| 1 |
Add a sync-openpgp-key-refresh option that makes it possible to |
| 2 |
disable key refresh, which may be useful in cases when it is not |
| 3 |
possible to refresh keys. |
| 4 |
|
| 5 |
Key refresh is enabled by default, and if it is disabled then |
| 6 |
the SyncBase._refresh_keys method will output an ewarn message |
| 7 |
like this when the --quiet option is not enabled: |
| 8 |
|
| 9 |
* Key refresh is disabled via a repos.conf sync-openpgp-key-refresh |
| 10 |
* setting, and this is a security vulnerability because it prevents |
| 11 |
* detection of revoked keys! |
| 12 |
|
| 13 |
Bug: https://bugs.gentoo.org/661518 |
| 14 |
Signed-off-by: Zac Medico <zmedico@g.o> |
| 15 |
--- |
| 16 |
lib/portage/repository/config.py | 10 +++++++++- |
| 17 |
lib/portage/sync/syncbase.py | 9 ++++++++- |
| 18 |
man/portage.5 | 9 ++++++++- |
| 19 |
3 files changed, 25 insertions(+), 3 deletions(-) |
| 20 |
|
| 21 |
diff --git a/lib/portage/repository/config.py b/lib/portage/repository/config.py |
| 22 |
index 50ab18026..6155c130a 100644 |
| 23 |
--- a/lib/portage/repository/config.py |
| 24 |
+++ b/lib/portage/repository/config.py |
| 25 |
@@ -1,4 +1,4 @@ |
| 26 |
-# Copyright 2010-2019 Gentoo Authors |
| 27 |
+# Copyright 2010-2020 Gentoo Authors |
| 28 |
# Distributed under the terms of the GNU General Public License v2 |
| 29 |
|
| 30 |
from __future__ import unicode_literals |
| 31 |
@@ -113,6 +113,7 @@ class RepoConfig(object): |
| 32 |
'sync_hooks_only_on_change', |
| 33 |
'sync_openpgp_keyserver', |
| 34 |
'sync_openpgp_key_path', |
| 35 |
+ 'sync_openpgp_key_refresh', |
| 36 |
'sync_openpgp_key_refresh_retry_count', |
| 37 |
'sync_openpgp_key_refresh_retry_delay_exp_base', |
| 38 |
'sync_openpgp_key_refresh_retry_delay_max', |
| 39 |
@@ -233,6 +234,9 @@ class RepoConfig(object): |
| 40 |
self.sync_openpgp_key_path = repo_opts.get( |
| 41 |
'sync-openpgp-key-path', None) |
| 42 |
|
| 43 |
+ self.sync_openpgp_key_refresh = repo_opts.get( |
| 44 |
+ 'sync-openpgp-key-refresh', 'true').lower() in ('true', 'yes') |
| 45 |
+ |
| 46 |
for k in ('sync_openpgp_key_refresh_retry_count', |
| 47 |
'sync_openpgp_key_refresh_retry_delay_exp_base', |
| 48 |
'sync_openpgp_key_refresh_retry_delay_max', |
| 49 |
@@ -497,6 +501,8 @@ class RepoConfig(object): |
| 50 |
repo_msg.append(indent + "location: " + self.location) |
| 51 |
if not self.strict_misc_digests: |
| 52 |
repo_msg.append(indent + "strict-misc-digests: false") |
| 53 |
+ if not self.sync_openpgp_key_refresh: |
| 54 |
+ repo_msg.append(indent + "sync-openpgp-key-refresh: no") |
| 55 |
if self.sync_type: |
| 56 |
repo_msg.append(indent + "sync-type: " + self.sync_type) |
| 57 |
if self.sync_umask: |
| 58 |
@@ -609,6 +615,7 @@ class RepoConfigLoader(object): |
| 59 |
'sync_hooks_only_on_change', |
| 60 |
