1 |
Add a sync-openpgp-key-refresh option that makes it possible to |
2 |
disable key refresh, which may be useful in cases when it is not |
3 |
possible to refresh keys. |
4 |
|
5 |
Key refresh is enabled by default, and if it is disabled then |
6 |
the SyncBase._refresh_keys method will output an ewarn message |
7 |
like this when the --quiet option is not enabled: |
8 |
|
9 |
* Key refresh is disabled via a repos.conf sync-openpgp-key-refresh |
10 |
* setting, and this is a security vulnerability because it prevents |
11 |
* detection of revoked keys! |
12 |
|
13 |
Bug: https://bugs.gentoo.org/661518 |
14 |
Signed-off-by: Zac Medico <zmedico@g.o> |
15 |
--- |
16 |
lib/portage/repository/config.py | 10 +++++++++- |
17 |
lib/portage/sync/syncbase.py | 9 ++++++++- |
18 |
man/portage.5 | 9 ++++++++- |
19 |
3 files changed, 25 insertions(+), 3 deletions(-) |
20 |
|
21 |
diff --git a/lib/portage/repository/config.py b/lib/portage/repository/config.py |
22 |
index 50ab18026..6155c130a 100644 |
23 |
--- a/lib/portage/repository/config.py |
24 |
+++ b/lib/portage/repository/config.py |
25 |
@@ -1,4 +1,4 @@ |
26 |
-# Copyright 2010-2019 Gentoo Authors |
27 |
+# Copyright 2010-2020 Gentoo Authors |
28 |
# Distributed under the terms of the GNU General Public License v2 |
29 |
|
30 |
from __future__ import unicode_literals |
31 |
@@ -113,6 +113,7 @@ class RepoConfig(object): |
32 |
'sync_hooks_only_on_change', |
33 |
'sync_openpgp_keyserver', |
34 |
'sync_openpgp_key_path', |
35 |
+ 'sync_openpgp_key_refresh', |
36 |
'sync_openpgp_key_refresh_retry_count', |
37 |
'sync_openpgp_key_refresh_retry_delay_exp_base', |
38 |
'sync_openpgp_key_refresh_retry_delay_max', |
39 |
@@ -233,6 +234,9 @@ class RepoConfig(object): |
40 |
self.sync_openpgp_key_path = repo_opts.get( |
41 |
'sync-openpgp-key-path', None) |
42 |
|
43 |
+ self.sync_openpgp_key_refresh = repo_opts.get( |
44 |
+ 'sync-openpgp-key-refresh', 'true').lower() in ('true', 'yes') |
45 |
+ |
46 |
for k in ('sync_openpgp_key_refresh_retry_count', |
47 |
'sync_openpgp_key_refresh_retry_delay_exp_base', |
48 |
'sync_openpgp_key_refresh_retry_delay_max', |
49 |
@@ -497,6 +501,8 @@ class RepoConfig(object): |
50 |
repo_msg.append(indent + "location: " + self.location) |
51 |
if not self.strict_misc_digests: |
52 |
repo_msg.append(indent + "strict-misc-digests: false") |
53 |
+ if not self.sync_openpgp_key_refresh: |
54 |
+ repo_msg.append(indent + "sync-openpgp-key-refresh: no") |
55 |
if self.sync_type: |
56 |
repo_msg.append(indent + "sync-type: " + self.sync_type) |
57 |
if self.sync_umask: |
58 |
@@ -609,6 +615,7 @@ class RepoConfigLoader(object): |
59 |
'sync_hooks_only_on_change', |
60 |
'sync_openpgp_keyserver', |
61 |
'sync_openpgp_key_path', |
62 |
+ 'sync_openpgp_key_refresh', |
63 |
'sync_openpgp_key_refresh_retry_count', |
64 |
'sync_openpgp_key_refresh_retry_delay_exp_base', |
65 |
'sync_openpgp_key_refresh_retry_delay_max', |
66 |
@@ -1047,6 +1054,7 @@ class RepoConfigLoader(object): |
67 |
bool_keys = ( |
68 |
"strict_misc_digests", |
69 |
"sync_allow_hardlinks", |
70 |
+ "sync_openpgp_key_refresh", |
71 |
"sync_rcu", |
72 |
) |
73 |
str_or_int_keys = ( |
74 |
diff --git a/lib/portage/sync/syncbase.py b/lib/portage/sync/syncbase.py |
75 |
index 46644d68e..74818a420 100644 |
76 |
--- a/lib/portage/sync/syncbase.py |
77 |
+++ b/lib/portage/sync/syncbase.py |
78 |
@@ -1,4 +1,4 @@ |
79 |
-# Copyright 2014-2018 Gentoo Foundation |
80 |
+# Copyright 2014-2020 Gentoo Authors |
81 |
# Distributed under the terms of the GNU General Public License v2 |
82 |
|
83 |
''' |
84 |
@@ -252,6 +252,13 @@ class SyncBase(object): |
85 |
@type openpgp_env: gemato.openpgp.OpenPGPEnvironment |
86 |
""" |
87 |
out = portage.output.EOutput(quiet=('--quiet' in self.options['emerge_config'].opts)) |
88 |
+ |
89 |
+ if not self.repo.sync_openpgp_key_refresh: |
90 |
+ out.ewarn('Key refresh is disabled via a repos.conf sync-openpgp-key-refresh') |
91 |
+ out.ewarn('setting, and this is a security vulnerability because it prevents') |
92 |
+ out.ewarn('detection of revoked keys!') |
93 |
+ return |
94 |
+ |
95 |
out.ebegin('Refreshing keys via WKD') |
96 |
if openpgp_env.refresh_keys_wkd(): |
97 |
out.eend(0) |
98 |
diff --git a/man/portage.5 b/man/portage.5 |
99 |
index 36c871123..136ebaafe 100644 |
100 |
--- a/man/portage.5 |
101 |
+++ b/man/portage.5 |
102 |
@@ -1,4 +1,4 @@ |
103 |
-.TH "PORTAGE" "5" "Apr 2019" "Portage VERSION" "Portage" |
104 |
+.TH "PORTAGE" "5" "Jun 2020" "Portage VERSION" "Portage" |
105 |
.SH NAME |
106 |
portage \- the heart of Gentoo |
107 |
.SH "DESCRIPTION" |
108 |
@@ -1124,6 +1124,13 @@ Path to the OpenPGP key(ring) used to verify received repository. Used |
109 |
only for protocols supporting cryptographic verification, provided |
110 |
that the respective verification option is enabled. If unset, the user's |
111 |
keyring is used. |
112 |
+.TP |
113 |
+.B sync\-openpgp\-key\-refresh = yes |
114 |
+Enable OpenPGP key(ring) refresh. This option is enabled by default. |
115 |
+ |
116 |
+\fBWarning\fR: It is a security vulnerability to disable this option |
117 |
+because this will prevent detection of revoked keys! |
118 |
+ |
119 |
.TP |
120 |
.B sync\-openpgp\-key\-refresh\-retry\-count = 40 |
121 |
Maximum number of times to retry key refresh if it fails. Between each |
122 |
-- |
123 |
2.25.3 |