Gentoo Archives: gentoo-portage-dev

From:	"Michał Górny" <mgorny@g.o>
To:	gentoo-portage-dev@l.g.o
Cc:	"Michał Górny" <mgorny@g.o>
Subject:	[gentoo-portage-dev] [PATCH 2/5] rsync: Use gemato routines directly instead of calling the CLI tool
Date:	Thu, 01 Feb 2018 12:17:27
Message-Id:	`20180201121707.8623-3-mgorny@gentoo.org`
In Reply to:	[gentoo-portage-dev] [PATCH] rsync: Improve gemato rsync Manifest verification logic by "Michał Górny"

1	---
2	pym/portage/sync/modules/rsync/rsync.py \| 66 ++++++++++++++++++++++++++++-----
3	1 file changed, 57 insertions(+), 9 deletions(-)
4
5	diff --git a/pym/portage/sync/modules/rsync/rsync.py b/pym/portage/sync/modules/rsync/rsync.py
6	index 6b0280032..f6e59e211 100644
7	--- a/pym/portage/sync/modules/rsync/rsync.py
8	+++ b/pym/portage/sync/modules/rsync/rsync.py
9	@@ -6,6 +6,7 @@ import logging
10	import time
11	import signal
12	import socket
13	+import io
14	import re
15	import random
16	import tempfile
17	@@ -25,6 +26,13 @@ from portage.sync.getaddrinfo_validate import getaddrinfo_validate
18	from _emerge.UserQuery import UserQuery
19	from portage.sync.syncbase import NewBase
20
21	+try:
22	+ import gemato.exceptions
23	+ import gemato.openpgp
24	+ import gemato.recursiveloader
25	+except ImportError:
26	+ gemato = None
27	+
28	if sys.hexversion >= 0x3000000:
29	# pylint: disable=W0622
30	_unicode = str
31	@@ -285,17 +293,57 @@ class RsyncSync(NewBase):
32
33	# if synced successfully, verify now
34	if exitcode == 0 and not local_state_unchanged and self.verify_metamanifest:
35	- command = ['gemato', 'verify', '-s', self.repo.location]
36	- if self.repo.openpgp_key_path is not None:
37	- command += ['-K', self.repo.openpgp_key_path]
38	- if self.verify_jobs is not None:
39	- command += ['-j', str(self.verify_jobs)]
40	- try:
41	- exitcode = portage.process.spawn(command, **self.spawn_kwargs)
42	- except CommandNotFound as e:
43	- writemsg_level("!!! Command not found: %s\n" % (command[0],),
44	+ if gemato is None:
45	+ writemsg_level("!!! Unable to verify: gemato not found\n",
46	level=logging.ERROR, noiselevel=-1)
47	exitcode = 127
48	+ else:
49	+ # Use isolated environment if key is specified,
50	+ # system environment otherwise
51	+ if self.repo.openpgp_key_path is not None:
52	+ openpgp_env_cls = gemato.openpgp.OpenPGPEnvironment
53	+ else:
54	+ openpgp_env_cls = gemato.openpgp.OpenPGPSystemEnvironment
55	+
56	+ try:
57	+ with openpgp_env_cls() as openpgp_env:
58	+ if self.repo.openpgp_key_path is not None:
59	+ out.einfo('Using keys from %s' % (self.repo.openpgp_key_path,))
60	+ with io.open(self.repo.openpgp_key_path, 'rb') as f:
61	+ openpgp_env.import_key(f)
62	+ out.ebegin('Refreshing keys from keyserver')
63	+ openpgp_env.refresh_keys()
64	+ out.eend(0)
65	+
66	+ m = gemato.recursiveloader.ManifestRecursiveLoader(
67	+ os.path.join(self.repo.location, 'Manifest'),
68	+ verify_openpgp=True,
69	+ openpgp_env=openpgp_env,
70	+ max_jobs=self.verify_jobs)
71	+ if not m.openpgp_signed:
72	+ raise RuntimeError('OpenPGP signature not found on Manifest')
73	+
74	+ ts = m.find_timestamp()
75	+ if ts is None:
76	+ raise RuntimeError('Timestamp not found in Manifest')
77	+
78	+ out.einfo('Manifest timestamp: %s UTC' % (ts.ts,))
79	+ out.einfo('Valid OpenPGP signature found:')
80	+ out.einfo('- primary key: %s' % (
81	+ m.openpgp_signature.primary_key_fingerprint))
82	+ out.einfo('- subkey: %s' % (
83	+ m.openpgp_signature.fingerprint))
84	+ out.einfo('- timestamp: %s UTC' % (
85	+ m.openpgp_signature.timestamp))
86	+
87	+ out.ebegin('Verifying %s' % (self.repo.location,))
88	+ m.assert_directory_verifies()
89	+ out.eend(0)
90	+ except Exception as e:
91	+ writemsg_level("!!! Manifest verification failed:\n%s\n"
92	+ % (e,),
93	+ level=logging.ERROR, noiselevel=-1)
94	+ exitcode = 1
95
96	return (exitcode, updatecache_flg)
97
98	--
99	2.16.1

Replies

Subject	Author
Re: [gentoo-portage-dev] [PATCH 2/5] rsync: Use gemato routines directly instead of calling the CLI tool	Zac Medico <zmedico@g.o>

Report Message

Find on MARC Find on Google Groups