1 |
--- |
2 |
pym/portage/sync/modules/rsync/rsync.py | 66 ++++++++++++++++++++++++++++----- |
3 |
1 file changed, 57 insertions(+), 9 deletions(-) |
4 |
|
5 |
diff --git a/pym/portage/sync/modules/rsync/rsync.py b/pym/portage/sync/modules/rsync/rsync.py |
6 |
index 6b0280032..f6e59e211 100644 |
7 |
--- a/pym/portage/sync/modules/rsync/rsync.py |
8 |
+++ b/pym/portage/sync/modules/rsync/rsync.py |
9 |
@@ -6,6 +6,7 @@ import logging |
10 |
import time |
11 |
import signal |
12 |
import socket |
13 |
+import io |
14 |
import re |
15 |
import random |
16 |
import tempfile |
17 |
@@ -25,6 +26,13 @@ from portage.sync.getaddrinfo_validate import getaddrinfo_validate |
18 |
from _emerge.UserQuery import UserQuery |
19 |
from portage.sync.syncbase import NewBase |
20 |
|
21 |
+try: |
22 |
+ import gemato.exceptions |
23 |
+ import gemato.openpgp |
24 |
+ import gemato.recursiveloader |
25 |
+except ImportError: |
26 |
+ gemato = None |
27 |
+ |
28 |
if sys.hexversion >= 0x3000000: |
29 |
# pylint: disable=W0622 |
30 |
_unicode = str |
31 |
@@ -285,17 +293,57 @@ class RsyncSync(NewBase): |
32 |
|
33 |
# if synced successfully, verify now |
34 |
if exitcode == 0 and not local_state_unchanged and self.verify_metamanifest: |
35 |
- command = ['gemato', 'verify', '-s', self.repo.location] |
36 |
- if self.repo.openpgp_key_path is not None: |
37 |
- command += ['-K', self.repo.openpgp_key_path] |
38 |
- if self.verify_jobs is not None: |
39 |
- command += ['-j', str(self.verify_jobs)] |
40 |
- try: |
41 |
- exitcode = portage.process.spawn(command, **self.spawn_kwargs) |
42 |
- except CommandNotFound as e: |
43 |
- writemsg_level("!!! Command not found: %s\n" % (command[0],), |
44 |
+ if gemato is None: |
45 |
+ writemsg_level("!!! Unable to verify: gemato not found\n", |
46 |
level=logging.ERROR, noiselevel=-1) |
47 |
exitcode = 127 |
48 |
+ else: |
49 |
+ # Use isolated environment if key is specified, |
50 |
+ # system environment otherwise |
51 |
+ if self.repo.openpgp_key_path is not None: |
52 |
+ openpgp_env_cls = gemato.openpgp.OpenPGPEnvironment |
53 |
+ else: |
54 |
+ openpgp_env_cls = gemato.openpgp.OpenPGPSystemEnvironment |
55 |
+ |
56 |
+ try: |
57 |
+ with openpgp_env_cls() as openpgp_env: |
58 |
+ if self.repo.openpgp_key_path is not None: |
59 |
+ out.einfo('Using keys from %s' % (self.repo.openpgp_key_path,)) |
60 |
+ with io.open(self.repo.openpgp_key_path, 'rb') as f: |
61 |
+ openpgp_env.import_key(f) |
62 |
+ out.ebegin('Refreshing keys from keyserver') |
63 |
+ openpgp_env.refresh_keys() |
64 |
+ out.eend(0) |
65 |
+ |
66 |
+ m = gemato.recursiveloader.ManifestRecursiveLoader( |
67 |
+ os.path.join(self.repo.location, 'Manifest'), |
68 |
+ verify_openpgp=True, |
69 |
+ openpgp_env=openpgp_env, |
70 |
+ max_jobs=self.verify_jobs) |
71 |
+ if not m.openpgp_signed: |
72 |
+ raise RuntimeError('OpenPGP signature not found on Manifest') |
73 |
+ |
74 |
+ ts = m.find_timestamp() |
75 |
+ if ts is None: |
76 |
+ raise RuntimeError('Timestamp not found in Manifest') |
77 |
+ |
78 |
+ out.einfo('Manifest timestamp: %s UTC' % (ts.ts,)) |
79 |
+ out.einfo('Valid OpenPGP signature found:') |
80 |
+ out.einfo('- primary key: %s' % ( |
81 |
+ m.openpgp_signature.primary_key_fingerprint)) |
82 |
+ out.einfo('- subkey: %s' % ( |
83 |
+ m.openpgp_signature.fingerprint)) |
84 |
+ out.einfo('- timestamp: %s UTC' % ( |
85 |
+ m.openpgp_signature.timestamp)) |
86 |
+ |
87 |
+ out.ebegin('Verifying %s' % (self.repo.location,)) |
88 |
+ m.assert_directory_verifies() |
89 |
+ out.eend(0) |
90 |
+ except Exception as e: |
91 |
+ writemsg_level("!!! Manifest verification failed:\n%s\n" |
92 |
+ % (e,), |
93 |
+ level=logging.ERROR, noiselevel=-1) |
94 |
+ exitcode = 1 |
95 |
|
96 |
return (exitcode, updatecache_flg) |
97 |
|
98 |
-- |
99 |
2.16.1 |