
| 63 |
exit 1 |
| 64 |
fi |
| 65 |
@@ -86,6 +98,7 @@ elif has webrsync-gpg ${FEATURES}; then |
| 66 |
else |
| 67 |
WEBSYNC_VERIFY_SIGNATURE=0 |
| 68 |
fi |
| 69 |
+[[ -n ${PORTAGE_TEMP_GPG_DIR} ]] && PORTAGE_GPG_DIR=${PORTAGE_TEMP_GPG_DIR} |
| 70 |
if [ ${WEBSYNC_VERIFY_SIGNATURE} != 0 -a -z "${PORTAGE_GPG_DIR}" ]; then |
| 71 |
eecho "please set PORTAGE_GPG_DIR in make.conf" |
| 72 |
exit 1 |
| 73 |
diff --git a/lib/portage/package/ebuild/config.py b/lib/portage/package/ebuild/config.py |
| 74 |
index 780013bca..83a15b370 100644 |
| 75 |
--- a/lib/portage/package/ebuild/config.py |
| 76 |
+++ b/lib/portage/package/ebuild/config.py |
| 77 |
@@ -1205,6 +1205,10 @@ class config(object): |
| 78 |
writemsg(_("!!! FEATURES=fakeroot is enabled, but the " |
| 79 |
"fakeroot binary is not installed.\n"), noiselevel=-1) |
| 80 |
|
| 81 |
+ if "webrsync-gpg" in self.features: |
| 82 |
+ writemsg(_("!!! FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page.\n"), |
| 83 |
+ noiselevel=-1) |
| 84 |
+ |
| 85 |
if os.getuid() == 0 and not hasattr(os, "setgroups"): |
| 86 |
warning_shown = False |
| 87 |
|
| 88 |
diff --git a/lib/portage/sync/modules/webrsync/webrsync.py b/lib/portage/sync/modules/webrsync/webrsync.py |
| 89 |
index 609ba0be2..4232ca972 100644 |
| 90 |
--- a/lib/portage/sync/modules/webrsync/webrsync.py |
| 91 |
+++ b/lib/portage/sync/modules/webrsync/webrsync.py |
| 92 |
@@ -59,9 +59,14 @@ class WebRsync(SyncBase): |
| 93 |
|
| 94 |
verbose = '--verbose' in self.options['emerge_config'].opts |
| 95 |
quiet = '--quiet' in self.options['emerge_config'].opts |
| 96 |
+ auto_verify_sig = (self.repo.module_specific_options.get( |
| 97 |
+ 'sync-webrsync-verify-signature', 'true').lower() not in ('false', 'no') and |
| 98 |
+ gemato is not None and |
| 99 |
+ self.repo.sync_openpgp_key_path and |
| 100 |
+ os.path.isfile(self.repo.sync_openpgp_key_path)) |
| 101 |
openpgp_env = None |
| 102 |
try: |
| 103 |
- if self.repo.module_specific_options.get( |
| 104 |
+ if auto_verify_sig or self.repo.module_specific_options.get( |
| 105 |
'sync-webrsync-verify-signature', 'false').lower() in ('true', 'yes'): |
| 106 |
|
| 107 |
if not self.repo.sync_openpgp_key_path: |
| 108 |
@@ -88,6 +93,7 @@ class WebRsync(SyncBase): |
| 109 |
openpgp_env.import_key(f) |
| 110 |
self._refresh_keys(openpgp_env) |
| 111 |
self.spawn_kwargs["env"]["PORTAGE_GPG_DIR"] = openpgp_env.home |
| 112 |
+ self.spawn_kwargs["env"]["PORTAGE_TEMP_GPG_DIR"] = openpgp_env.home |
| 113 |
except (GematoException, asyncio.TimeoutError) as e: |
| 114 |
writemsg_level("!!! Verification impossible due to keyring problem:\n%s\n" |
| 115 |
% (e,), |
| 116 |
diff --git a/man/make.conf.5 b/man/make.conf.5 |
| 117 |
index d73bb9bac..cc4e1eba8 100644 |
| 118 |
--- a/man/make.conf.5 |
| 119 |
+++ b/man/make.conf.5 |
| 120 |
@@ -1,4 +1,4 @@ |
| 121 |
-.TH "MAKE.CONF" "5" "Jun 2019" "Portage VERSION" "Portage" |
| 122 |
+.TH "MAKE.CONF" "5" "Jul 2019" "Portage VERSION" "Portage" |
| 123 |
.SH "NAME" |
| 124 |
make.conf \- custom settings for Portage |
| 125 |
.SH "SYNOPSIS" |
| 126 |
@@ -716,7 +716,9 @@ Portage would have to waste time validating ownership for each and every sync |
| 127 |
operation. |
| 128 |
.TP |
| 129 |
.B webrsync-gpg |
| 130 |
-Enable GPG verification when using \fIemerge\-webrsync\fR. |
| 131 |
+Enable GPG verification when using \fIemerge\-webrsync\fR. This feature is |
| 132 |
+deprecated and has been replaced by the \fBrepos.conf\fR |