'sync_openpgp_keyserver', |
| 61 |
'sync_openpgp_key_path', |
| 62 |
+ 'sync_openpgp_key_refresh', |
| 63 |
'sync_openpgp_key_refresh_retry_count', |
| 64 |
'sync_openpgp_key_refresh_retry_delay_exp_base', |
| 65 |
'sync_openpgp_key_refresh_retry_delay_max', |
| 66 |
@@ -1047,6 +1054,7 @@ class RepoConfigLoader(object): |
| 67 |
bool_keys = ( |
| 68 |
"strict_misc_digests", |
| 69 |
"sync_allow_hardlinks", |
| 70 |
+ "sync_openpgp_key_refresh", |
| 71 |
"sync_rcu", |
| 72 |
) |
| 73 |
str_or_int_keys = ( |
| 74 |
diff --git a/lib/portage/sync/syncbase.py b/lib/portage/sync/syncbase.py |
| 75 |
index 46644d68e..74818a420 100644 |
| 76 |
--- a/lib/portage/sync/syncbase.py |
| 77 |
+++ b/lib/portage/sync/syncbase.py |
| 78 |
@@ -1,4 +1,4 @@ |
| 79 |
-# Copyright 2014-2018 Gentoo Foundation |
| 80 |
+# Copyright 2014-2020 Gentoo Authors |
| 81 |
# Distributed under the terms of the GNU General Public License v2 |
| 82 |
|
| 83 |
''' |
| 84 |
@@ -252,6 +252,13 @@ class SyncBase(object): |
| 85 |
@type openpgp_env: gemato.openpgp.OpenPGPEnvironment |
| 86 |
""" |
| 87 |
out = portage.output.EOutput(quiet=('--quiet' in self.options['emerge_config'].opts)) |
| 88 |
+ |
| 89 |
+ if not self.repo.sync_openpgp_key_refresh: |
| 90 |
+ out.ewarn('Key refresh is disabled via a repos.conf sync-openpgp-key-refresh') |
| 91 |
+ out.ewarn('setting, and this is a security vulnerability because it prevents') |
| 92 |
+ out.ewarn('detection of revoked keys!') |
| 93 |
+ return |
| 94 |
+ |
| 95 |
out.ebegin('Refreshing keys via WKD') |
| 96 |
if openpgp_env.refresh_keys_wkd(): |
| 97 |
out.eend(0) |
| 98 |
diff --git a/man/portage.5 b/man/portage.5 |
| 99 |
index 36c871123..136ebaafe 100644 |
| 100 |
--- a/man/portage.5 |
| 101 |
+++ b/man/portage.5 |
| 102 |
@@ -1,4 +1,4 @@ |
| 103 |
-.TH "PORTAGE" "5" "Apr 2019" "Portage VERSION" "Portage" |
| 104 |
+.TH "PORTAGE" "5" "Jun 2020" "Portage VERSION" "Portage" |
| 105 |
.SH NAME |
| 106 |
portage \- the heart of Gentoo |
| 107 |
.SH "DESCRIPTION" |
| 108 |
@@ -1124,6 +1124,13 @@ Path to the OpenPGP key(ring) used to verify received repository. Used |
| 109 |
only for protocols supporting cryptographic verification, provided |
| 110 |
that the respective verification option is enabled. If unset, the user's |
| 111 |
keyring is used. |
| 112 |
+.TP |
| 113 |
+.B sync\-openpgp\-key\-refresh = yes |
| 114 |
+Enable OpenPGP key(ring) refresh. This option is enabled by default. |
| 115 |
+ |
| 116 |
+\fBWarning\fR: It is a security vulnerability to disable this option |
| 117 |
+because this will prevent detection of revoked keys! |
| 118 |
+ |
| 119 |
.TP |
| 120 |
.B sync\-openpgp\-key\-refresh\-retry\-count = 40 |
| 121 |
Maximum number of times to retry key refresh if it fails. Between each |
| 122 |
-- |
| 123 |
2.25.3 |
Archives