| 133 |
+\fIsync\-webrsync\-verify\-signature\fR setting, see \fBportage\fR(5). |
| 134 |
.TP |
| 135 |
.B xattr |
| 136 |
Preserve extended attributes (filesystem-stored metadata) when installing |
| 137 |
diff --git a/man/portage.5 b/man/portage.5 |
| 138 |
index 36c871123..10e3155f3 100644 |
| 139 |
--- a/man/portage.5 |
| 140 |
+++ b/man/portage.5 |
| 141 |
@@ -1,4 +1,4 @@ |
| 142 |
-.TH "PORTAGE" "5" "Apr 2019" "Portage VERSION" "Portage" |
| 143 |
+.TH "PORTAGE" "5" "Jul 2019" "Portage VERSION" "Portage" |
| 144 |
.SH NAME |
| 145 |
portage \- the heart of Gentoo |
| 146 |
.SH "DESCRIPTION" |
| 147 |
@@ -1178,7 +1178,7 @@ Keep snapshots in \fBDISTDIR\fR (do not delete). Defaults to false. |
| 148 |
.B sync\-webrsync\-verify\-signature = true|false |
| 149 |
Require the detached tarball signature to contain a good OpenPGP |
| 150 |
signature. This uses the OpenPGP key(ring) specified by the |
| 151 |
-sync\-openpgp\-key\-path setting. Defaults to false. |
| 152 |
+sync\-openpgp\-key\-path setting. Defaults to true. |
| 153 |
|
| 154 |
.RE |
| 155 |
|
| 156 |
diff --git a/misc/emerge-delta-webrsync b/misc/emerge-delta-webrsync |
| 157 |
index 8419e01a9..c5f6fbbd3 100755 |
| 158 |
--- a/misc/emerge-delta-webrsync |
| 159 |
+++ b/misc/emerge-delta-webrsync |
| 160 |
@@ -48,7 +48,7 @@ eval "$("${portageq}" envvar -v DISTDIR EPREFIX FEATURES \ |
| 161 |
FETCHCOMMAND GENTOO_MIRRORS \ |
| 162 |
PORTAGE_BIN_PATH PORTAGE_CONFIGROOT PORTAGE_GPG_DIR \ |
| 163 |
PORTAGE_NICENESS PORTAGE_REPOSITORIES PORTAGE_RSYNC_EXTRA_OPTS \ |
| 164 |
- PORTAGE_RSYNC_OPTS PORTAGE_TMPDIR \ |
| 165 |
+ PORTAGE_RSYNC_OPTS PORTAGE_TEMP_GPG_DIR PORTAGE_TMPDIR \ |
| 166 |
USERLAND http_proxy ftp_proxy)" |
| 167 |
export http_proxy ftp_proxy |
| 168 |
|
| 169 |
@@ -114,9 +114,21 @@ if [[ ! -d $STATE_DIR ]]; then |
| 170 |
exit -2 |
| 171 |
fi |
| 172 |
|
| 173 |
-if has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature | \ |
| 174 |
+has webrsync-gpg ${FEATURES} && webrsync_gpg=1 || webrsync_gpg=0 |
| 175 |
+ |
| 176 |
+if [[ ${webrsync_gpg} -eq 1 ]]; then |
| 177 |
+ wecho "FEATURES=webrsync-gpg is deprecated, see the make.conf(5) man page." |
| 178 |
+fi |
| 179 |
+ |
| 180 |
+if [[ -n ${PORTAGE_TEMP_GPG_DIR} ]] || |
| 181 |
+ has $(__repo_attr "${repo_name}" sync-webrsync-verify-signature | |
| 182 |
LC_ALL=C tr '[:upper:]' '[:lower:]') true yes; then |
| 183 |
- if [[ ! -d ${PORTAGE_GPG_DIR} ]]; then |
| 184 |
+ # If FEATURES=webrsync-gpg is enabled then allow direct emerge-webrsync |
| 185 |
+ # calls for backward compatibility (this triggers a deprecation warning |
| 186 |
+ # above). Since direct emerge-webrsync calls do not use gemato for secure |
| 187 |
+ # key refresh, this behavior will not be supported in a future release. |
| 188 |
+ if [[ ! ( -d ${PORTAGE_GPG_DIR} && ${webrsync_gpg} -eq 1 ) && |
| 189 |
+ -z ${PORTAGE_TEMP_GPG_DIR} ]]; then |
| 190 |
eecho "Do not call ${argv0##*/} directly, instead call emerge --sync or emaint sync." |
| 191 |
exit 1 |
| 192 |
fi |
| 193 |
@@ -126,6 +138,7 @@ elif has webrsync-gpg ${FEATURES}; then |
| 194 |
else |
| 195 |
WEBSYNC_VERIFY_SIGNATURE=0 |
| 196 |
fi |
| 197 |
+[[ -n ${PORTAGE_TEMP_GPG_DIR} ]] && PORTAGE_GPG_DIR=${PORTAGE_TEMP_GPG_DIR} |
| 198 |
if [ ${WEBSYNC_VERIFY_SIGNATURE} != 0 -a -z "${PORTAGE_GPG_DIR}" ]; then |
| 199 |
eecho "please set PORTAGE_GPG_DIR in make.conf" |
| 200 |
exit 1 |
| 201 |
-- |
| 202 |
2.21.0 |
Archives